EconPapers    
Economics at your fingertips  

EconPapers Home
About EconPapers

Working Papers
Journal Articles
Books and Chapters
Software Components

Authors

JEL codes
New Economics Papers

Advanced Search


EconPapers FAQ
Archive maintainers FAQ
Cookies at EconPapers

Format for printing

The RePEc blog
The RePEc plagiarism page

 

Key themes of resiliency, outsourcing and third-party risk management regimes

Mike Pierides and James Mulligan
Additional contact information
Mike Pierides: Morgan, Lewis & Bockius UK LLP, UK
James Mulligan: Associate, Morgan, Lewis & Bockius, UK

Journal of Securities Operations & Custody, 2025, vol. 17, issue 2, 102-118

Abstract: Throughout 2024, European Union (EU)-based financial entities have been analysing their thirdparty and intra-group technology contracts against compliance with the EU Digital Operational Resilience Act (DORA), and renegotiating with vendors where necessary, in order to comply from 17th January, 2025. McKinsey estimates that EU institutions typically earmarked €5−15m for DORA programme strategy, planning and design, although full implementation costs may be five to ten times that range.1 The DORA analysis is also highlighting that certain companies are not compliant with existing regulatory expectations. Financial regulators and global standard-setting bodies have published high-level principles and also detailed expectations to ensure that companies have in place prudent third-party risk management controls, both at an enterprise level and for managing individual third-party arrangements. As securities markets participants become increasingly reliant on third-party service providers for tasks that they had not previously undertaken, leveraging technology and artificial intelligence (AI), supervisory focus is extending to operational resilience across third-party services relationships, not just outsourcing. In this paper, we explore key themes of existing outsourcing and third-party risk management regimes that apply to financial entities and their service providers. We note key differences between regulatory expectations on resiliency and outsourcing, highlight key best practices and challenges to implementing these expectations and, finally, consider the impact of AI solutions on such regulatory expectations.

Keywords: operational resilience; artificial intelligence; outsourcing; digitisation; financial regulation (search for similar items in EconPapers)
JEL-codes: E5 G2 K22 (search for similar items in EconPapers)
Date: 2025
References: Add references at CitEc
Citations:

Downloads: (external link)
https://hstalks.com/article/9006/download/ (application/pdf)
https://hstalks.com/article/9006/ (text/html)
Requires a paid subscription for full access.

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:aza:jsoc00:y:2025:v:17:i:2:p:102-118

Access Statistics for this article

More articles in Journal of Securities Operations & Custody from Henry Stewart Publications
Bibliographic data for series maintained by Henry Stewart Talks ().

 
Share

RePEc
This site is part of RePEc and all the data displayed here is part of the RePEc data set.

Is your work missing from RePEc? Here is how to contribute.

Questions or problems? Check the EconPapers FAQ or send mail to .

Örebro UniversityEconPapers is hosted by the School of Business at Örebro University.

Page updated 2025-03-19
Handle: RePEc:aza:jsoc00:y:2025:v:17:i:2:p:102-118