In today's interconnected business landscape, organisations face mounting pressure to effectively manage a growing network of third-party relationships. The increasing complexity and criticality of these relationships, coupled with a volatile global environment, demand innovative solutions. Traditional approaches to Third-Party Risk Management (TPRM) are struggling to keep pace, creating a gap between the need for robust risk mitigation and the ability to achieve it.
Building on the success of our previous eight annual Third Party Risk Management (TPRM) surveys, here we present the findings from a pulse survey focused on the rise of AI in TPRM to maximise opportunities while managing the risks.
Throughout the survey, we acknowledge how the definition of AI is broadening to not only include GenAI but also encompass an interconnected array of technologies that go beyond machine learning, deep learning, and generative pre-trained transformers (referred to as GPTs) to enable intelligent automation in managing third-party ecosystems. This survey builds on the ongoing research series by the Deloitte AI institute titled The state of Generative AI in the enterprise: Now Decides Next1 but specifically exploring how actions taken now by respondents related to managing third-party risks and opportunities will enable them to gain sustainable competitive advantage by leveraging their extended enterprise.
Overall, our survey reveals a significant gap between aspiration and reality in leveraging the power of AI in TPRM.
While organisations recognise the potential of AI and GenAI to enhance agility, cost-effectiveness, and resilience in managing third-party risks, they are still in the early stages of adoption. Results show that organisations envision a future where strategic investments in talent and technology, combined with carefully selected external support, will enable them to overcome current hurdles and unlock the transformative power of AI for TPRM.
The journey towards AI-powered TPRM is a marathon, not a sprint. Organisations must adopt an ambitious yet balanced approach, carefully navigating the risks while harnessing the power of AI to build more agile TPRM frameworks.
~ Survey participant
The survey highlights a clear desire to leverage AI in TPRM for cost-effectiveness through process efficiencies and enhanced decision-making. This would free up the time of more experienced TPRM team members by intelligently automating repetitive manual processes.
These include data collection and contextualising multiple unstructured data sources to raise red flags where appropriate.
The business case is also driven by the recognition that financial exposure following a major third-party incident continues to rise, with nearly half of respondents believing potential damages could exceed US$50 million.
However, barriers to adoption remain, with concerns around financial outlay, integration with legacy systems, and access to expertise being the most prominent.
While ambition is high, the maturity of AI adoption in TPRM remains in its early stages. Most respondents are in the initial levels of maturity, with only a small percentage currently using AI to understand their third-party risk exposure.
Despite this, organisations are actively planning to implement AI-powered solutions. We can expect to see a more measured and strategic approach to AI adoption in TPRM, balancing the ambition for innovation with the need for robust risk mitigation and governance frameworks.
This balanced approach will be particularly important in areas like smart alerts, dynamic risk assessments, and collaborative risk management platforms.
Inherent risk determination and due diligence emerge as having the most potential for AI-driven transformation for TPRM. However, a considerable gap exists between aspiration and reality, with many organisations still relying on manual processes and basic spreadsheets for data management.
Contract management, while often overlooked, presents another area for AI-driven improvements. Opportunities exist for automation in contract analysis, risk prediction, and compliance monitoring.
We can expect to see a rapid increase in AI adoption across all stages of the TPRM lifecycle, driven by the need for greater efficiency, accuracy, and proactive risk management.
The survey points towards a future where managed services and enhanced in-house capabilities will coexist and complement each other.
We expect to see a rise in specialised managed services offerings focused on specific aspects of AI-powered TPRM, such as data analytics, risk modelling, or continuous monitoring.
This growth will occur alongside organisational investment in AI-powered TPRM platforms and tools to empower their teams with advanced analytics, automation capabilities, and real-time risk intelligence.
Respondents prioritised information security, data privacy, cybersecurity, and contract risk, as the specific risk domains that would benefit most from AI. This is driving their focused approach to embracing AI to augment their third-party risk management.
Want to know more? Read our report to discover the other latest trends in third-party risk management. Download the report now.
Opens in new window