Response to consultation on draft Guidelines on the sound management of third-party risk

Go back

Question n. 1 for Public Consultation: Are subject matter, scope of application, definitions and transitional arrangements appropriate and sufficiently clear?

Yes, in general subject matter, scope of application, definitions and transitional arrangements are appropriate and sufficiently clear.

Suggestion: For more clarity – update of the document name would be appreciated – Guidelines on the sound management of NON ICT third party risk.

Question n. 2 for Public Consultation: Is Title II appropriate and sufficiently clear?

Yes, Title II is appropriate and sufficiently clear.

Clarification request: about 32 (f) : Is it non exhaustive list (just examples) and financial entity can assess itself which processes do not have material impact on the financial entities’ risks exposures or on operational resilience? In case the list is meant to be exhaustive then please add also construction/building services, marketing/brand related services, learning, consultancy to 32 (f).

As a general principle, the following functions are excluded from the scope of these Guidelines:
1. (f) the acquisition of services that do not have material impact on the financial entities’ risks exposures or on their operational resilience (e.g. advice from an architect, providing legal opinion and representation in front of the court and administrative bodies, cleaning, gardening and maintenance of the institution’s or payment institution’s premises, medical services, servicing of company cars, catering, vending machine services, clerical services, travel services, post-room services, receptionists, secretaries and switchboard operators,); and

Question n. 3 for Public Consultation: Are Sections 5 to 10 (Title III) of the Guidelines sufficiently clear and appropriate?

Sections 5 to 9 and (Title III) of the Guidelines are sufficiently clear and appropriate.

Section 10 - there is Question: regarding 63 (k) and 64 (h): Please consider aligning requirement on both non critical and critical - at the moment the descriptions are different and confusing.

63 (k) the total annual expense or estimated cost of each direct TPSP.

64 (h) the estimated annual budget cost of the third-party arrangement for the past year, together with the currency.

Question n. 4 for Public Consultation: Is Title IV of the Guidelines appropriate and sufficiently clear?

Yes, Title IV of the Guidelines is appropriate and sufficiently clear.

Question n. 5 for Public Consultation: Is Annex I, provided as a list of non-exhaustive examples, appropriate and sufficiently clear?

Yes, Annex I, provided as a list of non-exhaustive examples, is appropriate and sufficiently clear.

Name of the organization

"Swedbank" AS

Organisation and governance

Legal and policy framework

Careers

Supervisory convergence

Direct supervision and oversight

Information for consumers

Ad hoc activities

Risk analysis

Reporting

Data

Publications

Media centre