Everything Banks, Investment Firms and Payment Institutions Need to Know — Practical and Concise
Whitepaper
27 August 2025
On July 8, 2025, the European Banking Authority (EBA) published a draft of new guidelines on third-party risk management, fundamentally reshaping how institutions must manage outsourcing and third-party relationships.
By 2028, financial institutions will be required to implement comprehensive adjustments — with significant implications for management, governance, contracts and due diligence processes.
👉 A concise overview of the new EBA requirements
👉 A comparison of EBA 2019 vs. EBA 2025 guidelines
👉 Insights into the interaction with DORA (Digital Operational Resilience Act)
👉 Concrete recommendations for action and a roadmap tailored to your institution
✓ Which responsibilities managing directors will personally assume in the future
✔ Why third-party risk is not only a regulatory requirement but also a strategic issue
✔ Which documentation and register obligations institutions will face ✔ How contracts and due diligence processes need to be adapted
✔ How to use the transition period until 2028 to combine compliance and efficiency
✔ An in-depth analysis of the planned regulatory changes
Managing Directors, Outsourcing and Third-Party Risk Managers, as well as legal experts from banks, payment institutions and investment firms.
Make the most of the preparation period now — those who act early will avoid the mistakes of delayed DORA implementation.
The EBA is extending its outsourcing rules to cover All third-party relationships by 2028 — meaning institutions must now redefine their entire third-party strategy.
Our white paper Outlines the concrete steps to take and shows you how to leverage this transformation strategically.
