# OSFI B-10 — Third-Party Risk Management Framework > Draft the enterprise-wide TPRMF (governance, accountabilities, lifecycle, inventory) for federally regulated financial institutions under OSFI B-10. Tags: Canada, OSFI, B-10, Third-party risk, Governance, FRFI ## Example Prompts - Draft our Third-Party Risk Management Framework for OSFI B-10 - Create the TPRMF document (governance and lifecycle) - Update our enterprise third-party risk framework URL: https://rakenne.app/skills/osfi-b10-tprmf/index.md Try this skill: https://rakenne.app/a/?skill=osfi-b10-tprmf ## Overview Draft the enterprise-wide TPRMF (governance, accountabilities, lifecycle, inventory) for federally regulated financial institutions under OSFI B-10. ## Getting Started Add your source materials to the project workspace, then activate the *OSFI B-10 — Third-Party Risk Management Framework* skill. The agent will guide you through the process step by step. ## Example conversation **You:** We need to document our Third-Party Risk Management Framework for OSFI B-10—governance, lifecycle, and how we inventory and report on third-party risk. **Agent:** I'll draft the TPRMF using the skill reference. I'll document that the FRFI retains accountability for outsourced activities and third-party risk; set out the enterprise-wide TPRMF spanning the lifecycle from sourcing and due diligence to exit; define accountabilities, policies, and processes for identifying, assessing, managing, mitigating, monitoring, and reporting third-party risk; include an inventory by risk and criticality and aggregation of exposures and trends; align with risk appetite; and state that the TPRMF is reviewed and updated on a regular basis. I'll align with OSFI B-10 outcomes and proportionality. ## Output excerpt **Accountability** — The FRFI retains accountability for business activities, functions, and services outsourced to third parties and for managing risk arising from all third-party arrangements. Senior Management is satisfied that activities performed by third parties are conducted in a safe and sound manner, in compliance with applicable legislative and regulatory requirements and the FRFI's internal policies, standards, and processes, and that third-party arrangements are aligned with the FRFI's risk appetite and managed proportionate to criticality and risk. **TPRMF scope** — The TPRMF provides an enterprise-wide view of exposures to third parties and governs the full lifecycle of third-party arrangements (sourcing, due diligence, through to potential exit). It sets out how the FRFI will identify and assess; manage and mitigate; and monitor and report on third-party risk. It includes an inventory of third parties delineated by risk and criticality and processes for aggregation of third-party risk exposures and trends to inform the current and emerging risk profile. The TPRMF is reviewed and updated on a regular basis. ## Extension and validation **validate_tprmf** — Validates the TPRMF document for framework sections, lifecycle (sourcing to exit), accountability, and inventory by risk and criticality. Flags missing content or placeholders. Run after drafting or updating the TPRMF. --- Back to [Skill Library](https://rakenne.app/skills/index.md)