KPMG Forensic & Risk Advisory Publishes Japanese Edition of '2026 Global TPRM Survey'

KPMG Forensic & Risk Advisory Co., Ltd. (Representative Directors: Hiroyuki Nishijima, Yoshihiro Kurokawa; hereinafter 'KPMG FRA') has published the Japanese edition of the '2026 Global Third-Party Risk Management Survey'. This survey, targeting 851 corporate experts across various global regions, analyzes the challenges of transitioning from traditional, reactive approaches to managing risks associated with third parties involved in their value chains (Third-Party Risk Management, hereinafter 'TPRM') toward building future-ready resilience.

The environment surrounding third parties is rapidly advancing, with regulatory compliance and cyber risks emerging as the primary drivers of TPRM strategies. The survey shows that while companies are making some progress, significant challenges remain in establishing enterprise-wide integrated operations and effectiveness.

**Key Findings** - Regulatory compliance (45%) and cyber risks (48%) are at the core of TPRM strategies In many organizations, TPRM is still built starting from a defensive approach.

- Integration of TPRM and ERM (Enterprise Risk Management) is still developing Only 53% of organizations reported being 'largely integrated', and a mere 18% have achieved full integration.

- Transition to strategic models for scaling TPRM is limited Only 5% have adopted an end-to-end managed services model for their core TPRM operations.

- AI utilization is expanding, but the perceived effectiveness varies While approximately half of the organizations are utilizing AI, only 22% rate it as 'highly effective'.

- Data quality dictates the reliability of decision-making Only 17% of organizations have secured the highest level of data quality, indicating that improving data quality is a crucial opportunity to enhance the effectiveness of TPRM.

**Summary of Recommendations: A Strategic Shift is Imperative** The survey indicates that advancing TPRM requires a strategic shift that goes beyond incremental improvements. Key directions include focusing on priority areas based on risk, visualizing enterprise-wide risks through alignment with ERM, building a reliable data foundation, purpose-driven utilization of AI and automation, and grasping risks extending to Nth parties (suppliers and contractors further down the third-party chain). There is a need to evolve TPRM from a mere compliance response into a strategic foundation that supports resilience and competitive advantage.

**Implications for Japanese Companies** As uncertainty heightens and third-party ecosystems become increasingly complex, building a strategic TPRM posture becomes a critical theme for Japanese companies aiming to strengthen resilience and create a competitive advantage. In particular, integration with ERM, developing a reliable data foundation, ensuring the effectiveness of technology utilization, and effective resource allocation based on an integrated risk framework will determine the effectiveness of TPRM.

**Survey Overview** Survey Name: 2026 Global Third-Party Risk Management (TPRM) Survey Implementation Period: 2025 Target Audience: 851 professionals belonging to companies in the Americas, Europe, Middle East, and Asia-Pacific regions Respondent Profile: Executives, department heads, and professionals in risk management, compliance, and information security Survey Method: Web-based questionnaire

**About KPMG Forensic & Risk Advisory** KPMG Forensic & Risk Advisory commenced operations on April 1, 2025, as a joint venture funded by KPMG AZSA LLC and KPMG FAS, which comprise KPMG Japan. The company provides seamless support from fraud response to prevention and detection, assisting Japanese companies in building management foundations with integrity.