Browse Skills

OSFI B-10 — Third-Party Risk Assessment

    Canada OSFI B-10 Third-party risk Risk assessment FRFI
    Get Started with This Skill

    Overview

    Draft risk identification, assessment, and due diligence for third-party arrangements under OSFI B-10 (criteria, concentration, subcontracting, Annex 1).

    Getting Started

    Add your source materials to the project workspace, then activate the OSFI B-10 — Third-Party Risk Assessment skill. The agent will guide you through the process step by step.

    Example conversation

    You: We need to document our third-party risk assessment and due diligence process for B-10—criteria, when we assess, and how we handle concentration and subcontracting risk.

    Agent: I’ll draft the risk assessment and due diligence procedures using the skill reference. I’ll define comprehensive, scalable risk assessment criteria (with criticality as an input); when assessments are conducted (prior to entering, at renewal, periodically, on material changes); due diligence processes with documented escalation, approval, and risk acceptance; out-of-Canada considerations; concentration risk assessment (institution-specific and, where possible, systemic); and how we identify, monitor, and manage subcontracting risk. I’ll reference B-10 Annex 1 for high-risk and critical arrangements.

    Output excerpt

    Risk assessment criteria — Assessment criteria are comprehensive and periodically reviewed. Criticality is an important input: impact of exit or transition, degree of support to critical operations, substitutability (portability, timeliness of transfer), and severity of loss or harm if the third party fails. The level of risk considers probability of failure, ability to assess controls and meet regulatory requirements, financial health and step-in risk, subcontractors and supply chain, concentration risk, and data/cyber/privacy practices. The rigor of risk management activities is proportionate to risk and criticality.

    Due diligence — Due diligence is performed prior to entering, as part of renewal, periodically, and on material changes, proportionate to risk and criticality. The process includes documented risk escalation, approval, and risk acceptance. For high-risk and critical arrangements, the FRFI considers the factors set out in B-10 Annex 1. For out-of-Canada arrangements, the FRFI reviews legal requirements and political, legal, security, economic, environmental, and social risks that may impede the third party’s ability to provide services.

    Extension and validation

    validate_third_party_risk_assessment — Validates the risk assessment document for criteria, due diligence (including Annex 1 for high-risk/critical arrangements), and concentration and subcontracting risk. Flags missing content or placeholders. Run after drafting or updating risk assessment or due diligence procedures.

    Ready to let your expertise drive the workflow?

    Stop wrestling with rigid templates and complex tooling. Write your process in markdown, let the agent handle the rest.

    Get Started