EU financial firms must prepare now for new rules on critical third-party arrangements
By 
Ruth Prickett2025-12-15T18:04:00
European banks and financial institutions must prepare now for stringent new rules on third-party suppliers. A consultation on plans to introduce a regime similar to the EU’s Digital Operational Resilience Act (DORA), but focusing on critical non-ICT third-party suppliers, closed in October, and guidelines will follow shortly.
Experts at global law firm Travers Smith wrote in a legal briefing in November that the plans build significantly on the European Banking Authority’s (EBA’s) existing rules from 2019 and “will lead to an overhaul of third-party risk management with EU financial services.”
THIS IS MEMBERS-ONLY CONTENT
You are not logged in and do not have access to members-only content.
If you are already a registered user or a member, SIGN IN now.
Related articles
-
ArticleWhat 2025’s AI mishaps should teach compliance in 2026
If 2025 was the year generative AI took off in organizations in every sector, it was also the year we saw increasing examples of the risks of AI mishaps.
-
ArticleFormer Credit Suisse compliance officer charged with money laundering
A compliance officer is facing charges for laundering $7 million in a complex legal case in Switzerland. Swiss prosecutors have charged Credit Suisse, and one of its former employees, with failing to maintain adequate controls.
-
ArticleU.K. asset managers to focus on investor engagement outcomes under new reporting guidance
Asset managers reporting under the U.K.’s updated Stewardship Code starting Jan 1 should focus on engagement outcomes and evidence of impact. New guidance from the U.K. financial regulator offers case studies and checklists to support compliance.
More from Regulatory Policy
-
ArticleCompliance told to focus on reality as Euro courts brace for slew of greenwashing cases
In 2025, the regulatory focus on greenwashing intensified globally. This trend is set to accelerate in 2026, and compliance has a key part to play in ensuring corporate statements are honest.
-
ArticleSFO guidance on evaluating compliance programs short on specifics, experts say
Companies looking for greater certainty about how they might avoid criminal prosecution for bribery, fraud, and corruption offences may find they’re going to be disappointed if they’re looking for definitive answers in the latest guidance from the U.K.’s main fraud investigator, say experts.
-
ArticleEU loosens AI and data rules
Europe has been at the forefront of designing strong—but flexible—rules around data use and the safe development of AI, but the EU recently announced plans to simplify some key measures around data privacy and AI governance, which have met with mixed responses.