Feature Third-Party Risk
AI Foundation Model Concentration Risk: When Your Entire AI Stack Depends on Three Vendors
The Cambridge Centre for Alternative Finance's 2026 report found 76% of financial institutions rely on OpenAI, 57% on Google, and 35% on Anthropic — while 63% build on external models rather than their own. Under OCC 2023-17 and DORA, that's not just an AI strategy question. It's a third-party concentration risk your TPRM program probably isn't mapped to address.
Table of Contents
TL;DR
- The Cambridge Centre for Alternative Finance’s 2026 Global AI in Financial Services report found 76% of financial institutions rely on OpenAI models, 57% on Google, and 35% on Anthropic — with 63% building on external models rather than their own
- Regulators are significantly more concerned about AI vendor concentration risk than the industry itself: 43% of regulators versus 28% of industry express concern — a supervisory gap that’s showing up in examinations
- OCC 2023-17 requires banks to understand subcontractor concentration for critical third parties, which means looking through your AI vendors to the foundation models they depend on
- DORA’s November 2025 CTPP designations covered cloud infrastructure — but DORA’s concentration risk provisions extend to AI model providers, and BaFin’s January 2026 guidance requires AI systems to be fully embedded in ICT governance frameworks
Here’s the practical problem with your AI vendor inventory right now: it probably says “six AI vendors” when the real concentration risk answer is “two or three foundation model providers, accessed through six different wrappers.”
Seventy-six percent of financial industry respondents in the Cambridge Centre for Alternative Finance’s 2026 Global AI in Financial Services report rely on OpenAI models. Fifty-seven percent rely on Google. Thirty-five percent on Anthropic. And 63% are building on external foundation models rather than training their own from scratch.
That means the fraud detection product your risk team licensed, the compliance summarization tool your legal team uses, and the customer service chatbot your product team deployed may all be making API calls to the same underlying foundation model — through different vendor wrappers, different pricing structures, and different contracts. Your TPRM register shows six vendors. Your actual concentration exposure may be one or two foundation model providers.
Regulators have already identified the gap between how the industry perceives this risk and how supervisors do. The CCAF data is stark: 43% of regulators are concerned about AI provider concentration risk, versus only 28% of financial institutions. That’s not a nuance. It’s an examination finding in formation.
Why This Is a TPRM Problem, Not Just an AI Strategy Problem
Traditional concentration risk conversations in financial services center on cloud infrastructure. The November 2025 ESA designation of 19 Critical ICT Third-Party Providers under DORA codified that concern — the list includes AWS, Google Cloud, Microsoft Azure, Oracle, SAP, and Deutsche Telekom, all now subject to direct EU oversight, annual risk assessments, and on-site inspections.
What the November 2025 CTPP list doesn’t include: OpenAI, Anthropic, or any dedicated AI foundation model provider. That omission reflects the list’s focus on cloud infrastructure, not a regulatory view that AI model concentration isn’t a problem. DORA’s concentration risk provisions apply to all ICT third-party arrangements — including AI model APIs used for critical or important functions — regardless of CTPP designation. EU-connected financial institutions must maintain a register of ICT third-party contractual arrangements, monitor concentration, and document exit strategies for AI model providers, just as they do for cloud providers.
For US institutions outside DORA’s scope, OCC Bulletin 2023-17 creates parallel obligations. The interagency guidance requires banking organizations to assess “concentration risk from third-party relationships” and specifically addresses subcontractor management: where multiple vendors rely on the same underlying subcontractor, that creates aggregated exposure that the guidance expects you to assess and manage.
If your AI vendors are routing critical functions through the OpenAI API as a subcontractor — and many are — that’s a fourth-party dependency that OCC 2023-17 expects to appear in your risk analysis.
The Foundation Model Map You Don’t Have
Before managing AI vendor concentration risk, you need to know what you actually have. Most financial institutions cannot currently answer the question: which foundation models underlie which vendor products, and which business functions do those products support?
This has been a structural information gap — AI vendors often treat model architecture as proprietary, and until recently, neither regulators nor enterprise customers were pressing for disclosure. That’s changing.
