White and blue dots forming a larger circle


COVID-19 and the extended enterprise

Impact on the third-party provider landscape for investment management

As COVID-19 continues to affect business operations, what risks are emerging in the extended enterprise? Explore steps to help investment management firms manage expanding third-party risks, enhance performance, and reduce costs.

Responding to COVID-19 today to build an improved extended enterprise

The COVID-19 pandemic has had an unprecedented impact on organizations, and business operations in the investment management sector have had to adapt to changes in the workforce, the use of new tools and technologies, and new ways of interacting with their extended enterprise.

Investment management organizations are dependent on a variety of critical service providers to operate successfully. And while the need for understanding and managing the risks of outsourcing critical services isn’t new, operating in the COVID-19 environment has amplified these risks, presenting new challenges in achieving resiliency.

More specifically, COVID-19 has heightened existing or, in some cases, introduced new emerging risks across domains, which can lead to increased exposures within the extended enterprise. For instance, many firms have rapidly adapted their operations and business continuity plans to cope with a new way of working and, in certain situations, an overwhelming volume of issues.

This evolution in the third-party ecosystem requires a refreshed approach to oversight techniques in order to effectively and efficiently manage risk, enhance performance, and reduce costs.

COVID-19 and the extended enterprise

Prioritizing high-risk areas

Organizations should focus on evolving risks within the extended enterprise (such as third-party service provider risks) that have been amplified as a result of the COVID-19 pandemic and the dynamic fluidity of the current environment.

  • Resiliency: Depleted resources adjusting to a more distributed working environment, potentially leading to greater difficulty in maintaining operational resiliency and opportunities for control compromises and undetected fraud.
  • Financial health: Market volatility, difficulty collecting payments, and cash flow challenges may affect operational stability.
  • Technology: Hastily implemented technologies and increased use of new or unmanaged tools may lack sufficient security controls to protect data.
  • Regulatory: Shifts in operating models to address the changing environment may affect the ability to meet service obligations and related regulatory compliance requirements.
  • Fourth-party or subcontractor: Service providers’ increased dependency on their own third parties elevates vulnerability due to lack of transparency.

In order to identify the most important risks to the organization, start by understanding the top issues associated with each of their critical third-party service providers. Then, utilize a detailed action plan targeted at addressing these specific challenges in the extended enterprise in order to move from responding to recovering to ultimately thriving in this disruptive environment.

Exclamation mark warning sign within a circle

Impact on third-party service providers

Prior to taking any immediate actions, it is imperative to understand how COVID-19 has affected your most critical third-party service providers and how their evolving business operating model could—in turn—affect your business.

Get ready to take action and address COVID-19 immediately

Innovative technologies to help identify and manage risk

Get in touch

Kristina Davis
Deloitte Risk & Financial Advisory
US Investment Management Leader
Deloitte & Touche LLP


Jonathan Rizzo
Deloitte Risk & Financial Advisory
Deloitte & Touche LLP

Insert Custom CSS fragment. Do not delete! This box/component contains code needed on this page. This message will not be visible when page is activated.

Did you find this useful?