Collaboration in third party Risk
Identifying Concentration Risks in Financial Services Supply Chains
Supply chain cyber attacks are rising, exposing financial institutions to risks hiding deep in their supply chains. Despite regulatory mandates, firms struggle to map and analyse their extended supplier ecosystems, leaving both individual organisations and the broader financial system vulnerable.
In a trial project with just six financial institutions, nearly 1,300 suppliers were identified, exposing deep interdependencies across their supply chains. Despite the small number of participants, 47 potential systemic concentration risks emerged, none of which would have been visible to any firm on its own. This project's findings demonstrate that true cyber resilience and effective third-party risk management can only be achieved through industry-wide collaboration.
Understand how to map your extended supplier ecosystem, uncovering hidden risks at the 4th, 5th, and nth-party levels.
Learn how to detect concentration risks that could threaten your organisation and the wider financial sector.
See how data sharing and collective intelligence enhance risk detection, improve efficiency, and strengthen supply chain resilience.
Key Themes & What You Will Learn
EXecutive summary
What you will learn: The background and aims as well as key findings and recommendations of the project at a glance.
Overview
What you will learn: The key challenges with traditional TPRM and why it is no longer enough, the project objectives in detail and how they relate to new operational resilience regulations such as DORA, and what concentration risks are.
Key findings
What you will learn: How risk Ledger mapped out the extended supply chain dependencies of the participants from the 395 third parties provided, and what we discovered in terms of potential concentration risks at 3rd, 4th and nth party levels.
Challenges
What you will learn: The key challenges participants faced when individually trying to identify concentration risks in their supply chains, and how these can be overcome in future projects.
Recommendations & conclusions
What you will learn: Here, we suggest some recommendations for how concentration risks can be more effectively identified through leveraging the power of TPRM programmes and enhanced industry-wide collaboration.
Cyber security has outgrown the old ‘castle and moat’ approach. As financial institutions rely more on cloud services and a growing network of third-party suppliers, the traditional perimeter has vanished and with it, clear visibility of risk. Regulations like DORA aim to address this by increasing oversight of supply chains, but compliance alone won’t solve the problem.
This project showed that collaboration between institutions is essential to uncover hidden threats, improve third-party risk management, and build true operational and sectoral resilience.This report highlights that tackling hidden cyber and supply chain risks requires collaboration and that no organisation can do it alone. If you have any questions please get in touch.
