Key findings

Overall, our survey reveals a significant gap between aspiration and reality in leveraging the power of AI in TPRM.

While organisations recognise the potential of AI and GenAI to enhance agility, cost-effectiveness, and resilience in managing third-party risks, they are still in the early stages of adoption. Results show that organisations envision a future where strategic investments in talent and technology, combined with carefully selected external support, will enable them to overcome current hurdles and unlock the transformative power of AI for TPRM.

• Organisations are prioritising AI investments that deliver greater efficiency, more effective third-party management, and enhanced decision-making to mitigate growing financial exposure from third-party incidents.
• Despite low maturity levels, leadership teams are ambitious about embracing intelligent automation, while managing both the risks of AI in their organisations and those arising from third-party AI usage.
• Respondents believe that dynamic inherent risk assessment and due diligence offer the greatest potential for efficiency and effectiveness improvement through intelligent automation.
• Combining managed services solutions with enhanced in-house capability development (including ongoing tech investment) appears to be the most favoured approach, prioritising high-impact risk domains.

Building the business case for AI in Third Party Risk Management

The survey highlights a clear desire to leverage AI in TPRM for cost-effectiveness through process efficiencies and enhanced decision-making. This would free up the time of more experienced TPRM team members by intelligently automating repetitive manual processes.

These include data collection and contextualising multiple unstructured data sources to raise red flags where appropriate.

The business case is also driven by the recognition that financial exposure following a major third-party incident continues to rise, with nearly half of respondents believing potential damages could exceed US$50 million.

However, barriers to adoption remain, with concerns around financial outlay, integration with legacy systems, and access to expertise being the most prominent.

Benchmarking AI progress in TPRM

While ambition is high, the maturity of AI adoption in TPRM remains in its early stages. Most respondents are in the initial levels of maturity, with only a small percentage currently using AI to understand their third-party risk exposure.

Despite this, organisations are actively planning to implement AI-powered solutions. We can expect to see a more measured and strategic approach to AI adoption in TPRM, balancing the ambition for innovation with the need for robust risk mitigation and governance frameworks.

This balanced approach will be particularly important in areas like smart alerts, dynamic risk assessments, and collaborative risk management platforms.

AI in specific TPRM processes

Inherent risk determination and due diligence emerge as having the most potential for AI-driven transformation for TPRM. However, a considerable gap exists between aspiration and reality, with many organisations still relying on manual processes and basic spreadsheets for data management.

Contract management, while often overlooked, presents another area for AI-driven improvements. Opportunities exist for automation in contract analysis, risk prediction, and compliance monitoring.

We can expect to see a rapid increase in AI adoption across all stages of the TPRM lifecycle, driven by the need for greater efficiency, accuracy, and proactive risk management.

The future of AI in third-party risk management

The survey points towards a future where managed services and enhanced in-house capabilities will coexist and complement each other.

We expect to see a rise in specialised managed services offerings focused on specific aspects of AI-powered TPRM, such as data analytics, risk modelling, or continuous monitoring.

This growth will occur alongside organisational investment in AI-powered TPRM platforms and tools to empower their teams with advanced analytics, automation capabilities, and real-time risk intelligence.

Respondents prioritised information security, data privacy, cybersecurity, and contract risk, as the specific risk domains that would benefit most from AI. This is driving their focused approach to embracing AI to augment their third-party risk management.