Outsourcing is a popular method to gain access to (technological) innovations, flexibility and economies of scale. However, outsourcing also creates new risks for financial institutions and supervisors. Hence EU regulators (EBA, EIOPA and ESMA) have already published guidelines aimed at identifying, addressing and mitigating these risks. With the introduction of the Digital Operational Resilience Act (DORA), requirements on ICT outsourcing now apply to a broad range of financial institutions (including institutions that are not subject to the earlier EBA, EIOPA and ESMA Guidelines). Over the past years, KPMG has assisted several financial institutions with the implementation of EU regulations on outsourcing. The purpose of this document is to provide a generic remediation approach and good practices for becoming compliant, based on our experiences with financial institutions.

We will keep you informed by email.
Enter your preferences here.