In April 2023, the Office of the Superintendent of Financial Institutions (OSFI), Canada’s federal financial institutions regulator, released its new Guideline B-10: Third-Party Risk Management (Guideline). This guideline sets the bar for third-party risk management (TPRM) expectations for federally regulated financial institutions in Canada (FRFIs). It contributes to the industry’s best practices for contracting with third parties.
The new Guideline B-10 is more comprehensive than its predecessor, reflecting the evolving third-party ecosystem. Financial institutions must reassess their approach to managing supplier/vendor relationships and set risk-based, outcome-focused expectations for managing third-party risks.
Black Kite: Your Partner in Compliance
Black Kite, a leading provider of cyber risk assessments, offers a platform that can help FRFIs align their efforts and achieve outcomes that drive compliance to OSFI’s TPRM Guidelines. The platform provides real-time continuous monitoring risk visibility across your supply chain, delivering robust, comprehensive, and actionable risk telemetry data in hours, not weeks or months.
Technical Cyber Security Rating
Black Kite’s Technical Cyber Security Rating provides a comprehensive view of a vendor’s security performance trends. Unlike traditional point-in-time assessments, such as penetration tests and questionnaires, Black Kite provides continuous monitoring at scale through security automation. This approach aligns with OSFI’s expectations for FRFIs to manage third-party risks proportionate to the level of risk and complexity of the FRFI’s third-party ecosystem.
Cyber Risk in Financial Terms
Black Kite’s Cyber Risk in Financial Terms feature translates cyber risk into potential financial impact, enabling FRFIs to make informed decisions about third-party arrangements. This feature aligns with OSFI’s guideline that FRFIs should consider the potential for financial loss due to operational failures, reputational damage, or other adverse outcomes associated with third-party arrangements.
Black Kite’s Compliance Correlation feature helps FRFIs ensure their third-party arrangements comply with relevant regulations and standards. This feature aligns with OSFI’s guideline that FRFIs should manage and mitigate risks within the FRFI’s risk-appetite framework.
Black Kite’s Transparent Methodology ensures that FRFIs clearly understand how Black Kite assesses and rates third-party cyber risk. This transparency aligns with OSFI’s guideline that technology and cyber operations carried out by third parties must be transparent, reliable, and secure.
With Black Kite’s platform, achieving compliance with the new OSFI TPRM Guidelines is within your reach. The new Guideline B-10 will come into effect on May 1, 2024, providing FRFIs sufficient time to self-assess and build TPRM programs that comply with the new requirements. Black Kite is here to support you in this journey. Request a demo today to learn more about how Black Kite can help you achieve compliance with OSFI’s TPRM Guidelines.