The document discusses regulatory expectations for third-party oversight and governance. It outlines 12 key dimensions regulators expect institutions to address, including risk classification, due diligence, contracts, audits, and governance. Effective third-party oversight requires properly managing risks, maintaining oversight and accountability, and ensuring senior executive engagement. The use of technology and reporting can help institutions strengthen their third-party risk management programs.