Here’s what a complete AI vendor inventory entry should capture compared to what most institutions currently have:
| Field | Current State | Required |
|---|---|---|
| Vendor name | ✓ | ✓ |
| Use case / function | ✓ | ✓ |
| Contract dates | ✓ | ✓ |
| Foundation model provider | ✗ | OpenAI / Google / Anthropic / other |
| Model version | ✗ | GPT-4o / Gemini 1.5 / Claude 3.5, etc. |
| Functions using this model | ✗ | Credit decisions / fraud / customer service |
| Criticality of dependent function | ✗ | Critical / High / Medium / Low |
| Notification right for model changes | ✗ | Yes / No / contractual gap |
| Exit strategy documented | ✗ | Yes / No |
Once you have this map, aggregate by foundation model provider. If three of your five AI vendors call the OpenAI API for functions classified as Critical or High, that’s not a diversified AI stack — that’s OpenAI concentration risk with three separate contracts.
The Contract Provisions AI Vendor Agreements Are Missing
OCC 2023-17 is specific about what contracts with critical third parties should include: audit and inspection rights, subcontractor disclosure requirements, incident notification obligations, performance standards, and termination rights without penalty when the vendor fails to meet contractual obligations.
Most AI vendor agreements today fall short on at least three of these for the foundation model layer specifically.
Subcontractor disclosure: Standard SaaS contracts say the vendor may use subprocessors and will maintain security standards. That’s not what OCC 2023-17 requires. You need explicit disclosure of which foundation model providers underlie the contracted service and a change notification requirement when that relationship changes materially. If your vendor shifts from GPT-4o to a different model because of API pricing changes, you need to know — your model documentation is now stale.
Model version change notification: AI vendors update the underlying models regularly. A move from one model version to another can change the behavior of the system you’re relying on — which matters for fair lending compliance, fraud score calibration, and explainability requirements. Contract for advance written notice of material model version changes affecting your use case, not just security patches.
Audit rights at the model layer: OCC 2023-17 requires audit rights over critical third parties. For AI vendors, those rights should extend to documentation of the foundation model’s training data governance, bias testing results, and drift monitoring — not just the vendor’s own infrastructure security. Getting this in the contract is easier before you sign than during renewal.
NYDFS, BaFin, and the Supervisory Momentum
Two pieces of regulatory guidance from early 2026 make clear that AI vendor oversight is moving from voluntary to examined.
The NYDFS frontier AI guidance (May 2026) extended Part 500’s cybersecurity risk framework to AI systems — including those accessed through third-party vendors. NYDFS-covered entities that use AI through vendors must assess cybersecurity risks associated with those systems, including supply chain risks at the model-provider layer. A security incident at a major foundation model provider could simultaneously affect every financial institution whose vendors route traffic through that provider — exactly the correlated exposure that concentration risk management is designed to prevent.
Germany’s BaFin issued guidance in January 2026 clarifying that AI systems must be “fully embedded in existing ICT governance, testing, and third-party risk frameworks” under DORA. This is now a supervisory expectation in Europe, not a voluntary framework.
The pattern across NYDFS, BaFin, and the ESAs is consistent: AI vendor oversight is treated as an extension of ICT third-party risk management, not a separate domain. If your TPRM program has comprehensive cloud provider oversight but treats AI vendor concentration as a future problem, the supervisory gap is now.
What Examiners Are Starting to Test
OCC, FDIC, and Federal Reserve examiners are not yet uniformly asking “what’s your OpenAI concentration percentage?” But they are asking the upstream questions that require this information to answer:
- “What AI tools are your critical vendors using to deliver services your bank relies on?”
- “How do you assess concentration risk in AI providers?”
- “What’s your exit strategy if a critical AI vendor is unable to deliver service?”
- “Have you contractually secured notification rights when your AI vendor makes material changes to the technology underlying the contracted service?”
These questions are about TPRM program depth. Institutions that can answer with a documented AI vendor inventory, aggregated concentration analysis, and contract provisions are in a materially different position than those discovering the gap mid-exam.
The Exam-Ready Response
If an examiner asked today how your institution manages AI foundation model concentration risk, here’s what a defensible answer looks like:
Inventory: “We maintain an AI vendor register that captures not just vendor names but the foundation model providers underlying each product. We’ve mapped our AI tools to provider dependencies and aggregated exposure by provider for functions classified as Critical or High.”
