On April 24, 2023, the Office of the Superintendent of Financial Institutions (OSFI) published its final revised Guideline B-10: Third-Party Risk Management (the Guideline), setting out associated risk management expectations for federally regulated financial institutions (FRFIs).
As previously reported by the E-TIPS® Newsletter here, OSFI considers that the growing number of dominant third-party service providers in key areas of the economy increases the risk of FRFIs being unable to deliver critical services if such third-party service providers are disrupted. OSFI expects FRFIs to manage risks related to third-party arrangements by adhering to the updated Guideline, and emphasizes that FRFIs retain accountability for business activities, functions, and services outsourced to a third party.
The Guideline presents the following six expected outcomes for FRFIs to achieve through effective third-party risk management:
With an effective date of May 1, 2024, OSFI maintains that the Guideline provides adequate time for regulated entities to self-assess and ensure compliance. OSFI expects that third-party arrangements commencing after the effective date will adhere to the Guideline, while those entered prior to the date will be updated to meet compliance on the effective date or as soon as possible thereafter.
Summary By: Steffi Tran
Disclaimer: This Newsletter is intended to provide readers with general information on legal developments in the areas of e-commerce, information technology and intellectual property. It is not intended to be a complete statement of the law, nor is it intended to provide legal advice. No person should act or rely upon the information contained in this newsletter without seeking legal advice.
E-TIPS is a registered trade-mark of Deeth Williams Wall LLP.