Major banks dependent on their IT service providers
At a time when the German banking group Deutsche Bank has just announced the IT takeover of its Postbank subsidiary by the Indian industrial group Tata, the Financial Stability Board is opening a discussion until January on the links between major banks and their IT service providers.
The phenomenon is not new, but it is intensifying, and above all, we are witnessing a concentration of service providers, which poses significant security risks.
So, as an FSB report details, "a major disruption, failure or breakdown at one of these third parties could create a single point of failure, with potential negative consequences for financial stability and/or the safety and soundness of several financial institutions".
The question of the links between major banks and their IT subcontractors is therefore "an evolving area for supervisory authorities due to the heterogeneity of the services provided and the changing ecosystem." The Financial Stability Board believes that "given the dependency, supervisors and outsourcers could benefit from a dialogue on this issue".
IT outsourcing and supply chain
Furthermore, the FSB points out that "subcontractor management and procurement is another challenge that has been particularly highlighted in the context of financial institutions' response to the Covid-19 pandemic." Some financial institutions have indeed encountered logistical difficulties in obtaining remote working equipment from their subcontractors, due to the disruptions experienced in supply chains.
According to the Financial Stability Board's report, it is therefore necessary to "implement appropriate and effective business continuity plans and exit/closure plans to ensure that financial institutions can recover from an outage or failure at a service provider".