FSB publishes toolkit for enhancing third-party risk management and oversight4 December 2023
+41 61 280 8477
The toolkit has been developed in response to concerns over the risks to financial institutions from outsourcing and third-party service relationships.
The toolkit aims to strengthen financial institutions’ ability to manage third-party risks and financial authorities’ ability to monitor and strengthen the resilience of the financial system.
The toolkit aims to reduce fragmentation in regulatory and supervisory approaches across jurisdictions and financial services sectors and to facilitate coordination among financial authorities, financial institutions, and third-party services providers.
The Financial Stability Board (FSB) published today a toolkit for financial authorities and financial institutions for their third-party risk management and oversight. The toolkit was developed in response to concerns over the extent and nature of financial institutions’ interactions with a broad and diverse ecosystem of third-party service providers, which could have implications for financial stability.
The primary emphasis of the toolkit is on critical third-party services, given the potential impact of their disruption on financial institutions’ critical operations and financial stability. It also looks holistically at financial institutions’ third-party risk management in light of changing industry practices and recent regulatory and supervisory approaches to operational resilience.
The toolkit, which incorporates feedback from a public consultation conducted over the summer, aims to (i) reduce fragmentation in regulatory and supervisory approaches to third-party risk management across jurisdictions and different areas of the financial services sector; (ii) strengthen financial institutions’ ability to manage third-party risks and financial authorities’ ability to monitor and strengthen the resilience of the financial system; and (iii) facilitate coordination among relevant stakeholders (i.e. financial authorities, financial institutions and third-party service providers).
The toolkit promotes comparability and interoperability of regulatory and supervisory approaches across sectors and jurisdictions. It comprises:
a list of common terms and definitions to improve clarity and consistency regarding third-party risk management across financial institutions.
tools to help financial institutions identify critical services and manage potential risks throughout the lifecycle of a third-party service relationship.
tools for supervising how financial institutions manage third-party risks, and for identifying, monitoring, and managing systemic third-party dependencies and potential systemic risks.
The tools cover areas such as incident reporting, including the possibility of enhancing the existing cyber reporting framework to include reporting by service providers where an incident could give rise to potential risks to financial stability; non-exhaustive criteria to help financial authorities identify systemic third-party dependencies and assess potential systemic risks; and tools to identify and manage potential systemic risks, including sector-wide exercises and incident response coordination frameworks. The principle of proportionality is applicable throughout, allowing the tools to be adapted to smaller, less complex institutions or intra-group third-party service relationships.
The FSB has also set out ways to explore greater convergence of regulatory and supervisory frameworks around systemic third-party dependencies; options for greater cross-border information-sharing; and cross-border resilience testing and exercises.
Notes to editors
The FSB toolkit completes the FSB's work on third party risk management, which stemmed from a discussion paper on regulatory and supervisory issues relating to outsourcing and third-party service relationships, published in November 2020.
Based on feedback to the discussion paper, in September 2021 the FSB’s Standing Committee on Supervisory and Regulatory Cooperation (SRC) decided to develop a toolkit for financial authorities focused on their oversight of financial institutions’ reliance on critical service providers, including common terms and definitions on third-party risk management. In June 2023, the FSB launched a public consultation on its proposed toolkit. The overview of the responses to this consultation has also been published today.
The FSB coordinates at the international level the work of national financial authorities and international standard-setting bodies and develops and promotes the implementation of effective regulatory, supervisory, and other financial sector policies in the interest of financial stability. It brings together national authorities responsible for financial stability in 24 countries and jurisdictions, international financial institutions, sector-specific international groupings of regulators and supervisors, and committees of central bank experts. The FSB also conducts outreach with approximately 70 other jurisdictions through its six Regional Consultative Groups.
The FSB is chaired by Klaas Knot, President of De Nederlandsche Bank. The FSB Secretariat is located in Basel, Switzerland and hosted by the Bank for International Settlements.