Final report on enhancing third-party risk management and oversight – a toolkit for financial institutions and financial authorities
Financial institutions have long relied on outsourcing and other third-party service relationships. However, in recent years, the extent and nature of financial institutions’ interactions with a broad and diverse ecosystem of third-party service providers have evolved and increased.
The developments in recent years have both brought benefits and introduced different types of risks to financial institutions. If such risks are not appropriately managed, these relationships could lead to risks to financial stability.
In response to concerns over the risks related to outsourcing and third-party service relationships, the FSB has developed a toolkit for financial authorities and financial institutions for enhancing their third-party risk management and oversight. Recognising differences across jurisdictions and financial institutions, the FSB has developed a flexible and risk-based set of tools (“toolkit”), which financial authorities and financial institutions may consider based on their circumstances, including the legal framework and specific features of the financial services sector in their jurisdictions. At the same time, the toolkit seeks to promote comparable and interoperable approaches across jurisdictions.
The toolkit comprises:
a list of common terms and definitions to improve clarity and consistency regarding third-party risk management across financial institutions, enhancing communication among relevant stakeholders.
tools to help financial institutions identify critical third-party services and manage potential risks throughout the lifecycle of a third-party service relationship.
tools for supervising how financial institutions manage third-party risks, and for identifying, monitoring and managing systemic third-party dependencies and potential systemic risks.
The toolkit is designed to complement and build on relevant existing standards and guidance by international standard-setting bodies (SSBs) and financial authorities, but not replace them.