Financial Stability Board (FSB) strengthens its guidance on third-party risk management (TPRM)

In a significant move to fortify the financial industry against emerging risks, the Financial Stability Board (FSB) has issued updated guidance on third-party risk management (TPRM). The FSB is a global organisation that coordinates financial regulators' standards and aims to promote alignment and enhance the resilience of the financial sector by addressing critical issues related to supplier risk management.

The new guidance will impact financial authorities and financial institutions as well as service providers, formed in response to concerns over the risks related to outsourcing and third-party service relationships.

What changes are the FSB championing?

The newly published toolkit provides central banks worldwide with more stringent rules for managing and overseeing third-party risks within the financial institutions they regulate. Key highlights from the FSB's guidance include:

• Identifying and reporting ‘named risks’: The FSB has outlined financial instability, service deterioration, and concentration risks as ‘named risks’ that institutions must actively manage and report on. Service deterioration includes risk created by suppliers due to a decline in the quality or performance of a service, while concentration risk relates to the potential impact resulting from an overreliance on a specific service provider. This move by the FSB emphasises the importance of proactive risk identification and mitigation for institutions that hold third party relationships.
• Global sharing of critical supplier information: Financial institutions are now required to provide a list of critical suppliers to regulators, enabling global information sharing. This will allow the FSB to take a comprehensive view of systemic suppliers and promote a coordinated global approach to risk management.
• Expanding TPRM to nth party suppliers: The guidance extends TPRM to include nth party, suppliers which includes all suppliers in a supply chain from third parties to beyond. It requires all businesses involved to attest to having valid Business Continuity Plans (BCPs) to address identified risks. This expansion further strengthens the risk management framework for the sector.
• Scenario testing and tabletop exercises: Financial institutions are mandated to undertake scenario testing, with tabletop exercises allowing each to learn from mistakes and develop new strategies. It is a constructive way to integrate risk-orientated policies, standards, and procedures, enhancing the overall resilience of the financial sector.

A step in the right direction: laying the foundations for escrow

Building on the foundation laid out by the Financial Stability Board (FSB) in its updated guidance on third-party risk management (TPRM), the financial industry is taking a significant step forward in bolstering its defences against evolving risks.

The FSB has adopted many of the principles NCC Group have advocated for in its response to the FSB’s formal consultation and in its engagement with regulators globally. The FSB's proactive approach to addressing critical issues related to supplier risk management underscores its commitment to enhancing the resilience of the global financial sector.

While the FSB guidance does not explicitly mention escrow solutions, there are significant opportunities for the agreement, with escrow supporting the implementation of the strengthened TPRM requirements.

What are escrow solutions?

Escrow agreements and associated verification services are one of the only ways to always guarantee the protection of material services and information contained within. It creates a robust foundation of a stressed exit plan, forming a legal arrangement where a third party holds and regulates the transfer of assets or information between two parties.

This ensures that all organisations are protected, and the information can be accessed in the event of a stressed exit. Perhaps most importantly, technology escrow does so in a proportional, cost-effective manner. Demonstrable stressed exit plans should include an escrow agreement to ensure true business continuity.

In sum, escrow solutions are an ideal way for businesses to protect themselves whilst remaining compliant with the new guidance laid out by the FSB.

What is next?

The FSB's updated guidance on TPRM reflects a concerted effort to strengthen the financial sector's resilience against evolving risks. While escrow solutions are not explicitly mentioned, there are clear opportunities for their implementation to align with and support the FSB's recommendations, providing an additional layer of protection in an ever-changing financial landscape.

It is essential to ensure supply chain resilience and mitigate risks to ensure protection within the industry, and organisations must continue to evolve and adapt to ensure that it can withstand any complications brought about by third party risk.

ENDS