Our 2025 whitepaper, Supplier Stability in Operational Resilience: Follow-Up Insights and Analysis, in collaboration with CeFPro builds directly on the foundation of our 2024 survey allowing us to track not only progress but also patterns in organisational behaviour. By comparing year-on-year data from 100+ financial service professionals, we gain a clearer picture of how institutions are evolving in their approach to third-party risk, supplier stability, and stressed exit planning.
The story the numbers tell is nuanced: while confidence in some areas remains steady, deeper analysis reveals where gaps persist, and where deliberate action can make a meaningful difference.
When asked about the completeness of their stressed exit plans, 18% of respondents in 2025 reported being highly confident, nearly unchanged from 18.7% in 2024. “Somewhat confident” responses rose slightly to 41% from 38.7%, while the share of respondents reporting some level of unconfidence decreased, with 14% somewhat unconfident and 1% very unconfident, compared to 37.3% and 5.3% respectively in 2024.
What does this tell us? On the surface, the industry appears to be making progress, fewer outright negative responses, but the proportion of highly confident institutions has not grown. Many organisations are in a middle state: aware of their risks and taking steps to address them, but still unsure whether their plans are fully capable under stress.
This reinforces a key insight from both surveys: confidence alone is not a proxy for control. Verification and testing remain essential to turn confidence into actionable resilience.
Question 11, regarding organisational responsibility for mitigating supplier failure, service deterioration, and concentration risk, also reveals subtle shifts. In 2024, 32.4% of respondents were unsure who owned these responsibilities. In 2025, that figure dropped to 27%, indicating a slow but positive movement toward clearer ownership.
Clear assignment of responsibility is a fundamental step toward bridging the confidence gap. When organisations understand who is accountable for what, the likelihood of executing stressed exit plans effectively increases.
A significant percentage of respondents were unsure who holds responsibility for mitigating the risks of supplier failure, service deterioration, and concentration risk.
Survey results on organisational accountability for mitigating the risks of supplier failure, service deterioration, and concentration risk. Year-over-year shows a drop in respondents who were unsure who owned these responsibilities, signaling slow but positive movement.
Another telling comparison emerges in the area of proof and verification. In 2025, 21% of organisations had requested and reviewed proof from their Cloud/SaaS providers, confirming that arrangements were acceptable. Among these respondents, 38% reported being highly confident in their stressed exit plans. Contrast this with 0% confidence among those who had not requested proof, highlighting a nearly fourfold increase in confidence driven purely by verification.
This is a critical trend: organisations are learning that due diligence drives confidence. Asking for evidence, testing supplier arrangements, and validating exit plans are no longer optional, they are fundamental to building real resilience.
Our research shows that the frequency of supplier failure may be unpredictable, but organisations can influence how quickly they recover, how severe the impact is, and how effectively operations are maintained. Comparing 2024 and 2025, there is a small but measurable improvement in preparedness, especially among institutions that have formalised stress-testing procedures.
However, a significant portion of the industry still relies on ad-hoc assessments. For example, 40% of respondents either had not requested proof of exit plans from suppliers or didn’t know, underscoring ongoing vulnerability.
Year-on-year comparisons reveal some positive trends:
Fewer respondents report outright unconfidence or uncertainty.
More organisations are clarifying responsibilities for supplier risk management.
Verification processes, including escrow arrangements, are being more widely adopted.
These are encouraging signs. Progress may be gradual, but it demonstrates that the sector is learning from both past experience and regulatory expectations.
While incremental improvements are visible, the opportunity lies in accelerating action:
From awareness to verification: Confidence is helpful, but verified plans ensure resilience can be executed.
From reactive to proactive: Ad-hoc assessments are being replaced by continuous monitoring and stress testing.
From assumption to evidence: Verified escrow and structured governance turn plans from theoretical exercises into operational control.
The value of comparing 2024 to 2025 is in understanding both progress and persistence. Organisations are moving in the right direction, but resilience is not static. Every supplier relationship, concentration risk, and service dependency needs continuous evaluation and testing.
By learning from trends, financial institutions can prioritise interventions where they matter most, integrate verification into governance, and transform confidence into control that regulators and stakeholders can trust.
Discover how financial stability and compliance readiness intersect in the supply chains of the financial services industry.
By submitting this form you consent to receive correspondence from NCC Group. We will not sell your personal information. You can unsubscribe at any time. Privacy Policy.
