Financial Markets and Funds Partner Nathaniel Lalone spoke with FinOps Report regarding the European Banking Authority's (EBA) proposals to update its outsourcing guidelines, and the implications for EU financial firms.
Nate provides insights into the EBA's proposed framework, which would align the outsourcing guidelines with the requirements set out in the EU Digital Operational Resilience Act (DORA), in effect creating a unified operational resilience compliance framework for all service providers to EU financial firms. He predicts that the EBA will likely adopt its recommendations largely in current form and cautions that “if the experience with DORA is anything to go by, then the proposed transition period won't provide enough time to comply based on the complexities of contracts and the number of third-party service providers affected."
Nate notes that the EBA's guidelines could create internal friction between procurement and IT departments on one side and legal and compliance departments on the other, as those who have historically led negotiations with external service providers may find themselves at odds with managers tasked with following the new requirements.
"EU's DORA 2.0: EBA's Third-Party Risk Management Gone Awry?," FinOps Report, January 26, 2026
London
