Third Party Therapy

Mike Day

A bi-weekly podcast about the world of third party risk. Many of us are in the same position, facing ever evolving challenges, trying to keep up with new regulations and laws and it often feels like we are struggling to keep up. I want to really open up the conversation on this topic by speaking with practitioners to discuss key topics, understand what worked well and what went wrong, what people struggle with and to bring in ideas from other industries too. I’ll be asking the questions that folks may feel silly or uncomfortable asking too. So, why not join me for a series of informal interviews and discussions to really open up the conversation for the third party risk community?

See All

  1. EPISODE 1

    Third Party Therapy - Layla White - Beyond Third Parties: Mapping Fourth-Party Risk and Early-Stage Suppliers

    Beyond Third Parties: Mapping Fourth-Party Risk and Early-Stage Suppliers – with Layla White (TechPassport) Episode overview Season 2 opens with a practical deep dive into one of the hardest problems in modern third-party risk management: understanding what sits beyond your immediate suppliers. Mike is joined by Layla White, founder of TechPassport, to unpack why fourth- and fifth-party dependencies remain opaque, how early-stage suppliers change the risk profile, and why traditional questionnaires and web-scraping approaches struggle to keep up with today’s supply chains. The conversation blends lived experience from financial services procurement and vendor management with a grounded look at how supply chain mapping actually works in the wild, where outages, cloud concentration, geopolitics, and cyber incidents collide. What you’ll hear in this episode Why fourth- and fifth-party risk is still a blind spot for many organisationsThe limits of questionnaires and AI/web-scraped data for mapping supply chainsHow to identify critical dependencies deeper in the supply chainThe problem of hidden concentration risk (especially with cloud and shared infrastructure)Why small suppliers and early-stage tech firms introduce different resilience risksThe importance of validating supplier-provided data rather than guessing from public sourcesHow outages propagate through unseen dependenciesWhy supply chain risk now stretches beyond cyber into resilience, data, ESG, and modern slaveryWhere regulation is pushing firms to understand and evidence extended dependenciesKey takeaways Supply chain risk is no longer a third-party problem. The real fragility often sits further down the chain.Public signals and scraped data are useful clues, not ground truth. Critical dependencies usually only emerge when suppliers confirm them directly.Concentration risk is rarely obvious until something breaks. Mapping dependencies before an incident is the difference between response and surprise.Early-stage suppliers need structure and support to meet enterprise expectations, not just scrutiny.Effective TPRM is a system of approaches, not a single tool. Questionnaires, live data, mapping, and supplier engagement all have different strengths.Guest bio Layla White is the founder of TechPassport, a platform focused on improving how organisations gather and manage supplier information, map extended supply chains, and engage early-stage technology providers. Layla previously worked in financial services procurement and vendor management, where she experienced first-hand the friction, delays, and blind spots that exist in traditional third-party onboarding and supply chain visibility. Who this episode is for Third-Party Risk and Operational Resilience leadersProcurement and Vendor Management teamsCyber and Cloud risk practitionersRisk, Compliance, and Resilience professionalsAnyone grappling with fourth-party visibility, concentration risk, or supplier onboarding in complex ecosystemsListen to the episode 🎧 Full episode: https://thirdpartytherapy.com Tags / themes TPRM, Fourth-Party Risk, Supply Chain Mapping, Concentration Risk, Operational Resilience, Early-Stage Suppliers, Cloud Dependencies, Cyber Resilience

    48 min

  2. EPISODE 2

    Third Party Therapy - Mo Randeree - TPRM at Speed: Using AI to Bridge the Gap Between Risk and Procurement

