FSB consults on toolkit for enhancing third-party risk management and oversight

The FSB has released a toolkit for public consultation, aimed at assisting financial authorities, financial institutions, and service providers in managing and overseeing third-party risks.
The toolkit acknowledges the increasing digitalization of the financial services sector and the growing reliance on third-party service providers by financial institutions for various critical operations. While these dependencies can offer advantages such as flexibility, innovation, and improved operational resilience, their mismanagement can pose risks to financial institutions and even financial stability.
The primary focus of the toolkit is on critical services due to the potential impact their disruption can have on financial institutions‘ operations and overall stability. The toolkit takes a holistic approach to third-party risk management, going beyond traditional outsourcing considerations and considering changing industry practices and regulatory approaches to operational resilience. It incorporates the principle of proportionality, allowing the tools to be tailored to smaller, less complex institutions or intra-group third-party relationships.
The FSB developed this toolkit to address concerns related to outsourcing and third-party service relationships. Its objectives include reducing regulatory and supervisory fragmentation across jurisdictions and financial sectors, enhancing financial institutions‘ ability to manage third-party risks, strengthening the resilience of the financial system, and promoting coordination among relevant stakeholders, including financial authorities, financial institutions, and third-party service providers. By achieving these objectives, the toolkit aims to mitigate compliance costs for both financial institutions and service providers.
The comprehensive toolkit consists of several components. It includes a list of common terms and definitions to improve clarity and consistency among financial institutions and facilitate communication among stakeholders. It provides tools to help financial institutions identify critical services and manage risks throughout the lifecycle of a third-party service relationship. Additionally, the toolkit offers tools for supervising third-party risk management by financial institutions, identifying and monitoring systemic dependencies and potential risks, and managing such risks effectively.
The FSB is seeking feedback on this consultative document, and interested parties can provide comments until 22 August 2023 via email. The subject line for submissions should be „Third-Party Risk Management and Oversight.“ The corresponding questions for consultation can be found on pages III and IV or the consultative document. The FSB will publish the responses on its website unless otherwise requested by the respondents.
In conjunction with the consultation, the FSB is organizing an „Industry Outreach on Third-party Risk Management and Oversight“ event on 21 July 2023. The virtual meeting will be chaired by Sam Woods, Deputy Governor of the Bank of England and Chair of the FSB working group responsible for this initiative. Participants are encouraged to share their experiences and understanding of the topic, rather than representing the specific interests or views of their affiliated institutions.