Third-party suppliers are crucial to a comprehensive, efficient, and adaptable FCC approach, but risks such as privileged access to customer systems, hidden fourth-party dependencies, and insecure authentication methods can leave firms vulnerable to exploitation and create critical points of failure.
At Plenitude Consulting, we’ve observed some key trends in this area:
➡️ Greater scrutiny from 1st line control owners on FCC system security and the robustness of contingencies in the event of system outages;
➡️ Growing discussions around contingency planning with operations and financial crime teams to ensure firms can quickly adapt to new systems and processes, reducing sole reliance on a single system or vendor;
➡️ Increasing involvement from InfoSec teams in shaping FCC system requirements to ensure secure technology integration and stronger operational resilience.
💡 As the letter highlights, FCC software providers must deliver comprehensive security as standard, along with clear, ongoing evidence that controls are working effectively.
💡 Strengthening collaboration between InfoSec and 1st line systems teams will be critical to achieving a comprehensive risk mitigation approach, enhancing security, operational resilience, and the effectiveness of FCC frameworks.