The critical role of data in managing vendor risks in FinTech

Last week’s IT disruption, triggered by a standard update from CrowdStrike, affected millions of Microsoft devices globally, severely impacting sectors like healthcare, media, and aviation.

According to KYND, the outage is estimated to have a financial impact between $5m and $9bn globally. This event underscores the critical need for organisations to understand and actively monitor the risks associated with third-party vendor accumulations that could affect their portfolios.

CrowdStrike has rectified the bug; however, recovery for many devices could still take considerable time. This incident should serve as a crucial alert for all organisations to revisit and rigorously test their business continuity and disaster recovery plans. Often, these plans are more theoretical than practical, with few including scenarios of complete network failure requiring manual device recovery.

The CrowdStrike incident has starkly highlighted the necessity for insurers and portfolio managers to take vendor accumulation risk more seriously. Companies like CrowdStrike are integral to daily business operations, and their failures can send shockwaves across the global economy, affecting countless companies.

Accumulation risk can manifest in various scenarios, such as reliance on a single vendor by many organisations, vendor concentration in specific geographical areas, or critical dependency on fourth-party services. It’s essential to differentiate vendors based on their operational significance to effectively manage potential risks.

To tackle these challenges, consider the following strategies:

  1. Assess exposure to accumulation risks: Utilising detailed risk data from providers like KYND can pinpoint specific risks related to vendors and service providers within your insured or investment portfolios.
  2. Review the criticality of prevalent vendors and service providers: It’s vital to identify which vendors are crucial for maintaining essential functions within an organisation or have privileged access to key infrastructure or data.
  3. Conduct granular and tailored deterministic scenario analysis: Develop custom scenarios to assess the impact of potential disruptions, considering the criticality of the affected vendors or service providers. This could include examining the effects of an outage at a specific cloud data centre or disruption of a particular service over various durations.

Upon learning about the CrowdStrike outage on the morning of Friday 19th, we promptly began assessing the level of exposure our clients faced. By the end of that day, we had communicated this critical information to all our underwriter and portfolio management clients. Our support will persist as they delve into the more intricate implications of the incident.

At KYND, our insurer and financial service clients are increasingly seeking insights to better understand their exposure to various vendors and the accumulation events tied to them, especially in the wake of the CrowdStrike incident.

While such large-scale outages are infrequent, they highlight the interconnected risks within supply chains. To remain proactive, insurers and portfolio managers require accurate and reliable data to identify and manage vendor concentration risks in their portfolios effectively.

Copyright © 2024 RegTech Analyst

Enjoyed the story? 

Subscribe to our weekly RegTech newsletter and get the latest industry news & research

Copyright © 2018 RegTech Analyst

Investors

The following investor(s) were tagged in this article.