    TPRM at Speed: Using AI to Bridge the Gap Between Risk and ProcurementEpisode Summary: How do you build a world-class Third-Party Risk Management (TPRM) function in a digital-first, fast-paced environment? In this episode of Third Party Therapy, Mike Day sits down with Mo Randeree from Atom Bank. Mo shares his journey from a PwC auditor to a TPRM leader, discussing how to break down the traditional silos between Procurement, Risk, and Resilience. The highlight of this episode is Mo’s deep dive into the practical use of Google Gemini (AI) to automate risk assessments, moving the dial from "policing" the business to "partnering" with it. 🕒 Timestamps 00:00 – Introduction: Managing risk at the speed of a digital bank 03:45 – Mo’s Background: Stumbling into TPRM via PwC 12:10 – The Integrated Operating Model: Merging Procurement, TPRM, and Resilience 20:30 – Speed to Market: Why "Check-the-Box" compliance doesn't work in FinTech 28:50 – AI in Action: Using Google Gemini to solve the "data mountain" problem 37:15 – Shifting the Culture: Moving from a "No" function to a "Business Enabler" 45:40 – Proactive Supplier Management: Having hard conversations about control gaps 53:00 – Closing thoughts and advice for the next generation of risk leaders 💡 Key TakeawaysThe "One-Stop-Shop" Model: Discover how Atom Bank integrates procurement and risk into a single lifecycle, ensuring risk is considered at the start of a project, not as a final hurdle.Leveraging Generative AI: Mo explains the specific prompts and processes used with Google Gemini to digest complex supplier documents, allowing a lean team to achieve massive scale.Bridging the Gap: Practical tips on how to align the conflicting goals of Procurement (speed/cost) and Risk (safety/compliance).Relationship-Driven Risk: Why the most effective TPRM tool isn't a piece of software, but the ability to build trust across the organization.🔗 Connect & ResourcesOfficial Website: thirdpartytherapy.comJoin the Community: Sign up for our mailing list to receive our "AI in TPRM" guide.Guest Info: Connect with Mo Randeree on LinkedIn to follow his work at Atom Bank.Search & SEO Keywords: #TPRM #ThirdPartyRisk #AtomBank #GoogleGemini #GenerativeAI #RiskManagement #ProcurementStrategy #FinTech #BusinessResilience #ThirdPartyTherapy #SupplyChainRisk

    53 min

  3. EPISODE 3

    Third Party Therapy - Clarence Chio | The Pace of TPRM: Faster Horses or a New Way to Travel?

    Is the pace of change in Third-Party Risk Management (TPRM) keeping up with the complexities of the modern marketplace? In this episode of Third Party Therapy, Mike Day sits down with Clarence Chio, founder of Coverbase. Clarence, a Stanford-trained engineer and cybersecurity veteran, shares his unique perspective on the "assessor fatigue" felt by both sides of the table. They dive deep into how AI can move beyond just making existing processes "faster horses" and instead fundamentally change how trust is established between organizations. 🕒 Timestamps00:00 – Introduction: Is TPRM falling behind the market? 03:45 – Clarence’s Journey: From Stanford to Anti-Money Laundering (AML) 12:10 – The "Assessor’s Dilemma": Why busy work doesn't always equal risk reduction 21:30 – The Pace of Change: Why traditional assessments are static in a dynamic world 30:50 – AI & Coverbase: Moving from manual checklists to automated trust 38:15 – The "Faster Horse" Problem: Re-imagining the future of TPRM 47:40 – Elevating the Job: How automation allows risk managers to focus on strategy 55:30 – Closing thoughts: Mapping out the next 5 years of TPRM 💡 Key TakeawaysThe Problem with Static Assessments: Clarence explains why an annual review is often obsolete the moment it's finished and how the pace of software updates requires a new approach to monitoring.Assessor Fatigue: Insight into why critical vendors feel "put through the wringer" and how this friction actually hinders true risk transparency.AI as an Efficiency Engine: How Coverbase uses AI to bridge the gap, allowing for a more holistic and real-time understanding of vendor security postures.Rethinking the Function: Why the industry needs to stop asking for "faster horses" (doing the same manual tasks quicker) and start looking for the "automobile" (fundamentally changing the workflow).🔗 Connect & ResourcesOfficial Website: thirdpartytherapy.comGuest Info: Learn more about Clarence Chio and Coverbase at Clarence Chio | LinkedInSearch & SEOKeywords: #TPRM #ThirdPartyRisk #ClarenceChio #Coverbase #Cybersecurity #AI #RiskAutomation #VendorManagement #SupplyChainSecurity #ThirdPartyTherapy #Innovation

    57 min
See All Season 2 (3)

Trailer

About

A bi-weekly podcast about the world of third party risk. Many of us are in the same position, facing ever evolving challenges, trying to keep up with new regulations and laws and it often feels like we are struggling to keep up. I want to really open up the conversation on this topic by speaking with practitioners to discuss key topics, understand what worked well and what went wrong, what people struggle with and to bring in ideas from other industries too. I’ll be asking the questions that folks may feel silly or uncomfortable asking too. So, why not join me for a series of informal interviews and discussions to really open up the conversation for the third party risk community?

Information

  • Creator
    Mike Day
  • Episodes
    19
  • Seasons
    2
  • Rating
    Clean