Outcomes

Insurance and risk professionals from across the London Market gathered in the Old Library at Lloyd’s for LMF’s latest insurance community forum exploring multi party risk, operational resilience and systemic concentration across the insurance value chain. Supported by Risk Ledger, the session brought together leaders from underwriting, delegated authority, cyber security, operations and policy to examine how interconnected supply chains are reshaping risk in the Market—and where oversight models are struggling to keep pace.

Facilitated by Roger Oldham, CEO & Founder of LMF, the event combined live polling, expert perspectives, collaborative table discussions and a senior panel to explore how insurers, coverholders and service providers can build more resilient, transparent and collaborative approaches when it comes to third party risk.

Market Pulse: Visibility Gaps and Growing Dependency

The morning opened with live polling questions that set a clear context for discussion. While third party dependency is now embedded across technology, operations and distribution, confidence in understanding deeper supply chain dependencies remains low. A significant proportion of attendees reported limited visibility beyond their immediate third parties, highlighting ongoing challenges in mapping fourth and fifth party exposures, and beyond.

Participants identified technology platforms, cloud providers and outsourced services as areas where disruption would cause the most significant operational impact—reinforcing concerns around concentration risk and shared dependencies across the Market.

Risk Ledger Perspective: From Questionnaires to Ecosystems

Haydn Brooks, CEO & Co-Founder of Risk Ledger, opened the formal session by reflecting on his experience in third party risk management across financial services. He described the inefficiencies and limitations of traditional assurance models, where duplicated audits, static questionnaires and siloed reviews fail to capture how risk actually propagates across complex ecosystems.

Haydn demonstrated how modern supply chains function as interconnected networks rather than linear relationships, with concentration risks emerging where multiple organisations rely on the same critical suppliers. He emphasised that effective third party risk management is not just a data challenge, but a human one—requiring collaboration, trust and shared visibility between security and compliance teams across organisations.

Looking ahead, he outlined a shift from purely retrospective risk assessment towards more operational, real-time resilience models, where organisations can better understand blast radius, respond collectively to incidents and share actionable intelligence across trusted networks.

Policy Insight: Regulation, Geopolitics and Systemic Risk

Adam Avards, Principal – Cyber & Third Party Risk Policy at UK Finance, provided a policy and regulatory perspective, highlighting why third party risk has become a defining issue for financial services. He noted that regulators are increasingly focused not just on individual firm resilience, but on systemic risk arising from shared dependencies—particularly where critical services sit outside traditional regulatory perimeters.

Adam explored how geopolitical dynamics, cloud concentration and cross-border technology dependencies are influencing regulatory approaches, including the UK’s Critical Third Party regime and the broader global landscape. He emphasised that understanding and managing these risks cannot be achieved in isolation, as firms often lack both visibility and influence beyond their immediate suppliers.

Roundtable Discussion: Process, Culture and Practical Constraints

During the interactive table exercise, delegates discussed what “good” operational resilience realistically looks like in an environment of escalating cyber threats and deep third party reliance. Common themes emerged around:

• Fragmented internal ownership of third party risk
• Limited process mapping across people, technology and data
• Duplication of effort across departments and market participants
• The need for regular scenario testing and wargaming, rather than static documentation

Participants agreed that without shared approaches and better information flows, current oversight models risk becoming unworkable as supply chains grow more complex.

Panel Discussion: Oversight, Delegated Authority and Cyber Evolution

The session concluded with a panel discussion featuring:

• Caroline Johnston – Head of Delegated Authority, Atrium
• Andrea Garcia Beltran – Partner & Head of Cyber, Media & Tech Europe, Nirvana
• Jay Vinda – Group CISO, Mosaic Insurance
• Lindsey Davies – Director of Operations, Amwins Global Risks

Panellists explored how third party risk manifests differently across delegated authority, cyber insurance, operations and underwriting, but agreed that transparency and proportionality are key challenges. The discussion highlighted tensions between due diligence and true risk mitigation, with calls to move beyond checkbox compliance towards models that support real-time understanding and response.

Cyber risk was identified as a rapidly evolving threat vector, with criminals increasingly targeting third parties as efficient routes into multiple organisations. Panel members also discussed how emerging technologies, including AI and automation, may introduce new systemic risks through shared models, platforms and data dependencies.

Across the discussion, there was strong consensus that collaboration—both within firms and across the Market—will be critical to managing accumulation and concentration risk without overwhelming suppliers or creating excessive operational burden. Panellists discussed the possibility of streamlining the DA oversight process, with the lead Managing Agent taking more responsibility.

Conclusion: From Oversight to Collective Resilience

One message stood out clearly: third and fourth party risk is no longer a peripheral issue. It sits at the heart of operational resilience, cyber security and market stability. While awareness is high, practical solutions remain uneven, and traditional approaches are struggling to scale.

LMF reaffirmed its commitment to providing a collaborative and supportive forum for these conversations—bringing together policy, practice and market experience to support learning, networking and innovation across the London Market.

For organisations grappling with supply chain visibility, concentration risk and resilience planning, the clock is certainly ticking and there is lots to learn and take on board.

We sincerely thank Risk Ledger for supporting this community event. Their domain knowledge brings great insights to LMF Practitioner Members.