Submit RFP

      Third-party risk management: Navigating complexity in a volatile world

      The landscape of third-party risk is evolving rapidly, with regulatory compliance and cyber risk now the primary drivers shaping TPRM strategies across the globe. As organizations face an unprecedented pace of change and increasing threats, the 2026 KPMG Global Third-Party Risk Management (TPRM) Survey explores how leaders are responding to these challenges — and where critical gaps remain.

      This is not the time for incremental improvements or fragmented approaches. Our latest survey of 851 organizations reveals that while many are making progress, true integration and effectiveness in TPRM remain elusive for most. The findings highlight both the advances, and the persistent hurdles organizations face as they strive for resilience and confidence in their third-party ecosystems.

      Download

      Navigate the new realities of third party risk

      Discover how leading organizations are reshaping TPRM — explore the 2026 KPMG Global Third-Party Risk Management Survey now to see how organizations are tackling regulatory compliance and cyber threats amid increasingly complex third‑party ecosystems, and explore how leaders are using AI and managed services to strengthen resilience.

      Download the survey

      Findings from our research

      Compliance and cybersecurity: Twin pillars of TPRM strategy

      Regulatory compliance and cyber threats are the most pressing priorities today, but they also highlight a gap: programs need capabilities that anticipate emerging risks so they can act before the next wave hits.

      Integration challenges: TPRM and ERM still speak different languages

      With only 53 percent of TPRM programs "mostly integrated" with enterprise risk management (ERM) — and just 18 percent "fully integrated"- there is a significant opportunity to create an enterprise-wide view of risk.

      Managed services and outsourcing: Scaling TPRM with external support

      Truly scalable, strategic TPRM operating models are an emerging trend: Many organizations are outsourcing discrete, high-volume tasks, creating a path toward end-to-end managed services, which are in place in just 5 percent of organizations.

      Technology and AI: Unlocking TPRM maturity and creating value

      More than half of organizations are exploring artificial intelligence (Al), and with 22 percent finding it "very effective," there is a clear opportunity to better translate technology investments into tangible value.

      Data quality and confidence: The foundation of trustworthy TPRM

      As only 15 percent of leaders express high confidence in the data that underpins their program, improving data quality presents a foundational opportunity to enhance TPRM effectiveness from the ground up.

      We’re seeing a lot of organizations say they use managed services for TPRM, but only a handful are doing it end-to-end. Most are just outsourcing pieces here and there. The real opportunity is bridging that gap — by defining and streamlining your processes and getting the fundamentals right before you scale, you can benefit from faster, more efficient risk assessments.

      Roy Waligora

      Global Third Party Risk Management Leader

      KPMG International

      Strategic recommendations for future-proofing your TPRM program

      By following these actions, organizations can reposition TPRM from a cost center to a strategic enabler that drives efficiency, effectiveness, and competitive advantage.

      • Focus your firepower

        Pivot from broad, low value screening to a targeted, risk based approach — focus time and investment on the small subset of third parties that present material threats.

      • Break down the silos

        Align TPRM with enterprise risk management (ERM) to establish a unified, organization‑wide risk view that informs strategic choices beyond compliance obligations.

      • Treat data as a strategic asset

        Implement robust data governance to build a single source of truth that powers effective AI, reliable reporting, and confident decision‑making.

      • Move past “AI theater”

        Embed automation and intelligent workflows across the full TPRM lifecycle to speed execution and surface hidden risks.

      • Look beyond your own backyard

        Expand visibility into Nth‑party relationships to identify deeper supply chain exposures and manage concentration risk.

      • Outsource outcomes, not ownership

        Use managed services to scale capabilities and improve efficiency, while keeping strong ownership of governance and strategic direction.

      Explore our latest thinking

      Building a trusted risk function to succeed in a riskier world
      Read more

      Explore how to turn risk into an opportunity for value creation and align your organization with the demands of the modern risk environment.
      Read more

      As regulatory expectations, data complexity, and emerging technologies evolve, risk management in banking is undergoing a fundamental transformation.
      Read more

      KPMG Risk Hub is designed to provide an integrated, real-time, holistic view of governance, risk, and compliance (GRC) across every level of the business, all in a single cloud platform.
      Read more

      How business leaders can tackle complex vendor risk landscapes efficiently.
      Read more

      The new champions in a digital era
      Read more

      Our people

      samantha-gloede
      Samantha Gloede

      Global Head of Risk Services and Global Trusted AI Leader

      KPMG International

      Alexander Geschonneck
      Alexander Geschonneck

      Partner, Global Forensic Leader

      KPMG in Germany

      Roy Waligora
      Roy Waligora

      Partner, Head of Investigations and Corporates Forensic

      KPMG in the UK