A version of this article was originally publishing by the Center for Financial Professionals (CeFPro).

As Customer Lead at a third‑party‑risk and procurement‑technology provider, I’ve had the privilege (and only the occasional headache) of watching organisations ranging from cutting‑edge fintechs to traditional financial institutions build their third‑party‑risk management programmes.

What strikes me most is that the toughest obstacles are rarely technical. They materialise long before an implementation kicks off, and critically, before formal risk processes even begin.

When I ask clients which phase of the third‑party lifecycle drags the most, onboarding almost always tops the list. Yet when we discuss where new investment is heading, the spotlight typically falls on due‑diligence tooling and risk assessment. This gap tells us something valuable: to shorten onboarding, reduce uncertainty and stop the endless back‑and‑forth, we must start where requests originate, at intake.

Procurement is usually the first touchpoint. A business stakeholder submits a request and answers twenty questions. Then TPRM steps in and asks another twenty. I hear the same complaint every week: “Sixty percent of this overlaps.” The cost isn’t just duplicated effort; it’s slower cycle times, frustrated colleagues, and incomplete context and data from day one.

One of my co-panellists at CeFPro Vendor Risk Europe captured it perfectly: “Procurement touches every part of the organisation. It should be the connective tissue that brings risk considerations in early.”

Our goal isn’t to turn procurement into governance experts; it’s to let them operationalise the standards and controls owned by TPRM. That begins with a single, well‑designed intake. Capture what legal, finance, and risk all need once, then use technology to route processes and enrich the data. Clean inputs enable confident decisions.

As a colleague of mine likes to say, “You don’t need the full 360‑degree view of every supplier on day one—you just need the right lens for each decision.”

At Omnea, we’re already helping teams do exactly that. AI-powered intake tiers requests, and immediately initiates proportional risk processes. Suppliers complete assessments in a dedicated supplier portal, not offline or in fragmented systems. So there’s a single source of truth. Omnea AI then analyzes their responses, extracts key exceptions, and surfaces them to the right people for review. It doesn’t require a multi-year implementation, or to have every integration mapped on day one. In fact, the programmes that sustain momentum and deliver the best results are those that iterate quickly.”

But even the best tools won’t succeed without the business on board. As we heard from a risk leader at Vendor Risk Europe: “We’re a service orientated function. If the business doesn’t buy in, we end up chasing adoption.” Most successful projects map internal champions and get their perspective as step one.

Many organisations still treat governance as something to tick off after a contract is signed, but evolving regulation and risk landscapes are changing that—especially at a moment when there's a significant advantage in adopting new AI technologies before your competitors do.

If we want to stay agile while creating stronger third‑party risk outcomes, we begin by re‑thinking intake, aligning procurement and TPRM, and treating the business as a true partner in the process. Technology will always evolve, but its impact depends on the groundwork we lay together.