• AI’s Transformative Role in Third Party Risk Management - From Static Snapshots to Real-Time Resilience
    2025/08/13

    In this episode of The Third Party Risk Institute Podcast, we explore how artificial intelligence is revolutionizing third-party risk management (TPRM) by shifting from outdated, static assessments to continuous, real-time monitoring. With third-party data breaches projected to impact over 60% of companies by 2025, this transformation is no longer optional it’s a regulatory and operational necessity.

    Drawing from global regulatory trends, case examples, and emerging best practices, we break down how AI-powered TPRM enables organizations to detect issues faster, map fourth-party dependencies, assess ESG risks, and build resilience into complex supply chains. You’ll hear how machine learning, natural language processing, and anomaly detection are enhancing due diligence, automating risk scoring, and integrating real-time risk intelligence into procurement and governance.

    What we cover in this episode:
    • Why traditional annual vendor assessments no longer work in today’s fast-moving threat environment
    • How AI enables continuous monitoring and dynamic risk scoring
    • Techniques to map and manage fourth-party and concentration risk
    • Integrating ESG risk into TPRM programs
    • Key regulatory drivers including DORA, the EU AI Act, APRA CPS 234, and U.S. Interagency Guidance
    • Best practices for AI governance and human oversight

    You’ll walk away with practical guidance on:
    • Building an integrated data foundation for continuous monitoring
    • Selecting and deploying AI-enabled TPRM platforms
    • Aligning your TPRM program with evolving global regulations
    • Avoiding pitfalls like poor data quality, false positives, and AI overreliance

    This episode is perfect for:
    • Chief Risk Officers, Vendor Risk Managers, and Procurement Leaders
    • Cybersecurity, Compliance, and Audit Professionals
    • ESG, Sustainability, and Governance Specialists
    • Anyone tasked with safeguarding critical third-party relationships in regulated industries

    If you like reading, check out our full blog post on Modernizing Third Party Risk Management with AI here: https://thirdpartyriskinstitute.com/modernizing-third-party-risk-management-with-ai/

    🎧 Enjoying the podcast?
    Explore more resources, expert insights, and certification programs at www.thirdpartyriskinstitute.com

    📱 Follow us on LinkedIn for real-world conversations and industry trends: Third Party Risk Institute Ltd.

    📬 Have a question or topic you'd like us to cover?
    Email us at: info@thirdpartyriskinstitute.com

    続きを読む 一部表示
    28 分
  • Financial Health as a Risk Signal: James Gellert on Scalable Intelligence for Third Party Risk
    2025/07/30

    In this episode of The Third Party Risk Institute Podcast, we’re joined by James Gellert, CEO of RapidRatings, to explore how financial health analysis can act as a predictive signal for third-party risk and why it’s more critical than ever in today’s complex vendor ecosystems.

    James brings decades of experience in finance, technology, and analytics, and under his leadership, RapidRatings has become a global benchmark in evaluating financial health using objective, statement-based ratings. This conversation dives into how financial data, when analyzed rigorously and presented clearly, empowers risk, procurement, and compliance teams to make proactive, informed decisions, not just reactive ones.

    With third parties spanning thousands of vendors, fintechs, and non-vendor entities like utilities and payment platforms, organizations need scalable ways to flag degradation early, understand downstream impact, and prioritize engagement. James shares how their analytics are used across industries to identify resilience, assess M&A impacts, and evaluate young or private vendors, especially when traditional due diligence doesn’t offer enough visibility.

