BUSINESS MODEL INSIGHTS: DEVELOP “RESILIENCE BY DESIGN”
Promoting safe and secure cloud adoption worldwide
The last year has seen intensified global dialogue on the challenges facing regulatory authorities around the world, to update guidance, rules and frameworks on third party and technology risk management and operational resilience in the face of accelerated cloud and technology adoption, particularly in financial services. Third party software has become a permanent fixture of many competitive organisations’ supply chains: according to the Bank of England, 40 to 90% of banks’ workloads globally could be hosted on public cloud or Software-as-a-Service within a decade. We have been delving into the topic of operational resilience and third party risk management within financial institutions (FIs), exploring what the latest guidelines and proposals released by regulators across the globe mean for businesses, their resilience, and the pace of digital transformation across the sector. As reliance on third party software and its availability continues to increase, financial institutions must ensure that all providers they work with have the necessary risk mitigation and business continuity measures in place.
Taking action
• Organisations should assess the resilience of their supply chain, categorising outsourcers on their criticality, financial stability and concentration risk, with particular attention paid to services in the cloud • Once this is understood, businesses can put the appropriate strategies and systems in place to manage risk. Organisations should look for suppliers that proactively deliver complementary risk mitigation and business continuity assurance that fit with the organisation’s needs. This can include implementing robust onboarding and procurement policies that ensure that software escrow agreements and verification testing are built into any supplier contracts • For every outsourcing agreement, organisations are required to develop a business continuity plan in order to protect business-critical applications. This can be tested repeatedly using software escrow verification tests, which ensure that an application can be rebuilt should the need arise • For many financial institutions and their outsourcers, these regulatory changes could mean that a lot of resource must be used on the creation and implementation of viable stressed exit plans. However, for those with escrow agreements already in place, organisations can test their existing procedures and cover anything that has been missed
NCC Group has long taken the view that software, technology and data escrow solutions offer legal and technical assurance to allow firms to adopt, innovate and manage third party technologies with confidence. We continue to engage with regulators worldwide to encourage them to acknowledge escrow agreements as a mechanism that enables organisations to comply with third party risk mitigation, outsourcing and business continuity requirements and as a way to operate and grow in a resilient, safe and secure way.
We believe that awareness and education of operational resilience need to improve and that regulators can play a role in supporting financial institutions in achieving resilience by design.
Simon Fieldhouse Global Managing Director, Software Resilience
26
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
Made with FlippingBook Converter PDF to HTML5