Third-party risk
Op Risk Benchmarking 2026: explore the data
View interactive charts from Risk.net’s 61-bank study, covering risk appetite breaches, controls, scenario analysis, GRC tech and regulation
Contract negotiation tops tech sovereignty for banks in Asia
Regulatory pressure is rising, but industry still focused on service agreements with third parties
Banks in Asia turn to integrated third-party risk units
Regional and global firms create centres of excellence bridging first and second lines
The do-it-all machine: model risk in the age of generative AI
Banks race to understand risks posed by new breed of multi-purpose bots
Top 10 op risks: AI upends risk taxonomies
AI risk enters annual poll in fifth, but firms split over treating it as a standalone risk or a cross-cutting driver
Top 10 op risks: Resilience put to the test in 2026
Firms reinforce first line, ‘nth’-party diligence, scenario analysis and vendor exit plans
Top 10 operational risks for 2026
Industry shares intel on biggest collective threats, as well as remedies and loss gauges
Top 10 op risks 2026: Cyber stays top, AI risk enters at fifth
Third-party and outsourcing risk climbs to third; fraud and fincrime edge out geopolitical risk
EU clearing houses pressured to diversify cloud vendors
CROs and regulators see tech concentration risk as a barrier to operational resilience
CanDeal looks to simplify third-party risk management
Six-bank vendor due diligence utility seeks international reach
Esma won’t soften regulatory expectations for cloud and AI
CCP supervisory chair signals heightened scrutiny of third-party risk and operational resilience
SGX fortifies its defences to ward off tomorrow’s outages
Exchange operator fosters “breach mentality” to help prepare for business disruption, explains risk chief
New EBA taxonomy could help integrate emerging op risks
Extra loss flags will allow banks to track transversal risks like geopolitics and AI, say experts
Risk managers question US reach of Dora third-party list
Some EU subsidiaries included, but regulator control over cloud providers could still be limited
Chicago data centre outage forced clearers to turn away clients
Friday’s cooling system failure highlights cracks in tech and concentration risk of big CCPs
Why source code access is critical to Dora compliance
As Dora takes hold in EU, access to source code is increasingly essential, says Adaptive’s Kevin Covington
Treasury market urged to beef up operational resilience plans
NY Fed panel warns about impact of AI and reliance on critical third parties
How conflict sharpened Israel’s role in cyber security
Recent growth in offshoring of infosec comes despite regulatory focus on supply-chain resilience
How FCA could help tackle third-party risk in AI
UK regulator’s supercharged sandbox is designed to boost explainability and reduce reliance on vendors
First line of defence dominates third-party risk management
1LoD survey finds 86% of control functions think they have sole responsibility for vendors
Robinhood looks to ‘Chaos Monkey’ for op resilience playbook
Risk Live North America: US broker is ditching emails, using chaos engineering and automating everything in sight