During the peak of the
While banks don't have a clearly defined supply chain in the traditional sense, increasingly the ecosystem of
Regulators are taking notice. When Michael Hsu, the acting head of the U.S. Office of the Comptroller of the Currency, spoke at the Institute of International Bankers' annual Washington conference last month,
Meanwhile, in Europe, the
In their efforts to modernize and develop new products at pace by embracing cloud, AI and other emerging technologies, banks are pushing the boundaries and ceding key functions and roles to intermediaries, including fintechs. The advantages of doing so are clear — heightened productivity, scale, potentially lower costs, a superior customer experience — but so are the risks. The interconnectivity of these companies along the supply chain could create a concentration bubble if something were to go wrong.
As a result, the safety and soundness of the banking system is not just about the four walls of the bank anymore. There have been several high-profile recent examples where a bank's supply chain failed, whether it be an accidental billion-dollar payment, disruption to customer-facing applications or a key supplier suddenly going belly up.
Banks' risk and compliance functions and their suppliers need to be more closely attuned to their evolving web of suppliers and up their games to make it more resilient.
Consider this hypothetical example: How quickly could your bank switch to another supplier if its software-as-a-service vendor that was providing core banking services was the victim of a cyberattack and suddenly went down? Do you know where the source code is located and whether it has been verified by a third party? Is it running in primary and secondary data centers or somewhere more challenging to reach? There are dozens more examples that could test a bank's resilience.
Artificial intelligence models are energy hogs. Climate First Bank and UBS are among the very few trying to solve this problem.
For banks, it's no longer enough to have the contractual terms in place with key suppliers. Oversight and understanding of the relationship with any provider that plays a material role in the bank's business is critical and needs to include risk management and resilience.
And for the suppliers that are forming relationships with banks, they need to grasp their potential liability. In the future, it's likely that organizations won't be able to solely rely on the assurance that the bank owns the risk, or that banks won't look to penalize suppliers if they are the inadvertent or advertent cause of damage or loss. Are these supply chain firms ready for the potential higher cost of compliance and regulatory exposure as they take on more work closer to regulated activities? And how do they create the right operating model that prioritizes success, risk management and resilience? For fintechs, in particular, the bar will have to be raised and it will become more costly to do business.
There's also a less obvious threat that could spill over — the risk of stifling innovation. This risk vs. reward tradeoff must be carefully considered by all parties involved, including regulators.
All of this points to a more fraught and interconnected risk landscape for banks. In fact, 81% of risk management executives at retail and commercial banks believe that complex, interconnected new risks are emerging at a more rapid pace than ever before, according to
There are two supply chain learnings that banks could take from other industries. The first is the benefits of developing a network of regionally diverse suppliers, with key providers and data centers located outside of the U.S. or in different regions. The second is the need to increase their digital maturity, through investments in data, AI and cloud, which would allow banks to build reconfigurable supply chains and support decentralized, real-time decision-making at the front lines of their operations. Critically, this can only happen if banks have taken pains to upskill their talent in these areas.
Perhaps, in time, banks' supply chains can become something that resembles the internet today: When one node goes down, everything routes around it and keeps running.
As banks continue their migration to the cloud and outsource key functions and roles — and with the widespread adoption of generative AI expected to increase — intermediaries will only play a bigger role in the end-to-end banking landscape. Thinking holistically about their supply chains and making sure the chief risk officer has a seat at the table when material vendor deals are crafted will be paramount and could help banks stay ahead of the regulators as scrutiny intensifies.