This workshop brings together researchers, regulators and practitioners to explore how vulnerabilities related to third-party service providers can best be identified, monitored and mitigated.

Academics, regulatory officials and industry representatives from transportation, energy, finance, health care or other sectors are encouraged to participate.

Overview

Financial and nonfinancial companies increasingly rely on third parties to provide critical services for their businesses. These services can include software, data, recordkeeping, computing infrastructure, generative artificial intelligence systems, and energy and telecommunications utilities, among others.

Due to economies of scale or network externalities, provision of any given service is often highly concentrated among a very small number of providers. As a result, problems at one provider could pose systemic vulnerabilities to the economy, major economic sectors or the financial system.

An individual provider’s services may also enable interactions among a number of companies receiving the services. This interconnectedness could increase the risk of spillovers.

The workshop will focus on how these vulnerabilities can best be addressed. Sessions will include presentations of research and a panel discussion.

Submit proposals by June 30

Researchers interested in presenting at the workshop are invited to submit papers for consideration. Potential topics are outlined below, and we welcome submissions in other related areas.

How to submit: Email your paper or abstract by June 30 to the workshop committee.

Selected authors will be notified by Sept. 2.

Topics of interest

• Understanding exposure: How can firms—and, in regulated industries, their regulators—gain a comprehensive understanding of their exposure to critical service providers, including not only direct exposures but potential spillovers from concentration in service provision to other firms?
• Risks to consider: Consideration of third-party service provider risks often focuses on risks of operational disruptions or cyberattacks. What other important risks arise when major industries or companies rely on a concentrated set of service providers?
• Fostering innovation while managing risk: What tradeoffs exist between mitigating vulnerabilities from third-party technology service providers and fostering innovation in technology throughout the economy? What approaches can best foster innovation while still addressing vulnerabilities?
• Lessons from various industries: How have different major industries such as transportation, energy, finance, health care and others addressed vulnerabilities from service providers? Are there lessons learned from some industries that other industries could fruitfully apply? Are there mechanisms for sharing this knowledge?
• Industry-specific vs. economywide approaches: Many service providers have customers across a broad range of industries, yet each industry may have a different risk tolerance or different systemic concerns. What tradeoffs exist between addressing service provider vulnerabilities in a tailored way for specific industries versus taking an economywide approach?
• Legal and regulatory environment: How does the legal and regulatory environment influence the ability of firms and regulators to mitigate third-party service provider risks? What can be learned from experiences in other jurisdictions?

For more information

Visit the event posting at the Federal Reserve Bank of Dallas.