London, Europe, MENA GCC Time Zones
CPEs: 24
Instructor: Dennis Cox
Level: Intermediate
Tuition: £2,995.00
Register Now

NEW European Rules on Third-Party Risk Management in Banking RM096

Location: London, Europe, MENA GCC Time Zones

First Date: Mar 23 - 25 2021

Duration: 3 days

Programme Director: Dennis Cox

All Dates & Locations
Venue Details

Experience the highly-interactive expert-led social learning through Virtual Classroom via Cisco WebEx from Risk Reward.

All our 2022 Virtual Classroom events feature shared (or discrete) live chat between delegates and the expert, participate in topical surveys, polling questions, group exercises and case studies for a tried -and- true engaging and gratifying learning experience.

"Materials were good, if high-level. Instructor is very good, speaks well and is extremely knowledgeable and well-informed. This is the 2nd class I've attended of his and he is very good (D. Cox)."
Bank Internal Auditor, US Bank, New York
Agenda Highlights

Session 1: The Importance of Third-Party Risk Management

Session 2:  Assessment of Third-Party Service Providers

Session 3:  The Governance Framework

Session 4:  Risk Assessing Third Parties

Session 5:  The Process of Taking on  Third-Party Service Provider

Session 6:  High Risk Areas

Session 7:  Technical areas and third-party risk management

Session 8:  What this is likely to mean in practice

Session 9 -10: Case Studies, Q&A, Group Discussion

"Overall, the class material was great and the materials taught were very timely in the current COVID-19 environment. "
Risk manager, US Bank, New York

Third-Party (outsourcing) Risk has been identified by the USA OCC as one of the top ten concerns for banks in 2022

The recent crisis has raised the profile of third-party risk management often referred to as outsourcing.

Banks started to use different ways of working and communicating and in so doing changed their risk profiles. Third parties represent part of the way that any bank operates, with increasing reliance upon an ever increasing number of independent firms.  Their effective and efficient operation has become mission critical to the success of any bank.

Globally regulators have been raising concerns that third-party risks have not been appropriately managed within banks and that this has impacted upon their customer service and regulatory compliance.  The BIS has previously produced guidance and more recently the EBA issued revised guidelines on outsourcing in February 2019.  These important guidelines raised a number of important issues which any bank firm would seek to address.

Case studies driven, delegates will explore each of the latest regulatory requirements, the impact on their organisation and review what this is likely to mean in practice.

""Good overall look at bank environment and related risks, and a nice refresher for me having been out of the audit environment for quite a while. I appreciated Dennis' diverse level of experience in audit/fraud/risk.""
Bank Internal Auditor, US Bank, New York
Who Should Attend

Designed primarily for Risk Managers, Internal Auditors, Business Managers, Compliance staff, Controls staff and Senior management, yet recent delegates included those from IT, Operations, Legal and HR.


Delegates who complete the course will receive a Certificate in The New European Rules on Third-Party Risk Management in Banking; and for those who require a demonstration of competency a 20-multiple-choice quiz, fully virtually invigilated and with results report, is available at no additional charge.

Additional Course Information

What Does It Cover?

Session 1: The Importance of Third-Party Risk Management

  • Why is third party risk management of critical importance now?
  • What have been the regulators concerns?
  • What is third party risk management?
  • Third party risk and interconnectedness
  • The risks relating to third parties
  • BIS guidance
  • The background to the EBA paper
  • Compliance and reporting obligations
  • Identification of key outsourcing relationships
  • Governance on outsourcing and its impact on third party risk
  • Impact on operational resilience
  • Speed to recovery and impact

Case Study:  What makes a third-party service provider critical?

Session 2:  Assessment of Third-Party Service Providers

  • Assessment processes and procedures
  • Due diligence
  • Contracting
  • Designing SLAs
  • Risk assessing relationships
  • Criticality or important services and functions
  • Exit routes

Case Study:  What should be the contents of the due diligence conducted?  What are the key issues that are identified in specific cases?

Session 3:  The Governance Framework

  • The role of the Board
  • Sound governance arrangements and third-party risk
  • Sound governance arrangements and outsourcing
  • Outsourcing policy
  • Managing outsourced relationships
  • Reporting obligations
  • Conflicts of interests
  • Business continuity plans
  • The impact on the Internal audit function
  • Documentation requirements

Case Study:  In which areas are outsourcing policies required?  What do they need to address?

