Basel Committee consults on principles for the sound management of third-party risk

• The Basel Committee has published a consultation on Principles for the sound management of third-party risk.
• The proposed principles provide guidance to banks and prudential supervisors on effective third-party risk management, aiming to enhance banks' ability to withstand operational disruptions and mitigate the impact of severe disruptive events.
• Comments on the proposed principles are requested by 9 October 2024.

The Basel Committee on Banking Supervision today published a consultative document proposing Principles for the sound management of third-party risk in the banking sector.

Ongoing digitalisation has led to rapid adoption of innovative approaches in the banking sector. As a result, banks have become increasingly reliant on third parties for services that they had not previously undertaken. This increased reliance on third parties beyond the scope of traditional outsourcing, coupled with the expansion of supply chains and rising concentration risks, has necessitated an update to the 2005 Joint Forum paper Outsourcing in financial services, specifically for the banking sector.

The consultative document consists of 12 high-level principles offering guidance to banks and supervisors on effectively managing and supervising risks from third-party arrangements. The Principles introduce the concept of a third-party life cycle and emphasise overarching concepts such as criticality and proportionality. Furthermore, they delve into the topics of supply chain risk and concentration risk and highlight the importance of supervisory coordination and dialogue across sectors and borders.

The Principles complement and expand on the Financial Stability Board's 2023 report Enhancing third-party risk management and oversight – a toolkit for financial institutions and financial authorities. While primarily directed at large internationally active banks and their prudential supervisors, these Principles also offer benefits to smaller banks and authorities in all jurisdictions. They establish a common baseline for banks and supervisors for the risk management of third parties, while providing the necessary flexibility to accommodate evolving practices and regulatory frameworks across jurisdictions.

To remain adaptable and applicable to a wide range of technologies, the Principles maintain a technology-neutral stance. As a result, they can be applied to recent trends like artificial intelligence, machine learning and blockchain technology, even though these trends are not explicitly referenced.

Note to editors:

The Basel Committee is the primary global standard setter for the prudential regulation of banks and provides a forum for cooperation on banking supervisory matters. Its mandate is to strengthen the regulation, supervision and practices of banks worldwide with the purpose of enhancing financial stability. The Committee reports to the Group of Central Bank Governors and Heads of Supervision and seeks its endorsement for major decisions. The Committee has no formal supranational authority, and its decisions have no legal force. Rather, the Committee relies on its members' commitments to achieve its mandate. The Group of Central Bank Governors and Heads of Supervision is chaired by Tiff Macklem, Governor of the Bank of Canada. The Basel Committee is chaired by Erik Thedéen, Governor of the Sveriges Riksbank.

More information about the Basel Committee is available here.