In GTI’s most recent webinar, senior Ethics and Compliance experts shared their perspectives on the changing dynamic of Third-Party Risk Management (TPRM) in 2025. The session was led by the Ethics and Compliance guru – Vera Cherepanova and featured Jan Knop – Head of Ethics and Compliance at Airbus Commercial Affairs and Group Head of Ethics and Compliance at VEON – Gabriela Gutierrez. Below are the key takeaways from the session.
“Revolution implies disruption. As Compliance managers, one of our main responsibilities when we look at Third Party Management is to ensure we keep the business going, so there’s little room for revolution, unless in exceptional cases.”
Due Diligence in 2025 – Evolution Meets Revolution
The future of due diligence in 2025 appears to be a careful balance between revolution and evolution. While technological advances, particularly in AI, are driving revolutionary changes in how organisations conduct vendor screening and risk monitoring, most established organisations are taking a more evolutionary approach to implementation.
This balanced progression is shaped by different forces: investor expectations around ESG, employee advocacy for ethical business practices, regulatory pressures, and the need to break down operational silos while maintaining stability. Both speakers however emphasised the importance of maintaining human oversight, particularly for high-risk relationships. Key elements supporting this oversight include:
- Compliance team training
- High-quality data inputs
- Local and cultural knowledge
- Contextualising information for actionable insights
Technology in 2025: AI and Automation
A significant portion of the discussion focused on the role of technology in transforming TPRM practices. Automation and new technologies are already improving certain aspects of third-party assessments, such as different system integrations for better third-party assessment and risk monitoring.
Gabriela Gutierez shared how VEON are leveraging AI for automated risk assessments, contract reviews, and real-time monitoring. Jan Knop similarly highlighted the need to balance automation with manual controls to avoid creating blind spots, particularly in the context of sanctions screening- one of the top compliance considerations in the past two years, which continues into 2025.
Post-Investigation Lessons
Drawing from both organisations’ experiences with DOJ investigations, both speakers shared how enforcement actions have shaped their current TPRM programs.
Airbus, having completed its monitorship period, emphasised the importance of maintaining compliance momentum and embedding integrity into organisational culture. Airbus demonstrated how it overhauled its approach to sales intermediaries, eliminating reliance on sales agents almost overnight. While that decision was abrupt, the business quickly transformed into a more efficient and transparent sales model. Not only did it reduce its reliance on sales agents but also implemented stringent onboarding processes for third parties.
The takeaway: Compliance teams must function as business enablers, ensuring continuity while supporting ethical practices. Dramatic changes should only occur during crises or when addressing severe misconduct concerns.
Looking Ahead: Key Success Factors for 2025
1. Proactive Risk Management: Organisations must move from static processes to dynamic, tech-enabled frameworks that enable real-time risk monitoring and rapid response to emerging risks.
2. Cross-Functional Collaboration: Breaking down silos between compliance, procurement, and operations is essential for effective risk management.
3. Cultural Integration: Compliance needs to be positioned as a business enabler rather than just a control function, with ethics and integrity embedded into daily operations.
4. Technology Balance: While embracing AI and automation, organisations must maintain appropriate human oversight, especially for high-risk relationships.
5. Strategic Thinking for Ethics and Compliance Professionals: Compliance professionals must be adaptable, tech-savvy, and capable of building ethical cultures while navigating complex global regulatory landscapes.
Ground Truth Intelligence invites top voices in Ethics, Compliance, Risk and Investigations to share their knowledge with our community. Don’t miss out – sign up for our next sessions below. For more information or to discuss your third-party risk management needs, feel free to contact our team.
FAQs
What are the biggest third-party risk management challenges in 2025?
Key challenges include navigating geopolitical instability, sanctions compliance, ESG expectations, and AI-powered cyber threats. Organisations must balance automation with human oversight to avoid blind spots while keeping compliance aligned with business needs. Learn more about GTI’s third-party risk solutions.
How is AI transforming third-party due diligence and risk monitoring?
AI and automation are streamlining processes such as contract reviews, sanctions screening, and continuous monitoring. However, experts caution that human oversight remains essential to contextualise results, validate red flags, and ensure ethical decision-making.
What role should compliance teams play in third-party risk management?
Compliance teams should act as business enablers, ensuring continuity while embedding integrity into daily operations. They must balance regulatory requirements with practical guidance, helping the business make informed decisions without stifling growth.
How can organisations improve cross-functional collaboration in TPRM?
Breaking down silos between compliance, procurement, legal, and operations is critical for effective risk management. Shared platforms, aligned data sources, and regular communication enhance transparency and ensure third-party risks are managed holistically.
What lessons have enforcement actions taught about third-party risk?
Cases such as the Airbus monitorship highlight the importance of maintaining compliance momentum even after investigations conclude. Strong onboarding processes, cultural integration, and transparent third-party relationships reduce future exposure to regulatory and reputational risks. See our latest insights on navigating enforcement priorities.
How can compliance professionals prepare for the future of TPRM?
Professionals need to strengthen their tech capabilities, adapt quickly to emerging risks, and foster ethical cultures within their organisations. Combining AI-driven insights with local expertise and cultural knowledge will be key success factors in 2025 and beyond.