March Global Regulatory Brief: Digital finance

Bloomberg Professional Services

March 26, 2025

The Global Regulatory Brief provides monthly insights on the latest risk and regulatory developments. This brief was written by Bloomberg’s Regulatory Affairs Specialists.

Digital finance regulatory developments

As technology continues to reshape financial services, regulators and policy setters are embarking on a range of digital-finance initiatives to manage risks and set appropriate standards. The following digital finance policy developments represent a sample of wider regulatory and policy coverage available to Bloomberg Terminal customers. Run REGS <GO> to find out more or contact your Bloomberg representative to learn more.

  • Korea: FSS announces third party risk management guidelines
  • Indonesia: Financial regulator launches tool to enhance market surveillance
  • EU:  ECB publishes findings on outsourcing in EU banking sector
  • Qatar: Central Bank issues data handling and protection regulation

Explore the latest regulatory insights with our outlooks, webinars, research and analysis.

Sign up

Korea FSS announces third party risk management guidelines

South Korea’s Financial Supervisory Service (FSS) has introduced new guidelines to enhance financial institutions’ management of third-party risks. This initiative is a response to the increasing reliance on outsourced services and the associated operational risks. The guidelines aim to establish a comprehensive third-party risk management framework within financial institutions.

In summary: The FSS highlighted that the digitalization of financial services and the diversification of product sales channels have led firms to depend more on outsourcing. This dependency has increased third-party risks, in addition to traditional risks like market and credit risks. 

In more detail: The new guidelines require financial institutions to integrate third-party risk management into their existing enterprise-wide risk processes. 

  • Boards and senior management are responsible for defining and overseeing risk management policies, while executives must implement and maintain effective measures. 
  • High-risk outsourcing agreements will be given priority, necessitating robust contingency plans to mitigate disruptions from unexpected events. 
  • The FSS also stresses the need for thorough documentation of decision-making, risk assessment outcomes, and management actions in order to foster transparency.

Implementation: These guidelines will be implemented as self-regulatory standards through industry associations, tailored to the unique third-party risk characteristics of different sectors. They draw on international standards, such as those from the Bank for International Settlements (BIS), and are customised to the size, complexities, and specific third-party relationships of institutions.

Next Steps: The implementation of these guidelines will start with selected high-risk sectors by a broader rollout across the industry. Financial institutions are expected to adopt these self-regulatory standards and integrate them into their risk management frameworks.

Indonesia financial regulator launches capital markets suptech tool to enhance market surveillance

The Indonesian financial regulator Otoritas Jasa Keuangan (OJK) launched a capital markets suptech tool which employs big data analytics to improve market surveillance, monitoring and analysis in the capital markets sector.

Key objectives: The suptech tool, Suptech Integrated Analytics Data (OSIDA), was developed as part of OJK’s priority agenda – strengthening the capacity of the financial services sector and strengthening supervision by leveraging information technology and enriching supervision tools. OJK expects that this would increase supervision output that is more comprehensive, faster and also more efficient.

In more detail: The OSIDA will not only collect data and analytical output from the capital markets sector, but can also be integrated with financial derivatives data, carbon exchanges, and be used by other sectors at the OJK, such as Banking, Insurance, Guarantee, and Pension Fund (PPDP) sectors, Financing Institutions, Venture Capital Companies, Microfinance Institutions, and Other Financial Services Institutions (PVML) sectors, and Financial Sector Technology Innovation, Digital Financial Assets and Crypto Assets (IAKD) sectors, as well as integrate data from other institutions or agencies.

ECB publishes findings on outsourcing in EU banking sector

The European Central Bank (ECB) published its annual horizontal analysis of outsourcing in the EU banking sector, assessing trends in outsourcing contracts of significant institutions (SIs), reliance on external providers, and reflecting associated financial stability risks.

Summary: The report is based on data collected by the ECB for its Outsourcing Register up to end-2023 and aims to capture the evolving trends, complexities and global nature of outsourcing within the financial sector, offering insights into how these practices are managed and their impact on banking institutions. The report highlights the increasing complexity of outsourcing arrangements, particularly in ICT services and cloud computing, while reinforcing concerns around high concentration risks, operational resilience, and reliance to external providers for critical services.

Key highlights:

  • Increasing reliance on external providers: with a marked rise in the number of active outsourcing contracts by 15% and a 4% increase in those covering critical functions. 
  • Dependence on cloud outsourcing: SIs continue to rely heavily on cloud outsourcing, with the budget for cloud services increasing significantly compared with 2022.
  • Global outsourcing trends: There has been a significant increase in external contracts with US providers and a rise in outsourcing outside the EU, especially in the UK, US, India, Switzerland and Serbia.
  • Concentration and external providers: External outsourcing expenses for critical services show a concentration among a limited number of external providers, with half of the total budget spent on the top 30 external providers.
  • Certain compliance improvements, but gaps remain: while non-compliance with the EBA outsourcing guidelines dropped to 9.9%, many critical contracts have not been audited or risk-assessed in over three years, pointing to risk management challenges. 

Closely related: The report aligns with the ECB’s Single Supervisory Mechanism (SSM) 2025-2027 supervisory priorities, which elevate the level of risks from ICT outsourcing and cyber threats. The ECB also recently consulted on its Guide on outsourcing cloud services to cloud service providers.

Qatar Central Bank issues data handling and protection regulation

The Qatar Central Bank (QCB) has published the Data Handling and Protection Regulation, providing comprehensive guidelines for financial institutions on data governance, security, and privacy. 

Important context: The regulation aims to ensure data integrity, confidentiality, and availability while aligning with global best practices and compliance requirements. It addresses the challenges of safeguarding sensitive information in the financial sector and enhances the sector’s resilience against emerging threats.

View the additional regulatory briefs from this month:

Sign up to receive these updates in your inbox first.

How we can help

Bloomberg’s Public Policy and Regulatory team brings you insight and analysis on policy developments to help navigate the complex and fast changing global regulatory landscape. To discuss regulatory solutions, please get in touch with our specialists or read more insights from our Regulatory team.

Recommended for you

Request a demo

Contact us