Skip to main content

2. Scope and general approaches

This chapter summarises the approach taken by this document to a number of cross-cutting issues. Section 2.1 discusses the focus on "critical services" (as defined in Chapter 1). Section 2.2 clarifies the document's holistic approach to financial institutions' management and financial authorities' oversight of third-party service relationships, as opposed to a subset thereof, such as "outsourcing", which has historically been the focus of regulatory and supervisory frameworks. Section 2.3 discusses the desirability of approaches that promote interoperable cross-border regulatory and supervisory practices to third-party risk management. Section 2.4 considers the application of the principle of proportionality in the context of third-party risk management. It discusses how regulatory expectations can differ based upon several factors, including the business model, complexity, function, internal organisation, risk profile, scale and size of different financial institutions, and availability of back-up capacities.

The toolkit is intended to be used by both:

- Financial institutions in their management of third-party risks; and

- Financial authorities as they consider their approaches to the oversight of financial institutions' third-party service relationships (in particular, those involving critical services), and the identification, monitoring and management of systemic third-party dependencies and potential systemic risks.