Global regulator releases ‘toolkit’ to help FSIs manage third-party risk

Third-party risk

Global financial systems regulator the Financial Stability Board (FSB) has released a new ‘toolkit’ to assist FSIs and local industry regulators to better manage third-party risk.

The just-released toolkit was created, the FSB said, in response to concerns flagged by financial services businesses and regulators over risks related to outsourcing and third-party service relationships.

Acknowledging FSIs’ increasing reliance on external services – notably for data sharing, protection and storage – the FSB recognised third parties’ outsized impact on banks, insurers and other financial businesses’ critical operations and the overall stability of the financial system.

The FSB said its toolkit provides a holistic approach to managing third-party risk, taking account of “changing industry practices and recent regulatory and supervisory approaches to operational resilience”.

Included in the toolkit are:

  • a list of common terms and definitions to improve clarity and consistency regarding third-party risk management across financial institutions.
  • tools to help financial institutions identify critical services and manage potential risks throughout the lifecycle of a third-party service relationship.
  • tools for supervising how financial institutions manage third-party risks, and for identifying, monitoring, and managing systemic third-party dependencies and potential systemic risks.

The toolkit, which incorporates feedback from a public consultation conducted over the summer and stemmed from a discussion paper released by the FSB in late 2020, aims to:

  • reduce fragmentation in regulatory and supervisory approaches to third-party risk management across jurisdictions and different areas of the financial services sector
  • strengthen financial institutions’ ability to manage third-party risks and financial authorities’ ability to monitor and strengthen the resilience of the financial system
  • facilitate coordination among relevant stakeholders (i.e. financial authorities, financial institutions and third-party service providers).