Putting agentic AI to work in third party risk management
By Steve Jack, Head of Global Procurement & Vendor Management, Deutsche Bank
In Global Procurement & Vendor Management, we help protect the bank and our clients by evaluating and mitigating third-party risks. This means, for example, that before an external vendor can be given approval to work with Deutsche Bank, it must go through a strict onboarding process and subsequent regular reviews.
Vendors must supply documentary evidence, which my team checks against our control framework, ensuring all third parties meet Deutsche Bank’s internal standards and the expectations of our regulators. Making sure all these requirements are met and documented requires deep expertise, thorough judgement and, more importantly, time.
That’s why I am excited about TPRM AI, an agentic AI platform developed by our colleagues in the Technology, Data & Innovation team and implemented in Global Procurement & Vendor Management in December 2025. This solution uses multiple AI “agents” to speed up the assessment of vendor documents and suggest an outcome.
Our human assessors then use their expertise to review the suggestions to make the final decision. A manual review would typically take around 30 minutes per evidence document. TPRM AI now analyses up to five documents in under two minutes and provides suggested outcomes with citations.
Why this matters
Cutting assessment time isn’t just an efficiency gain - it helps us respond to business needs faster through quicker vendor onboarding, stronger commercial outcomes and shorter processing timelines. For example, we routinely receive business continuity evidence from one of our long‑standing service providers in a structured format but split across four to five separate files. In cases like this, a manual review can take around three hours. With AI‑supported document review followed by human validation, the work can be completed in about 30 minutes.
How TPRM AI works: coordinated AI agents in action
TPRM AI uses a set of specialised AI agents working sequentially. The first one retrieves the right Deutsche Bank control questions, the next one drafts answers based on the vendors’ evidence, and the third proposes an outcome with precise citations, while human experts stay firmly in control to make the final decision.
Accuracy, transparency and human oversight
TPRM AI not only provides us with speed of processing, but also achieves around 90% accuracy in recommended outcomes, as benchmarked against human validation. Accuracy is expected to improve further as the system evolves.
The solution is designed in keeping with our responsible AI principles, where decision rights remain with trained human assessors. Every suggested outcome includes citations to the exact source passages, making verification transparent.
Because it’s cloud-based, the solution is designed to scale as assessment volumes grow and requirements evolve. Over time, this could help us handle increased demand without additional resources, and we see a significant cost avoidance potential with a full roll-out.
This is an important first AI milestone in the third-party risk space and provides a solid foundation from which to scale across other risk assessment areas, driving greater internal efficiency and, in turn, better service to our clients.
Home
By Steve Jack, Head of Global Procurement & Vendor Management, Deutsche Bank
In Global Procurement & Vendor Management, we help protect the bank and our clients by evaluating and mitigating third-party risks. This means, for example, that before an external vendor can be given approval to work with Deutsche Bank, it must go through a strict onboarding process and subsequent regular reviews.
Vendors must supply documentary evidence, which my team checks against our control framework, ensuring all third parties meet Deutsche Bank’s internal standards and the expectations of our regulators. Making sure all these requirements are met and documented requires deep expertise, thorough judgement and, more importantly, time.
That’s why I am excited about TPRM AI, an agentic AI platform developed by our colleagues in the Technology, Data & Innovation team and implemented in Global Procurement & Vendor Management in December 2025. This solution uses multiple AI “agents” to speed up the assessment of vendor documents and suggest an outcome.
Our human assessors then use their expertise to review the suggestions to make the final decision. A manual review would typically take around 30 minutes per evidence document. TPRM AI now analyses up to five documents in under two minutes and provides suggested outcomes with citations.
Why this matters
Cutting assessment time isn’t just an efficiency gain - it helps us respond to business needs faster through quicker vendor onboarding, stronger commercial outcomes and shorter processing timelines. For example, we routinely receive business continuity evidence from one of our long‑standing service providers in a structured format but split across four to five separate files. In cases like this, a manual review can take around three hours. With AI‑supported document review followed by human validation, the work can be completed in about 30 minutes.
How TPRM AI works: coordinated AI agents in action
TPRM AI uses a set of specialised AI agents working sequentially. The first one retrieves the right Deutsche Bank control questions, the next one drafts answers based on the vendors’ evidence, and the third proposes an outcome with precise citations, while human experts stay firmly in control to make the final decision.
Accuracy, transparency and human oversight
TPRM AI not only provides us with speed of processing, but also achieves around 90% accuracy in recommended outcomes, as benchmarked against human validation. Accuracy is expected to improve further as the system evolves.
The solution is designed in keeping with our responsible AI principles, where decision rights remain with trained human assessors. Every suggested outcome includes citations to the exact source passages, making verification transparent.
Because it’s cloud-based, the solution is designed to scale as assessment volumes grow and requirements evolve. Over time, this could help us handle increased demand without additional resources, and we see a significant cost avoidance potential with a full roll-out.
This is an important first AI milestone in the third-party risk space and provides a solid foundation from which to scale across other risk assessment areas, driving greater internal efficiency and, in turn, better service to our clients.
How helpful was this article?
Click on the stars to send a rating