Featured Product

    FSB Proposes Toolkit to Enhance Management of Third-Party Risk

    July 10, 2023

    Banks increasingly rely on third-party vendors for critical functions such as technology infrastructure, processing of data and payments, and customer support. Failures and disruptions in such third-party services can erode customer confidence and lead to lost business opportunities and reputational damage. To circumvent these challenges and in the interest of ensuring stability of the financial system, many financial regulators worldwide now expect banks and other financial institutions to put in place appropriate practices for third-party risk management. In this context, the Financial Stability Board (FSB) recently published and is seeking comments on a toolkit that sets out tools to help financial institutions identify critical services and manage potential risks throughout the lifecycle of a third-party service relationship. This toolkit is relevant for financial authorities, financial institutions, and various financial service providers, with the comment period ending on August 22, 2023.

    Overview of FSB toolkit

    The primary emphasis of the FSB toolkit is on critical services, given the potential impact of their disruption on financial institutions’ critical operations and financial stability, though the toolkit also looks holistically at third-party risk management. The toolkit is aimed to reduce fragmentation in regulatory and supervisory approaches to financial institutions’ third-party risk management across jurisdictions and different areas of the financial services sector. The tools that are set out seek to help financial institutions to:

    • Identify critical services consistently yet flexibly
    • Conduct due diligence, contracting, and ongoing monitoring of critical services and service providers
    • Be informed of incidents affecting critical services in a timely way
    • Have consistent mapping of financial institutions’ third-party service relationships
    • Manage risks relating to their third-party service providers’ use of service supply chain
    • Implement and test business continuity plans, which should be informed by a comprehensive Business Impact Analysis and must set out clear, measurable indicators (for example, Recovery Time Objectives or RTOs, Recovery Point Objectives or RPOs, and maximum potential loss)
    • Develop effective exit strategies and strengthen the identification and management of service provider concentration and concentration-related risks

     

    Regulatory developments in third-party risk management

    Notably, the European Union, the United Kingdom (UK), the United States (U.S.), Canada, Australia, and Singapore are among the regulatory jurisdictions that are working to address this challenge and put in place rules, frameworks, and guidelines that stipulate and/or encourage banks to put in place good third-party risk management practices. As recently as in June 2023, the federal bank regulatory agencies in the U.S. have issued guidance designed to help banking organizations manage risks associated with third-party relationships, including relationships with financial technology companies, while the financial supervisory authority in Canada (OSFI) had issued a third-party risk management guideline in April 2023. Similarly, last year, in the UK, HM Treasury had proposed a critical third-party regime that could set the legal foundations for such measures. More importantly, in the European Union, the Digital Operational Resilience Act (DORA) provides for the creation of an oversight framework for critical Information Communication Technologies (ICT) third-party service providers to financial entities in euro area. The rules in DORA will become applicable starting January 17, 2025 while the drafting of accompanying regulatory and implementing technical standards as well as guidelines is ongoing. The expected finalized regimes in the European Union and the UK set forth rules to provide regulatory agencies with powers to designate certain third-party service providers as Critical Third Parties or CTPs.

     

    Moody’s Analytics uses deep risk expertise, expansive information resources, and innovative application of technology to help clients confidently navigate an evolving marketplace. Visit our Banking Solutions page to find out more about the banking solutions offered by Moody’s Analytics. Banks worldwide use our award-winning solutions that include modular and customizable offerings to support credit risk management, balance sheet management, regulatory compliance, training, and more.

     

     

    Related Links

     

    Keywords: International, Banking, Financial Stability, Critical Service Providers, Third-Party Risk, Outsourcing Risk, Regtech, Cyber Risk, DORA, Operational Resilience, Cloud Service Providers, FSB

    Related Articles
    News

    BIS and Central Banks Experiment with GenAI to Assess Climate Risks

    A recent report from the Bank for International Settlements (BIS) Innovation Hub details Project Gaia, a collaboration between the BIS Innovation Hub Eurosystem Center and certain central banks in Europe

    March 20, 2024 WebPage Regulatory News
    News

    Nearly 25% G-SIBs Commit to Adopting TNFD Nature-Related Disclosures

    Nature-related risks are increasing in severity and frequency, affecting businesses, capital providers, financial systems, and economies.

    March 18, 2024 WebPage Regulatory News
    News

    Singapore to Mandate Climate Disclosures from FY2025

    Singapore recently took a significant step toward turning climate ambition into action, with the introduction of mandatory climate-related disclosures for listed and large non-listed companies

    March 18, 2024 WebPage Regulatory News
    News

    SEC Finalizes Climate-Related Disclosures Rule

    The U.S. Securities and Exchange Commission (SEC) has finalized the long-awaited rule that mandates climate-related disclosures for domestic and foreign publicly listed companies in the U.S.

    March 07, 2024 WebPage Regulatory News
    News

    EBA Proposes Standards Related to Standardized Credit Risk Approach

    The European Banking Authority (EBA) has been taking significant steps toward implementing the Basel III framework and strengthening the regulatory framework for credit institutions in the EU

    March 05, 2024 WebPage Regulatory News
    News

    US Regulators Release Stress Test Scenarios for Banks

    The U.S. regulators recently released baseline and severely adverse scenarios, along with other details, for stress testing the banks in 2024. The relevant U.S. banking regulators are the Federal Reserve Bank (FED), the Federal Deposit Insurance Corporation (FDIC), and the Office of the Comptroller of the Currency (OCC).

    February 28, 2024 WebPage Regulatory News
    News

    Asian Governments Aim for Interoperability in AI Governance Frameworks

    The regulatory landscape for artificial intelligence (AI), including the generative kind, is evolving rapidly, with governments and regulators aiming to address the challenges and opportunities presented by this transformative technology.

    February 28, 2024 WebPage Regulatory News
    News

    EBA Proposes Operational Risk Standards Under Final Basel III Package

    The European Union (EU) has been working on the final elements of Basel III standards, with endorsement of the Banking Package and the publication of the European Banking Authority (EBA) roadmap on Basel III implementation in December 2023.

    February 26, 2024 WebPage Regulatory News
    News

    EFRAG Proposes XBRL Taxonomy and Standard for Listed SMEs Under ESRS

    The European Financial Reporting Advisory Group (EFRAG), which plays a crucial role in shaping corporate reporting standards in European Union (EU), is seeking comments, until May 21, 2024, on the Exposure Draft ESRS for listed SMEs.

    February 23, 2024 WebPage Regulatory News
    News

    ECB to Expand Climate Change Work in 2024-2025

    Banking regulators worldwide are increasingly focusing on addressing, monitoring, and supervising the institutions' exposure to climate and environmental risks.

    February 23, 2024 WebPage Regulatory News
    RESULTS 1 - 10 OF 8957