This Spend Matters Brand Studio article was written in conjunction with Certa.
Compliance and risk management is a growing and interesting use case of GenAI for procurement, finance and, of course, legal operations. The technology opens up a wealth of capabilities not previously possible for the procurement practitioner in terms of data availability, end-to-end visibility, cost, time and risk reduction, and ultimately the overall health of the third-party network. Its uptake is only going to grow as organizations begin to rely on its power to tackle big business issues, such as third-party risk management (TPRM).
The traditional process of clunky manoeuvring from one system to another breeds inconsistencies, lack of control, errors and basically a bad UX. But an AI-backed third-party operating system can introduce more natural-feeling and intuitive functions where the AI understands your query and responds with the output you need. AI, once integrated into workflows, makes the entire process from intake and onboarding through to contract (including data changes and communications) more personal, user-friendly, agile and, importantly, seamless across the whole supply base. The AI smartly routes tasks, adapts processes, suggests steps and continuously learns from every interaction, bringing enhanced collaboration and visibility at every level of third-party relationship across all stakeholders.
“Two main elements of AI TPRM systems versus non-AI-backed systems stand out,” explains our senior analyst Bertrand Maltaverne, “one is automation, and therefore efficiency, the other is better outcomes, and therefore effectiveness.”
Proper risk management
“Doing risk management ‘properly’ today is complicated,” he says. “20 years ago, risk management was way simpler. The vetting of suppliers basically involved no more than a D&B rating to understand the supplier’s financial health. So you had one data source, one data point.
“Today, however, risk has many dimensions and a multitude of data points per company: location, geopolitical climate, social, economic, natural and man-made disasters, and so on. And those risk factors can change at any time; it’s a very dynamic landscape. To do proper risk management, you need to have a lot of information, and you need it in real time.” Doing it well leads to:
Efficiency
“Data collection means external and internal KRIs (Key Risk Indicators), assessments, collecting certifications, sending documents, etc. But submitting and collecting is a burden on everyone involved. The efficiency that AI brings is to enable you to collect and process a vast amount of data in as real-time as possible — something that would ordinarily take a huge amount of time and effort, not to mention cost. In a time when businesses are working with reduced budgets and indeed reduced staff, this is a massive efficiency saving.
“AI can simplify this because it not only collects but connects data. A lot of the efficiency comes from the data-collection capability of smart systems. It alleviates VUCA (volatility, uncertainty, complexity and ambiguity) because AI’s sensing capabilities go beyond what people can do. And, of course, all this data gives you enhanced supplier information management.”
Effectiveness
“The second capability that AI brings is the analysis of that data. AI facilitates ‘the doing of proper risk management’ in its ability to embrace all the data points, the real-time elements, and bring them together for analysis and correlation, so that all those signals can be used to detect potential risks. This predictive element looks at the risk you have, and what you need to do to mitigate it in the future.
“But the thread that runs through all of this and ties it all together is the deep focus on data collection and connection to risk. Systems, such as Certa, do this well, letting you collect the right data at the right time in the most efficient way, and then map the data to help you understand the real risk. It is this insight that allows you to build the right workflows, and streamline the risk management process.”
Key elements of an AI-powered TPRM system
There are some key capabilities that users should look for in an AI-powered third-party management system.
Personalized, unified modules
Third-party management needs vary by business, so it’s important that the solution allows you to customize modules to your workflow, from onboarding to offboarding, including reporting and analytics, and meets your needs for true end-to-end orchestration. The ability to configure the risk model (the dimensions) and the thresholds (i.e., when things start to become a risk) is very important.
What defines systems classed as ‘unified’ is their ability to bring third-party alignment via across-the-board visibility, but from one place, allowing for more effective risk monitoring. And this includes not just your suppliers, but all third parties including clients and partners.
Intuitive adoption
It’s not easy for suppliers who work with many customers to keep track of the different forms, registrations and duplicate processes. Delays and miscommunications are the result of a badly managed process. So, ideally, the system should have the ability to leverage previous responses and interactions and allow the user to auto-complete forms, keeping responses consistent, not to mention quicker. This is one use case in which GenAI-backed systems excel, bringing rapid, intuitive adoption.
Too many interfaces severely reduce user experience, with varying languages and technical terminology, especially if entry is manual. Ideally the business user needs the tool to be able to take care of that mismatch of inputs (which could be chat conversations, email, documents) and route them to the right place, right person and right category.
AI-driven data visualizations
As more and more organizations have concerns over data provenance, at least until AI develops a single data pool that is both secure and authenticated, they are inclined to adopt and train AI-powered platforms with their own data models. The reliance on entire business intelligence teams to create reports and gather insights is waning as AI makes outputs faster, more accessible and accurate. So a system that can transform data into actionable insights (preferably with on-demand visualizations) is a huge advantage for business users.
Final thoughts
At the end of the day, AI is all about data making tasks and processes efficient, and as our analyst says, “efficiency fuels effectiveness.”
A recent survey1 demonstrates that organizations that adopt automation and GenAI will be best positioned to keep pace with increasing regulatory scrutiny in terms of third-party due diligence and sanctions compliance. It finds that:
“Looking ahead at which technologies/trends would have the most significant impact in the space, the top answers were automation (69 percent), process orchestration (62 percent) and generative artificial intelligence (AI) (51 percent).”
The big differentiator of an AI-based system is its learning capabilities: the more you use it, the more you interrogate it, the more it learns and the more accurate the output becomes. “Not all third-party management systems have these ‘closed loop’ insights,” says our analyst. “The only other way to get this level of collection and analysis of data would be to hire hundreds of people within an organization, and even then you couldn’t get to this level of flagging, modeling and risk assessment. Without the data, none of this is possible.”
1. Companies bullish on new tech amid enhanced sanctions scrutiny
