Response to consultation on draft Guidelines on the sound management of third-party risk

Go back

Definition of „third-party agreement”
in DORA, similarly to the draft document (BL) in the scope of the definition of outsourcing only, the criterion of the time dimension of the provision of the service is indicated: "on an ongoing basis" (DORA) and "on a recurrent or an ongoing basis" (GL). In our opinion, it should be clarified that the scope of the GL and this definition covers contractual arrangements concerning relations on an "ongoing / recurrent basis", and not "one-off" purchasing relationships. This issue is important to avoid misunderstandings and in our opinion it should be indicated at the definition stage, and not only in section "3 Sound management of third-party risks" as a "consideration"
No precise definition of outsourcing
The definition of outsourcing maintains the premise of "the bank's ability to perform activities on its own", which is very general. There is a lack of specification of factors (apart from continuity and repetition of services) that should determine the recognition of the contract as outsourcing and distinguishing it from other relationships with external suppliers.

A wide catalogue of services in the Appendix to the Guidelines
The appendix contains a list of services that should be classified as relationships with external suppliers under the Guidelines. The list contains many services described in very general terms. It includes, for example, secretarial services, and at the same time the white list in point 32 indicates that the services of a secretary and a receptionist may be excluded from the application of the Guidelines, similarly services related to travel - they are on both lists. The list should be clarified and narrowed down so that it does not cause doubts in the classification of services.

Krajowy Związek Banków Spółdzielczych KZBS