Third-party risk management
Third-party risk management in the Energy, Power & Commodities sector is under direct regulatory pressure, with the Federal Energy Regulatory Commission tightening supply chain and vendor standards through its Critical Infrastructure Protection reliability standards and the U.S. Commodity Futures Trading Commission scrutinizing third-party arrangements in derivatives operations. The Office of Financial Research has separately flagged interconnected vendor exposure in commodity markets as a systemic concern. Compliance teams at energy traders, utilities, and commodity firms are currently auditing vendor contracts for gaps against FERC CIP-013 supply chain risk management requirements.
Watch
- FERC CIP-013-2 compliance deadlines for supply chain risk management plans
- CFTC guidance on third-party operational risk in derivatives clearing and execution
- State public utility commission vendor disclosure requirements diverging from federal standards
- Counterparty concentration risk reviews triggered by EU energy market disruptions
- Cross-border vendor scrutiny under the EU Network and Information Security 2 Directive for energy operators
Recent material activity in Energy, Power & Commodities
Active monitoring in place across Energy, Power & Commodities. Material developments related to third-party risk management will appear here as they are published.