Case Study:  What approach should internal audit take with regard to outsourcing and third-party risk management?

Session 4:  Risk Assessing Third Parties 

  • How to ensure that all third-parties are identified
  • Considering occasional providers
  • Risk assessing third parties
  • What perspective is appropriate?
  • Where is the data?
  • How often should this be reconsidered?
  • What is the impact of the analysis? 

Case Study:  What are the constituents of the risk assessment grid? 

Session 5:  The Process of Taking on  Third-Party Service Provider

  • Pre-outsourcing analysis
  • Supervisory conditions for outsourcing
  • Risk assessment of outsourcing arrangements
  • Due diligence
  • Contractual phase
  • Sub-outsourcing of critical or important functions
  • Security of data and systems
  • Access, information and audit rights
  • Termination rights
  • Oversight of outsourced functions
  • Exit strategies
  • Other matters

Case Study:  What are the key stages in an outsourcing plan?

Session 6:  High Risk Areas 

  • Cloud computing
  • Software vendors and suppliers
  • Payment service providers
  • Business continuity providers
  • Systems testing

Case Studies:  Consider the risk management implications of each of these areas. 

Session 7:  Technical areas and third-party risk management 

  • Legal
  • Accountants
  • Tax advisors
  • Economists
  • Consultants

Case Study:  What work should be undertaken on specialists and how should they be bought into third-party risk management?

 Session 8:  What this is likely to mean in practice

  • Putting this together
  • Building a control structure
  • Implementing governance procedures
  • The register and its integration
  • Monitoring and action
  • Dealing with exceptions
  • Substitutability
  • Exit routes and issues

Case Study:  What is the impact on your ability to manage your bank?

Session 9 & 10: Summary with Group Discussion, Q&A

Learning Objectives

Delegates will gain a thorough understanding of the management of third-party risk management and  the requirements set out in the European Banking Authority guidelines.  This knowledge will enable learners to grasp what this is likely to mean in practice and how the risk should be assessed and mitigated, specifically

  • The role of third-party risk management
  • The governance and reporting requirements
  • How to risk assess a third-party
  • What makes a third-party critical and what that is likely to mean in practice
  • The level of due diligence to be conducted
  • How to incorporate third-party risk management into operational resilience
  • The impact on internal audit

A Tier 1 Global Bank risk expert and internal auditor will led group case studies for an on- the- job learning style experience to immediately result in the application of learned concepts in the workplace immediately.

Social Learning & Methods

Highly interactive expert-led intensive presentation, Q&A, group real-time in-depth case studies, regulation and discussion supported by key principles and theory. The virtual learning platform uses safe, industry preferred encrypted Cisco WebEx to optimize live face-to-face visual interaction, discrete chat, for polling and quizzes.

(An invitation via email with access link is included for all participants.)


NEW European Rules on Third-Party Risk Management in Banking

Course Fee

Course Fee (per person):
GBP £2,995.00 (+ UK VAT when applicable)

Number of delegates:

Data Privacy & Update of Contact Details Risk Reward Limited is fully compliant with the Data Protection Act. The information you provide will be safeguarded by Risk Reward Ltd. We do not rent, sell or exchange your details to anyone without your consent. Your details are never given to third parties. If you wish to update your details, please email: with your OLD and NEW details. Please allow 10 days to see the changes take effect. Thank you.

Terms and Conditions: You can cancel at any time. Due to the on-going COVID 19 environment cancellations may be made at any time for either a full refund or a credit towards another event occurring within the following 6 month period. Simply email or telephone the London Client Services team at to advise your preference and we will do our best to accommodate your circumstances. Risk Reward Ltd receives the right to a final decision in the event of a dispute.

All Risk Reward public courses are guaranteed to run although those offered by affiliates are subject to demand
SKU: RM096 Categories: ,

Quick Contact

    Get in touch and see how Risk Reward can help you

    Our London team are ready to answer questions, provide information & choices to help make your public seminar booking in a prompt, professional & friendly manner.

    Get in touch and see how Risk Reward can help you

    Our London team is ready to listen carefully to your needs, take the brief, explore options, offer suggestions and help you in a professional and friendly manner.