OSFI Proposes Third-Party Risk Guideline and Publishes Risk Outlook
The Network for Greening the Financial System (NGFS) seeks consultation on repository of climate data needs and available sources, with the comment period ending on May 06, 2022. NGFS also published a report on enhancing market transparency in green and transition finance.
The revised guideline on third-party risk management emphasizes on governance and risk management programs and sets outcomes-focused, principles-based expectations for federally regulated financial institutions on the sound management of third-party risk. OSFI incorporated feedback received from previous consultations on its 2019 Third-Party Risk Study, 2020 Technology Risk Discussion Paper, and draft Technology and Cyber Risk Management Guideline (Guideline B-13) to modify its approach to expectations on technology and cyber risk in third-party arrangements. OSFI plans to issue the final guideline in Fall 2022, along with a non-attributed summary of comments received and its response to those comments. In addition, OSFI recognized that a federally endorsed framework will be developed to govern consumer-directed data mobility within the financial sector. The revised guideline includes principal changes with respect to:
- Expanded Scope—applies to a significantly wider variety of third-party arrangements including risks posed by traditional outsourcing arrangements, external entities and material subcontractors.
- Widened Risk Lens—increased focus on third-party and related risks such as technology, cyber, data security, financial, operational, business continuity management, subcontracting/supply chain, and concentration risks.
- Enhanced Risk Focus—adoption of risk-based approach instead of the previous binary approach (“material” vs. “non-material” outsourcing). Third-parties are expected to be managed according to individual levels of risk and criticality.
- Modernized Guidance—manage third-party risk by setting clear outcomes and principles and streamlined processes.
The Annual Risk Outlook report outlines the risks faced by the financial system in Canada, along with the regulatory and supervisory response of OSFI to those risks. The risks include cyberattacks, housing market downturn, digital innovation, climate change, third-party, commercial real estate market downturn, and corporate debt funding. In addition, OSFI published near-term plan along with the timelines of guidance priorities for federally regulated financial institutions and private pensions in 2022-23. Key highlights of the report are as follows:
- Cyberattacks Risk—OSFI highlighted the need for active monitoring and supervision of federally regulated financial institutions’ technology and cyber resilience. OSFI published an updated cyber-security self-assessment tool, enhanced the Technology & Cyber Incident Advisory reporting requirements and is also working on a pilot program “intelligence-led cyber resilience testing” (I-CRT) to help institutions identify weaknesses in technology and cyber security controls and to test their overall cyber resiliency. In 2022, OSFI further plans to consult on a draft revised Guideline E-21 on Operational Risk Management, and finalize the draft Guideline B-13 on Technology and Cyber Risk Management.
- Digital Innovation Risk—OSFI plans to publish an advisory that will clarify the capital and liquidity requirements to be applied to federally regulated financial institutions crypto asset exposures. OSFI also plans on providing additional clarity to federally regulated financial institutions in 2022 on areas of risk management and governance that are specific to stablecoin arrangements.
- Climate Change Risk—OSFI plans to issue guidance to set out expectations of institutions’ climate risk management and climate-related financial disclosures in 2022-23. OSFI will continue to work on other policy initiatives, including enhancing climate data and analytics capabilities, developing a standardized climate scenario analysis exercise for institutions, and assessing the need to reflect the unique features of climate-related risks in the regulatory capital framework.
Related Links
- Letter on Revised Third-Party Risk Management Guideline
- Draft Guideline on Third-Party Risk Management
- Press Release on Annual Risk Outlook
- Annual Risk Outlook for 2022-23
Keywords: Americas, Canada, Banking, Insurance, Securities, Third-Party Risk, Cyber Risk, Guideline B-13, Business Continuity, Operational Risk, Concentration Risk, Annual Risk Outlook, Climate Change Risk, ESG, Basel, Regtech, Crypto-Asset Regulation, Cloud Service Providers, OSFI, Headline
Featured Experts
María Cañamero
Skilled market researcher; growth strategist; successful go-to-market campaign developer
Nicolas Degruson
Works with financial institutions, regulatory experts, business analysts, product managers, and software engineers to drive regulatory solutions across the globe.
Michael Denton, PhD, PE
Dr. Denton provides industry leadership in the quantification of sustainability issues, climate risk, trade credit and emerging lending risks. His deep foundations in market and credit risk provide critical perspectives on how climate/sustainability risks can be measured, communicated and used to drive commercial opportunities, policy, strategy, and compliance. He supports corporate clients and financial institutions in leveraging Moody’s tools and capabilities to improve decision-making and compliance capabilities, with particular focus on the energy, agriculture and physical commodities industries.
Previous Article
NGFS Consults on Climate Data Repository and Issues a ReportRelated Articles
EU Agencies Update LCR Rule and Macro-Prudential Policy Recommendation
The European Commission (EC) published the Delegated Regulation 2022/786 with regard to the liquidity coverage requirements for credit institutions under the Capital Requirements Regulation (CRR).
EBA Publishes Regulatory Standards to Identify Shadow Banking Entities
The European Banking Authority (EBA) published the final draft regulatory technical standards specifying the criteria to identify shadow banking entities for the purposes of reporting large exposures.
EIOPA Examines Physical Climate Risk Exposure, SII Non-Compliance
The European Insurance and Occupational Pensions Authority (EIOPA) published a report assessing insurers' exposure to physical climate change risks
NGFS Report Explores Quantification of Climate Risk Differentials
The Network for Greening the Financial System (NGFS) published two reports to aid central banks and regulators in their oversight of the financial sector and in their central bank operations
EC Publishes Results on Review of Web Accessibility Directive
The European Commission (EC) published the results of a public consultation, held in October 2021, on the review of the Web Accessibility Directive.
MAS Consults on Adjustment Spreads for Conversion of SOR Contracts
The Monetary Authority of Singapore (MAS) and the SC-STS are jointly consulting, until June 10, 2022, on setting adjustment spreads for the conversion of legacy SOR contracts to SORA reference rate.
OSFI Discusses Benchmark Rate Transition, Sets Out Work Priorities
The Office of the Superintendent of Financial Institutions (OSFI) published the strategic plan for 2022-2025 and the departmental plan for 2022-23.
EBA Proposes Standards to Support Secondary NPL Markets
The European Banking Authority (EBA) is consulting, until August 31, 2022, on the draft implementing technical standards specifying requirements for the information that sellers of non-performing loans (NPLs) shall provide to prospective buyers.
EU Confirms Agreement on Rules on Cybersecurity and Banking Resolution
The European Council and the Parliament reached an agreement on the revised Directive on security of network and information systems (NIS2 Directive).
EBA Issues Standards for Crowdfunding Service Providers Under ECSPR
The European Banking Authority (EBA) published the final draft regulatory technical standards specifying information that crowdfunding service providers shall provide to investors on the calculation of credit scores and prices of crowdfunding offers.
