Financial services firms outsourcing critical processes to Third-Party Technology Service Providers (TSPs) need their partners to have robust recovery and resiliency capabilities. The continuity of customer services could be at stake. Firms can address this challenge by putting into action the Federal Financial Institutions Examination Council’s (FFIEC) Appendix J recommendations on Third-Party Risk Management programs, capacity management, testing with TSPs, and resilience when leveraging TSPs.
Cyber resiliency capabilities that enable organizations to withstand cyberattacks and recovery quickly are critical not only for institutions, but also to their customers who rely on continuity of services. Many financial industry firms, however, are opting to outsource internal processes to achieve savings and gain efficiencies. This has resulted in many banks and other financial institutions becoming dependent upon TSPs to perform or support their critical processes. Accordingly, financial institutions are increasingly reliant upon third parties to have sufficient recovery capabilities related to the specific services they perform.
Financial institutions should establish continuity of service and partner with their TSPs to improve resiliency capabilities across their enterprises. To that end, they can put into action the recommendations presented in the FFIEC Appendix J while factoring in tactical considerations. When outsourcing critical business processes to TSPs, management should look to increase business resiliency efficiencies through:
Principal, PwC US
Principal, Cybersecurity, Privacy & Forensics, PwC US
Director, Cybersecurity and Privacy, PwC US
Director, Advisory, PwC US