Driving Innovation for Third-Party Risk Intelligence

Subject matter experts today spend countless hours scouring different platforms and knowledge sources and performing third-party risk management (TPRM) processes manually. These monitoring tasks are tedious, and the risk of human error or bias increases with higher volumes of data. The problem is compounded by the fact that current methods of data collection, such as questionnaires, provide only a pinhole view of a third party and are limited by the questions asked and how the third party has chosen to present its answer.

In the recent Competitive Landscape: Integrated Risk Management report, Gartner® stated that “there are several examples of vendors driving innovation in risk and compliance management. The two popular areas are the application of machine learning to offload human intensive tasks, and delivering continuous visibility through process automation.” “An example of a vendor leveraging machine learning such as NLP to analyze questionnaire response and associated evidence from vendors and suppliers for third-party risk management include Mirato.[1]”

While many vendors are attempting to tackle these problems, the use of the term “automation” is often overused and not entirely accurate. Mirato’s definition of automation is significantly different and more meaningful—our TPRM intelligence platform automates the assessments, not the work processes. Our solution is not geared towards checking items off a list but rather completing the actual tasks. Furthermore, we enable flexible automation –our TPRM intelligence platform can be as manual or as automatic as a financial institution needs it to be to comply with each organization’s internal controls.

Our TPRM intelligence platform elevates any existing TPRM program and utilizes advanced technologies, including cognitive computing technologies such as artificial intelligence (AI) and proprietary natural language processing (NLP) algorithms, which not only analyze the content of the questionnaire but also validate and cross-reference the answers with other data sources. There is no need to replace existing “automation” tools, as our platform serves as a complement with real automation –creating a much more efficient TPRM process that actually helps reduce risk.

For example, AI enables the extraction of data from questionnaires, evidence documents, financial stability sources, cyber posture or the deep web and turns it into actionable insights about risk exposure— from initial assessment to continuous monitoring and mitigation. Many of our competitors perform periodic checkbox events, capturing snapshots in time, often bringing in too much data that analysts need to sift through. Mirato is different, operating as continuously as the data source allows.

We connect the entire TPRM operation across the enterprise, including programs and tools, into one smart platform that continuously monitors and digitizes data collection from numerous sources on a 24/7 basis – providing a full view of risks across all domains and sources and highlighting pertinent information. Our TPRM Intelligence platform can grab dynamic information as frequently as once an hour (for example, weather or COVID-19 related information). It uses NLP, AI and cross-validation to get just the right information to the right person at the right time so they can make an informed decision. As a result, our solution cuts up to 60 percent of assessment costs.

As risks proliferate and the job of managing vulnerabilities becomes increasingly complex, forward-thinking organizations must look to leverage the capabilities of AI, NLP and true automation to bring intelligence to their TPRM programs. By finally bringing true AI to TPRM, Mirato will ultimately do for TPRM what Salesforce did for customer management and Slack did for work processes. We save financial institutions time and money by cutting TPRM subject matter experts’ need for manual work, allowing financial institutions to do much more with the team they already have and freeing up resources so people can focus on business-critical activities rather than administration.

GARTNER is registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

[1] Gartner, “Competitive Landscape: Integrated Risk Management,” by Elizabeth Kim, December 6, 2021 https://www.gartner.com/document/4009137