RegTech Intelligence

Managing Digital Infrastructure Risk – new JWG research

JWG, the trusted financial services regulatory intelligence company, has announced the publication of a ground-breaking research paper ‘Managing Digital Infrastructure Risk: a collaborative path to financial services safety’.

New regulation will fundamentally change the landscape for the biggest tech companies–particularly cloud providers.

By 2025, overlapping requirements to mitigate operational resilience threats (UK PS6/21,DORA); control third party services (outsourcing, ESG Scope 3 emissions); and improve technology governance (AI, cyber, privacy, data), will require unprecedented transparency and assurance from third-party technology providers. As reported in July, the EU and UK have led the way with many obligations becoming law in 2023.

To comply, firms will need new to bring risk management silos together and require unprecedented transparency and assurance from their third-party technology providers by 2025. Vendors unable or unwilling to provide their clients with the controls they require may lose business.

JWG’s analysis, based on  287,897 pages of new rules in 2022 is a wake-up call for firms who need to define ‘what good looks like’ before massive fines start to land as illustrated in Exhibit 1 from the paper below.

As regulators take a hard look at the supply chain, a holistic and collaborative approach between firms and suppliers is required.

Francis Gross, Senior Advisor, European Central Bank speaking in a personal capacity commented “JWG’s paper suggests that tech-age safety will require new standards and infrastructures faster than they could emerge from competitive markets. One is left with the feeling that industry and the regulators will need to learn, fast and together, what of technology is for competition and what is best for collective action, beyond today’s silos. “

Richard Harmon, VP & Global Head of FS, Red Hat said “This JWG study outlines the transition our industry is undergoing with digital infrastructure risk management moving from the back office to the board room.  Now more than ever, the board will need to spend time understanding the interdependencies between business models, regulatory requirements, technology and the banks’ supply chain.”

JWG will create a task force to solicit comments on this paper from regulators, regulated financial institutions, and suppliers to shape future plans. Please contact if you would like to be involved.

The paper, along with a companion IT guide to Operational Resilience is available free of charge to JWG registrants.

If you do not have a JWG account register here.

Want to learn more? Please register for our virtual annual conference in November.

Register here

We are also hosting a dinner in London on 2 November. Please contact if you would like more information.

About the research

JWG is an independent, pioneering market intelligence company who has been working with firms, technologists, and regulators since 2006, to help the industry comply with the ever-changing regulatory landscape.

This research report is based on a variety of global sources including intelligence gained from JWG’s Risk Control for a digitized financial sector report, from analysis of the viewpoints presented at the JWG November 2021 Annual RegTech Conference, the JWG RegCast series, survey results and feedback from the 120+ institutions that have attended JWG workshops and events. The report also includes global analysis from JWG’s RegDelta system and RegDelta Radar Services.

To promote global dialogue on how to deliver regulatory change JWG post hundreds of focused articles a year to thousands of subscribers. Get involved and join the mail list.

By hitting the subscribe button you agree to our Privacy Policy