CeFPro Connect

Header banner
CeFPro Connect Subscribe to our weekly newsletter
Register here
Article
Monitoring internal and external concentration of supply chain to minimize over reliance on individual third parties
03/05/2024
Monitoring internal and external concentration of supply chain to minimize over reliance on individual third parties

Disclaimer: Opinions are of Sean Miles, as an individual, not attributed to any particular organization.

What should institutions be looking for when monitoring for internal and external concentration?

Institutions should fully understand their end to end supplier network, for key/material processes and services, (both internally and externally) to identify bottlenecks and single points of failure.  If they find one provider is critical to a particular service (such as a Cloud-provider or systems provider) they need to ensure they are sufficient contingencies arrangements, exit plans and whether the provider can easily be substituted. Scenario planning and holding pre-mortems are good ways to identify concentration risks.  What if the supplier collapses?  Suffers a reputation issue or cyber event? Performing an assessment of the overarching ecosystem can really help.

How can effective controls be implemented to limit the risk of concentration?

The right controls can mitigate all risks including concentration risks.  However, there are sub levels of concentration that can’t be fully mitigated.  For instance, if there is a dominant utility provider or software provider that you have to use, you need to document these dependencies and ensure Board are aware of the reliances. In such areas of dominance, institutions need to determine what level of assurance they.  The Bank of England’s Financial Stability report recently stated. “The FPC has previously highlighted that the market for cloud services is highly concentrated among a few cloud service providers (CSPs), which could pose risks to financial stability. Since the start of 2020, financial institutions have accelerated their plans to scale up their reliance on CSPs. Although the PRA and FCA have recently strengthened the regulation of firms’ operational resilience and third party risk management, the increasing reliance on a small number of CSPs and other critical third parties could increase financial stability risks without greater direct regulatory oversight of the resilience of the services they provide.”
Log in to continue or register for free
WHAT'S INCLUDED:
Unlimited access to peer-contribution articles and insights
Global research and market intelligence reports
Discover iNFRont Magazine, an NFR publication
Panel discussion and presentation recordings
REGISTER HERE SIGN IN
Skyscraper banner
Related insights
test 2 11-05-24
test 2 11-05-24
test 11-05-24
test 11-05-24
Fintech Advances and Financial Services – what does the post-covid road hold?
Fintech Advances and Financial Services – what does the post-covid road hold?
A mandate for model governance in the age of AI
A mandate for model governance in the age of AI
CeFPro's MD interviews Chief Risk Officer & Chief Compliance Officer, Issuer Services BNY Mellon at Risk EMEA 2023
CeFPro's MD interviews Chief Risk Officer & Chief Compliance Officer, Issuer Services BNY Mellon at Risk EMEA 2023