Home > MBA Newslinks > Auto Draft

Ncontracts: AI Vendor Risk Ties Cybersecurity as Top Concern for Financial Institutions

March 13, 2026 |By Michael Tucker

For the first time, financial institutions rank Artificial Intelligence risk on par with cybersecurity as their top third-party concern, according to Ncontracts, Nashville.

Even so, 72% of those surveyed by Ncontracts for its 2026 State of Third-Party Risk Management Survey admit they are only partially aware of which vendors use AI and not a single organization said it feels extremely confident managing it.

The survey, which drew responses from 173 financial services professionals between November 2025 and January 2026, reveals TPRM programs caught between expanding vendor portfolios, emerging AI risks that outpace current assessment capabilities, and teams that haven’t grown to match the load.

“TPRM programs are being asked to do more than ever — more vendors, more risk types, more complexity — with teams that haven’t kept pace,” Ncontracts Founder and CEO Michael Berman said. “AI is the clearest example of that pressure, and this survey shows the industry knows it. The organizations that will pull ahead are those investing now in the technology, processes, and metrics that let their programs scale and demonstrate value.”

Key report findings include:

AI Risk Has Arrived — But Institutions Aren’t Ready

The concern is clear — but the confidence to manage it isn’t. 73% of large organizations with 5,001 or more employees fall into the lowest confidence tiers, suggesting that size and sophistication offer little advantage when existing TPRM frameworks haven’t yet been extended to address the specific complexities of vendor AI.

TPRM Programs Run Lean While Managing Hundreds of Vendors

Nearly two-thirds (63%) of TPRM programs operate with just one or two dedicated full-time employees, and 13% have no dedicated staff at all. More than half (53%) manage 300 or more vendors, creating ratios where individual professionals are responsible for 100 or more vendor relationships.

Technology Creates a Compliance Divide

Just 10% of institutions still rely on spreadsheets — down from 13% in 2025 — as nearly 87% now use TPRM software. The gap matters: manual process users are 71% more likely to receive exam findings and report 50% lower satisfaction with their tools.

Mature Programs See TPRM Differently

Among organizations with no processes in place, 67% view TPRM as little more than a compliance formality — a figure that drops to just 13% among the most mature programs, where 26% report TPRM delivering high value across the organization.

Tags:
Back to Full Issue