With new regulations like DORA demanding deeper supply chain visibility, a pioneering collaborative project showed how through the power of collaboration, banks can identify hidden systemic risks and enhance sectoral resilience.
The financial sector is facing a new frontier of risk-one that lurks deep in the interconnected webs of its supply chains. Geopolitics and digitalisation have fueled a surge in supply chain attacks against the financial sector, exposing critical blindspots that regulators and institutions can no longer ignore. With new regulations like DORA demanding deeper visibility and resilience, a pioneering collaborative project showed how through the power of collaboration, banks can proactively map their supply chains to reveal previously hidden systemic risks that could threaten the stability of the entire industry.
Regulators are zooming in on systemic risks, especially those that arise from the complex, overlapping supply chains underpinning the financial industry. New requirements mean banks and other regulated entities must not only manage their own third-party risks, but also contribute to sector-wide efforts to map and understand shared vulnerabilities. This is no small feat.
Despite the urgency, most financial institutions currently lack the tools and frameworks to efficiently map their extended supply chains beyond their immediate third parties, let alone analyse the intricate dependencies that can turn a single supplier’s failure into an industry-wide crisis. The challenge is compounded by the sheer number and complexity of outsourcing arrangements, and the reality that many critical suppliers are shared across the sector. Without a clear view of these interconnections, both individual firms and the industry as a whole remain exposed to cascading cyber and resilience risks - risks that are increasingly on the regulatory radar for 2025 and beyond.
It is clear that no single institution can solve this challenge alone. Concentration risks - where multiple firms (or suppliers) depend on the same supplier - are inherently systemic, and can only be identified through shared insight. That’s why only a more collaborative approach offers an effective way forward.
By pooling supply chain data in a secure, trusted environment, financial institutions can collectively map their dependencies, spot hidden overlaps, and identify shared vulnerabilities that would remain invisible in isolation. This collective intelligence not only meets regulatory expectations, but also empowers firms to make more informed decisions about their own risk exposure - hardening their operational resilience in the process.
To test the power of this approach, Risk Ledger partnered with six leading financial institutions for a groundbreaking pilot project. Using Risk Ledger - an innovative supply chain risk management platform - participants imported lists of their critical third parties, enabling the mapping of their third-, fourth-, fifth-, and even deeper-tier suppliers, which the Risk Ledger platform makes possible through its social network approach.
The second phase of the project placed all participants in a dedicated, secure community where their supply chain data was made visible to one another and overlaid. This collaborative environment allowed for a comprehensive mapping of the cohort’s extended supply chains, revealing the cohort’s 4th-, 5th- and nth-party dependencies as well as concentration and systemic risks that traditional, siloed third-party risk management (TPRM) programmes would miss. The results were eye-opening:
Nearly 1,300 supplier dependencies were mapped across just six institutions, highlighting the vast interconnectedness of the sector. 47 systemic concentration risks were identified-almost eight times the number of participants - none of which would have been visible to any one firm acting alone. Meanwhile, nine third-party suppliers were directly connected to at least half the participants, including three smaller vendors whose criticality would likely have gone unnoticed in standard TPRM.
These findings underscore a sector-wide reliance on a small group of providers, with individual firms often unaware of these shared dependencies. They also make clear that systemic concentration risks are a collective challenge, and only a collaborative approach can provide the visibility needed to manage them.
The scale and complexity of supply chain risk in financial services demand a new paradigm-one built on transparency, collaboration, and shared responsibility. As regulatory scrutiny intensifies and cyber threats evolve, the industry must move beyond isolated risk management to a model that embraces collective intelligence.
This pilot project demonstrates that, even with a small cohort, collaborative supply chain mapping can uncover critical systemic risks and hidden dependencies, providing the foundation for a more resilient sector. The path forward is clear: Only by working together can financial institutions truly understand and mitigate the risks that threaten not just their own operations, but the stability of the industry as a whole.
Read the full white paper for detailed findings, methodology, and recommendations on building collective supply chain resilience in financial services here:
Sign up to our monthly newsletter to receive exclusive research and analyses by our experts, the latest case studies from our clients as well as guides, explainers and more to turn your supply chain risk management programme into a resounding success story.
