Regulatory Update: EBA’s 2025 Third-Party Risk Guidelines — What Firms Need to Know
A Convergence of DORA and Outsourcing Obligations The European Banking Authority’s (EBA) 2025 Draft Guidelines on the Sound Management of Third-Party Risk mark a significant evolution in regulatory expectations. The shift is clear: firms must move beyond traditional outsourcing oversight to manage all forms of third-party reliance — including cloud providers, SaaS tools, and professional…