Browse Skills

OSFI B-10 — Third-Party Risk Management Framework

    Canada OSFI B-10 Third-party risk Governance FRFI
    Get Started with This Skill

    Overview

    Draft the enterprise-wide TPRMF (governance, accountabilities, lifecycle, inventory) for federally regulated financial institutions under OSFI B-10.

    Getting Started

    Add your source materials to the project workspace, then activate the OSFI B-10 — Third-Party Risk Management Framework skill. The agent will guide you through the process step by step.

    Example conversation

    You: We need to document our Third-Party Risk Management Framework for OSFI B-10—governance, lifecycle, and how we inventory and report on third-party risk.

    Agent: I’ll draft the TPRMF using the skill reference. I’ll document that the FRFI retains accountability for outsourced activities and third-party risk; set out the enterprise-wide TPRMF spanning the lifecycle from sourcing and due diligence to exit; define accountabilities, policies, and processes for identifying, assessing, managing, mitigating, monitoring, and reporting third-party risk; include an inventory by risk and criticality and aggregation of exposures and trends; align with risk appetite; and state that the TPRMF is reviewed and updated on a regular basis. I’ll align with OSFI B-10 outcomes and proportionality.

    Output excerpt

    Accountability — The FRFI retains accountability for business activities, functions, and services outsourced to third parties and for managing risk arising from all third-party arrangements. Senior Management is satisfied that activities performed by third parties are conducted in a safe and sound manner, in compliance with applicable legislative and regulatory requirements and the FRFI’s internal policies, standards, and processes, and that third-party arrangements are aligned with the FRFI’s risk appetite and managed proportionate to criticality and risk.

    TPRMF scope — The TPRMF provides an enterprise-wide view of exposures to third parties and governs the full lifecycle of third-party arrangements (sourcing, due diligence, through to potential exit). It sets out how the FRFI will identify and assess; manage and mitigate; and monitor and report on third-party risk. It includes an inventory of third parties delineated by risk and criticality and processes for aggregation of third-party risk exposures and trends to inform the current and emerging risk profile. The TPRMF is reviewed and updated on a regular basis.

    Extension and validation

    validate_tprmf — Validates the TPRMF document for framework sections, lifecycle (sourcing to exit), accountability, and inventory by risk and criticality. Flags missing content or placeholders. Run after drafting or updating the TPRMF.

    Ready to let your expertise drive the workflow?

    Stop wrestling with rigid templates and complex tooling. Write your process in markdown, let the agent handle the rest.

    Get Started