Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Digital Library

Javascript is currently disabled for your browser. For an optimal search experience, please enable javascript.

Advanced Search

Basic Search

Content Type

Topics

Publication Date

White Paper

Managing Third Party Risk in Financial Services Organizations: A Resilience-Based Approach

  • Abstract

    Outsourcing to third parties and the resulting dependency risks have become a leading consideration for financial services firms, drawing extensive management attention and regulatory scrutiny. This is particularly true for third party risks that arise from the use of information and communication technology (ICT), which may include data breaches, fraud, access to sensitive internal information, reputation impacts, or disclosure of intellectual property. These concerns are exacerbated by a pervasive and dynamic cybersecurity threat landscape. Attackers know that third party suppliers can be a weak link and target them accordingly.

    Recent, high profile incidents involving the financial industry highlight the unexpected or unintended consequences that can arise when organizations outsource support and processing activities. This is particularly true for customer-facing services supported by outsourced information technology. Regulators have emphasized careful oversight of third party suppliers and have strongly urged senior management to more directly engage in this area of risk management. 

  • Download