From Dutch start-up to global player: How 3rdRisk became a Diligent brand

Sometimes the best partnerships happen when you're not even looking for them. Like a chance encounter at a restaurant that turns into your future husband, or a fellow risk-professional that becomes a close friend after you both happened to attend our annual Summer Meet-Up.  

That's the sort of magic that brought 3rdRisk and Diligent together. What originally began as a conversation about integrations turned into something much bigger; a perfect match that helps us build the future of third-party and integrated risk management.

But one can only learn so much about what makes this partnership special by reading a press release. That’s why we decided to steal a bit of time from Bram Ketting, CEO and Co-founder of 3rdRisk, to hear the story behind the acquisition. Not a carefully crafted statement, but the actual A-to-Z. In this blog we dive into the backstory of 3rdRisk, the acquisition, what it means for everyone from the team to the partners, the future of our solution; and why an integrated risk management platform is more important than ever.

The backstory: From Attic to Amsterdam

3rdRisk started as most startups do, small and scrappy. For us that meant that our “office” was nothing more than an attic, with everyone knowing each other personally. It had a proper “adventure book” culture, as Bram describes it. The kind of tight-knit group where Lars Wiegers, the first employee and the mind behind various AI features, brought in other colleagues through his network. Everyone was connected to someone somehow, with a clear role and commitment to making it work as a team.

As the company grew, so did the need for change. The team moved to Amsterdam, and what was once a “do it yourself” operation where we handled everything from marketing to sales to legal, became something more structured. Specialists came on board, people who really knew their craft in marketing, product design, and HR. For example, Misha joined our team and helped turn our marketing foundation into a well-oiled machine, allowing Bram and Jelle to focus more on sales and strategic responsibilities.

"We saw enormous expansion," Bram explains. "Our first American clients showed us we were going global, and with a relatively small team, we realised we needed support to make 3rdRisk a real champion in the market."

The reality of rapid growth hit hard. Customers were bringing brilliant ideas. Internal teams were innovating constantly. But with a team of less than a dozen people, there was only so much bandwidth. Add in the complexity of international expansion such as different regulations, different markets, different time zones, and the answer became clear. To truly serve customers at the level they deserved and at the level they have grown accustomed to, 3rdRisk needed to scale up. Fast.

Scaling up: Choosing Diligent instead of Venture Capital

If you’re familiar with venture capital, then you’re aware it often comes with strings attached. More funding typically means pressure to hire sales teams, expand marketing, and shift focus from product to revenue. For a company where the majority of the team are developers, that didn't feel right. However, the market was pushing towards that route. Competitors were raising funds, building out sales forces, ramping up marketing spend. But something about that path felt off.  

"We started this company because I was a risk officer who struggled with Excel spreadsheets," Bram shares. "I'm not an entrepreneur who's launched six different ventures, from vitamin drinks to marketing agencies. This is who we are. The product is our heart."  

That authenticity sits at the core of 3rdRisk. It wasn't built on a business model first and product second. It was built from genuine need, from firsthand lived experiences of the pain points. The goal was never to flip the company, chase an exit, or maximise revenue at the cost of product innovation. It was to build something genuinely useful that would last.

It makes sense then, that when Diligent reached out it wasn't about an acquisition, but about integrations. However, as those conversations evolved, something clicked. 3rdRisk was strong in TPRM, while Diligent had internal controls and policy management capabilities that 3rdRisk lacked. Customers wanted broader capabilities beyond TPRM, and suddenly, the fit was obvious. This wasn't a sales pitch, it was a genuine strategic alignment, or in other words: a chance encounter that would lead to a valuable partnership.

"It is a match made in heaven," says Bram. "They let us stay focused on what we're good at: building a great product. They handle distribution and scaling. We never intended to sell. We wanted to become a global leader, and this acquisition lets us do exactly that."

A key part of this is that Diligent understood 3rdRisk’s product-first culture. They have been consistently recognised by analysts as a leader in the space. They aren’t interested in maximising every euro or dollar spent. They want to build the best products in the market. That shared vision makes all the difference. This acquisition isn’t going to kill the momentum, but make it more sustainable and scalable.  

What this means for the 3rdRisk team

Joining Diligent hasn't meant losing autonomy. 3rdRisk remains an independent brand in Amsterdam with its own development team and pricing. The product-driven culture is intact, this isn't about becoming numbers-focused. That was non-negotiable from the start, and Diligent respected it completely.

What has changed is the support structure. For a small team working with major brands, the stress was real. Managing contracts, negotiating pricing schemes, handling HR complexities across multiple countries, it was a lot for a lean team to carry. Now, there's a global network to tap into, training programmes to access, and colleagues operating at what Bram calls "Champions League level."

"Before, we were a handful of people around a whiteboard, trying to figure out how to conquer the next village with limited resources," Bram recalls. "Now we've got something like a Roman army behind us."

For the leadership team, it means less time on contracts, pricing schemes, and HR complexities, and more time on what matters, innovating the product. Less reporting to VCs about quarterly targets and growth metrics, more building. The conversations with Diligent's CEO focus on AI capabilities, supporting new regulations, integration strategies. The actual substance of what makes a great product, not just the numbers around it.

And for the others, the opportunity is also significant. Not only have the employee benefits improved, but the acquisition also provides them access to global training programmes, exposure to world-class operations, and the chance to learn from teams that operate at the highest level. It's the kind of professional development that's hard to offer when you're a fifty-four-person company, no matter how ambitious you are.

Want to become a part of the 3rdRisk team? Then check the vacancies on the Diligent website and apply. We look forward to receiving your applications.

