KPMG Forensic & Risk Advisory Publishes Japanese Version of the '2026 Global TPRM Survey'

KPMG Forensic & Risk Advisory Co., Ltd. (Representative Directors: Hiroyuki Nishijima, Yoshihiro Kurokawa; hereinafter KPMG FRA) has published the Japanese version of the '2026 Global Third-Party Risk Management Survey'. This survey analyzes the challenges in building future-proof resilience, breaking away from the traditional passive approach to risk management related to third parties involved in a company's value chain (Third-Party Risk Management, hereinafter 'TPRM'), targeting 851 in-house experts worldwide.

The environment surrounding third parties is rapidly becoming more sophisticated, with regulatory compliance and cyber risk being the main drivers of TPRM strategies. This survey shows that while companies have made some progress, significant challenges remain in establishing company-wide integrated operations and effectiveness.

**Key Findings** - Regulatory compliance (45%) and cyber risk (48%) are the core of TPRM strategies In many organizations, TPRM is still built starting from a defensive approach. - Integration of TPRM and ERM (Enterprise Risk Management) is still in progress Only 53% of organizations answered 'generally integrated', and merely 18% have achieved full integration. - Transition to strategic models for scaling TPRM is limited Only 5% have adopted an end-to-end managed service model for core TPRM operations. - AI utilization is expanding, but realization of effectiveness varies While about half of the organizations utilize AI, only 22% rate it as 'highly effective'. - Data quality determines the reliability of decision-making Only 17% of organizations ensure the highest standard of data quality; additionally, it indicates that improving data quality is an important opportunity to enhance the effectiveness of TPRM.

**Summary of Recommendations: A Strategic Shift is Essential** This survey indicates that advancing TPRM requires a strategic shift that goes beyond incremental improvements. Focusing on priority areas based on risk, visualizing company-wide risk by aligning with ERM, building a reliable data foundation, purpose-driven utilization of AI and automation, and grasping risks including Nth parties (business partners and subcontractors further down the supply chain from third parties) are cited as important directions.