**Global:** Business and risk leaders are encouraged to centralise third-party risk management across organisational siloes and invest in AI readiness. EY highlights that appointing risk stewards, improving data governance, and challenging existing assumptions are key steps to harness AI’s transformative potential and prepare for future disruptions.
Business and risk leaders are being urged to adopt strategic actions to enhance Third-Party Risk Management (TPRM) and unlock the full potential of centralisation and artificial intelligence (AI) within their organisations. EY has outlined three key actions that can help achieve this transformation.
The first action emphasises the importance of focusing on the enterprise level when managing TPRM. Often, different verticals within an organisation, such as procurement, cybersecurity, and supply chain management, operate independently and are incentivised by distinct metrics. For instance, procurement tends to monitor contract compliance and vendor performance, while cybersecurity prioritises incident response time and the costs associated with breaches. To realise the full value of AI and centralisation, organisations must understand their obligations at an enterprise level, which includes regulatory, board, and investor imperatives. This foundational knowledge facilitates better decision-making regarding third-party risks, fostering a more holistic perspective rather than a segmented one.
The concept of a “risk steward” is also highlighted, referring to an individual responsible for overseeing risk management across different organisational siloes and driving a cohesive risk management approach. TPRM is seen as a horizontal function that spans the enterprise, greatly benefitting from such a steward approach, which would ensure that every internal function is aware of and manages its third-party impacts effectively.
The second recommended action is to invest in AI readiness. Despite current low levels of AI adoption in TPRM, many organisations express a desire to scale up AI integration in the coming years. To bridge the existing gap, firms must engage in comprehensive assessments of their current TPRM processes, tools, and data management practices. This preparation includes enhancing data quality, standardising formats, implementing robust data governance, and addressing workforce skills gaps through training and upskilling initiatives. Moreover, continual monitoring of trends is essential for staying aligned with emerging best practices in TPRM and preparing for subsequent waves of AI advancements.
Finally, the article calls for questioning existing assumptions and proactively accelerating tipping points. As Kawther Haciane, EY MENA Digital Risk Leader, noted, a decade ago, many companies restricted their data from interacting with public clouds due to security concerns. Now, the landscape has shifted to a “cloud first” approach, illustrating how changing assumptions can lead to widespread adoption. Similar transformative moments have occurred across sectors, particularly highlighted by the copious adjustments faced during the COVID-19 pandemic, which propelled rapid technological integration in TPRM.
Currently, firms may be approaching a pivotal moment regarding AI adoption in TPRM. The complexity and quantity of third-party relationships have surged, resulting in increased friction and costs associated with manual risk assessments. Expanding the scale of these assessments can create a financial impetus to invest in AI technologies. As a new generation of AI models emerges—featuring capabilities such as agentic AI, multimodal AI, reasoning AI, and self-improving AI—the potential for significant advancements in TPRM practices is evident.
These various tipping points demonstrate a pattern where organisations are often caught off guard, necessitating hurried responses. However, preparing in advance for such moments can allow businesses to strategically align their operations, invest in future innovations, adjust misaligned incentives, and realign organisational structures.
In light of the evolving landscape, TPRM’s role may increasingly focus on ensuring that organisations remain prepared for external disruptions. Prioritising its own structural evolution could prove pivotal for TPRM stakeholders as they navigate the complexities of contemporary risk management.
Source: Noah Wire Services
Subscribe to Industry Updates
