Tech & Sourcing @ Morgan Lewis

TECHNOLOGY TRANSACTIONS, OUTSOURCING, AND COMMERCIAL CONTRACTS NEWS FOR LAWYERS AND SOURCING PROFESSIONALS
UK financial regulators recently published their supervisory expectations for critical third party service providers (CTPs) to the financial sector under the United Kingdom’s new regime extending regulatory oversight to CTPs. The final rules align with key themes of other regulatory regimes seeking to reinforce operational resilience (e.g., the EU Digital Operational Resilience Act (DORA)) around risk management, supply chain management, and incident management, among other areas.
Our technology transactions, outsourcing, and commercial contracts team on October 30, 2024 held its annual industry summit in New York. The theme this year was Unleashing the Potential of Technology, with a focus on artificial intelligence (AI). Attendees included in-house counsel and sourcing professionals across a number of industries, including representatives from the client and vendor side. The diverse audience led to highly interactive discussions among some of the leading voices in the tech and sourcing fields.
The UK Financial Conduct Authority (FCA) on October 31, 2024 published observations and key lessons from how firms responded to the CrowdStrike IT outage. The outage caused disruption across several industries globally, and the FCA highlights for UK financial services the importance of ensuring operational resilience in order to minimize the potential impact of future events on consumers and markets.
Artificial intelligence (AI) is top of mind for all businesses looking to grow. Economic researchers point to AI as a key factor to boost the economy, and believe that AI could result in billions, if not trillions, of dollars in technology-related spending. However, this potential growth will not be possible in isolation; it requires massive amounts of supporting infrastructure.
In our latest blog post on preparing for the EU’s Digital Operational Resilience Act (DORA), entering into force on January 17, 2025, we take a look at second-level requirements under DORA covering the classification and reporting of major information and communications technology (ICT) related incidents. These requirements will need to be addressed through operational risk management frameworks and contract remediation efforts with technology vendors.
Beginning January 17, 2025, financial entities based in the European Union must have in place processes and policies, and mandatory contract provisions with their third-party technology vendors, that comply with the EU Digital Operational Resilience Act (DORA).
Starting January 17, 2025, financial entities based in the European Union must have in place processes and policies, as well as mandatory contract provisions with their third-party technology vendors, that comply with the EU’s Digital Operational Resilience Act (DORA). Financial entities are currently at varying stages of updating their operational risk management frameworks and remediating contracts with technology vendors. For banks, the European Central Bank has signaled that resiliency will be a top priority on its supervisory agenda.
As part of our Technology Marathon webinar series, partners Kristin Lee, Mike Pierides, and Steven Stone recently discussed financial regulators’ increasing focus on artificial intelligence (AI).
Worldwide IT spending is forecast to total more than $5 trillion in 2024, with 10% year-on-year growth of spending on data center systems, according to recent analysis from Gartner. The increasing adoption of artificial intelligence (AI) solutions is driving demand for technology infrastructure in order to meet greater data storage and network infrastructure requirements and more compute-intensive workloads.
Beginning January 17, 2025, the European Union’s Digital Operational Resilience Act (DORA) will require financial entities to maintain and submit to EU regulators a comprehensive register of their contractual arrangements with third-party information and communication technology (ICT) service providers. Financial entities are being given the opportunity to sign up for a voluntary reporting exercise by May 31, 2024, running between July and August 2024, to help them prepare for one of the most challenging aspects of implementing DORA.