Skip to main content
gen-ai-banner-small

Assessing AI’s impact on third party risk management

In today's interconnected business landscape, organisations face mounting pressure to effectively manage a growing network of third-party relationships. The increasing complexity and criticality of these relationships, coupled with a volatile global environment, demand innovative solutions. Traditional approaches to Third-Party Risk Management (TPRM) are struggling to keep pace, creating a gap between the need for robust risk mitigation and the ability to achieve it.

Building on the success of our previous eight annual Third Party Risk Management (TPRM) surveys, here we present the findings from a pulse survey focused on the rise of AI in TPRM to maximise opportunities while managing the risks.

Throughout the survey, we acknowledge how the definition of AI is broadening to not only include GenAI but also encompass an interconnected array of technologies that go beyond machine learning, deep learning, and generative pre-trained transformers (referred to as GPTs) to enable intelligent automation in managing third-party ecosystems. This survey builds on the ongoing research series by the Deloitte AI institute titled The state of Generative AI in the enterprise: Now Decides Next1 but specifically exploring how actions taken now by respondents related to managing third-party risks and opportunities will enable them to gain sustainable competitive advantage by leveraging their extended enterprise.

Key findings

 

Overall, our survey reveals a significant gap between aspiration and reality in leveraging the power of AI in TPRM.

While organisations recognise the potential of AI and GenAI to enhance agility, cost-effectiveness, and resilience in managing third-party risks, they are still in the early stages of adoption. Results show that organisations envision a future where strategic investments in talent and technology, combined with carefully selected external support, will enable them to overcome current hurdles and unlock the transformative power of AI for TPRM.

The journey towards AI-powered TPRM is a marathon, not a sprint. Organisations must adopt an ambitious yet balanced approach, carefully navigating the risks while harnessing the power of AI to build more agile TPRM frameworks.

~ Survey participant

  • Organisations are prioritising AI investments that deliver greater efficiency, more effective third-party management, and enhanced decision-making to mitigate growing financial exposure from third-party incidents.
  • Despite low maturity levels, leadership teams are ambitious about embracing intelligent automation, while managing both the risks of AI in their organisations and those arising from third-party AI usage.
  • Respondents believe that dynamic inherent risk assessment and due diligence offer the greatest potential for efficiency and effectiveness improvement through intelligent automation.
  • Combining managed services solutions with enhanced in-house capability development (including ongoing tech investment) appears to be the most favoured approach, prioritising high-impact risk domains.

Building the business case for AI in Third Party Risk Management

 

The survey highlights a clear desire to leverage AI in TPRM for cost-effectiveness through process efficiencies and enhanced decision-making. This would free up the time of more experienced TPRM team members by intelligently automating repetitive manual processes.

These include data collection and contextualising multiple unstructured data sources to raise red flags where appropriate.

Top motivators for organisational investment for AI in third-party risk management

The business case is also driven by the recognition that financial exposure following a major third-party incident continues to rise, with nearly half of respondents believing potential damages could exceed US$50 million.

However, barriers to adoption remain, with concerns around financial outlay, integration with legacy systems, and access to expertise being the most prominent.

Top barriers to organisational investment for AI in third-party risk management

Benchmarking AI progress in TPRM

 

While ambition is high, the maturity of AI adoption in TPRM remains in its early stages. Most respondents are in the initial levels of maturity, with only a small percentage currently using AI to understand their third-party risk exposure.

Despite this, organisations are actively planning to implement AI-powered solutions. We can expect to see a more measured and strategic approach to AI adoption in TPRM, balancing the ambition for innovation with the need for robust risk mitigation and governance frameworks.

This balanced approach will be particularly important in areas like smart alerts, dynamic risk assessments, and collaborative risk management platforms.

Aspirations to use specific applications for AI in third-party risk management

AI in specific TPRM processes

 

Inherent risk determination and due diligence emerge as having the most potential for AI-driven transformation for TPRM. However, a considerable gap exists between aspiration and reality, with many organisations still relying on manual processes and basic spreadsheets for data management.

Contract management, while often overlooked, presents another area for AI-driven improvements. Opportunities exist for automation in contract analysis, risk prediction, and compliance monitoring.

We can expect to see a rapid increase in AI adoption across all stages of the TPRM lifecycle, driven by the need for greater efficiency, accuracy, and proactive risk management.

Current level of automation in capturing and leveraging data associated with the inherent risk of a third-party engagement

The future of AI in third-party risk management

 

The survey points towards a future where managed services and enhanced in-house capabilities will coexist and complement each other.

We expect to see a rise in specialised managed services offerings focused on specific aspects of AI-powered TPRM, such as data analytics, risk modelling, or continuous monitoring.

This growth will occur alongside organisational investment in AI-powered TPRM platforms and tools to empower their teams with advanced analytics, automation capabilities, and real-time risk intelligence.

Respondents prioritised information security, data privacy, cybersecurity, and contract risk, as the specific risk domains that would benefit most from AI. This is driving their focused approach to embracing AI to augment their third-party risk management.

Will managed service solutions related to TPRM continue to grow?

Want to know more? Read our report to discover the other latest trends in third-party risk management. Download the report now.

Did you find this useful?

Thanks for your feedback