StockSignal
How to use the screener to identify structural dependencies, concentrations, and hidden exposures in a company's business model — risks that live outside the financial statements.
The Question
How do I find hidden business risks that standard financial screens miss? Financial risk screening — leverage warnings, distress signals, margin pressure — examines what is visible in the financial statements. But some of the most consequential risks live in the business model itself: a company that depends on a single customer for half its revenue, a supplier that cannot be replaced, a regulatory framework that could change. These structural vulnerabilities may not appear in any financial ratio until after they materialize.
This article is not about balance sheet deterioration or earnings pressure — the financial risk article covers those dimensions. This is about identifying structural dependencies in the business model that create concentrated exposure to specific events or conditions.
What Business Vulnerability Means Structurally
A business vulnerability is a structural dependency that concentrates risk. When a company derives a large share of revenue from a single customer, the customer relationship becomes a vulnerability — not because anything is wrong, but because the business model is exposed to a single decision by a single counterparty. The same logic applies to supplier dependencies, regulatory frameworks, geographic concentrations, and key personnel.
Vulnerabilities are distinct from financial risks in a fundamental way. Financial risk is visible in the numbers — you can see leverage, margin pressure, and cash flow deterioration in the financial statements. Vulnerabilities are often invisible in the numbers until they become events. A company with concentrated customer revenue may show excellent financials right up until the customer leaves. The financials never showed the risk; they only showed the outcome.
The screener's vulnerability stories identify these structural concentrations and dependencies before they become events. They cannot predict whether a vulnerability will materialize, but they can identify companies where the business model carries concentrated exposure that standard financial screens do not capture.
Key Signals
Customer Concentration
What it measures: The degree to which a company's revenue is concentrated among a small number of customers. High customer concentration means the loss of a single customer relationship could materially impact revenue and profitability. This signal captures the structural dependency on specific counterparties.
Data source: Derived from disclosed customer concentration data in financial filings, including major customer revenue percentages and customer count metrics.
Supplier Dependency
What it measures: The extent to which a company relies on a limited number of suppliers for critical inputs. High supplier dependency means the company has limited alternatives if a key supplier raises prices, reduces capacity, or fails. This signal captures supply chain concentration risk.
Data source: Derived from disclosed supplier information, input cost concentration, and inventory sourcing patterns in financial filings.
Regulatory Sensitivity
What it measures: The degree to which a company's business model depends on specific regulatory frameworks, licenses, or government relationships. High regulatory sensitivity means changes in regulation could fundamentally alter the company's ability to operate, price its products, or access its markets.
Data source: Derived from disclosed regulatory risk factors, licensing requirements, and government revenue dependency in financial filings.
Geographic Revenue Concentration
What it measures: The degree to which revenue is concentrated in a single geography or market. Companies with high geographic concentration are exposed to region-specific economic, political, and currency risks. Diversified revenue across multiple geographies distributes these exposures.
Data source: Derived from geographic segment reporting in financial filings.
Stories That Emerge
Customer Concentration Exposure
Constituent signals: Customer Concentration, Revenue Stability, Contract Duration
What emerges: When customer concentration is high and revenue stability is closely tied to a few relationships, the company's business model is structurally dependent on specific counterparties. The contract duration signal adds context — short-term contracts with concentrated customers create more immediate vulnerability than long-term contracts, though both represent structural dependency.
Limits: High customer concentration is not inherently negative. Many successful businesses operate as key suppliers to a small number of large customers. The story identifies the structural exposure, not whether the exposure is well-managed or appropriately compensated through pricing, contracts, or relationship strength.
Customer Concentration Exposure
Revenue depends on limited number of customer relationships
Supply Chain Fragility
Constituent signals: Supplier Dependency, Input Cost Volatility, Inventory Concentration
What emerges: When a company depends on few suppliers for critical inputs, faces volatile input costs, and maintains concentrated inventory sourcing, the supply chain is structurally fragile. Disruption at any point — a supplier failure, a commodity price spike, a logistics breakdown — can cascade through the business model.
Limits: Supply chain fragility signals are based on disclosed information, which may understate the actual dependency. Companies are not always required to disclose specific supplier relationships. The story captures what is visible in filings, which may not fully reflect the operational reality.
Regulatory Dependency
Constituent signals: Regulatory Sensitivity, Government Revenue Share, License Dependency
What emerges: When a company's operations depend on specific regulations, derive significant revenue from government contracts, or require licenses that constrain entry, the business model is structurally tied to the regulatory environment. Changes in policy, administration, or regulatory interpretation can fundamentally alter the company's economics.
Limits: Regulatory dependency can be a source of competitive advantage (barriers to entry) as well as vulnerability (risk of regulatory change). The story identifies the structural dependency without assessing whether the regulatory environment is stable, favorable, or likely to change.
Regulatory Dependency
Business economics depend on regulatory frameworks
Key Person Dependency
Constituent signals: Executive Concentration, Founder Dependency, Management Stability
What emerges: When critical business relationships, intellectual property, or strategic direction depends on a small number of individuals, the company is exposed to key person risk. The departure, incapacitation, or distraction of these individuals could materially impact business performance in ways that no financial metric would anticipate.
Limits: Key person dependency is one of the most difficult vulnerabilities to quantify. The signals rely on observable indicators — executive tenure, founder involvement, management turnover — that approximate but cannot fully capture the degree of personal dependency embedded in the business model.
Key Person Dependency
Operations depend heavily on specific individuals
Using the Screener
Vulnerability Exposure Check
Use vulnerability stories as a due diligence layer on companies that pass your primary screen. After identifying companies through quality, value, or growth stories, run the results against Customer Concentration Exposure, Supply Chain Fragility, and Regulatory Dependency to identify which companies carry structural business model risks that the primary screen did not address.
This is not about excluding every company with a vulnerability — many excellent businesses carry concentrated exposures. It is about knowing which exposures exist so they can be assessed qualitatively rather than discovered after the fact.
Concentrated Risk Identification
To proactively identify companies with the highest structural vulnerability, screen directly for Customer Concentration Exposure or Supply Chain Fragility. This inverts the typical screen — instead of finding attractive characteristics, you are mapping the landscape of concentrated risk. This is particularly useful when evaluating an industry or sector where you want to understand which companies carry the most structural dependency.
Boundaries
What This Cannot Tell You
Vulnerability stories identify structural dependencies, not outcomes. A company with high customer concentration may retain that customer for decades. A company with regulatory dependency may operate in a stable regulatory environment that never changes. The presence of a vulnerability means concentrated exposure to a specific type of event — it does not predict whether that event will occur.
These stories also cannot assess the quality of risk management. A company with high supplier dependency may have contractual protections, alternative sourcing plans, or strategic inventory reserves that mitigate the exposure. The structural vulnerability exists, but the company's response to it may be robust. Quantitative signals cannot fully capture management quality in risk mitigation.
Finally, business vulnerabilities are derived from disclosed information in financial filings. Companies that do not disclose specific customer, supplier, or regulatory dependencies — either because they are not required to or because they choose not to — will not trigger vulnerability stories even if the underlying exposures exist. These signals capture disclosed structural risk, which is a subset of actual structural risk.