(270) 506-5140 CONTACT US
Risk Assessment

Vendor Concentration Risk: The Pros and Cons

Feb 26, 2020 by Venminder Experts

Vendor concentration risk is the risk which may occur when an organization relies too heavily on one vendor to perform several, if not all, critical and/or high-risk functions for their operation. Vendor concentration is common in many industries but particularly those that rely on a highly specialized service or skill.

An example of vendor concentration risk could include a vendor who supplies the loan origination system (LOS), credit, income verification, appraisal and flood information. Should the vendor have a system outage, the impact could cause several delays in the overall process for an extended period of time. Additionally, centralizing all services really requires the assurance that each product or service is staffed appropriately, not only from an administrative perspective, but from a subject matter expertise level, too.

We’ve previously mentioned this concept, so thought we would dive a little deeper into the pros and cons of vendors who fall into the concentration risk category. Reminder, with this vendor, you need to dive deeper into the operation.

Vendor Concentration Risk Pros and Cons


A valid point of concentrating or limiting the vendor pool may be tied to a couple of areas. One is bulk pricing for placing all your eggs in one basket.

What may seem appealing at first can usually be uncovered as a pricing strategy that offers up a loss leader on the main product and the vendor simply makes up that loss by up charging the many ancillary products to make up the difference. A savvy vendor manager or executive will look closely at this and know what the true market pricing is on each product or service.


Some vendors might have talent in all the areas they offer. So, in this case, it could be beneficial to take advantage of their expertise. 

You should really consider expertise and service levels. As vendors jump on the latest product craze there’s risk that you’ve engaged with a “wannabee” leader and not an expert in their field. To spot the actor in the field, it's wise to do the following:

  • Be sure of the products or services you need intimately
  • Know what realistic standard turn times are
  • Know who else is currently using this service

Service Levels

You can review service levels quickly. Invariably you’ll get what you pay for. 

Be careful when it comes to chasing price. In most industries, the turn time and quality of the information or service should be given considerable weight in making a decision.

Here’s an example: Put simply, if Vendor A, is $2 cheaper than Vendor B, but Vendor B can deliver the service 2 days quicker...then Vendor B should win the case. Having the mindset of "time is money" is cliché, but a good rule of thumb to work with.

Less Vendors = Less Oversight

Less vendors means less oversight is a valid point. If you bundle products with one vendor, then your annual assessment and due diligence would logically reduce. You may be able to realize cost savings in site visit and full-time employee (FTE) requirements. Remember that you should always confirm that the vendor and different product or service departments are working within the same corporate policies and procedure guidelines. Where they divert, it's critical that you review any differences to ensure that you have a solid understanding of their overall operation and regulatory compliance risk.

In the past, the OCC noted that the regulator is aware that vendor consolidation is occurring in the financial services industry – particularly among core processors and call centers – and cautions that due to this consolidation there may be an increased burden on the vendor to perform. 

They specifically highlight an increase in operational risk. Operational risk continues to challenge organizations because of the following reasons:

  • Increasing cyber threats and potential exposure to natural disasters impacting a sole service provider causing disruption
  • Reliance on concentrations in significant third-party vendors
  • The need for sound governance over product service and delivery

Critical Vendors and Concentration Risk

If you bundle multiple products or services with one vendor and fail to have a reliable back up vendor in place, you may have inadvertently elevated a high-risk vendor into the critical rating, which could potentially cause significant business operation challenges in the event of an outage.

A sound vendor management and procurement strategy should be balanced and make good strategic business sense. While there is focus on the increasing costs of loan manufacturing, chasing down the spend line item may also land you in trouble if the vendor fails in terms of quality and service.

Interaction with the line of business and understanding of how third-party products are used within your operation will offer more insight than simply looking to bundle and reduce vendors.

While the C-suite is rightly concerned with cost containment, few are willing to sacrifice excellent customer service. Left unguarded, a short-sighted vendor procurement strategy can leave you short of your overall goals. For this reason, it's critical that the board-level of executives clearly communicate its overall business goals and objectives. Understanding how they view vendor management is vital in how you approach your management of third-party vendors.

Different vendors require different levels of due diligence. Download this checklist to help. 

vendor due diligence

Venminder Experts

Written by Venminder Experts

Venminder has a team of third-party risk experts who provide advice, analysis and services to thousands of individuals in the financial services industry.

Follow Venminder Experts

Subscribe to the Venminder Blog