
The challenge of third-party risk in financial services was one of the biggest stories in 2024. From the fallout from the Synapse bankruptcy to the data breaches at firms such as Fidelity and Finastra, banks, fintechs, and financial services alike have been put on notice to put greater scrutiny on whom and how they forge partnerships.

These challenges have only become more intense this year. While regulations are tightening in Europe and the UK, a more permissive regulatory environment is developing in the US. How can banks, fintechs, and financial services companies navigate this emerging landscape to bring new products and services to customers while ensuring that their data and finances are safe?
We interviewed Jenna Wells, Chief Operating Officer with Supply Wisdom, to talk about the issue of third-party risk management in financial services in 2025. Wells talks about how third-party risk in financial services is evolving, and what companies need to do in order to better manage it.
Headquartered in New York and founded in 2017, Supply Wisdom made its Finovate debut at FinovateFall 2022. The company helps businesses better manage risk and build operational resilience. Supply Wisdom provide continuous full-spectrum third-party and location risk intelligence and risk actions in real-time to prevent disruptions, enhance risk management efficiency, and lower costs. Tom Thimot is CEO.
Our conversation with Jenna Wells is also the final installment of Finovate’s commemoration of Women’s History Month for 2025. Previous interviews include our Q&As with Tracy Moore of Fenergo and with Stav Levi-Neumark of Alta.
What are the current challenges your customers are facing?
Jenna Wells: The biggest challenge our customers face today is the sheer complexity and speed at which third-party risks are evolving. As a whole, companies are under immense pressure to monitor their vendors, suppliers, and other third parties more effectively across financial, cyber, ESG, geopolitical, and operational risk domains without adding significant costs or delays to their business processes. Traditional risk assessment methods, which rely on periodic reviews and self-reported questionnaires, are no longer sufficient in an era where threats emerge in real time and rarely any warning.
Additionally, companies are struggling with regulatory compliance, particularly with new frameworks like DORA in the EU, new AI risks and regulations, and emerging cyber risk mandates. Many organizations simply lack the tools, resources, or expertise to stay ahead of these challenges.
Lastly, the evolving geopolitical landscape and regulatory environment require companies to keep an eye out for location-specific risks on top of the traditional domains. Monitoring third parties alone is no longer sufficient—you must monitor the locations that they are operating from!
Can you talk about the challenge of third-party risk specifically, which became a major concern in 2024?
Wells: Third-party risk became a critical concern in 2024, exposing just how fragile global supply chains can be. This was starkly evident in global events like the collapse of the Francis Scott Key Bridge in Baltimore and earthquakes in Taiwan, which disrupted key transportation routes and severely impacted businesses dependent on the affected port. Companies with suppliers, logistics partners, and critical infrastructure tied to these regions faced massive operational slowdowns, financial losses, and regulatory challenges. These disruptions reinforced a key lesson: risks stemming from a single geographic point of failure can have widespread consequences across all industries.
Static, periodic risk assessments are no longer enough. The new standard is continuous, real-time risk monitoring that provides visibility into financial stability, cybersecurity, compliance, and operational resilience—not just for direct suppliers, but across the entire supply network.
This shift is particularly crucial in industries reliant on complex, geographically dispersed supply chains, where a localized disaster—whether infrastructure failure, geopolitical instability, or extreme weather—can ripple outward, affecting entire markets. The challenge is no longer just about assessing third parties. It’s about identifying vulnerabilities deep in the supply chain.

How does Supply Wisdom help companies manage these risks?
Wells: Supply Wisdom provides real-time, AI-driven continuous monitoring across seven critical risk domains: financial, operational, compliance, cyber, sustainability, Nth party, and location-based risks. Instead of relying on outdated, self-reported assessments, or the need to use multiple tools to monitor single domains, we aggregate and analyze data from hundreds of thousands of open sources, giving our customers a live, always-on view of their third-party supplier and critical ecosystem.
By leveraging AI to turn massive amounts of data into actionable intelligence, we enable organizations to identify emerging risks early, mitigate issues proactively, and avoid costly disruptions. Our platform reduces the manual burden of risk management, allowing teams to focus on strategic decision-making rather than chasing data.
Supply Wisdom recently published its top 10 predictions for third-party risk management in 2025. Of those predictions, which do you think is the least conventional?
