Third-party risk management
Third-party risk management in financial and capital markets is under direct supervisory pressure, with the U.S. Office of the Comptroller of the Currency, the European Banking Authority, and the U.S. Securities and Exchange Commission each issuing or updating vendor and outsourcing expectations within the past two years. The OCC's third-party risk management guidance finalized in 2023 set a detailed lifecycle standard that examiners are now actively applying. Compliance teams at banks, broker-dealers, and asset managers are currently mapping vendor inventories against that standard while tracking parallel EBA outsourcing register requirements.
Watch
- OCC 2023 third-party guidance: examiner expectations now in active use
- EBA outsourcing register deadlines for EU-licensed financial institutions
- SEC vendor disclosure requirements under proposed cybersecurity rules
- Concentration risk in cloud providers drawing multi-regulator scrutiny
- DORA ICT subcontracting rules taking effect January 2025 for EU entities
Recent material activity in Financial & Capital Markets
-
SEC proposes amendments to Exchange Act Rule 3b-16 expanding ATS definition to include DeFi protocols
The SEC has proposed rule changes that would bring decentralized finance protocols under the regulatory umbrella of Alternative Trading Systems. The amendment targets platforms facilitating token swaps exceeding $50M dai…
Read a full sample brief → -
SEC enforcement action against crypto lending platform for unregistered securities offering
The Commission filed charges against a major crypto lending platform alleging the firm offered and sold crypto asset lending products that constituted unregistered securities. The complaint seeks disgorgement of $340M in…
Read a full sample brief → -
CFTC and SEC release joint statement on digital asset classification framework
The two primary federal financial regulators issued a joint interpretive statement providing guidance on when digital assets fall under securities law versus commodities law. The framework introduces a functional test ba…
Read a full sample brief → -
Federal Reserve announces enhanced supervisory expectations for banks with crypto asset exposure
The Board of Governors issued SR 26-4 establishing new supervisory expectations for state member banks engaging in crypto-related activities. Banks must now maintain dedicated risk management frameworks, capital reserves…
Read a full sample brief → -
SEC approves spot Ethereum ETF amendments allowing staking yield pass-through
The Commission approved amendments to existing spot Ethereum ETF registration statements permitting the pass-through of staking rewards to fund shareholders. The approval includes enhanced disclosure requirements and a 3…
Read a full sample brief → -
SEC Division of Examinations publishes 2026 priorities: crypto compliance tops the list
The SEC's examination division released its annual priorities letter placing crypto asset compliance, stablecoin reserves, and DeFi protocol governance as the top three examination focus areas for 2026. Registered invest…
Read a full sample brief → -
FINRA proposes new rules for broker-dealer crypto custody and customer protection
FINRA filed a proposed rule change establishing custody requirements for broker-dealers holding crypto assets on behalf of customers. The proposal requires segregated wallets, proof-of-reserves attestations, and $10M min…
Read a full sample brief → -
Federal Reserve Board publishes research paper on CBDC impact on commercial bank deposits
The Board published a staff research paper modeling the potential displacement of commercial bank deposits by a retail CBDC. The paper estimates 8-12% deposit migration in the first two years, with disproportionate impac…
Read a full sample brief →