The Supply Chain Risk No One’s Talking About

Think Your Third-Party Risk Strategy is Solid? Think Again.

You’ve assessed your direct vendors – but what about their vendors? And their vendors’ vendors? Hidden vulnerabilities deep in the supply chain could be your biggest blind spot, and the financial sector’s lack of contingency planning is putting institutions at risk.

Regulators are tightening the rules. The Digital Operational Resilience Act (DORA), FFIEC, and SS2/21 all demand stronger oversight – but most firms still aren’t asking the right questions about supplier failure, service deterioration, and software escrow.

CeFPro’s latest research study seeks to expose the reality of third-party risk, but we need you to help shape the findings…

Third-party risk runs deeper than you think. Pre-order your free copy of the whitepaper.

The importance of your insights

Your expertise is needed. Participate in our survey to help shape industry insights and benchmark best practices in mitigating third-party risks.

Our objective? To uncover hidden vulnerabilities in the third-party supply chain, assess financial institutions’ understanding of shared responsibility, and drive awareness of software escrow as a critical risk mitigation tool.

What will this research uncover?

  • Who really owns the risk? Vendors, technology providers, or the end-user? Many institutions assume responsibility lies elsewhere – our research will reveal the reality of shared accountability.

  • How resilient are financial institutions? We’re assessing preparedness for DORA, FFIEC, and SS2/21, identifying gaps in compliance, exit planning, and vendor oversight.

  • Why isn’t software escrow more widely adopted? Despite its role in mitigating supplier failure, escrow services remain underutilized. We’ll uncover the barriers and misconceptions holding firms back.

  • What’s missing from current third-party risk strategies? From procurement challenges to regulatory hurdles, this research will highlight the biggest pain points in vendor risk management—and offer solutions.

By participating, you’ll contribute to essential industry insights that will shape best practices and guide financial institutions in strengthening their third-party risk frameworks.

Pre-order your copy of the whitepaper

This isn’t just another industry report. It’s a wake-up call. The findings will expose blind spots, highlight regulatory gaps, and offer practical steps for mitigating SaaS supply chain risk.

Join our free waiting list and be the first to access exclusive insights that uncover data-drive evidence on risk blind spots, regulatory expectations, and compliance gaps, and actionable strategies to strengthen contingency planning and vendor oversight.

Coming soon, Summer 2025.

CEFPRO® CONNECT

View CeFPro's full collection of market research reports

To access the full collection, log in to your free CeFPro® Connect account.

You may also be interested in

Non-Financial Risk (NFR) Leaders

NFR Leaders is based on responses from professionals and provides a ranking of the top 10 non-financial and operational risks, key investment priorities, and a deep dive into some of the most influential themes.

Third Party Risk Management (TPRM)

As the industry moves towards an increased reliance on outsourced services due to the economic environment, understanding risks across supply chains remains relatively immature.

CeFPro® events

Bringing together like-minded professionals across North America and Europe to learn valuable insights covering critical risk areas while making valuable industry connections.