Wells: One of the more unconventional predictions is the rise of “Nth-party accountability” as a regulatory and business priority. Until now, companies have focused primarily on direct third-party risks, but regulators and stakeholders are increasingly scrutinizing deeper layers of the supply chain. This includes fourth, fifth, and even sixth-party risks.
As supply chains become more interconnected and reliant on subcontractors, understanding who your third parties depend on and where they are located has become just as critical as assessing the vendors themselves. Geographical risks like political instability, natural disasters, regulatory changes, and ESG concerns can have cascading impacts throughout the supply chain, even if they originate at the Nth-party level.
We anticipate that in 2025, organizations will be expected to not only monitor but also take responsibility for the risk posture of their vendors’ vendors. This requires real-time visibility into where these extended third parties operate and the regional risks that may affect them. This shift demands an entirely new approach to risk visibility, and Supply Wisdom is already helping companies address this challenge with location-based monitoring, real-time risk intelligence, and deep Nth-party insights.
What role do technologies like AI and strategies like predictive risk modeling play in Supply Wisdom’s approach to risk management and intelligence?
Wells: AI and predictive risk modeling are foundational to how we help companies stay ahead of emerging threats. Our AI-powered platform continuously scans and analyzes millions of risk signals across financial, cyber, ESG, geopolitical, and operational domains, detecting anomalies and trends that may indicate potential threats before they materialize into full-blown crises.
Predictive risk modeling and trend analysis takes this further by using historical data, machine learning algorithms, and real-time signals to forecast risks before they impact business operations. For example, we can predict financial distress in a vendor before it becomes public knowledge or identify early signs of operational instability in a supplier’s key locations.
In short, Supply Wisdom stands for proactive risk management and innovation. We’re known in the industry as the only full-stack risk intelligence platform that provides real-time, continuous monitoring with actionable insights.
A wave of new regulatory policies is coming, particularly in the EU. Are you optimistic about the new policies? Do you feel as if organizations are ready to comply?
Wells: I am optimistic about these policies because they are pushing organizations towards a higher standard of operational resilience and risk management. Regulations like DORA in the EU are reinforcing the idea that businesses cannot afford to be passive when it comes to third-party risk—they need real-time, continuous oversight. However, I don’t think most organizations are fully prepared for these changes.
A majority of organizations do not have a complete inventory of their third parties or outsourced services and, without this, they cannot ensure compliance with these regulations. Unfortunately, it’s most likely that these companies still rely on outdated, static assessment models that won’t meet compliance requirements.
The good news is that regulatory clarity is driving investment in solutions like Supply Wisdom, which help organizations not only meet compliance mandates but also improve their overall risk posture in the process.
In the US, there is more uncertainty about which direction regulations are likely to go. What do you see happening with financial services and fintech regulation in the US this year?
Wells: If US firms want to compete and do business in Europe; they need to comply with those specific mandates. But unlike the EU—which has taken a structured approach with DORA—the US regulatory landscape is evolving in a more fragmented manner. However, we expect to see increased scrutiny from agencies like the SEC, OCC, and CFPB on third-party risk, particularly in areas like cyber resilience and AI disclosures.
The financial services and fintech sectors will likely see more pressure around vendor risk management, with a greater emphasis on continuous monitoring, and incident reporting requirements. As regulatory guidance increases, companies will need to be proactive in adopting best practices that align with global compliance trends, rather than waiting for enforcement actions to dictate their next steps.
What are your near-term goals for Supply Wisdom?
Wells: My immediate focus is on accelerating customer adoption of continuous risk monitoring. We want to ensure that organizations not only understand the importance of real-time risk intelligence through continuous monitoring, but also have the tools to integrate it seamlessly into their existing workflows.
Additionally, I’m prioritizing scaling our operations to meet the growing demand for proactive risk management solutions. That means enhancing our AI capabilities, monitoring for AI as an emerging risk, expanding our risk intelligence coverage, and strengthening our partnerships with other industry leaders.
What can we expect from Supply Wisdom in 2025?
Wells: 2025 will be a transformational year for Supply Wisdom and the third-party risk management industry as a whole. We are investing heavily in AI-driven risk prediction, enhanced regulatory compliance automation, and planning ways to go deeper and wider into Nth-party risk visibility.
You can also expect to see more partnerships with technology and service providers to create a more integrated risk management ecosystem. Our goal is to make continuous risk monitoring the new standard, so that businesses can operate with greater confidence, resilience, and agility in an increasingly complex world.