9th October 2025 – Banking and Payments Federation Ireland has responded to the European Banking Authority’s (EBA) draft guidelines on the sound management of third-party risk.
Our members fully support the EBA’s objective of enhancing governance, operational resilience, and supervisory convergence across the EU financial sector.
However, the proposed expansion from traditional outsourcing to all third-party arrangements represents a significant broadening of the regulatory perimeter. While aligned in spirit with evolving third-party risk management (TPRM) practices, this framework will only succeed if it is proportionate, harmonised and operationally feasible.
Without careful calibration, the guidelines risk introducing complexity and compliance burden without corresponding resilience benefits.
BPFI’s key recommendations include:
- Embed stronger proportionality – Ensure requirements reflect the nature, scale and complexity of firms and services. Proportionality must be central to rules on contracts, due diligence, intragroup arrangements and the Register of Information.
- Ensure full alignment with DORA – Mirror DORA definitions and remove legacy elements from the 2019 outsourcing framework to avoid dual CIF regimes and duplication.
- Focus on materiality and scope – Apply the Guidelines to arrangements that materially impact operational risk or resilience, and confine subcontracting rules to material subcontractors.
- Promote consistent implementation – Encourage faithful and harmonised adoption by NCAs to avoid national gold-plating.
- Adjust transitional timelines – Introduce a realistic implementation phase: a 9-month window post-publication, and remediation by the next contract renewal or two years from application, whichever is later.
At BPFI, we believe the EBA’s final Guidelines should be an enabler of harmonisation and simplification. Alignment with DORA, a risk-based approach, and consistent application across Member States will help strengthen Europe’s operational resilience framework in a practical and proportionate way.
BPFI and its members stand ready to support the EBA in achieving these goals.
