Skip to content
In today’s volatile and deeply interconnected business landscape, effective third-party risk management has become essential to operational resilience. High-profile incidents like the Marks & Spencer cyberattack, coupled with shifting U.S. enforcement priorities and policy updates, have brought third-party risk management into greater focus. Against this backdrop, the annual Ethixbase360 Third-Party Risk Management (TPRM) Summit* came at a pivotal time.
The event gathered over 100 compliance professionals from a wide range of industries for a full day of expert insights, practical strategies, and valuable peer-to-peer exchange and opened with a keynote address by Michael Gallagher, Chief Investigator at the UK Serious Fraud Office (SFO). Drawing on recent cases, he offered rare insights into investigative trends and emphasized the SFO’s increasing focus on proactive prevention. He underscored that this preventive approach is key to the SFO’s broader goal of safeguarding the UK’s reputation as a trusted and secure place to do business. To that end, the SFO is eager to engage with corporates—not only to support enforcement but also to help companies manage their own risks and enhance their reputations.
A central pillar of the SFO’s strategy is the new “failure to prevent fraud” offence introduced under the Economic Crime and Corporate Transparency Act (ECCTA). Neeta Chityal, Partner in the Global Investigations team at Addleshaw Goddard, provided attendees with practical guidance on how to prepare ahead of the measure coming into force on 1 September. She outlined a clear “path to compliance” and shared key questions organizations should be asking now to ensure they are ready.
Attendees were also treated to a dynamic conversation between Charles Cain, Managing Director of Investigations and Compliance at Ernst & Young, and Charles Duross, Partner at Morrison & Foerster, who drew on their unmatched experience at the U.S. SEC and DOJ to explore the future of the FCPA, international enforcement, and third-party risk. Their discussion covered President Trump’s recent Executive Order and the newly issued FCPA enforcement guidance, delving into the potential impact on the volume and nature of future prosecutions. Both emphasized the continued importance of U.S. law as a framework that companies can point to when reinforcing ethical standards and responsible business practices across global operations.
During the panel on “Designing a Unified and Effective Cross-Border Framework,” speakers emphasized that it’s time for companies to decide whether compliance will be guided by regulations alone—or by values that support long-term resilience. Those prioritizing human rights and sustainability will be best positioned for the future.
With rapid advancements in AI over the past year, speakers from Moody’s, Advania, and Ethixbase360 explored both the opportunities and challenges it brings to third-party risk management. The session began with an audience poll revealing that 50% of attendees are currently exploring AI but have yet to implement it. The panel highlighted not only the potential for efficiency and cost savings, but also AI’s ability to create meaningful value. They emphasized that while generative and emerging Agentic AI tools offer clear benefits for compliance professionals, their success depends on being deployed within a transparent, well-defined, and properly governed risk management framework.
In a sobering and insightful keynote session, Dr. Louise Shelley examined how terrorism, organized crime and corruption intersect with global commerce. She highlighted the ways transnational criminal networks infiltrate legitimate supply chains, especially in high-risk sectors. Her analysis underscored the strategic necessity of robust third-party vetting and supply chain intelligence to guard against infiltration and illicit financing.
A panel on assessing sustainability throughout the value chain featuring speakers from Citi, Novartis and Edwards Lifesciences highlighted the need for executive alignment and cross-functional collaboration. Securing executive sponsorship and cross-functional buy-in is essential to embed sustainability into operational and strategic decision-making, rather than treating it as a standalone compliance exercise. Another critical takeaway was the concept of shared responsibility across the value chain.
During a discussion on, “Elevating Third Party Compliance Standards,” speakers from Spectris and the Basel Institute highlighted how irrespective of sector, organizations must support their suppliers and third parties in raising their own compliance and ESG standards. The result is not only lower risk exposure, but stronger and more transparent ecosystems overall.
A message echoed throughout the day was that companies grounded in strong ethics consistently outperform when it comes to brand strength and reputation. Other key takeaways included:
- Compliance remains a priority despite uncertainty around regulatory and enforcement developments. Many companies are actively seeking ways to automate, streamline, and strengthen their programs.
- Limited resources and budgets remain a reality, which is why many organizations are turning to partners like EB360 to amplify their efforts and achieve more through collaboration.
- Automation and AI will reshape third-party risk management, but human oversight is still essential to maintaining sound judgment and overall program integrity.
- Gatherings like this are invaluable – they promote knowledge-sharing, exchanging best practices, and building a more connected and responsive compliance community.
Ultimately, the summit reinforced that successful third-party risk management requires strategic thinking, cultural buy-in across the organization, operational agility, and a commitment to long-term resilience.
*As this event followed the Chatham House Rule, no direct quotes or attributions are included in this summary.
