In This Story
The banking industry is relying more and more on third-party organizations for everything from technology and risk management, to mortgage lending and auditing. A massive global tech outage Friday, caused by a bungled software update at CrowdStrike, shone a light on the pitfalls of this outsourcing, analysts said.
Financial institutions are evaluating the impacts of the global internet outage that briefly disrupted some of their functions on Friday, one person with knowledge of the matter told Quartz. Bank branches across the U.S. opened as usual, but some in the financial sector have experienced login and payments issues.
Visa, JPMorgan Chase Bank, Charles Schwab, Bank of America, and TD Bank all experienced problems Friday, according to DownDetector.
Charles Schwab said in a post on X that certain online functionalities may be intermittently slow or unavailable due to the outage, but that it’s actively monitoring the issue. TD Bank issued a similar statement on its website, and said its teams are “working hard to restore digital systems.” In the meantime, TD customers can visit stores or ATMs to carry out transactions.
While Visa didn’t find any impacts on its ability to process payments, it has received reports of customers being unable to make payments, according to a company spokesperson. Visa is “working with our financial institution clients to understand any impact on their services to cardholders and merchants,” the spokesperson said.
Citigroup didn’t experience any material impact from the outage, and its systems are currently operating as normal, another person familiar with the matter said. Mastercard also found no indication that the incident impacted their systems, a spokesperson said.
JPMorgan and Citi declined to comment. Bank of America and Wells Fargo did not immediately return Quartz’s request for comment.
The massive outage was caused by a defective software update at CrowdStrike, an Austin, Texas-based cybersecurity firm, affecting computers worldwide running Windows software. CrowdStrike provides software to tens of thousands of companies across industries and is considered a giant in the U.S. cybersecurity world, with a market capitalization of more than $80 billion.
The impacts of the outage on the banking sector were not as extreme as those seen in the media and airline industries, where new outlets were off the air for hours and more than 23,900 flights around the world were delayed as of Friday morning. But the incident will likely lead to intensified regulatory scrutiny and tougher demands around the oversight of third-party IT providers within the financial services industry, according to Monsur Hussain, head of financial institutions research at Fitch Ratings.
“Financial institutions’ dependencies on third parties has grown in recent years as part of the ongoing digitalisation of the sector,” Hussain said in a statement. “The economies of scale are compelling, but they can also bring systemic risks.”
While there are incentives for banks to use third-party providers, including flexibility, innovation, and less reliance on legacy systems, the impact of incidents like Friday’s outage can paralyze bank accounts and transactions, Hussain said.
Chris Stanley, Moody’s banking industry practice lead, echoed similar sentiments, noting that the outage “highlights the interconnected nature of the modern risk landscape.”
“Beyond credit, banks navigate a spectrum of risks and opportunities,” Stanley said. “This underscores the importance of a broad ensemble of signals and interdisciplinary integration for enhanced security, enabling tailored services and gaining strategic customer insights.”
Last December, the Financial Stability Board (FSB) published a toolkit in an effort to strengthen the finance sector’s risk management and oversight of third-parties. The toolkit was “developed in response to concerns over the extent and nature of financial institutions’ interactions with a broad and diverse ecosystem of third-party service providers, which could have implications for financial stability,” the FSB said.
Bank stocks stayed relatively flat on Friday morning. CrowdStrike, along with Microsoft and other firms “caught in this tornado,” are now facing a “PR nightmare,” Wedbush Securities analysts wrote in a note Friday. Shares of CrowdStrike fell 9% at market open.