    What we cover in this episode:

    • How financial health ratings provide predictive, not just historical, insights
    • The value of segmenting vendors by criticalit,y not just spend
    • Portfolio-level risk views to avoid aggregation blind spots
    • Using financial data to surface early warnings of operational or cybersecurity risks
    • The interplay between financial health, innovation, and third-party performance
    • How companies can obtain financial disclosure from small or private vendors
    • Mitigating concentration risk across critical and non-vendor third parties

    You’ll walk away with practical guidance on:

    • When and how to assess financial health across the third-party lifecycle
    • How to build collaboration between business units and risk functions
    • Why integrating financial ratings with cybersecurity and ESG assessments matters
    • How financial health underpins resilience, agility, and innovation
    • The hidden costs of overlooking financially weak partners and what to do about it

    This episode is perfect for:

    • Third-party risk professionals and vendor managers
    • Procurement and sourcing leaders
    • Enterprise risk, compliance, and audit professionals
    • Cybersecurity and operational resilience teams
    • Anyone responsible for managing extended enterprise risk at scale

    🎧 Enjoying the podcast?
    Explore more resources, expert insights, and certification programs at www.thirdpartyriskinstitute.com

    📱 Follow us on LinkedIn for real-world conversations and industry trends: Third Party Risk Institute Ltd.

    📬 Have a question or topic you'd like us to cover?
    Email us at: info@thirdpartyriskinstitute.com

    続きを読む 一部表示
    57 分
  • Regulations, ESG & Cyber Risk: What’s Changing in Third Party Risk Management for 2025
    2025/07/23

    In this episode of The Third Party Risk Institute Podcast, we dive into the major shifts in regulatory expectations, ESG obligations, and cybersecurity threats that are reshaping Third Party Risk Management (TPRM) in 2025.

    From the tightening grip of global regulators to the growing complexity of ESG due diligence and the rise of AI risks this episode offers a comprehensive look at what risk leaders need to prepare for now.

    What we cover in this episode:

    • How DORA, FINRA, and new U.S. privacy laws are raising the bar on third-party oversight
    • Why ESG is no longer optional and what it means for your vendors and contracts
    • The impact of AI and emerging tech on data privacy, due diligence, and risk scoring
    • Which new expectations are hitting procurement, compliance, and cybersecurity teams hardest
    • How to future-proof your TPRM program through governance, automation, and centralized tools

    You’ll walk away with practical insights on:

    • Mapping vendor risk across global regulations
    • Setting up effective ESG and privacy controls
    • Embedding real-time cyber monitoring and AI oversight
    • Building a resilient TPRM function that meets 2025’s complexity head-on

    This episode is ideal for:

    • Risk and Compliance Leaders
    • Procurement & Sourcing Professionals
    • ESG, Audit, and Privacy Officers
    • Cybersecurity and GRC Teams
    • Third Party Risk Analysts & Program Owners

    Want more?
    Explore our training programs, assessments, and resources designed for professionals advancing their third-party risk capabilities at Third Party Risk Institute Ltd.

    🎧 Enjoying the podcast?
    Explore more resources, expert insights, and certification programs at www.thirdpartyriskinstitute.com

    📱 Follow us on LinkedIn for real-world conversations and industry trends: Third Party Risk Institute Ltd.

    📬 Have a question or topic you'd like us to cover?
    Email us at: info@thirdpartyriskinstitute.com

    続きを読む 一部表示
    35 分
  • Mastering Systemic Third-Party Risk: Insights from OCC's CRO Vishal Thakkar
    2025/07/16

    In this episode of The Third Party Risk Institute Podcast, we sit down with Vishal Thakkar, Chief Risk Officer at the Options Clearing Corporation (OCC), to explore what it takes to manage third-party risk at the world's largest equity derivatives clearing organization, designated as a Systemically Important Financial Market Utility (SIFMU). Given OCC's profound interconnectedness within the financial ecosystem, their approach to risk management sets a benchmark for market integrity and stability.

    With over 20 years of experience leading risk, regulatory compliance, operational management, cybersecurity, and internal audit functions across various organizations, Vishal shares a behind-the-scenes view of how OCC safeguards market integrity by delivering reliable clearing and settlement services for millions of transactions globally. Drawing from his unique vantage point, having worked in all three lines of defence, Vishal provides invaluable insights into building resilient risk programs and navigating complex regulatory expectations.

