On 9 July 2024, the Basel Committee on Banking Supervision published a consultative document on Principles for the sound management of third-party risk.

The Principles contained in the consultative document are intended to supersede those in the 2005 Joint Forum paper Outsourcing in financial services specifically for the banking sector. There are 12 high-level principles which are intended to provide guidance to banks and prudential supervisors on effective third-party risk management, aiming to enhance banks’ ability to withstand operational disruptions and mitigate the impact of severe disruptive events.

Principles 1 through 9 provide banks with guidance on effective management of third-party service provider risks, while Principles 10 through 12 provide guidance for prudential supervisors. The Principles seek to achieve a balance in improving practices related to the management of third parties and providing a common baseline for banks and supervisors, while maintaining sufficient flexibility given the evolution of practices in this area.

The Principles are technology neutral meaning that they are adaptable and applicable to a wide range of technologies. This means that they can be applied to recent trends like artificial intelligence, machine learning and blockchain technology, even though these trends are not explicitly referenced.

The deadline for comments on the consultative document is 9 October 2024.