A new era in third-party risk management

TPRM in the spotlight: DORA, NIS2 and AI

TPRM involves analysing and minimising risks associated with outsourcing to third-party vendors or service providers. This includes effective selection, due diligence, segmentation, contracting, ongoing monitoring and secure termination. Key risk domains include cybersecurity, environmental, social and governance (ESG), financial due diligence and supply chain management.

DORA establishes a framework for harmonising digital resilience processes in the financial sector. It allows financial services supervisors to oversee third-party providers of critical information and communication technology (ICT) services, including cloud providers. Similarly, NIS2 applies to operators of essential services (OES) and essential entities, aiming to strengthen cybersecurity across the EU.

AI presents both opportunities and challenges for organisations. Additional vetting of third-party AI usage is putting additional pressure on governance controls. However, AI’s advanced data analysis, predictive abilities and automation enhance risk mitigation, foster better decision-making and promote resilience. The adoption of AI in TPRM is a response to the increasing complexity and volume of threats that demand broader data insights and analytical models.

A big year for TPRM: challenges and opportunities

According to the PwC Digital Trust Insight Survey 2024, 42% of Irish respondents identified third-party breaches as a top threat, highlighting the growing concern over third-party security. This underscores the urgency for robust TPRM practices.

The convergence of DORA, NIS2 and AI in TPRM presents both challenges and opportunities. Organisations must navigate the complexities of these regulations while leveraging AI to enhance their TPRM strategies. TPRM managed services, such as those offered by PwC, can help organisations harmonise regulatory mandates and integrate AI-driven analytics into existing frameworks, turning potential challenges into opportunities for improvement and efficiency.

The strategic importance of TPRM

In this critical year, TPRM is not just a compliance requirement; it’s a strategic necessity. TPRM needs to be integrated into business strategies with a focus on continuous improvement and innovation. Companies must actively identify and address risks associated with their relationships with third parties to protect their operations and reputation. Advanced technologies like artificial intelligence (AI) and machine learning can help organisations improve risk assessment and monitoring processes. Furthermore, building strong partnerships with third parties through clear communication and shared goals promotes collaborative innovation and resilience. Integrating TPRM into core business strategies ensures compliance with regulations and can give your organisation a competitive advantage in the market.

The future of TPRM: a new series from PwC

This article is the first in a 12-month series exploring the evolving domain of TPRM. In the coming months, we will dive deeper into the many aspects of TPRM, including the impact of DORA and NIS2, the integration of AI, and best practices for managing third-party risks.

Next month, we will focus on NIS2. We will examine its implications for operators of essential services and entities and explore how PwC’s TPRM Managed Service can aid in preparation and ongoing compliance. We will also explore strategies to meet NIS2 requirements and use them as a catalyst for strengthening your organisation’s cybersecurity posture.

Key actions businesses can take today

1. Evaluate existing processes: Assess how your organisation currently manages third-party risk assessments.
2. Plan for future changes: Consider the impact of DORA, NIS2 and AI on your processes. Plan how your TPRM function will adapt in the coming months and years.
3. Follow the series: Stay updated with our monthly series for valuable insights into TPRM.

We are here to help you

Our TPRM Managed Service transforms third-party risk management into a competitive advantage. It protects your organisation’s reputation, financial stability and operational integrity. We offer support for regulatory compliance and staffing and resourcing challenges, all delivered with operational excellence at a competitive price.

With the help of our technology and industry expertise, you can improve your organisation’s risk portfolio while navigating the complexities of DORA, NIS2 and AI integration. To discuss your challenges in more detail and explore the solutions we can provide, contact us today.