1. Common terms and definitions
This chapter presents a list of common terms and definitions as a foundation for the subsequent sections of the document. Common understanding of terms and definitions can improve clarity and consistency regarding third-party risk management across financial institutions, assist financial authorities with regulatory cooperation, improve communication with third-party service providers, and promote interoperable approaches that make oversight and risk management more efficient for financial institutions, financial authorities and third-party service providers.
Due to differences in regulation and industry practices across jurisdictions, and in the existing definitions used by different SSBs, complete harmonisation of terms is not always possible or desirable. A pragmatic approach is therefore required. The list of terms is not intended to be exhaustive and is limited to those that are necessary and relevant to the document [Some of the terms are used in other third-party risk and outsourcing frameworks (e.g. international frameworks as listed in Annex 1 and national frameworks) in a different way. Therefore, care should be exercised in cross referring to these terms.]. It is based primarily on feedback from industry and financial authorities. To ensure consistency and transparency, the list of terms was assessed against a set of criteria, which are similar to those used in the FSB Cyber Lexicon but adapted to third-party risk management [See FSB (2018), Cyber Lexicon, November.]:
- Criterion 1 (objectives): The terms should be useful for: developing a common understanding across the financial services sector (and with third-party service providers); assessing and monitoring financial stability risks; sharing information across financial authorities; and guiding the work of the FSB and/or other SSBs.