This year is going to see compliance teams redefine what it means to truly know their third parties. The Corporate Sustainability Due Diligence Directive, in particular, has brought a sharper focus on the question: how well do you really know your third parties?
For many companies, the answer is increasingly “not well enough.” In 2024, KPMG revealed that almost half (43%) of organisations have limited to no visibility into their tier-one suppliers, despite 87% of respondents seeing visibility as ‘critically important’.
Compliance processes and technologies built in the 1990s are no longer adequate or sufficient to protect against today’s risk landscape. Maintaining an effective third-party due diligence programme now requires the ability to quickly analyse vast amounts of unstructured data about third parties. Without this capability, compliance teams can’t take a truly risk-based approach, leaving companies exposed to supply chain risks.
It isn’t about whether AI should play a role in your system, that debate is behind us. The question is how quickly you can adopt the technology to stay ahead of evolving third-party risks. In addition to the continued pervasiveness of bribery and corruption, today’s risks are driven by a much more complicated regulatory environment, spanning globalised supply chains, prescriptive human right laws, and nuanced ESG factors.
2025: The year to get your ducks in a row
Global supply chains are more complex than ever, often spanning multiple countries and involving countless entities. For compliance teams already working under tight deadlines, this complexity creates significant challenges. The Corporate Sustainability Due Diligence Directive (CSDDD), a major EU regulation, is raising the bar for third-party due diligence. It requires companies operating in or selling to EU markets to conduct risk-based due diligence across their entire supply chain, including upstream and downstream partners.
Meeting these rising expectations isn’t just about screening third parties. Maintaining an effective compliance programme now demands the ability to quickly analyse vast amounts of unstructured data to uncover nuanced risks like human rights violations, forced labour, and environmental harm. Current tools often fall short, offering only binary results: a third party is flagged or it isn’t. This oversimplification leaves companies exposed to hidden risks and undermines their ability to take a truly risk-based approach.
Compliance teams frequently rely on web searches with specific search strings to find real-time risk information, but this process is limited. Search suppression often buries critical information, and manual methods rarely go beyond the first few pages of results. This adds strain to already overstretched teams and makes it difficult to comply with increasingly prescriptive regulations.
The case for AI-powered due diligence
Suppliers often work with their own third parties, creating complex networks that span across the globe. It’s no longer enough to simply know your tier 1 suppliers. A lack of visibility into the layered tiers of your supply chain can have serious implications for organisations in every industry, particularly when it comes to meeting regulatory requirements. Now, organisations must go much deeper into their supply chains than what’s possible through a manual process, which puts immense pressure on resources.
AI technology is changing the procedures behind this. Unlike manual processes, AI gathers vast amounts of information, analyses it for risk, and presents findings in a clear, actionable format that resembles a human-written report. This enables compliance teams to conduct due diligence on more entities, faster and earlier in the business relationship, preventing risky entities from entering the supply chain in the first place.
Advanced tools powered by Natural Language Processing (NLP) and Large Language Models (LLMs) go beyond static databases to identify nuanced risks, such as bribery, corruption, and ESG violations. In minutes, these tools can generate detailed reports that highlight AML risks, risky associations, and regulatory red flags that manual checks might miss.
By applying a truly risk-based approach, compliance teams can allocate their resources more effectively. For example, they can quickly advise procurement teams not to proceed with high-risk vendors after an initial interaction, saving time and resources. Analysts can then focus their efforts on mitigating risks for flagged entities, rather than wasting time on low-risk ones.
Where companies go from here
Implementing changes to meet the requirements of new regulations like the CSDDD is no small task. However, the benefits are significant. AI enables organisations to streamline their compliance processes while gaining deeper insights into their supply chains.
Compliance teams have an opportunity to change what it means to truly know their third parties. By embracing AI, they can better meet regulatory requirements and build a more resilient, transparent, and ethical supply chain. The question is no longer whether AI should play a role, but how quickly companies can adopt it to stay ahead of evolving risks.
- Risk & Resilience