Skip to main content

3. Financial institutions' third-party risk management

This chapter sets out tools to help financial institutions identify critical services and manage potential risks throughout the lifecycle of a third-party service relationship, which typically includes planning, due diligence and selection of a service provider, contracting, ongoing monitoring, and termination. Regardless of the type of third-party service relationship, the final accountability towards the financial authorities and customers remains with the financial entity and its board and senior management.

Generally, third-party service relationships involving the provision of critical services from service providers should include an assessment of potential benefits and risks and be approved by the board, senior management or an appropriate body of the financial institution.