Skip to content

Third-party risk management: The smart approach

Howard Presland
Global Head of Third Party Risk

Third-party risk management is a formidable task made more challenging by the high volume of unstructured data. As public cloud adoption rises, how are AI and machine learning tools helping compliance teams work smarter?


  1. The use of multiple data vendors in third-party risk management can lead to poor operational efficiency and lengthy risk assessment lead times.
  2. Examples of machine learning applications in third-party risk management include intelligent tagging and information de-duplication.
  3. The public cloud gives a further boost to the ability of compliance teams to harness AI, rather than rely on often outdated processes.

Mitigating third-party risk is a formidable task.

Extensive global third-party networks and the sheer range of risks that must be addressed — including regulatory, reputational, operational, and financial — give rise to a plethora of challenges.

While a variety of software platforms provide the ability to better manage these risks, implement a risk-based approach, and collect key information from third-parties, a critical piece of the puzzle is in marrying this information with external data sources to drive better decision making.

Many organizations report that they do not have access to trusted, reliable data with the necessary depth and breadth to effectively manage third-party risk in this way.

They often need to use multiple data vendors and integrations in order to build a complete risk picture of entities or individuals.Third-party risk management: The smart approach. What causes you the most concern in your compliance role?

This piecemeal strategy can result in disparate data sets that lack cohesion.

On top of this, volumes of unstructured data are labor-intensive to analyze and human error can creep in. The net result is often poor operational efficiency, characterized by excessive costs and lengthy risk-assessment lead times.

Faced with these challenges, how can AI and the public cloud help organizations to work smarter in third-party risk management?

Learn more about the true cost of financial crime

AI and third-party risk management

To uncover the plethora of potential risks that may be present in vast international third-party networks, it is necessary to connect all relevant data and build a comprehensive, 360-degree view of risk.

To accomplish this, compliance professionals need sufficient depth and breadth of reliable data and the ability to unlock the value within this content.

Human effort is often too slow and too error-prone to accomplish this within time and budgetary constraints, and that’s where AI can offer an all-important competitive advantage.Third-party risk management: The smart approach. The challenges of managing third party risk

Let’s look at some pertinent examples of machine learning, the process through which computers analyze volumes of data and produce recommendations.

Intelligent tagging

Two examples of applications with value for third-party risk management include intelligent tagging and information de-duplication.

Intelligent tagging tags people, places, facts and events across volumes of content and attaches scores to indicate relative importance.

This enhances the efficiency of compliance professionals by helping them to hone in on the information they need, spot trends, and identify gaps in information.

This type of application makes use of both natural language processing — an effective bridge between computer-speak and human language — and text analytics, where data is grouped and structured and large volumes of content are analyzed to detect themes.

Information de-duplication, as the name suggests, identifies and clusters similar content (for example in the media), once again boosting efficiency by cutting through the noise and reducing the amount of content that must be reviewed by risk managers.

Changing cloud perceptions

Our 2018 Public Cloud Survey Report reveals that the benefits of the public cloud (including agility, elasticity, speed and on-demand availability) are beginning to outweigh security concerns, citing that “reasons not to migrate have decreased.”

In particular, security concerns that have plagued perceptions around the public cloud in recent years have abated.

Of particular interest, the report concludes that companies are specifically looking to the public cloud as “a means to deploy latest AI technologies” and highlights that compliance systems can benefit from public cloud use, because “regular reports can be processed cheaply.”Third-party risk management: The smart approach. Point where majority of infrastructure will migrate to public cloud

As public cloud take-up begins in earnest, this will give a further boost to the ability of compliance teams to harness the power of AI, rather than rely on often outdated processes.

A new level for third-party risk management

AI is not yet fully out of the starting blocks and remains constrained by certain challenges and limitations, but exponential innovation in this space will continually offer new tools that can be harnessed to augment human ability.

As new capabilities become available, these should be embraced — not as a replacement for invaluable human talent,  but as indispensable aids to drive operational efficiency.

They should be able to take global third-party risk management to a new level, where the universe of potential risks can be identified, assessed and mitigated with greater ease and efficacy.

Fight-Financial-Crime