Third-party risk management (TPRM) is one of those areas where everyone has an opinion — but reliable data is hard to come by. We decided to go get some. Rethink Compliance and GAN Integrity surveyed nearly 130 compliance professionals about how their TPRM programs are actually designed, what risks they're covering, and where even mature programs still have gaps. Some of what we found confirmed what we expected. Some of it didn't.

Thank you for your interest in Rethink Compliance. We offer right-sized consulting and modern training tailored to your specific needs.

We're excited to share with you this recording from our webinar series.‍

The State of Third-Party Risk: What the Numbers Say (And What They Don't)

Rethink Compliance and GAN Integrity surveyed nearly 130 compliance professionals about how their TPRM programs are actually designed, what risks they're covering, and where even mature programs still have gaps. Some of what we found confirmed what we expected. Some of it didn't.

In this webinar recording, Andrea Falcione (Rethink Compliance), Colin Campbell (GAN Integrity), and Jeff Stitt (former Chief Compliance Officer) walk through the full picture — what the data shows, what it means, and how your program can benefit.

🎬 Enjoy the session!

**The Compliance Certification Board (CCB)® has approved this event for up to 1.2 Non-Live CCB CEUs based on a 50-minute hour. Continuing Education Units are awarded based on individual attendance records. Granting of prior approval in no way constitutes endorsement by CCB of this event content or of the event sponsor.

Please tell us a little bit about yourself. After you click Submit, you will be redirected to the recording.

Within 48 hours of registering for this webinar recording, you will receive an email with further instructions for obtaining non-live CEUs.

If you'd prefer to contact us directly, please reach out to hello@rethinkcompliance.com.

‍

*By submitting the form on this page, you agree to send your data to Rethink Compliance LLC. We will store your data according to our privacy policy and will use it to let you know about relevant events and services.

‍

✨ Your content is ready!

Click to Download

Oops! Something went wrong while submitting the form.

✨ Your content is ready!

Click to Download

Oops! Something went wrong while submitting the form.

Rethink Presenters: Andrea Falcione
Guest Presenters: Colin Campbell (GAN Integrity) and Jeff Stitt (former Chief Compliance Officer)‍

Get a copy: Rethink Compliance Benchmarking Study: Third-Party Risk Management

In this webinar recording, Rethink's Andrea Falcione, along with Colin Campbell (GAN Integrity) and Jeff Stitt (former Chief Compliance Officer) lead a data-driven conversation covering:

What compliance professionals told us about how their TPRM programs are designed — and where the industry still has ground to cover
The risks most commonly included in a TPRM program — and the emerging risks most TPRM programs still need to account for
How organizations with mature TPRM programs use data, including key risk and key performance indicators, to the benefit of those programs

‍

Here's a preview of what the data shows:

The coverage gap is bigger than most people realize. Bribery and corruption? Covered by 90% of TPRM programs. AI risk posed by third parties? Covered by fewer than 20%. Data privacy and cybersecurity fall somewhere in between — but still below 50%. Most programs were built for the risks of the last decade. Today’s emerging risks are largely unaddressed — and regulators are starting to notice.

Screening is widespread. Measurement isn't. Over 95% of organizations screen for trade controls and sanctions. But only 54% use KPIs or KRIs to monitor whether their programs are actually working — even though the DOJ specifically encourages these practices. Having a program and being able to demonstrate its effectiveness are two different things. Right now, most organizations can only do the first.

Programs that work impact business decisions: 67% of organizations with TPRM programs have used their program to stop engagement with a risky third party. That's not just a compliance exercise — that's smart risk management. It's also a powerful story to tell leadership.

‍

Explore more posts.

See All

Rethink Compliance Benchmarking Study: Third-Party Risk Management

Nearly 130 ethics and compliance practitioners across 20+ industries shared their Third-Party Risk Management practices with us. Now, we're revealing the complete findings.

[Free Webinar Recording] Why Integrity Matters: A True Story About Pressure, Judgment, and What Happens Next

Some of the most powerful compliance training starts with something that happened to a real person.

Raising the Bar: A New Standard for Compliance Training

At Rethink, we built our business around a different vision: that compliance leaders deserve a partner that can sustain a serious compliance training program, not just launch one.

CEU Webinar

[Free Webinar Recording] The State of Third-Party Risk: What the Numbers Say (And What They Don't)