Skip to content


Harry Cassin
Publisher and Editor

Andy Spalding
Senior Editor

Jessica Tillipman
Senior Editor

Bill Steinman
Senior Editor

Richard L. Cassin
Editor at Large

Elizabeth K. Spahn
Editor Emeritus

Cody Worthington
Contributing Editor

Julie DiMauro
Contributing Editor

Thomas Fox
Contributing Editor

Marc Alain Bohn
Contributing Editor

Bill Waite
Contributing Editor

Russell A. Stamets
Contributing Editor

Richard Bistrong
Contributing Editor

Eric Carlson
Contributing Editor

Allan Matheson: How resilient are your third-party compliance technologies?

In an era of rapidly shifting data privacy legislation, increasing technological complexity, and the rapid growth of businesses, third-party compliance technologies must match these changes with increasing resilience to avoid becoming obsolete in the future.

How, then, can a business evaluate the resilience of third-party compliance technologies to adapt to and respond accordingly to these changes?

Start by evaluating a platform’s limits to adapt to ongoing changes. Determine how its internal framework will adapt to inevitable external pressures. What will the platform look like in five years? How is the platform adapting to privacy laws? What will your business look like in five years? How will the platform continue to serve you then?

Consider the long-term scope of your third-party compliance technology, especially if you have a contracted agreement, on these various related levels:

Combating digital debt – Digital debt, or technical debt as Forbes explores, is the concept that a technology begins to age from the time of its creation. Decisions made about the system foundations of a third-party compliance technology at its inception, then, can preclude the platform’s ability to innovate in the future. This results in inflexibility, lack of developments and long update times for businesses.

Third-party compliance vendors cannot be short-sighted in this regard and must have an effective digital strategy in place to combat digital debt. Businesses will continue to expand and will likely develop complex workflows, more processes and the need for new programming, all of which must be accounted for in the platform.

Adapting to privacy legislation – Growing interest in data security will only invoke the need for companies to comply with new data privacy legislations. This may involve storing data on location-specific servers as with the EU data privacy framework, or transferring confidential information across secure networks. Third-party compliance technologies must be able to accommodate for these changes throughout all their processes, including data storage, data transfer and due diligence research.

Increasing technological flexibility – A primary consequence of a business’s growth is the growth of the business’s third-party universe. As businesses develop, the volume and workload that third-party compliance technologies must manage increases as well and a key challenge for platforms is to continue to be technologically flexible.

Reducing manual processes through increasing automation programming robustness will become essential in helping businesses deal with increased workloads. Similarly, flexibility with integrations grows in importance as more third parties are added to a business’s repertoire and vast amounts of information require centralization.

*     *     *

In addition to judging a platform’s responses to pressures, it is also prudent to evaluate the technology’s internal processes and model itself. The foundation on which the system is built should be sufficiently robust and secure to promote continued resilience to external forces.

How is the due diligence conducted? Ensure you know whether the researchers are in-house, what languages the due diligence is conducted in, how confidential information is being sent, the quality assurance process for reports and the training provided for research personnel.

What efficiency tools will be improved? Robust automation programming and integrations are critical to managing a growing number of third parties. What is the platform doing to eliminate potential pain points and administrative burdens?

What ongoing support is available? Ensure you have access to a support team can accommodate well for new team members and feedback, which will occur because of your team’s growth. Training new team members, configuration of accounts and having responses to queries can help with maintaining the operations of your team.


Allan Matheson, pictured above, is CEO of compliance research firm Blue Umbrella. He has more than a decade of experience in compliance risk management leadership, due diligence and pre-employment screening.

Blue Umbrella’s whitepaper, “Key factors in choosing a third-party compliance platform,” can be requested here.

Share this post


Comments are closed for this article!