Third-party Service Provider Risks in the Economy and Financial System

October 16, 2025

Houston

Hosted by the Federal Reserve Banks of Boston, Chicago and Dallas

This workshop brings together researchers, regulators and practitioners to explore how vulnerabilities related to third-party service providers can best be identified, monitored and mitigated.

Academics, regulatory officials and industry representatives from transportation, energy, finance, health care or other sectors are encouraged to participate.

Overview

Financial and nonfinancial companies increasingly rely on third parties to provide critical services for their businesses. These services can include software, data, recordkeeping, computing infrastructure, generative artificial intelligence systems, and energy and telecommunications utilities, among others.

Due to economies of scale or network externalities, provision of any given service is often highly concentrated among a very small number of providers. As a result, problems at one provider could pose systemic vulnerabilities to the economy, major economic sectors or the financial system.

An individual provider’s services may also enable interactions among a number of companies receiving the services. This interconnectedness could increase the risk of spillovers.

The workshop will focus on how these vulnerabilities can best be addressed. Sessions will include presentations of research and a panel discussion.

When

Thursday, Oct. 16, 2025

Where

Federal Reserve Bank of Dallas, Houston Branch
1801 Allen Parkway
Houston, TX 77019
Apple Maps | Google Maps | Parking information

Agenda

Oct. 16, 2025
8:00 a.m.	Registration and breakfast
8:30 a.m.	Welcome and opening remarks Sam Schulhofer-Wohl, Federal Reserve Bank of Dallas
9:00 a.m.	Panel session 1: Financial sector perspectives Moderator: Emma Weiss, Federal Reserve Bank of Chicago Panelists: Yana Galukhina, Fidelity Investments Ruth Norris, Texas Department of Banking Vishal Thakkar, Options Clearing Corporation
10:15 a.m.	Break
10:45 a.m.	Paper session 1: Examples of third-party and cyber risks What do third-party and cyber risk in the financial system and economy look like? How systemic are these risks? Moderator: Gene Amromin, Federal Reserve Bank of Chicago Do Software Companies Spread Cyber Risk? Presenter: Emanuele Rizzo, ESADE Business School Co-author: Giorgio Ottonello Short-Circuiting Short-Term Funding Presenter: Mark Paddrik, Office of Financial Research Co-authors: R. Jay Kahn, Neth Karunamuni and Simpson Zhang
11:45 a.m.	Lunch
12:45 p.m.	Paper session 2: Measuring and monitoring How do we measure and monitor third-party risk? How can we understand exposure? What is happening in other jurisdictions? Moderator: Claire Labonne, Federal Reserve Bank of Boston Cyber Vulnerabilities at Large U.S. Financial Institutions and Their Third-party Service Providers Presenter: Seung Lee, Federal Reserve Board Co-authors: Jin-Wook Chang, Jacob Dice, Shengwu Du, Adam Flury, Sam Jerow, Stacey Schreft and Craig Vandre Measurability: Cybersecurity Ratings for Third-party Risk Management in the U.S. Healthcare Sector Presenter: Bill Yurcik, Centers for Medicare & Medicaid Services Technical Providers in the Payment Sector: The Italian Oversight Approach in the Context of International and European Market and Regulatory Developments Presenter: Emanuela Cerrato, Bank of Italy Co-authors: Enrica Detto, Daniele Natalizi, Federico Semorile and Fabio Zuffranieri
2:15 p.m.	Break
2:45 p.m.	Panel session 2: Nonfinancial industries perspectives Moderator: Amy Chapel, Federal Reserve Bank of Dallas Panelists: Hazel Chappell, ishca health Stephen A. Koerner, NASA Angela Williams, UL Solutions Mike Wyneken, American Airlines
4:00 p.m.	Closing remarks Cindy Hull, Federal Reserve Bank of Chicago

Submissions are closed

Selected authors will be notified by Sept. 2.

For more information

Contact the workshop committee.