Canada gives insurers one year to apply third-party risk management
Pardon the Interruption
This article is just an example of the content available to mallowstreet members.
On average over 150 pieces of new content are published from across the industry per month on mallowstreet. Members get access to the latest developments, industry views and a range of in-depth research.
All the content on mallowstreet is accredited for CPD by the PMI and is available to trustees for free.
Canadian insurers have until 1 May 2024 to adhere to a guideline set by their regulator on how it expects insurers and other financial institutions to manage third-party risk.
The Office of the Superintendent of Financial Institutions said third-party arrangements can be beneficial to companies by introducing efficiencies, driving innovation, managing shifting operational needs and improving services.
However, risks can arise from third-party arrangements, and these can threaten the firm’s operational and financial resilience, said OSFI.
Following a five-month consultation last year, the regulator published its final guideline yesterday, outlining its expectations on how insurers should manage third-party risk and retain accountability for business activities, functions and services outsourced to a third party.
OSFI expects six new outcomes associated with effective third-party risk management from the guideline:
1. Governance and accountability structures are clear with comprehensive risk management strategies and frameworks in place.
2. Risks posed by third parties are identified and assessed.
3. Risks posed by third parties are managed and mitigated within the firm’s risk appetite framework.
4. Third-party performance is monitored and assessed, and risks and incidents are proactively addressed.
5. The firm’s third-party risk management programme allows the firm to identify and manage a range of third-party relationships on an ongoing basis.
6. Technology and cyber operations carried out by third parties are transparent, reliable and secure.
The guideline will come into effect 1 May 2024, roughly one year after its publication, to give insurers time to self-assess and build third-party risk management programmes that comply with the new requirements.
OSFI will hold an information session for industry members on 18 May from 1 pm to 2:30 pm ET.
OSFI will hold an information session for industry members on 18 May from 1 pm to 2:30 pm ET.
In the UK, insurance supervisors launched a survey this month to ask service providers to the financial sector for their views on the costs and benefits of a potential critical third-party regime, following a consultation last year.
The survey runs until 17 May.
What steps do you have in place to manage your vendors?