Benefits for customers and partners

The internal team is not the only party benefiting from this acquisition. Bandwidth has always been a challenge. With a small team, customer ideas and market demands began piling up faster than they could be executed. Customer conversations bring new needs, regulatory changes require support, and market expansion create new requirements. The team works hard, but there are only so many hours in the day.  

Now, the development team is rapidly growing, which means faster feature delivery and better support for emerging needs like AI. Features that might have taken months can be delivered in weeks. Ideas that seemed ambitious are suddenly achievable. The difference in execution speed will be tangible.

But it's not just about capacity. The partnership opens up new possibilities for integration. 3rdRisk's TPRM strength now sits alongside Diligent's compliance, screening modules, and policy management tools. Instead of customers juggling multiple platforms across seven or eight risk domains, they'll soon have one integrated solution. That means fewer logins, less data duplication, and a single source of truth for risk management.

"Think about it from a supplier's perspective," Bram points out. "Right now, they're logging into thirty-six different portals. Soon, it'll be one entrance. That's better for everyone in the ecosystem."

For partners like Deloitte and KPMG, the scale makes bigger go-to-market strategies possible. Industry-specific programmes that would have taken ages can now be developed collaboratively. Think of tailored solutions for financial services, manufacturing, healthcare; sectors that each have unique compliance needs.

What’s next: From AI-based automations to agentic platform

So that’s what it means for the team, the partners and customers; but what about the platform?  

When 3rdRisk started, the idea was simple: digitise those painful Excel spreadsheets. That was version one. Version two brought monitoring such as news alerts, sanction list checks, and notifications when something happened. Instead of waiting for quarterly reviews, teams could get real-time alerts via Teams or Slack. It was proactive rather than reactive, which was a significant improvement. But the vision is much more ambitious now.

"We're moving towards an agentic platform," Bram explains. "Not just monitoring, but taking action. Think of it as a virtual risk officer that works twenty-four seven. When an incident happens, say, a flood in Vietnam, Lexie, our AI, will identify which of your fifteen thousand suppliers might be impacted, analyse the risk, and recommend the next steps."

Lexie was never simply a chatbot or a marketing gimmick. She's been in development for three years, designed to support daily workflows reviewing assurance reports, checking assessments, chasing documents. Taking long dreadful tasks and giving people back their valuable time so they can spend it actually mitigating risk or even walking the dog.

But now the goal is to evolve Lexie from what Bram calls "an intern in your risk department" into a full-fledged team member who never sleeps and can handle the heavy lifting when someone's on leave or capacity is tight. She'll read the news, identify potential impacts, analyse which suppliers are affected, and propose action plans, all automatically. You wake up with your coffee, check your phone, and see a notification: this happened, these suppliers are impacted, here's what we recommend.

The future vision is clear: a single integrated platform where board members can see their entire risk landscape at a glance. No more logging into dozens of portals or reconciling conflicting risk matrices. Just one dashboard showing what's happening, what actions are being taken, and what you need to know. That's the goal, but why?

A reminder: Why integrated risk management matters more than ever

Here's something that is easy to forget, but definitely worth considering: most corporates now outsource around 80% of their operational costs to third parties. IT, marketing, finance, even customer service centres; functions that used to sit in-house are now managed by external partners. That fundamental shift changes everything about how organisations need to think about risk.

In the past, if there was a finance issue, you walked over to the finance department and sorted it out. Now, your finance function might be run by a third party. Your IT might be with another provider. Your customer service with yet another. Each of these relationships needs managing, monitoring, and governance. The old approach of isolated risk management simply doesn't work anymore.

"The world moves fast," Bram says. "You go to sleep, wake up the next day, and there's been a hack somewhere. A cyber incident can quickly become a financial risk or a reputational crisis. Boards don't want to log into thirty-six portals and manually keep track of everything. They want to know: what's our integrated risk landscape? Where are the issues? If something happens, are we prepared?"

Many GRC solutions still focus on a single domain, just cybersecurity, just sustainability, just TPRM. But that's not how risk works in practice. A cybersecurity breach at a supplier doesn't stay neatly in the cybersecurity lane, it affects operations, it affects finances, it affects reputation. Incidents don't stay neatly in their lanes. The future is about multidisciplinary platforms where teams across security, privacy, sustainability, compliance, and continuity can collaborate in one place.

There's also the reality of talent shortage. Risk officers are hard to find, expensive to hire, and often stretched too thin. They're dealing with compliance requirements that are constantly evolving which sometimes means fifteen to seventeen different frameworks for international companies. The workload is massive, and the stakes are high. Technology needs to support this reality, not just add to the complexity.

These are the problems Diligent and 3rdRisk are gearing up to tackle together. Together we are building a foundation that supports not just today's compliance exercises, but tomorrow's AI agents and integrated data flows. One system of record. One place for all the data. One platform that can support the kind of intelligent automation that will define the next generation of risk management.

Conclusion

So in short: what can you expect from 3rdRisk as a Diligent brand? Faster development. More capabilities. Better integration across risk domains. And Lexie getting smarter, more proactive, and more capable of working alongside your team. The roadmap is ambitious, and now there are resources to actually deliver on it.

The product-first culture remains. The Amsterdam team stays independent. And the focus is still on solving real problems for real people, because at the end of the day, that's what this has always been about. No one at 3rdRisk is interested in building features for the sake of marketing slides or sales pitches. The question is always: does this genuinely help our customers manage risk better?

"We're not playing a numbers game," Bram emphasises. "We're building the best product we can. Now we just have the resources and support to do it on a global scale."

If you want to learn more about what 3rdRisk can do for your organisation, or if you're curious about where we're heading next, get in touch. We'd love to hear from you. Whether you're already managing third-party risk and looking for a better way, or you're just starting to build out your programme, we're here to help. And now, we've got the backing and resources to do an even better job than before.

For the official press statement, visit the Diligent website.

‍