Financial and cyber risk mitigation is critical following banking market disruption

Organizations should focus on risk management

Mar 16, 2023

Key takeaways

Customers and suppliers of the affected businesses are exposed to heightened financial and cyber risk. 

Many industries are vulnerable to bad actors looking to profit from the market disruption.

Middle market firms need to address their cyber risk as well as their financial and counterparty risk. 

The Real Economy Financial institutions Inflation Private equity Telecommunications Real estate
Risk consulting Technology industry Economics Media & entertainment

Heightened financial and cyber risk are unfortunate byproducts of any market disruption. As companies scramble to transition accounts from one financial institution to another and assess the impact on their supply chains and critical vendors, the unanticipated increase in transactional activity creates vulnerability to bad actors seeking to profit from the market disruption. Customers and suppliers of the affected businesses are exposed to heightened financial and cyber risk as detailed information relating to payables and receivables is transferred to new institutions.

The recent collapse of Silicon Valley Bank and Signature Bank has had a disproportionate impact on certain industries due to customer concentrations at those institutions: private equity; venture capital; life sciences; technology, media and telecoms; and commercial real estate. But the risk created by this disruption extends beyond these industries into the supply chains of other sectors, notably manufacturing and consumer products.

The impact on the affected businesses will be felt across multiple departments as efforts are undertaken to mitigate risk. Leaders of organizations with mature third-party and cyber risk management programs should leverage their existing infrastructure to support risk assessment efforts; meanwhile, those companies with limited third-party and cyber risk management programs require leaders across multiple departments to lean in to evaluate and effectively manage risk.

We have identified some critical near-term actions that businesses can take in response to the banking market disruption.

Financial and counterparty risk

Access overall counterparty risk and exposure

The first step in risk mitigation calls for assessing the exposure to your counterparties—both financial and nonfinancial. These steps will help with the assessment:

  • Identify critical suppliers and financial partners required for your organization to remain operational during market disruption.
  • Establish key indicators or metrics that measure quantitative and qualitative risks with your counterparties. It is important to use complete and accurate data in your qualitative assessments.
  • Elevate the visibility of your counterparty risk program, including areas of identified higher risk exposure and resulting assessments of possible mitigation scenarios to senior leadership and your board of directors.

Reinforce adherence to third-party risk management policies

Performing due diligence on new banking or critical vendor relationships affected by the market disruption is important and should include more scrutiny than a business-as-usual scenario. Consider the following:

  • Evaluate financial and operational resiliency across third-party relationships, including counterparty risk, and how each relationship could impact the ability of the business to operate within an economy facing strong headwinds. Consider diversifying risk by establishing additional institutional relationships.
  • Assess counterparty risk policies of key partners and vendors, including banks, alternative capital sources, other financial services partners, technology partners, customers and suppliers. Review and enforce protocols for the ongoing monitoring of these relationships.

Ensure alignment on banking, payment and contracting protocols across departments

Reinforce procedural protocols across departments to ensure consistency and encourage teams to critically evaluate all new requests, including key changes to existing stakeholder information.

  • Focus areas should include change management involving file maintenance for bank accounts, customers or vendors, as well as the review and authorization of fund transfers and all forms of payment.
  • Leverage existing information, such as customer and vendor lists, to independently validate requests for changes to banking information with customers and vendors. Your team is under pressure to react swiftly to significant changes to ensure business continuity; speed must be balanced with caution. 

Consider more controls around transactions

You may want to add additional layers of authorization for payments and fund transfers. These include the following:

  • Consider updating disbursement instructions while also ensuring multiple points of authentication when changing institutions or adding customers and vendors.
  • Delay payments to allow for account validation.
  • Institute periodic reporting to monitor changes in instructions around accounts payables and receivables. 

Cyber risk

Communicate the elevated cyber risk throughout your organization

Creating internal awareness of the threat landscape is integral to protecting your assets, as well as your proprietary information and technologies. Recommended activities include:

  • Communicate the heightened threat through company-wide email and address it during an all-hands meeting hosted by your IT or information security team. Focus on specific threats, including social engineering, phishing and business email compromise schemes related to multifactor authentication of payment and vendor verification.
  • Provide mandatory security awareness training.
  • Implement or reinforce procedures that require employees to verify transaction-related email requests by a separate phone call or an in-person meeting.

Consider additional monitoring and controls

Your IT teams should consider stepping up surveillance around failed logins, including failed multifactor authentication attempts. Consider these additional steps:

  • Departments should collaborate to monitor requests for updates to payment instructions or changes in banking information by customers and suppliers, respectively.
  • Consider having touch points with critical vendors outside the normal monitoring cadence prescribed by third-party risk management policies. Doing so will address concerns related to underlying business functions affected by the third-party service provider. 

During periods of market disruption, understanding the risk to your business operations from counterparty relationships becomes increasingly important. Businesses often take a departmental approach that can overlook broader enterprise risk.

At RSM, we take a holistic view when assessing risk and develop a customized approach tailored to your unique third-party strategy and business goals. Our comprehensive enterprise risk methodology helps you address major risk sources. These sources include cyber; strategic; compliance; operational; transactional; environmental, social and governance (ESG); and reputational.  

RSM contributors

  • Brandon Koeser
    Brandon Koeser
    Financial Services Senior Analyst
  • Oliver Snavely

Related insights

Are you eligible for cyber insurance?

Cyber insurance is becoming increasingly difficult to obtain as data breaches become more costly. Find out if your cyber program meets insurance carriers' expectations.