Enhancing Third-Party Risk Management and Oversight: A toolkit for financial institutions and financial authorities - Consultative document
Financial institutions rely on third-party service providers for a range of services, some of which support their critical operations.
These third-party dependencies have grown in recent years as part of the digitalisation of the financial services sector and can bring multiple benefits to financial institutions including flexibility, innovation and improved operational resilience. However, if not properly managed, disruption to critical services or service providers could pose risks to financial institutions and, in some cases, financial stability.
In response to concerns over the risks related to outsourcing and third-party service relationships, the FSB has developed a toolkit for financial authorities and financial institutions as well as service providers for their third-party risk management and oversight. The toolkit aims to:
reduce fragmentation in regulatory and supervisory approaches to financial institutions’ third-party risk management across jurisdictions and different areas of the financial services sector;
strengthen financial institutions’ ability to manage third-party risks and financial authorities’ ability to monitor and strengthen the resilience of the financial system; and
facilitate coordination among relevant stakeholders (i.e. financial authorities, financial institutions and third-party service providers).
This should help mitigate compliance costs for both financial institutions and third-party service providers.
The toolkit, which looks holistically on third-party risk management, comprises:
a list of common terms and definitions to improve clarity and consistency across financial institutions and to improve communication among relevant stakeholders
tools to help financial institutions identify critical services and manage potential risks throughout the lifecycle of a third-party service relationship
tools for supervising how financial institutions manage third-party risks, and for identifying, monitoring and managing systemic third-party dependencies and potential systemic risks
The FSB is inviting comments on this consultative document. Written responses should be sent to [email protected] by 22 August 2023 with the subject line “Third-Party Risk Management and Oversight”. Responses will be published on the FSB’s website unless respondents expressly request otherwise.
The FSB is also holding a virtual outreach event for stakeholders on 21 July 2023 at 13:00-15:00 CEST.