Third-party Service Provider Risks in the Economy and Financial System

October 16, 2025

Houston

Hosted by the Federal Reserve Banks of Boston, Chicago and Dallas

This workshop brings together researchers, regulators and practitioners to explore how vulnerabilities related to third-party service providers can best be identified, monitored and mitigated.

Academics, regulatory officials and industry representatives from transportation, energy, finance, health care or other sectors are encouraged to participate.

Overview

Financial and nonfinancial companies increasingly rely on third parties to provide critical services for their businesses. These services can include software, data, recordkeeping, computing infrastructure, generative artificial intelligence systems, and energy and telecommunications utilities, among others.

Due to economies of scale or network externalities, provision of any given service is often highly concentrated among a very small number of providers. As a result, problems at one provider could pose systemic vulnerabilities to the economy, major economic sectors or the financial system.

An individual provider’s services may also enable interactions among a number of companies receiving the services. This interconnectedness could increase the risk of spillovers.

The workshop will focus on how these vulnerabilities can best be addressed. Sessions will include presentations of research and a panel discussion.

When

Thursday, Oct. 16, 2025

Where

Federal Reserve Bank of Dallas, Houston Branch
1801 Allen Parkway
Houston, TX 77019
Apple Maps | Google Maps | Parking information

Submit proposals by July 15

Researchers interested in presenting at the workshop are invited to submit papers for consideration. Potential topics are outlined below, and we welcome submissions in other related areas.

How to submit: Email your paper or abstract by July 15 to the workshop committee.

Selected authors will be notified by Sept. 2.

Topics of interest

Understanding exposure: How can firms—and, in regulated industries, their regulators—gain a comprehensive understanding of their exposure to critical service providers, including not only direct exposures but potential spillovers from concentration in service provision to other firms?
Risks to consider: Consideration of third-party service provider risks often focuses on risks of operational disruptions or cyberattacks. What other important risks arise when major industries or companies rely on a concentrated set of service providers?
Fostering innovation while managing risk: What tradeoffs exist between mitigating vulnerabilities from third-party technology service providers and fostering innovation in technology throughout the economy? What approaches can best foster innovation while still addressing vulnerabilities?
Lessons from various industries: How have different major industries such as transportation, energy, finance, health care and others addressed vulnerabilities from service providers? Are there lessons learned from some industries that other industries could fruitfully apply? Are there mechanisms for sharing this knowledge?
Industry-specific vs. economywide approaches: Many service providers have customers across a broad range of industries, yet each industry may have a different risk tolerance or different systemic concerns. What tradeoffs exist between addressing service provider vulnerabilities in a tailored way for specific industries versus taking an economywide approach?
Legal and regulatory environment: How does the legal and regulatory environment influence the ability of firms and regulators to mitigate third-party service provider risks? What can be learned from experiences in other jurisdictions?

For more information

Contact the workshop committee.