    What we cover in this episode:

    • OCC’s lifecycle-based third-party risk management (TPRM) framework
    • Defining the “extended enterprise” to include non-vendor critical entities
    • Using scenario analysis to test operational resilience
    • Aligning the three lines of defence in risk governance
    • Rationalizing controls for efficiency
    • Board engagement on outsourcing and cloud strategy

    You’ll walk away with practical guidance on:

    • How to identify “crown jewel” third parties
    • Strategies to scale TPRM without losing control
    • Applying standards like NIST CSF, ISO, and Interagency Guidance
    • How OCC prepares for regulatory reviews and evolves its risk posture

    This episode is perfect for:

    • Chief Risk Officers and other risk management professionals.

    • Internal auditors and compliance officers.

    • Cybersecurity leaders and professionals.

    • Business leaders and operational managers responsible for critical third-party relationships.

    • Anyone dedicated to building robust risk management frameworks and operational resilience in financial services, critical infrastructure, or other highly regulated industries.

    🎧 Enjoying the podcast?
    Explore more resources, expert insights, and certification programs at www.thirdpartyriskinstitute.com

    📱 Follow us on LinkedIn for real-world conversations and industry trends: Third Party Risk Institute Ltd.

    📬 Have a question or topic you'd like us to cover?
    Email us at: info@thirdpartyriskinstitute.com

    続きを読む 一部表示
    54 分
  • Mastering Third Party Risk in the Age of Intelligence with FIS CRO David Dunn
    2025/07/09

    In this episode of The Third Party Risk Institute Podcast, we sit down with David Dunn, Chief Risk Officer at FIS, to explore what it takes to manage third party risk at a global fintech that serves as a systemically significant service provider to thousands of banks worldwide.

    With 30+ years of experience leading risk and audit functions across top financial institutions, including Bank of America, PNC, and Truist, David shares a behind-the-scenes view of how to build resilient risk programs, navigate regulatory expectations like interagency guidance and DORA, and align innovation with a strong risk appetite.

    Whether you’re leading a TPRM program in a regulated industry or working with critical vendors, this episode will help you rethink how to scale your program without losing sight of risk ownership, performance, and resilience.

    What we cover in this episode:
    • The role of fintechs in global financial infrastructure and the regulatory pressure they face
    • Why outsourcing services doesn’t mean outsourcing risk
    • How FIS manages concentration risk, critical dependencies, and long-tail events
    • What it means to be a "systemically significant service provider" under regulatory scrutiny
    • Leveraging AI for internal security and innovation in product development
    • Risk appetite: balancing innovation with a conservative approach to risk-taking
    • The growing importance of managing nth party (4th, 5th+) risks
    • How to operationalize interagency guidance and DORA within large-scale risk programs. And a lot more.

    You’ll walk away with practical guidance on:
    • Applying interagency guidance and DORA to third-party risk
    • Designing scalable vendor management frameworks
    • Integrating AI into risk management and product design responsibly
    • Managing concentration and systemic risk with contingency planning
    • Building RCSAs that extend beyond surface-level checks
    • Identifying and assessing material fourth parties tied to core operations
    • Reinforcing your Three Lines of Defence with accountability and clarity
    • Optimizing SOC reports for assurance, not just compliance
    • Structuring SLAs that are strategic and useful
    • Improving relationship oversight and vendor offboarding processes
    • Communicating risk clearly to internal stakeholders and executive leadership

    This episode is perfect for:
    • Chief Risk Officers (CROs)
    • Risk and Audit Leaders
    • Procurement and Third-Party Program Managers
    • Compliance and Governance Professionals
    • CISOs and Information Security Executives
    • Business Resilience and Operational Risk Managers
    • Anyone working with critical vendors in finance, fintech, or tech

    🎧 Enjoying the podcast?
    Explore more resources, expert insights, and certification programs at www.thirdpartyriskinstitute.com

    📱 Follow us on LinkedIn for real-world conversations and industry trends: Third Party Risk Institute Ltd.

    📬 Have a question or topic you'd like us to cover?
    Email us at: info@thirdpartyriskinstitute.com

    続きを読む 一部表示
    59 分