Vendor Risk Management

Certa Raises $35M to Bring AI to Third-Party Risk Management

Series B Funding Will Allow Certa to Further Automate Compliance, Procurement Tasks
Certa Raises $35M to Bring AI to Third-Party Risk Management
Jag Lamba, founder and CEO, Certa (Image: Certa)

A third-party management platform founded by a longtime McKinsey consultant closed a funding round to bring further automation to compliance and procurement tasks.

San Francisco-based Certa plans to use the $35 million to invest in artificial intelligence that takes text-based policies around everything from ESG and legal to compliance and procurement and converts them into controlled workflows that integrate with third-party tools, said founder and CEO Jag Lamba. The Series B financing was led by Fin Capital and Vertex Ventures, and it comes 18 months after the Series A (see: Managing the Evolving Cyber Risk Posed by Third Parties).

"The more we invest in AI here, the more automated each of these applications becomes," Lamba told Information Security Media Group. "And that's the goal."

Where Certa Plans to Apply Artificial Intelligence

Certa currently employs 171 people. It was founded in 2013 by Lamba, who previously spent nearly 12 years as a senior strategy consultant at McKinsey. Lamba said artificial intelligence can help create a more conversational experience for infrequent users who only log into Certa once or twice a year and would rather interface with a chatbot than learn how to operate the platform themselves.

Another application for artificial intelligence around the Certa platform is to optimize filling out security questionnaires when beginning work with a third party so organizations aren't stuck copying and pasting their responses from a centralized spreadsheet. Using artificial intelligence will allow customers to reduce the size of their vendor management team and onboard third-party providers more quickly.

Each of the artificial intelligence use cases highlighted by Lamba is currently in beta or alpha mode and should be generally available to customers by the end of 2023. Two-thirds of company's environmental, social and governance goals are dependent on suppliers, and Lamba said making it faster and easier for companies to validate their suppliers using AI will help organizations reduce cost and improve agility.

Expansion Opportunities in Europe, Asia

From a geographic standpoint, Lamba anticipates the funding will allow Certa to expand its footprint outside of North America, which accounts for just 15% to 20% of clients today. Lamba said Certa already has the multilingual and data residency capabilities needed to excel in Europe, and the firm now plans to bring on operational and sales personnel in the United Kingdom, Germany and France.

Lamba said the regulatory environments and the large industrial organizations present in those three countries make them a good launching point in Europe. Once Certa is set up in Europe, Lamba said, the company will begin its Asian expansion, starting in Singapore and then moving into countries such as Japan, where it already has a presence with multinational companies.

Certa competes most directly against other risk management providers such as Archer, ProcessUnity and Aravo as well as privacy vendors such as OneTrust. Certa benefits from being a more modern platform and investing heavily in innovation and growth rather than being in a "value extraction" phase, Lamba said. Many of the platforms Certa goes up against were created more than 20 years ago, according to Lamba.

From a metrics standpoint, Lamba plans to closely track the amount of time needed to onboard third parties, the number of third parties Certa is enabling companies to manage, and the company's growth rate. Lamba hopes to eventually offer customers one-click onboarding in which customers instantly share data with third parties as soon as the request is accepted, without any data entry burden.

"What we're trying to do is help with an immediate pain point for customers," Lamba said.

About the Author

Michael Novinson

Michael Novinson

Managing Editor, Business, ISMG

Novinson is responsible for covering the vendor and technology landscape. Prior to joining ISMG, he spent four and a half years covering all the major cybersecurity vendors at CRN, with a focus on their programs and offerings for IT service providers. He was recognized for his breaking news coverage of the August 2019 coordinated ransomware attack against local governments in Texas as well as for his continued reporting around the SolarWinds hack in late 2020 and early 2021.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.