As the global marketplace grows more complex and competitive, third-party relationships become increasingly crucial to decreasing costs, managing risks, enhancing customer experiences, and improving value and profitability. Without reliable and reputable third parties (i.e. vendors, suppliers, distributors, and contractors), businesses cannot compete with more dynamic organizations in their industry. Inviting uncertain entities into your organization’s network opens the door to unwelcome risks.  

Furthermore, the current COVID-19 crisis clearly illustrates that third-party failures can rapidly tarnish organizations’ credibility, have significant downstream operational costs, and most importantly have long-term reputational implications. This underlines the importance for organizations to address their concerns around these issues, and to define a clear strategy for the selection, approval and management of third parties.

Key insights of KPMG’s Third-Party Risk Management outlook

The results of KPMG’s 2020 Third-Party Risk Management (TPRM) Outlook show that 77 percent of the surveyed senior executives consider TPRM to be a strategic priority for their organization.
Additionally, 6 out of 10 respondents declare that their organization’s most severe reputational risks come from their third parties. This result shows the dependence of organizations towards their third parties and thus indicates the importance of a good Third-Party Risk Management program.

Three quarters (74 percent) of the respondents admit that they urgently need to make TPRM more consistent across the organization. This reveals that many organizations are not prepared for the complexity that comes with assessing various risks in a consistent way across different business lines and regions. Both an in-depth risk identification and assessment upfront in the onboarding process, as well as during the lifecycle of the contract, is crucial for organizations to have a clear view on the risk profile of all their third parties. 

74 percent need more consistent TPRM
50 percent do not have enough in-house capabilities

The survey also found that 50 percent of all businesses do not have enough in-house capabilities to manage all the third party risks they face. In our view, organizations can achieve both efficiency and effectiveness by taking a risk-based approach to assessing and monitoring third-party products and services that present the highest risk to the organization.

Data and technology are improving TPRM teams’ performance, yet only a quarter of companies are using relevant technologies to improve either the workflow automation or monitoring of third parties. However, technology is the most preferred investment (61 percent) that respondents will make when new funding is made available.

61 Percent sees technology as most preferred investment
61 Percent sees technology as most preferred investment

Finally, the TPRM outlook shows that almost all businesses have some form of TPRM program in place. Although 51 percent of respondents’ organizations are working with limited budgets, given the increased focus on the use of third parties, three in four (76 percent) respondents indicate that funding is available or growing to evolve and strengthen their organization’s TPRM program. 

The way forward

In response to the above challenges, we have developed a third-party risk management framework, namely TPRM Navigator, which can bring clarity to the TPRM Program of your organization.

The Third Party Risk Navigator is built along three lines of defense: promoting agility, identifying emerging risks and helping to clarify the strengths and weaknesses of your organization. This Navigator contains KPMG’s global and industry-wide knowledge of Third-Party Risk Management, and has been developed to support our clients by providing an efficiently run maturity assessment as well as the latest market insights. 

Don’t hesitate to contact us to discuss how we can help you!


TPR Navigator

Has this article sparked your interest? Join our free webinar on 26/5 to take a deep dive into our Third-Party Risk Management Outlook and to learn more on designing and implementing effective third-party management systems. Register now by clicking on the box below: