How the expanding third party ecosystem is testing risk teams

In this episode of the ORX Operational Risk Podcast, Steve Bishop, Research and Information Director, is joined by Helen L’Abbate, Research and Information Deputy Director and Nikki Truss‑West, Research Senior Manager, to discuss findings from the 2026 Operational Risk Horizon and Cyber Horizon studies. The research explores why Horizon feels closer, how cyber threats are evolving, and what firms can do now to strengthen resilience. What we cover in this episode: Agility and resilience: What risk teams need today Cyber Horizon 2026: What’s changing.   Interconnectivity: How risks influence one another   How firms are using the Horizon report Episode Resources: ORX members and ORX Lite subscribers can read our full version of the Operational Risk Horizon 2026 report here: https://orx.org/resource/operational-risk-horizon-2026. Non-members can download a free summary of our report to find out more: https://orx.org/download/operational-horizon-risk-2026?hsCtaAttrib=206975921927. Available for all, find out more about Horizon by reading our blogs: Operational Risk Horizon in 2026: Emerging threats and industry priorities: https://orx.org/blog/operational-risk-horizon-in-2026-emerging-threats-and-industry-priorities Uncertainty dominates operational risk planning in the finance sector: https://orx.org/blog/uncertainty-dominates-operational-risk-planning-finance   ORX Cyber subscribers can access the full Cyber Horizon 2026 report here: https://orx.org/resource/cyber-horizon-2026.

In this episode of the ORX Operational Risk Podcast, Helen L’Abbate, Deputy Director of Research and Information, is joined by Emilie Odin and Nikki Truss‑West, ORX Research Senior Managers, to unpack how digital transformation, new customer expectations, tighter margins and modern operating models have accelerated firms’ reliance on external suppliers. Drawing on insights from the Third Party Ecosystem Risk Management practice paper and the Third Party Cyber Risk Oversight and Assessment 2025 report, the discussion translates emerging risks and community insights into practical, actionable guidance for risk teams. Listen in as we explore what’s behind the surge in third‑party relationships, the cyber and resilience risks created by increasingly complex supply chains, and the steps firms are taking to strengthen oversight across both TPRM and cyber functions. Topic highlights:  What third‑party ecosystem really means What’s driving the rapid expansion The risks created by the expanding ecosystem How ORX members are evolving their TPRM frameworks A first look at ORX’s 2026 third‑party deliverables Episode resources Available to ORX members  Third Party Ecosystem Risk Management paper: https://orx.org/resource/third-party-ecosystem-risk-management-2025 Third Party Ecosystem Risk Initiative: https://orx.org/project/third-party-ecosystem-risk-initiative Insurance sector review of navigating third party risk management blog: https://orx.org/blog/insurance-sector-review-of-navigating-third-party-risk-management Blog - Third party risk management: Summary of LeadersConnect discussions: https://orx.org/blog/third-party-risk-management-summary-discussions Available to ORX Cyber subscribers Third Party Cyber Risk Oversight & Assessment report: https://orx.org/resource/third-party-cyber-risk-oversight-and-assessment-2025 Blogs available to everyone BCBS third-party risk principles: What you need to know: https://orx.org/blog/bcbs-third-party-risk-principles-what-you-need-to-know Embedding TPRM in business strategy: Seven steps to success: https://orx.org/blog/bcbs-third-party-risk-principles-what-you-need-to-know EBA finalises new operational risk event taxonomy: https://orx.org/blog/eba-finalises-new-operational-risk-event-taxonomy Third Party Ecosystem Risk Initiative: Key TPRM challenges revealed: https://orx.org/blog/third-party-ecosystem-risk-key-challenges Geopolitics, AI and third parties drive surge in op risk materiality: https://orx.org/blog/geopolitics-ai-and-third-parties-drive-surge-in-op-risk-materiality To find out more about ORX Membership, ORX subscription services, and access other operational risk resources, just search ‘ORX’ or visit: www.orx.org.

Listen to this episode of the ORX Operational Risk Podcast to hear the ORX News team cover the top five largest operational risk losses of December 2025, the latest top 10 most viewed stories including CME Group’s trading disruption, a deep dive into the global service outage at AWS, and some service updates. You can find the top 5 largest operational risk losses of December 2025 discussed in this episode on our website at: https://orx.org/blog/top-5-orx-news-losses-december-2025 ORX News subscribers can find out more on the top 10 most viewed loss events of December 2025 on the ORX News website here: https://news.orx.org/node/13678 ORX News subscribers can read the full story on CME Group’s trading disruption as well as the full deep dive on the AWS global service outage via the ORX News website at: https://news.orx.org/node/13617 and https://news.orx.org/node/13619 ORX News and ORX Cyber subscribers can access the latest Cyber Operational Risk Event Round-ups on our website here: https://orx.org/cyber-operational-risk-event-round-ups-2025 To find out more about ORX News, ORX Cyber and other ORX services, or to access further operational risk resources, just search ‘ORX’ or visit: www.orx.org.  

