The State of Third-Party Risk Management

2 minute read

October 2015

Today, organizations are bombarded by new regulatory guidance, daily occurrences of cybercrime and data breaches, and myriad examples of companies facing stiff penalties due to falling on the wrong side of regulatory scrutiny.

Perhaps that’s why searches on Google for “third-party risk” have risen from 32 million in August of 2011 to more than 90 million in July 2015. It is top of mind for companies that maintain relationships with third- and fourth-party partners, as it should be: regulators pay close attention to these relationships to ensure proper documentation is in place demonstrating compliance.

That’s why ProcessUnity recently conducted its 2015 State of Third-Party Risk report: to document the day-to-day concerns and priorities that exist for companies in financial services and other highly regulated industries. We wanted to get a closer look at the tactics and technologies that more than 200 leading companies were using to stay ahead of the regulatory curve and ensure their name is never the one in the headlines.

Our survey participants reported a variety of critical third-party risk management issues – led by growing regulatory scrutiny; varied investment in technology and tools; and busy teams looking to streamline their processes. Some of the key findings of the survey include:

  • Three out of four survey respondents indicated their organization has a third-party risk management program in place;
  • In the financial sector, 96% of banks, credit unions or mortgage services companies and 88% of non-bank financial institutions currently deploy risk programs;
  • Looking at the data by company size, 90% of firms with more than 10,000 employees reported in-place risk programs, in contrast to 65% with less than 200 employees.

Over the coming weeks, we’ll report back on more of our findings from the State of Third-Party Risk survey, which includes responses from directors and board members, C-level executives, vice presidents, directors and managers. In the meantime, click here to view the full vendor risk management report.

Related Articles

About Us

ProcessUnity is a leading provider of cloud-based applications for risk and compliance management. The company’s software as a service (SaaS) platform gives organizations the control to assess, measure, and mitigate risk and to ensure the optimal performance of key business processes. ProcessUnity’s flagship solution, ProcessUnity Vendor Risk Management, protects companies and their brands by reducing risks from third-party vendors and suppliers. ProcessUnity helps customers effectively and efficiently assess and monitor both new and existing vendors – from initial due diligence and onboarding through termination. Headquartered outside of Boston, Massachusetts, ProcessUnity is used by the world’s leading financial service firms and commercial enterprises. For more information, visit