Skip to main content
News and EventsCareers
HomeEconomyConferences

Third-party Service Provider Risks in the Economy and Financial System

October 16, 2025

Houston

Hosted by the Federal Reserve Banks of Boston, Chicago and Dallas

This workshop brought together researchers, regulators and practitioners to explore how vulnerabilities related to third-party service providers can best be identified, monitored and mitigated.

Overview

Financial and nonfinancial companies increasingly rely on third parties to provide critical services for their businesses. These services can include software, data, recordkeeping, computing infrastructure, generative artificial intelligence systems, and energy and telecommunications utilities, among others.

Due to economies of scale or network externalities, provision of any given service is often highly concentrated among a very small number of providers. As a result, problems at one provider could pose systemic vulnerabilities to the economy, major economic sectors or the financial system.

An individual provider’s services may also enable interactions among a number of companies receiving the services. This interconnectedness could increase the risk of spillovers.

This workshop focused on how these vulnerabilities can best be addressed. Sessions included presentations of research and a panel discussion.

Agenda
Oct. 16, 2025
8:00 a.m. Registration and breakfast
8:45 a.m. Welcome and opening remarks, Risk management in an interconnected economy
Sam Schulhofer-Wohl, Federal Reserve Bank of Dallas
9:00 a.m. Panel session 1: Financial sector perspectives
Moderator: Emma Weiss, Federal Reserve Bank of Chicago
Panelists:
  • Yana Galukhina, Fidelity Investments
  • Ruth Norris, Texas Department of Banking
  • Vishal Thakkar, Options Clearing Corporation
10:15 a.m. Break
10:45 a.m.

Paper session 1: Examples of third-party and cyber risks
What do third-party and cyber risk in the financial system and economy look like? How systemic are these risks?
Moderator: Gene Amromin, Federal Reserve Bank of Chicago

Do Software Companies Spread Cyber Risk?
Presenter: Emanuele Rizzo, ESADE Business School
Co-author: Giorgio Ottonello

Short-Circuiting Short-Term Funding
Presenter: R. Jay Kahn, Federal Reserve Board
Co-authors: Neth Karunamuni, Mark Paddrik and Simpson Zhang
11:45 a.m. Lunch
12:45 p.m.

Paper session 2: Measuring and monitoring
How do we measure and monitor third-party risk? How can we understand exposure? What is happening in other jurisdictions?
Moderator: Claire Labonne, Federal Reserve Bank of Boston

Cyber Vulnerabilities at Large U.S. Financial Institutions and Their Third-party Service Providers
Presenter: Seung Lee, Federal Reserve Board
Co-authors: Jin-Wook Chang, Jacob Dice, Shengwu Du, Adam Flury, Sam Jerow, Stacey Schreft and Craig Vandre

Measurability: Cybersecurity Ratings for Third-party Risk Management in the U.S. Healthcare Sector
Presenter: Bill Yurcik, Centers for Medicare & Medicaid Services
Co-authors: Stephen North, O. Sami Saydjari and Gregory Pluta

Technical Providers in the Payment Sector: The Italian Oversight Approach in the Context of International and European Market and Regulatory Developments
Presenter: Emanuela Cerrato, Bank of Italy
Co-authors: Enrica Detto, Daniele Natalizi, Federico Semorile and Fabio Zuffranieri
2:15 p.m. Break
2:45 p.m.Panel session 2: Nonfinancial industries perspectives
Moderator: Amy Chapel, Federal Reserve Bank of Dallas
Panelists:
  • Hazel Chappell, ishca health
  • Angela Williams, UL Solutions
  • Mike Wyneken, American Airlines
4:00 p.m. Closing remarks
Cindy Hull, Federal Reserve Bank of Chicago
For more information

Contact the workshop committee.