Risk assessment: “We’ve tiered our foundation model dependencies by the criticality of the functions they support and assessed whether our current concentration across providers creates unacceptable single-provider risk.”
Contract provisions: “Our contracts with AI vendors include notification rights for material model version changes and explicit subcontractor disclosure. Contracts executed before these provisions were added are flagged for renegotiation at next renewal.”
Exit strategy: “We’ve documented migration paths away from current foundation model dependencies, including data portability rights and vendor transition assistance provisions.”
Monitoring: “Foundation model provider news, financial stability, and policy changes are tracked as part of our ongoing monitoring for critical AI vendors.”
Most institutions can partially address the inventory item. The contract, exit strategy, and monitoring documentation is where the gap is — and where examiners are looking.
So What?
AI vendor concentration risk isn’t a theoretical future problem. The CCAF data shows regulators are already ahead of the industry in concern level. DORA’s November 2025 CTPP designations opened the regulatory door to direct oversight of infrastructure concentration. OCC 2023-17 has always required it for critical subcontractor dependencies — AI foundation models are now clearly in scope.
Start with the inventory: ask each current AI vendor which foundation model providers their product depends on, for which functions, and whether those dependencies are disclosed or contractually required to be disclosed. The answers will tell you where your concentration lives.
The Third-Party Risk Management (TPRM) Kit includes the vendor inventory template, AI-specific due diligence questionnaire with foundation model dependency disclosures, and ongoing monitoring templates structured to close the OCC 2023-17 gap before the next exam cycle.
External sources: Cambridge Centre for Alternative Finance 2026 Global AI in Financial Services Report | OCC Bulletin 2023-17 | DORA ICT Third-Party Risk: Articles 28-30 | DeepInspect: DORA Third-Party Risk for AI | Bitsight: Frontier AI and the Compliance Gap
◆ Need the working template?
Start with the source guide.
These answer-first guides summarize the required fields, evidence, and implementation steps behind the templates practitioners search for.
◆ Related template
Third-Party Risk Management (TPRM) Kit
Complete vendor risk management lifecycle from initial due diligence to ongoing oversight.
◆ Immaterial Findings · Weekly
Sharp risk & compliance insights. No fluff.
◆ FAQ
Frequently asked questions.
Does OCC 2023-17 apply to AI foundation model providers?
What does DORA require for AI foundation model vendors?
What contract provisions do I need with AI vendors to address foundation model risk?
How do I assess concentration risk when multiple AI vendors all use the same foundation model?
What should I expect from examiners on this topic?
Author
Rebecca Leung
Rebecca Leung has 8+ years of risk and compliance experience across first and second line roles at commercial banks, asset managers, and fintechs. Former management consultant advising financial institutions on risk strategy. Founder of RiskTemplates.
◆ Related framework
Third-Party Risk Management (TPRM) Kit
Complete vendor risk management lifecycle from initial due diligence to ongoing oversight.
◆ Keep reading
Related posts.
Third-Party Risk
The Marquis Software Breach: What 80 Banks and Credit Unions Need to Learn About Vendor Concentration Risk
In August 2025, Akira ransomware hit Marquis Software Solutions through an unpatched SonicWall firewall. By the time breach notifications went out—over two months later—80 banks and credit unions had been exposed, 824,000 consumers' data was compromised, and a ransom had reportedly been paid. Here's what your third-party risk program should take from it.
Jul 7, 2026
Third-Party Risk
Vendor Financial Health Monitoring: The Early Warning Program OCC 2023-17 Expects for Critical Third Parties
OCC 2023-17's ongoing monitoring phase requires active financial health surveillance for critical third-party vendors — but most institutions treat it as an annual renewal checkbox. Here's what a defensible early warning program looks like, what warning signs to track, and what the Synapse collapse demonstrated about gaps in current practice.
Jul 3, 2026
Third-Party Risk
GENIUS Act Stablecoin Custody: The Due Diligence Framework Your TPRM Program Doesn't Cover Yet
The GENIUS Act's July 18, 2026 rulemaking deadline is 16 days away. When final rules land, every bank acting as a stablecoin custodian — or relying on one — will face vendor oversight obligations your standard TPRM template wasn't built to address. Here's the framework.
Jul 1, 2026