In this episode of the ORX Operational Risk Podcast, host Steve Bishop is joined by Luke Carrivick and Simon Wills delve into the refresh of our Strategic Vision for Operational and Non-Financial Risk (ONFR). The discussions centre on the evolution of the Vision, its significance for the risk management community, and the steps risk leaders can take to strengthen resilience and achieve strategic success through 2026 and beyond. The updated Vision reflects the changing risk landscape, influenced by factors such as geopolitical volatility, digital transformation, and increased interconnectivity.   Key actionable strategies for risk leaders highlighted in the podcast Assess your ONFR framework – ensure alignment with the refreshed Vision. Invest in digital risk management – build technology and leverage AI and data for speed and scale. Engage with peers – participate in ORX forums and the community to share and learn. Episode resources Available to all: Download the updated ORX Vision: https://orx.org/resource/strategic-vision-operational-non-financial-risk Read our blog on ‘How our vision for operational and non-financial risk management has evolved in 2025’: https://orx.org/blog/vision-operational-and-non-financial-risk-managment-evolved-in-2025 Read our blog on ‘Advancing operational risk management: Insights from RiskMinds’ where we share about the Vision refresh: https://orx.org/blog/advancing-operational-risk-management-insights-from-riskminds To find out more about ORX Membership, ORX subscription services, and access other operational risk resources, just search ‘ORX’ or visit: www.orx.org.

In this episode of the ORX Podcast, host Steve Bishop is joined by Luke Carrivick and John Bosnell to unpack the European Banking Authority’s (EBA) newly published Operational Risk Event Taxonomy. They explore why this update is so significant for financial institutions and how it compares to our own ORX Operational Risk Taxonomy.  The episode highlights ORX’s role in shaping the taxonomy, the practical implications for firms already using our taxonomy, and how new attributes like legal, third party, and ESG risks enhance risk categorisation. Topics covered:  Challenges and opportunities of the EBA taxonomy How ORX responded to the new EBA Practical advice for firms preparing for the transition  Ongoing ORX risk standards for the global industry, including for 2026 Below are links to further resources referenced in the podcast. Read our blog on ‘ORX responds to EBA taxonomy proposal’ on our website, where it's accessible to all. You can visit it here: https://orx.org/blog/orx-responds-to-eba-taxonomy-proposal For further information regarding our EBA resources or the ORX Risk Event Taxonomy, both available exclusively to ORX members, please refer to the links provided below: Blog: https://orx.org/blog/orx-responds-to-eba-taxonomy-proposal Reference Taxonomy: https://orx.org/operational-risk-reference-taxonomy   Taxonomy guidance: https://orx.org/blog/orx-reference-taxonomy-guidance-enhanced-for-2023 The podcast also highlights our ORX libraries, which are accessible to ORX members via the links provided below: Reference Control Library: https://orx.org/resource/orx-reference-control-library Reference Risk Indicator Library: https://orx.org/resource/reference-risk-indicator-library Reference Process Service Library: https://orx.org/resource/orx-reference-process-service-library The Scenario Library, accessible to ORX Scenario subscribers, serves as a valuable resource for users to benchmark their internal scenarios against the industry. Visit the library here: https://orx.org/orx-scenarios/library. To find out more about ORX Membership, ORX subscription services, and access other operational risk resources, just search ‘ORX’ or visit: www.orx.org.

Listen to this episode of the ORX Operational Risk Podcast to hear the ORX News team cover the top five largest operational risk losses of October 2025, a recent spotlight story covering the global service outage at AWS, and the latest on the FCA’s Motor Finance compensation scheme. The team also cover the top 10 most viewed stories of October 2025 and provide a service update.   You can find the top 5 largest operational risk losses of October 2025 discussed in this episode on our website at: https://orx.org/blog/top-5-orx-news-losses-october-2025   ORX News subscribers can find out more on the top 10 most viewed loss events of October 2025 on the ORX News website here: https://news.orx.org/node/13556   ORX News subscribers can read the full latest spotlight story and deep dive on the AWS outage via the ORX News website at: https://news.orx.org/node/13516 and https://news.orx.org/node/13619   ORX News subscribers can also read more on the Motor Finance stories on the ORX News website here: https://news.orx.org/node/13554, https://news.orx.org/node/13553, https://news.orx.org/node/13552, https://news.orx.org/node/12986, https://news.orx.org/node/13537, https://news.orx.org/node/12955, https://news.orx.org/node/13178, https://news.orx.org/node/12702, https://news.orx.org/node/13535, https://news.orx.org/node/13534, https://news.orx.org/node/12219 and https://news.orx.org/node/12946   To find out more about ORX News and other ORX services, or access further operational risk resources, just search ‘ORX’ or visit: www.orx.org.  

