KPMG Forensic & Risk Advisory Publishes Japanese Version of the '2026 Global TPRM Survey'
KPMG FRA published the Japanese version of the '2026 Global Third-Party Risk Management Survey.' It highlights that while compliance and cyber risks drive TPRM, challenges remain in AI utilization, data quality, and ERM integration.
📋 Article Processing Timeline
- 📰 Published: April 4, 2026 at 00:00
- 🔍 Collected: April 4, 2026 at 03:30 (3h 30m after Published)
- 🤖 AI Analyzed: April 21, 2026 at 04:57 (409h 27m after Collected)
KPMG Forensic & Risk Advisory Co., Ltd. (Representative Directors: Hiroyuki Nishijima, Yoshihiro Kurokawa; hereinafter KPMG FRA) has published the Japanese version of the '2026 Global Third-Party Risk Management Survey'. This survey analyzes the challenges in building future-proof resilience, breaking away from the traditional passive approach to risk management related to third parties involved in a company's value chain (Third-Party Risk Management, hereinafter 'TPRM'), targeting 851 in-house experts worldwide.
The environment surrounding third parties is rapidly becoming more sophisticated, with regulatory compliance and cyber risk being the main drivers of TPRM strategies. This survey shows that while companies have made some progress, significant challenges remain in establishing company-wide integrated operations and effectiveness.
**Key Findings**
- Regulatory compliance (45%) and cyber risk (48%) are the core of TPRM strategies
In many organizations, TPRM is still built starting from a defensive approach.
- Integration of TPRM and ERM (Enterprise Risk Management) is still in progress
Only 53% of organizations answered 'generally integrated', and merely 18% have achieved full integration.
- Transition to strategic models for scaling TPRM is limited
Only 5% have adopted an end-to-end managed service model for core TPRM operations.
- AI utilization is expanding, but realization of effectiveness varies
While about half of the organizations utilize AI, only 22% rate it as 'highly effective'.
- Data quality determines the reliability of decision-making
Only 17% of organizations ensure the highest standard of data quality; additionally, it indicates that improving data quality is an important opportunity to enhance the effectiveness of TPRM.
**Summary of Recommendations: A Strategic Shift is Essential**
This survey indicates that advancing TPRM requires a strategic shift that goes beyond incremental improvements. Focusing on priority areas based on risk, visualizing company-wide risk by aligning with ERM, building a reliable data foundation, purpose-driven utilization of AI and automation, and grasping risks including Nth parties (business partners and subcontractors further down the supply chain from third parties) are cited as important directions.
The environment surrounding third parties is rapidly becoming more sophisticated, with regulatory compliance and cyber risk being the main drivers of TPRM strategies. This survey shows that while companies have made some progress, significant challenges remain in establishing company-wide integrated operations and effectiveness.
**Key Findings**
- Regulatory compliance (45%) and cyber risk (48%) are the core of TPRM strategies
In many organizations, TPRM is still built starting from a defensive approach.
- Integration of TPRM and ERM (Enterprise Risk Management) is still in progress
Only 53% of organizations answered 'generally integrated', and merely 18% have achieved full integration.
- Transition to strategic models for scaling TPRM is limited
Only 5% have adopted an end-to-end managed service model for core TPRM operations.
- AI utilization is expanding, but realization of effectiveness varies
While about half of the organizations utilize AI, only 22% rate it as 'highly effective'.
- Data quality determines the reliability of decision-making
Only 17% of organizations ensure the highest standard of data quality; additionally, it indicates that improving data quality is an important opportunity to enhance the effectiveness of TPRM.
**Summary of Recommendations: A Strategic Shift is Essential**
This survey indicates that advancing TPRM requires a strategic shift that goes beyond incremental improvements. Focusing on priority areas based on risk, visualizing company-wide risk by aligning with ERM, building a reliable data foundation, purpose-driven utilization of AI and automation, and grasping risks including Nth parties (business partners and subcontractors further down the supply chain from third parties) are cited as important directions.