CanadaThird-party riskEffective May 1, 2024

Third-Party Risk Management

The third-party AI cascade — nth-party traceability through vendor stacks embedded in enterprise software.

What we know in this framework.

The specific clauses, articles, appendices and supervisory expectations we work against, anchored to primary source and maintained as the regime evolves.

01Risk-tiering methodology

02Due-diligence depth

03Contract cascade

04Concentration risk

05Nth-party AI discovery

How the firm carries OSFI B-10 into client work.

OSFI B-10 is read against the services below. Each one draws on the same compliance intelligence layer — indexed to primary source, versioned alongside the regulator, and carried into the engagement.

This framework is carried through our cross-framework control mapping. Use the contact page for a scoped plan against your portfolio.

Playbooks that ship against OSFI B-10.

Each playbook walks from discovery through artifact, phases, controls, evidence. Agents assist the mechanical steps; specialists own the sign-off.

OSFI B-10 · Vendor

OSFI B-10 Vendor Cascade Playbook

Discover AI that arrived through enterprise software, tier the vendor stack, and extend due diligence to nth-party AI providers.

Read the playbook →

Map your posture against OSFI B-10.

Bring us your current documentation, controls and inventory. We will map them clause by clause against OSFI B-10, and against every other regime your portfolio touches, and produce the evidence artifact your supervisor will read.

Speak with a partner Back to all frameworks →