OSFI announces new guideline to manage third-party risk
News release - Ottawa -
Today, the Office of the Superintendent of Financial Institutions (OSFI) published its final Third-Party Risk Management Guideline which sets out associated risk management expectations for Federally Regulated Financial Institutions (FRFIs).
Third-party arrangements can support efficiency, innovation, and service. FRFIs are increasingly relying on third parties in ways that can impact operations and financial resilience.
OSFI expects FRFIs to manage these risks by adhering to this updated Guideline, which emphasizes governance and risk management programs and includes six new, clear expected outcomes associated with effective third-party risk management.
Federally-regulated financial institutions have long leveraged third-party arrangements to drive innovation, introduce efficiency, and manage shifting operational needs. As the utilization of third-party arrangements has expanded, so too have the attendant risks. Our updated Guideline B-10 will ensure financial institutions mitigate risks related to these arrangements.
- Peter Routledge, Superintendent of Financial Institutions
Quick facts
- Guideline B-10 outlines OSFI’s expectations for FRFIs to take a risk-based approach to managing third-party arrangements.
- OSFI first released a draft revised Guideline B-10 in April 2022. During a 5-month consultation period, perspectives were sought from industry, third-party providers, and other members of the public on ways the draft Guideline could be improved to meet today’s challenges. The summary of consultations, OSFI response to Draft Guideline B-10 consultation feedback – Third-party Risk Management, has helped inform the final Guideline B-10, Third-Party Risk Management Guideline.