In this episode of the ORX Podcast, Melanie Lavallin, Emilie Odin and Natasha Smith-Craig reveal the biggest risks on the radar for financial services firms, based on our latest Top Risk Review H2 2025 survey. Our team also features insights from our latest Insurance analysis report and introduces our first-ever Asset management analysis report. What’s on the agenda? Headline findings from the Top Risk Review Risk ranking analysis Emerging insurance trends and analysis Data influencing industry decisions Outlook for next year’s Top Risk Review For full access to the Top Risk Review H2 2025 report, ORX members and ORX Lite subscribers can download it for free via the ORX website: https://orx.org/resource/top-risk-review-h2-2025. In addition, ORX has released a comprehensive Insurance analysis report that provides in-depth insights tailored for professionals in the insurance industry. Access the complete report here: https://orx.org/resource/top-risk-review-h2-2025#insurance. Our first Asset management analysis report can be read here: https://orx.org/resource/top-risk-review-h2-2025#assetman. Additional information is available on the Top Risk in the recent press release, 'Top Risk Review H2 Shows Fraud Risks Surging Across the Financial Sector,' which can be found on our website here: https://orx.org/blog/top-risk-review-h2-shows-fraud-risks-surging-across-the-financial-sector.  More about the topic on Third Party Risk Management can be found here: https://orx.org/resource/third-party-ecosystem-risk-management-2025. To find out more about ORX Membership, ORX subscription services, and access other operational risk resources, just search ‘ORX’ or visit: www.orx.org 

Listen to this episode of the ORX Operational Risk Podcast to hear the ORX News team cover the top five largest operational risk losses of September 2025, a business disruption data deep dive, and the most recent spotlight story involving a cyber-attack in Brazil where hackers tried to transfer over $130 million US dollars from accounts held by HSBC and other banks. In addition, the team cover the top ten most viewed stories on the ORX News website in September 2025, new ORX cross-services content, and a summary of the latest ORX News Quarterly Information Session. You can find the top 5 largest operational risk losses of September 2025 discussed in this episode on our website at: https://orx.org/blog/top-5-orx-news-losses-september-2025  ORX News subscribers can see more on the top 10 most viewed loss events of September 2025 on the ORX News website here: https://news.orx.org/node/13467 ORX News subscribers can also read more on the business disruption data deep dive, latest spotlight story, and highlights from the Q3 2025 ORX News Information Session via the ORX News website at: https://news.orx.org/node/13463, https://news.orx.org/node/13397 and https://news.orx.org/node/13523 ORX News and ORX Cyber subscribers can access the latest Cyber Operational Risk Event Round-ups on our website here: https://orx.org/cyber-operational-risk-event-round-ups-2025 ORX News, ORX Cyber and ORX Scenarios subscribers can download the full ORX Scenario Development Handbook: Cyber Risk Events using ORX News data on our website here: https://orx.org/resource/orx-scenario-development-handbook-cyber-risk-events To find out more about ORX News, ORX Cyber, ORX Scenarios, or access other operational risk resources, just search ‘ORX’ or visit: www.orx.org. 

Listen to this episode of the ORX Operational Risk Podcast to hear the ORX News team cover the top five largest operational risk losses of August 2025, which now features cause and impact. In addition, the team cover the top ten most viewed stories on the ORX News website in August 2025, a business disruption deep dive, the 2025 mid-year review, and the most recent spotlight story about a cyber event at Salesforce which potentially compromised the data of over 700 organisations. You can find the top 5 largest operational risk losses of August 2025 discussed in this episode on our website at: https://orx.org/blog/top-5-orx-news-losses-august-2025 ORX News subscribers can see more on the top 10 most viewed loss events of August 2025 and the 2025 mid-year review on the ORX News website here: https://news.orx.org/node/13441 and https://news.orx.org/node/13342 ORX News subscribers can also read more on the latest deep dive and story spotlight via the ORX News website at: https://news.orx.org/node/13420 and https://news.orx.org/node/13394 ORX News and ORX Cyber subscribers can access the Cyber Operational Risk Event Round-ups 2025 on our website here: https://orx.org/cyber-operational-risk-event-round-ups-2025 ORX News and ORX Scenarios subscribers can download the full Geopolitics Scenario Development Handbook on our website here: https://orx.org/scenario-development-handbook-geopolitics-2025-orx-scenarios To find out more about ORX News, ORX Cyber, ORX Scenarios, or access other operational risk resources, just search ‘ORX’ or visit: www.orx.org.   

In this episode of the ORX Operational Risk Podcast, Helen L'Abbate (Deputy Director – Research and Information), Emilie Odin (Senior Research Manager), and Stanca Oproiu (Assistant Research Manager) discuss how firms are integrating operational risk and resilience strategies to strengthen their overall risk management. Podcast discussion highlights include: The evolution of ORX’s Risk and Resilience Community How firms are integrating risk and resilience; fully, partially, or not at all Opportunities to connect horizontal resilience and vertical risk views Challenges with data integration and organisational culture The role of regulation and process libraries in driving alignment ORX members can read our paper on the Relationship between operational risk and reliance management here:  https://orx.org/resource/the-relationship-between-operational-risk-and-resilience-management ORX members can use the Risk Management Explorer to quickly find resources on the risk management cycle. Access it here: https://orx.org/resources/risk-management-explorer   The ORX Reference Process and Service Library is available for free to all ORX members and is also available for non-members to purchase. You can find out more and access the library on our website at: https://orx.org/resource/orx-reference-process-service-library To find out more about ORX Membership, visit our website: https://orx.org/