Technology is Transforming Third Party Risk Management: Predicting the Future

The definition of “effectiveness” for a third party risk management program is quickly changing—how is your organization keeping up?

I usually avoid predicting the future because you are bound to get something wrong. But in this case I’m going to make an exception. Here is my 100 percent, sure-to-be true prediction: technology is going to change how compliance professionals do their jobs. I know this is not that risky of a prediction but I’m just getting started.

Technology has changed the way business is done overall. Everyone knows that. But few functions require juggling as many people, processes and data as compliance does. Furthermore, as business is done faster and on an increasingly global scale, the compliance function becomes more and more important to more and more people.

The important thing to keep in mind is that the underlying goals will not change—you are trying to make sure you know who you are doing business with and that they are not criminals. Plain and simple. It’s the how that is going to change.

To date, the profession has benefitted from technology the same way other business functions have. But I think that is about to change. Now come the real predictions…

Third Party Data Overwhelm Is Here

In the past, compliance officers struggled to get accurate and complete data. In the future, we will struggle with how to manage the large volumes of data we receive. We are going to have so much data we won’t know what to do with ourselves.

It is already happening. That 120-page basic background report you ordered for the tiny services provider that will be processing 10-15 visa applications a year? That is what I am talking about.

How do we keep our compliance programs “effective” in the face of all this data? As you know, FCPA enforcement actions by both the DOJ and the SEC remain high. We cannot ignore this.

The Ability to Streamline & Simplify Processes Will Separate Effective Programs From Ineffective Programs

Soon, the ability to streamline and simplify processes is what will separate “effective” compliance programs from ineffective ones.  That is my big prediction. Basing what due diligence is needed on the unique risks facing your company, “risk-based due diligence,” will allow compliance professionals to effectively allocate their resources, including their own time and attention.

I’ve been closely watching the marketplace to see what systems and software are being developed to meet this need. It is rapidly changing. In working with NAVEX Global, I’ve realized the potential of integrated third party due diligence systems.

Related: Schedule a demo of NAVEX Global’s Third Party Risk Management solution at any time.

These systems combine a number of different processes that used to be separate and allow for a simple method to manage them all. Perhaps even more importantly, they analyze and manage the data, creating sophisticated risk algorithms to rank risks based on objective, tested criteria.


The definition of “effectiveness” for a third party risk management program is changing—new automated due diligence systems are game-changers in achieving effectiveness in the eyes of regulators.

Chat with a solutions expert to learn how you can take your compliance program to the next level of maturity.

Top Three Findings From NAVEX Global’s 2015 Ethics & Compliance Hotline Benchmark Report

Our 2015 Ethics and Compliance Hotline Benchmark Report revealed a number of notable findings ethics and compliance officers can use to understand and improve the performance of their E&C program. In this post, NAVEX Global’s CCO and report co-author Carrie Penman provides insights into the report’s top three findings.

Previous/Next Article Chevron Icon of a previous/next arrow. Previous Post

Seven Training Imperatives to Address Your Biggest Cyber Security Risk: Employee Behavior

While there are many processes an organization should consider implementing to maintain strong cyber security, employee education is the key to early threat detection and issue remediation. Training—whether online or in-person—can help significantly reduce risks in this area. Learn more about what key messages and concepts cyber security training should include to best protect your organization.

Next Post Previous/Next Article Chevron Icon of a previous/next arrow.