Skip to main content

4. Financial authorities' oversight of third-party risks

This chapter sets out financial authorities' current and developing approaches and tools for:

- Supervising how financial institutions manage third-party risks; and

- Identifying and monitoring systemic third-party dependencies, and potential systemic risks and managing those risks, which could arise, for instance, due to disruption to certain services or the financial or operational failure of service providers. In some jurisdictions this may involve authorities designating certain third-party service providers as critical to the financial sector from a financial stability perspective (hereafter "financial sector critical service provider") and directly overseeing the resilience of their services to financial institutions [In these jurisdictions, a "financial sector critical service provider" is defined as a service provider to financial institutions whose services have been deemed by financial authorities to give rise to a systemic third-party dependency with potential implications on financial stability, including potential systemic risk case of disruption or failure. This is a general concept, and the specific term and definition may differ depending on jurisdictions.].

For ease of reading, the term "systemic third-party dependencies" is mainly used in the document. However, taking into account the abovementioned approaches in some jurisdictions, the toolkit is applicable to third-party service providers designated as "financial sector critical service providers" in some jurisdictions.