The National Bank has launched a public discussion of the draft amendments to the third-party risk management in the management system of financial payment service providers. This is stated on the regulator’s website.
The proposed changes concern the procedure for authorizing financial payment institutions and the requirements for their management systems. The aim of the initiative is to create effective risk control mechanisms when interacting with third-party service providers (TPSP).
The draft provides, in particular:
creation of third-party risk management mechanisms using the principle of proportionality;
risk assessment at all stages of cooperation with TPSP suppliers;
verification of suppliers before concluding critical contracts;
strengthening the requirements for documenting risk assessment procedures;
the possibility of refusing cooperation in certain cases;
constant monitoring of suppliers’ compliance with the established requirements;
determination of the procedure for action in case of detection of non-compliance;
integration of third-party risks into the system for ensuring the continuity of payment services.
In addition, the document defines a list of services for which third-party risk management will not be applied.
“The National Bank accepts comments and proposals until June 10, 2026 in the prescribed form,” the message says.
