Opportunities for information managers in due diligence and third-party risk
Jinfo Blog
11th December 2025
Abstract
Item
Dermot Corrigan is CEO of SmartKYC, but has a long history working with vendors and consumers of third-party information, specialising in risk management work.
Dermot recently ran a Jinfo Community session that highlighted crucial areas where corporate information professionals, content buyers and research managers can significantly increase their strategic value.
The new Jinfo report "Opportunities for information managers in due diligence and third-party risk" contains all the strategic opportunities and actions.
What is third-party risk?
Third-party risk concerns any entity engaged within an organisation’s value chain, including:
- Advisors
- Agents
- Clients
- Distributors
- Partners
- Suppliers.
The core issue is the risk by association, where a third-party's misdeeds become the organisation's own problem.
And the scope of this work is extensive and growing. Dermot cited one organisation as having over 250,000 companies in its supply chain. Another colleague told us that their organisation retains almost 3,000 people in third-party risk management.
Why is third-party risk so important?
There are two reasons for this burgeoning growth:
- Increasingly far-reaching and rigorous regulation, backed by punitive financial penalties and personal liability for non-compliance.
- Reputational risk associated with social media, where adverse stories can significantly impact client relationships and revenues.
Why is data such an issue?
Dermot observed that procurement decisions for critical due-diligence data are often made without sufficient critical analysis. Examples include:
- Vague data value
- Lack of criticality
- Inconsistent data treatment.
This lack of expertise results in organisations being left with a patchwork of sources bought over time, with no overarching strategy or expert counsel.
So how can information managers step up?
- Become the custodian of data quality and diligence
Information managers must step forward as the custodians of corporate well-being in acquiring and using high-quality due diligence data.
Demonstrate this by doing diligence on the diligence sources. Bridge the knowledge gap. - Focus on continuous monitoring and technological integration
Due diligence is not a one-off check. Regulation requires continuous monitoring, and reputational risk demands ongoing vigilance.
Advocate for continuous monitoring. Promote efficient technology over body shops.
Dermot rarely meets information professionals as part of his client engagement, yet he is often asked questions that information managers are well equipped to address. This highlights a significant "opportunity lost".
The growing importance of due diligence, driven by regulation and reputational necessity, is an opportunity for the information professional to move front-and-centre in crucial conversations about corporate risk management.
Read the full report for all the actions and value from the Community session:
- Blog post title: Opportunities for information managers in due diligence and third-party risk
- Link to this page
- View printable version
Related reports:
- Opportunities for information managers in due diligence and third-party risk
Thursday, 13th November 2025
Register for our next Community session:
Team demand and AI
22nd January 2026
Latest on our YouTube channel:
Read on the Blog:
December 2025 update
3rd December 2025
- Team roles and AI (Community) 26th February 2026
- Team demand and AI (Community) 22nd January 2026
- Transforming knowledge management at BASF – GenAI and the evolution of QKnows (Community) 10th December 2025