<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=6226337&amp;fmt=gif">


Episode Notes

Third-party providers are often crucial to financial service operations – and a serious cyber risk. For that reason, EU regulators are taking a close look at the digital supply chain. Here, BISO (Business Information Security Officer) at ICE Trading and Clearing, and Chair of FS-ISAC’s UK Strategic Subsidiary Board, Burim Bivolaku talks about the biggest challenges in third-party risk management, how to effectively address them, and why FS-ISAC’s UK Strategic Subsidiary Board helps its governance structure remain both global and local. 

Third-Party Risks and the Benefit of Collaboration 

Reliance on third-party providers varies among financial service firms and sub-sectors, and some have more critical providers than do others. But risk management considerations– especially as they pertain to cloud computing and UK and EU regulations – are gaining prominence across the sector.  

For that reason, the financial community should encourage collaboration with providers, as the sector routinely does amongst itself. Proactively sharing knowledge and capabilities complements regulatory compliance requirements. And getting to know each other builds trust in a way that due diligence doesn’t – and trust can be a vital asset during an incident.  

Define the Third-Party Interface 

Financial service firms should define their interface with and outputs from third-party suppliers – and be really specific -- from a cyber-risk perspective. Risk outcomes manifest in different ways, from outages to contagion, but the interface definition can minimize or prevent harm. This is especially important with critical service providers because they’re core to effective risk management and overall resilience, while contractual agreements can address fourth- and fifth-party risks.   

Threat Goes Beyond the Cybersecurity Department  

Cybersecurity is a multi-disciplinary, cross-organizational issue. All departments should be involved, because the implications of a cyber attack are wide.   

Why FS-ISAC’s UK Strategic Subsidiary Board is Important 

FS-ISAC has a global remit because threats are cross-national, but members navigate local and jurisdictional complexities as well. FS-ISAC has enhanced its regional governance structures over the years, and the UK Strategic Subsidiary Board is a logical continuation. The Board will help FS-ISAC advance cyber risk management, sharing, and collaboration among members and authorities in the UK, provide local and global threat intelligence, and offer a forum to share best practices, knowledge, and cybersecurity frameworks.  

DORA and Third-Party Risks 

Collaborating with regulatory bodies on third-party risks helps drive positive regulatory change. And the sector’s feedback helps actions such as the EU’s Digital Operational Resilience Act (DORA) reduce risk with appropriate proportionality. 

For example, DORA includes rules regarding third-party tracking. Some critical service providers will not be able to meet the additional cost of compliance, which increases the potential of concentration risk – and that impacts financial service firms’ resilience. The sector’s input will help regulators keep the sector safe. 

Advice for People Aspiring to Become BISOs 

The role links information security and business functions, so on-the-ground experience with both business and cyber issues will help you advise your board, management, and sector. By understanding the business, you can better serve it.  


FinCyber Today

FinCyber Today is a podcast from FS-ISAC that covers the latest developments in cybersecurity, contemporary risks, financial sector resilience and threat intelligence.

Our host Elizabeth Heathfield leads wide-ranging discussions with cybersecurity leaders and experts around the world who bring practical ideas on how to confront cyber challenges in the financial sector, improve incident response protocols, and build operational resilience.

Amid the clutter and noise, FS-ISAC Insights is your go-to destination for clarity and perspectives on the future of finance, data, and cybersecurity from C-level executives worldwide.

© 2024 FS-ISAC, Inc. All rights reserved.

Listen on

FS-ISAC members around the world receive trusted and timely expert information that increases sector-wide knowledge of cybersecurity threats.

Learn More