Business and risk leaders are being encouraged to undertake three strategic actions to accelerate the transformation of Third-Party Risk Management (TPRM) and fully harness the benefits of centralization and artificial intelligence (AI) integration. These recommendations, outlined by EY, aim to help organisations overcome existing challenges in TPRM processes and maximise value from emerging technologies.
The first action is to adopt an enterprise-wide perspective on TPRM. EY highlights that TPRM activities often take place in isolated verticals within organisations, such as procurement, cybersecurity, or supply chain departments. Each focuses on its own specific metrics—for example, procurement tracks contract compliance, cybersecurity gauges incident response times, and supply chain monitors supplier resilience. However, the full potential of AI and centralised TPRM can only be realised by understanding risks in the context of overarching enterprise obligations, including regulatory requirements, board directives, and investor expectations. EY stresses the importance of comprehending how third-party risks interlink across various business units to prevent narrow decision-making. The firm has previously introduced the concept of a “risk steward,” a role that prioritises risk management across organisational siloes to ensure a connected, proactive approach. Given that TPRM impacts all internal functions through their external third-party relationships, adopting a risk steward mindset is expected to greatly enhance risk oversight.
The second recommended action focuses on investing in AI readiness to bridge the gap between current low adoption levels and future ambitions. EY reports that while few organisations have fully integrated AI in their TPRM frameworks, many are eager to scale up usage. Achieving this aspiration requires a comprehensive assessment of existing TPRM processes, tools, and data practices to identify necessary improvements for AI integration. EY emphasises the importance of data readiness, including improving data quality, standardising formats, and implementing robust data governance frameworks. Preparing the workforce for AI adoption by addressing skills gaps and providing training and upskilling is also crucial. Moreover, maintaining awareness of emerging best practices and technological developments within TPRM is advised to remain agile and ready for future AI advances.
The third action is to question existing assumptions and accelerate the adoption of tipping points that enable transformative change. Kawther Haciane, EY MENA Digital Risk Leader, explained to EY: “A decade ago, most companies had policies prohibiting their data from ever touching the public cloud, because of the fear factor of the technology. Today, the script has flipped. Companies everywhere are ‘cloud first’ — everything has migrated to the cloud, and exceptions have to justify why they shouldn’t be on the cloud.” This example illustrates how changing assumptions and economics can drive sudden mass technology adoption.
EY notes that technology history is replete with such tipping points, and the current risk environment is ushering in nonlinear changes at an accelerated pace. The recent launch of ChatGPT, which redefined expectations for generative AI’s capabilities and development speed, and the COVID-19 pandemic, which forced rapid adoption of remote risk assessment technologies, are cited as recent examples. The field of TPRM appears poised for a similar tipping point as the growing volume and complexity of third-party relationships has made manual risk assessments increasingly costly and inefficient. This scale shift enhances the financial incentives to invest in AI while providing more opportunities to recoup investments.
Furthermore, EY highlights that breakthroughs in AI technologies—including agentic AI, multimodal AI, reasoning AI, and self-improving AI—are emerging, with the potential to revolutionise TPRM by combining new capabilities. This convergence may significantly alter cost-benefit calculations and make AI adoption an irresistible proposition for organisations.
The firm cautions that many enterprises experienced past tipping points with little preparation, resulting in rushed responses. However, there is an alternative: organisations can anticipate such turning points and prepare in advance. By taking the steps of aligning risk management incentives, investing in AI readiness, and adopting an enterprise-wide approach, companies can not only brace for change but potentially accelerate their own transformation.
In sum, EY suggests that as TPRM’s purpose is to shield organisations from external disruptions, it may now be time for TPRM itself to evolve with focus and foresight, leveraging centralisation and AI to meet the demands of an increasingly complex third-party landscape.
Source: Noah Wire Services