The Financial Stability Board (FSB) published today a toolkit for financial authorities and financial institutions for their third-party risk management and oversight.
The toolkit was developed in response to concerns over the extent and nature of financial institutions’ interactions with a broad and diverse ecosystem of third-party service providers, which could have implications for financial stability.
The primary emphasis of the toolkit is on critical third-party services, given the potential impact of their disruption on financial institutions’ critical operations and financial stability. It also looks holistically at financial institutions’ third-party risk management in light of changing industry practices and recent regulatory and supervisory approaches to operational resilience.
The toolkit, which incorporates feedback from a public consultation conducted over the summer, aims to:
The toolkit promotes comparability and interoperability of regulatory and supervisory approaches across sectors and jurisdictions. It comprises:
The tools cover areas such as incident reporting, including the possibility of enhancing the existing cyber reporting framework to include reporting by service providers where an incident could give rise to potential risks to financial stability; non-exhaustive criteria to help financial authorities identify systemic third-party dependencies and assess potential systemic risks; and tools to identify and manage potential systemic risks, including sector-wide exercises and incident response coordination frameworks. The principle of proportionality is applicable throughout, allowing the tools to be adapted to smaller, less complex institutions or intra-group third-party service relationships.
The FSB has also set out ways to explore greater convergence of regulatory and supervisory frameworks around systemic third-party dependencies; options for greater cross-border information-sharing; and cross-border resilience testing and exercises.
Re-disseminated by The Asian Banker