2.1. Focus on critical services
The toolkit focuses primarily on "critical services" (as defined in Chapter 1) as these are the services whose disruption or failure could impair individual financial institutions' viability, critical operations and/or ability to meet key legal and regulatory obligations [ In the toolkit, "key legal and regulatory obligations" refer to those legal and regulatory obligations that a financial institution needs to maintain full and timely compliance even in the event of a severe disruption of a critical service. Which legal and regulatory obligations are key will vary by jurisdiction and depend on factors such as a financial institution's business model and size and the consequences of, and remedies available for, partial or temporary non-compliance.]. However, this focus on critical services does not suggest that third-party service relationships involving the provision of non-critical services to financial institutions do not warrant appropriate and proportionate risk management.
While the primary focus of the toolkit is on critical services, certain sections of the toolkit consider non-critical service relationships, where appropriate. In particular, this is the case in the sections on registers of third-party service relationships (Section 3.4), financial institutions' management of concentration risks (Section 3.8) and the identification of systemic third-party dependencies (Section 4.3).
Many of the concepts discussed in the toolkit, including criticality, are dynamic and can vary over time depending on the circumstances and context. For instance: