Skip to main content

CCO Insight: Compliance and Third-Party Risk

CCOs discuss resourcing, monitoring, and automation related to third-party risk

As regulatory, policy, and geopolitical risks continue to shift, Compliance reassesses risks and controls related to third parties and how automation can assist. KPMG discussed third-party risk management (TPRM) changes with Chief Compliance Officers (CCOs).

Key themes and insights shared include:

Resourcing & Scope:

  • Differences in federated versus centralized third-party processes/structures depending on both industry as well as on vendor tiering
  • 4th party concerns – analysis for social/ethical sourcing compliance; overall nominal oversight and recognition of the dependence on the robustness of third-party program/control strength

Monitoring & Reporting:

  • Shift to engagement level risk assessment
  • Reassessment of TPRM risks amidst regulatory/policy changes (e.g., FCPA, cyber, security, privacy)
  • Difficulty/complexity to aggregate and establish commonality of KRIs across groups/functions (e.g., Quality, Finance)

Automation, Tools, & AI:

  • A 'promise of AI' but still in use case phase of "crawl-walk-run"
  • Actively looking at how to utilize AI/ML (e.g., screenings, execution of de novo reviews versus relying on certifications)
  • Initial adoption of AI in select areas like onboarding (e.g., anti-bribery/corruption checks)

KPMG Perspective

Compliance stakeholders should be united with other key stakeholders across Procurement, Business, Risk Oversight, and Legal to understand where and how third/nth parties are being used and whether that is acceptable within risk tolerances. Compliance should help drive a risk-based selection and monitoring of third parties. Third-party risk is a strategic priority whose success rests on four pillars: governance, process, infrastructure, and data.

For more CCO insights and perspectives, see "Explore More" below.

Explore more

Insight
Webcast Replay Webcast Upcoming Listen Now From The Web

Parties & Providers

Risk Coverage; Risk-based Approach; Monitoring & Metrics; Actions

Read more
Insight
Webcast Replay Webcast Upcoming Listen Now From The Web

Exploring third-party risk management for internal audit leaders

KPMG Ask the Experts Insights

Read more
Insight
Webcast Replay Webcast Upcoming Listen Now From The Web

Third-party security assessments

Modern thinking towards assessments

Read more
Insight
Webcast Replay Webcast Upcoming Listen Now From The Web

CCO Insight: Evolving Compliance in Tech Risk

Expanding the use of data analytics and technology to governance and control enhancements

Read more

Subscribe to receive regulatory and compliance transformation insights

By registering you will periodically receive additional compliance-related communications from KPMG.

Subscribe

Thank you

You are now subscribed to receive Regulatory and Compliance Transformation insights and will receive a confirmation email in your inbox.

Subscribe to receive regulatory and compliance transformation insights

By registering you will periodically receive additional compliance-related communications from KPMG.

All fields with an asterisk (*) are required.

By submitting, you agree that KPMG LLP may process any personal information you provide pursuant to KPMG LLP's . Privacy Statement

An error occurred.

KPMG. Make the Difference.


Some or all of the services described herein may not be permissible for KPMG audit clients and their affiliates or related entities.

The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act upon such information without appropriate professional advice after a thorough examination of the particular situation. KPMG LLP does not provide legal services.

The information contained herein is not intended to be “written advice concerning one or more Federal tax matters” subject to the requirements of section 10.37(a)(2) of Treasury Department Circular 230.

© 2026 KPMG LLP, a Delaware limited liability partnership, and its subsidiaries are part of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved.

For more detail about the structure of the KPMG global organization please visit https://home.kpmg/governance.

Thank you!

Thank you for contacting KPMG. We will respond to you as soon as possible.

Contact KPMG

Use this form to submit general inquiries to KPMG. We will respond to you as soon as possible.
All fields with an asterisk (*) are required.

By submitting, you agree that KPMG LLP may process any personal information you provide pursuant to KPMG LLP's . Privacy Statement

An error occurred.

Job seekers

Visit our careers section or search our jobs database.

Search now!

Submit RFP

Use the RFP submission form to detail the services KPMG can help assist you with.

Submit

Office locations

View locations

International hotline

You can confidentially report concerns to the KPMG International hotline

Learn more

Press contacts

Do you need to speak with our Press Office? Here's how to get in touch.

Contact

Headline