​Organizations are increasingly reliant on third party vendors for driving financial and operational efficiencies, realizing competitive advantages, and to support the growth of the business. The growing dependence on third parties has introduced new risks for the organizations, and emphasized the importance of managing risks associated with existing relationships, to effectively manage any potential significant reputational and operational impact due to the compromise of such third parties.

Findings from KPMG's Third Party Risk Management 2022 Outlook


Business continuity

77% felt that their organization lacks business continuity capabilities to manage any potential disruption to business arising from a third party incident.


Fourth parties

79% of the organizations stated that the management of risks associated with the fourth parties across the supply chain still needs improvement.


Global events

63% say that since COVID-19, the organization is not continuously focused on improving the effectiveness of their Third Party Risk Management (TPRM) capabilities.



59% flag that the technology made available to the organization does not provide adequate visibility needed to gauge the third party risk across the entire supply chain.

Changing regulatory landscape

The regulatory landscape is evolving and Canadian regulators are taking action and introducing new requirements from a third party cyber risk management perspective. Recent revisions to B-10 guidelines from OSFI are prime examples, where the revised guidelines place increased focus on supply chain governance and risk management programs.

To learn more about these changes and five focus areas for organizations, click below.

Connect with us

Stay up to date with what matters to you

Gain access to personalized content based on your interests by signing up today

Connect with us