On 10 December 2025, the Basel Committee on Banking Supervision (Basel Committee) published Principles for the sound management of third-party risk in the banking sector.

By publishing this document, the Basel Committee is promoting a principles-based approach to effective third-party risk management (TPRM) which is intended to complement banks’ operational risk management and strengthen their operational resilience. The approach follows the life cycle of a third-party service provider (TPSP) arrangement, builds on certain Basel Committee publications including its Principles for operational resilience and the revised Principles for the sound management of operational risk as well as TPRM initiatives undertaken by prudential supervisors and other international standard-setting bodies.

The document begins by laying out key concepts that apply to the 12 principles: Principles 1 to 9 provide banks with guidance on the effective management of TPSP risks, while Principles 10 to 12 provide guidance for prudential supervisors. The Principles seek to achieve a balance between improving practices related to the management of third parties and providing a common baseline for banks and supervisors, while maintaining sufficient flexibility given the evolution of practices in this area.