Third-Party Risk Management

The third-party AI cascade — nth-party traceability through vendor stacks embedded in enterprise software.

Depth of coverage

What we know in this framework.

The specific clauses, articles, appendices and supervisory expectations we work against — anchored to primary source and maintained as the regime evolves.

01Risk-tiering methodology

02Due-diligence depth

03Contract cascade

04Concentration risk

05Nth-party AI discovery

How we cover it

How the firm carries OSFI B-10 into client work.

OSFI B-10 is read against the services below. Each one draws on the same compliance intelligence layer — indexed to primary source, versioned alongside the regulator, and carried into the engagement.

This framework is carried through our cross-framework control mapping. Speak with a partner for a scoped plan against your portfolio.

Related playbooks

Playbooks that ship against OSFI B-10.

Each playbook walks from discovery through artifact — phases, controls, evidence. Agents assist the mechanical steps; specialists own the sign-off.

OSFI B-10 · Vendor

OSFI B-10 Vendor Cascade Playbook

Discover AI that arrived through enterprise software, tier the vendor stack, and extend due diligence to nth-party AI providers.

Read the playbook →

Map your posture against OSFI B-10.

Bring us your current documentation, controls and inventory. We will map them clause by clause against OSFI B-10 — and against every other regime your portfolio touches — and produce the evidence artifact your supervisor will read.

Speak with a partner Back to all frameworks →