As the financial services industry grows more interconnected, complex, and specialized, it’s increasingly common for your third-party vendors to rely on their own set of subcontractors. These fourth parties might add value to your vendor relationships, but they also add risk. If you’re a risk management professional, you’ve probably heard or read about fourth-party risk – every year, it becomes a topic of greater concern and focus for risk leaders.
But even if you want to address fourth-party risk, it can be extremely difficult to know where to start. Fourth parties are rarely under contract, so your organization has no right to assess or even inquire with these parties directly. Your third-party vendors can change their vendors or subcontractors without notice, so keeping a complete inventory of your fourth parties might be impossible.
And finally, there’s the problem of sheer numbers. Most banks and credit unions have a big and ever-growing list of vendors. If you work with hundreds of vendors and each of those vendors has hundreds of vendors, then your extended enterprise can stretch into the millions of companies, even with consideration for overlap.