Ncontracts 2025 Third-Party Risk Management Survey

Trends & Insights for Financial Institutions 

Financial institutions are facing growing vendor risk challenges, from managing hundreds of third parties with lean teams to keeping up with evolving cybersecurity and AI risks. Those are just a few of the findings of The Ncontracts 2025 Third-Party Risk Management Survey, which breaks down the biggest trends, risks, and strategies shaping third-party risk management (TPRM) at financial institutions today.  

Packed with real-world insights, it’s your go-to resource for understanding where banks, credit unions, and mortgage companies stand — and how your institution compares.  

Highlights:

Most FIs Are Running Lean 
73% of institutions have two or fewer full-time employees managing vendor risk, even though more than half oversee 300+ vendors. 

Regulatory Pressure is High 
Two-thirds of institutions feel pressure to enhance TPRM programs, with auditors and regulators often pushing for improvements. 

Cyber and AI Risks Are Top Concerns 
Nearly half of institutions experienced a third-party cyber event last year, and AI ranks as the second-biggest TPRM risk heading into 2025. 

Due Diligence Remains a Challenge 
Collecting and analyzing vendor documents is a top bottleneck. 

Most FIs See Strong ROI in TPRM 
85% of financial institutions see moderate to high value from their TPRM programs, benefitting from improved cybersecurity, cost savings, and stronger vendor oversight.