Global Third Party Risk Management (TPRM) research

CeFPro® is excited to announce the launch of a new global research study, Third Party Risk Management: Benchmarking the industry and developing resilient TPRM teams.

As a result of the economic landscape over the last few years, there has been a significant increase in institutions making budget cuts and looking to leverage technology and third parties to automate services.

As the industry moves towards an increased reliance on outsourced services due to the economic environment, understanding risks across supply chains remains relatively immature.

Download your free copy with CeFPro® Connect

Backed by an independent Advisory Board consisting of 19 key TPRM figures, CeFPro®’s latest research study offers risk professionals a comprehensive overview of the current status of the global third-party risk sector, organizational structures, and governance practices.


What are we investigating?

The outcome of CeFPro®’s research aims to serve as an invaluable resource to benchmark TPRM programs while driving investment considerations within organizations and how to instill the best practice.

Team structures

How do TPRM teams structure themselves globally?

Defining TPRM

Understanding what falls within the scope of TPRM and how this varies globally and across institutions.

Scanning the horizon
What are the biggest opportunities and challenges with managing third-party risk?
Best practice

Is there an alignment across institutions on how they conduct assessments and due diligence practices?

Use of cloud and security measures

How do organizations manage cloud and remediate incidents?

Global events

How organizations monitor and respond to global events and the impact these can have over TPRM.


Key findings

Third-party risk management (TPRM) continues gaining traction as organizations across industries remain increasingly reliant on outsourced activities and services. In an industry that witnesses continuous digitalization, and advancement of product offerings to customer expectations, outsourcing services allows legacy financial organizations to be more agile in their approaches. The Covid-19 pandemic saw a drawback in outsourcing, with many for necessity returning to in-house services. We are now seeing a trend toward a return to increased outsourcing and reliance on third parties.

As a result, now more than ever, effective oversight and understanding of supply chains are critical. Regulators globally appear to acknowledge the risks and are imposing more stringent requirements, with particular focus in some geographies on critical services and looking beyond third parties to understand the risks further than the direct relationship.

The third-party risk landscape may have evolved directly as a result of lessons learned and best practices established throughout the pandemic. Third-party risk management has also experienced heightened regulatory focus, with a global influx of requirements further stabilizing the risk. Given the variety of regulators listed in Figure 3, having a team of just 1-5 members managing the volume of third parties and regulatory requirements could highlight the limited value placed on TPRM.

Regulations require organizations to particularly focus on critical services and treatment of vendors within intragroup arrangements. As much as intragroup arrangements are subject to identical regulatory requirements and frameworks as an outsourced third party, there are internal challenges and considerations to be aware of, such as potential conflicts of interest and business continuity or exit planning challenges.

As highlighted in Figure F, many respondents viewed their program as mature or on track, with regulation being a main factor hindering the maturity of the discipline. Globally, changes are being introduced across jurisdictions, presenting challenges for those that operate across international borders. Figure B highlights the reality that some organizations are managing this volume of change with only 1-5 team members; it is unsurprising that regulatory pressure is a top concern globally.

Only 7% rated ChatGPT and Web3 as the most significant opportunities for managing third-party risk, with 50% of respondents deeming them not important. Both technologies are emerging areas with unclear advantages and risks, which are difficult to understand and quantify. Until use cases begin to emerge, it is expected to remain lower down the rankings as potential opportunities.

Why should CeFPro Research be your go-to resource?

A peer-to-peer curated publication

Each step of the research process is reliant on the contributions of knowledgeable professionals, ensuring the research CeFPro® is conducting is a product of value and what the industry wants to read.

An impartial analysis of the TPRM sector

CeFPro®’s global TPRM report is an independent analysis of the third-party risk sector, presenting the diverse global views of the industry as a unique reflective report.

Obtain actionable takeaways

Gain an understanding of how your peers are tackling TPRM within their area of focus, offering the opportunity to reflect on your institution’s risk management program and make informed decisions for the future.


Advised by senior members from a variety of diverse institutions


View CeFPro's full collection of market research reports

To access the full collection, log in to your free CeFPro® Connect account.

You may also be interested in

CeFPro® events

Bringing together likeminded professionals across North America and Europe to learn valuable insights covering critical risk areas while making valuable industry connections.

Non-Financial Risk Leaders by CeFPro Research is a comprehensive analysis and ranking of the top non-financial and operational risks, as told by the industry

Non-Financial Risk (NFR) Leaders

NFR Leaders is based on responses from professionals and provides a ranking of the top 10 non-financial and operational risks, key investment priorities and a deep dive into some of the most influential themes.

Fintech Leaders

CeFPro’s Fintech Leaders is a comprehensive business intelligence study on the status of the fintech industry, which assesses the current and future status of the application of financial technology in financial services.