Third Party Therapy

podcast artwork

Podcast by Mike Day

Third Party Therapy

A bi-weekly podcast about the world of third party risk. Many of us are in the same position, facing ever evolving challenges, trying to keep up with new regulations and laws and it often feels like we are struggling to keep up. I want to really open up the conversation on this topic by speaking with practitioners to discuss key topics, understand what worked well and what went wrong, what people struggle with and to bring in ideas from other industries too. I’ll be asking the questions that folks may feel silly or uncomfortable asking too. So, why not join me for a series of informal interviews and discussions to really open up the conversation for the third party risk community?
Listen onApple Podcasts
Listen onSpotify
Listen onDeezer

Latest episodes

episode artwork

06 April 2026

Third Party Therapy - Prof. Richard Wilding OBE | The Academic Lens on Supply Chain Resilience

How do you build a supply chain that doesn't just survive disruption but thrives through it? Mike Day is joined by Professor Richard Wilding OBE, Emeritus Professor of Supply Chain Strategy, to bridge the gap between academic theory and frontline risk management.

Professor Wilding shares his expert perspective on why the "Cost to Serve" must be applied to risk, how to segment vendors effectively, and why "Robustness" is no longer enough in a volatile global economy.

🕒 Timestamps:

  • 00:00 – Introduction: Bringing the Academic Lens to TPRM.
  • 03:45 – Richard’s journey: From Engineering and the "Brit Industry" to OBE.
  • 14:20 – Why "Efficiency" is a dangerous goal for modern supply chains.
  • 25:10 – Resilience vs. Robustness: What’s the difference?
  • 38:45 – The Cost to Serve: Why you shouldn't treat every vendor the same.
  • 52:30 – Advice for the next generation of supply chain leaders.

SEO Keywords: #SupplyChain #Logistics #Procurement #RichardWilding #RiskManagement #Resilience #Strategy #OBE

00:00

54:16

episode artwork

23 March 2026

Third Party Therapy - Clarence Chio | The Pace of TPRM: Faster Horses or a New Way to Travel?

Is the pace of change in Third-Party Risk Management (TPRM) keeping up with the complexities of the modern marketplace? In this episode of Third Party Therapy, Mike Day sits down with Clarence Chio, founder of Coverbase.

Clarence, a Stanford-trained engineer and cybersecurity veteran, shares his unique perspective on the "assessor fatigue" felt by both sides of the table. They dive deep into how AI can move beyond just making existing processes "faster horses" and instead fundamentally change how trust is established between organizations.

🕒 Timestamps

00:00 – Introduction: Is TPRM falling behind the market?

03:45 – Clarence’s Journey: From Stanford to Anti-Money Laundering (AML)

12:10 – The "Assessor’s Dilemma": Why busy work doesn't always equal risk reduction

21:30 – The Pace of Change: Why traditional assessments are static in a dynamic world

30:50AI & Coverbase: Moving from manual checklists to automated trust

38:15 – The "Faster Horse" Problem: Re-imagining the future of TPRM

47:40 – Elevating the Job: How automation allows risk managers to focus on strategy

55:30 – Closing thoughts: Mapping out the next 5 years of TPRM

💡 Key Takeaways

  • The Problem with Static Assessments: Clarence explains why an annual review is often obsolete the moment it's finished and how the pace of software updates requires a new approach to monitoring.
  • Assessor Fatigue: Insight into why critical vendors feel "put through the wringer" and how this friction actually hinders true risk transparency.
  • AI as an Efficiency Engine: How Coverbase uses AI to bridge the gap, allowing for a more holistic and real-time understanding of vendor security postures.
  • Rethinking the Function: Why the industry needs to stop asking for "faster horses" (doing the same manual tasks quicker) and start looking for the "automobile" (fundamentally changing the workflow).

🔗 Connect & Resources

Search & SEO

Keywords: #TPRM #ThirdPartyRisk #ClarenceChio #Coverbase #Cybersecurity #AI #RiskAutomation #VendorManagement #SupplyChainSecurity #ThirdPartyTherapy #Innovation

00:00

57:26

episode artwork

11 March 2026

Third Party Therapy - Mo Randeree - TPRM at Speed: Using AI to Bridge the Gap Between Risk and Procurement

TPRM at Speed: Using AI to Bridge the Gap Between Risk and Procurement

Episode Summary: How do you build a world-class Third-Party Risk Management (TPRM) function in a digital-first, fast-paced environment? In this episode of Third Party Therapy, Mike Day sits down with Mo Randeree from Atom Bank. Mo shares his journey from a PwC auditor to a TPRM leader, discussing how to break down the traditional silos between Procurement, Risk, and Resilience.

The highlight of this episode is Mo’s deep dive into the practical use of Google Gemini (AI) to automate risk assessments, moving the dial from "policing" the business to "partnering" with it.

🕒 Timestamps

00:00 – Introduction: Managing risk at the speed of a digital bank

03:45 – Mo’s Background: Stumbling into TPRM via PwC

12:10 – The Integrated Operating Model: Merging Procurement, TPRM, and Resilience

20:30 – Speed to Market: Why "Check-the-Box" compliance doesn't work in FinTech

28:50AI in Action: Using Google Gemini to solve the "data mountain" problem

37:15 – Shifting the Culture: Moving from a "No" function to a "Business Enabler"

45:40 – Proactive Supplier Management: Having hard conversations about control gaps

53:00 – Closing thoughts and advice for the next generation of risk leaders

💡 Key Takeaways

  • The "One-Stop-Shop" Model: Discover how Atom Bank integrates procurement and risk into a single lifecycle, ensuring risk is considered at the start of a project, not as a final hurdle.
  • Leveraging Generative AI: Mo explains the specific prompts and processes used with Google Gemini to digest complex supplier documents, allowing a lean team to achieve massive scale.
  • Bridging the Gap: Practical tips on how to align the conflicting goals of Procurement (speed/cost) and Risk (safety/compliance).
  • Relationship-Driven Risk: Why the most effective TPRM tool isn't a piece of software, but the ability to build trust across the organization.

🔗 Connect & Resources

  • Official Website: thirdpartytherapy.com
  • Join the Community: Sign up for our mailing list to receive our "AI in TPRM" guide.
  • Guest Info: Connect with Mo Randeree on LinkedIn to follow his work at Atom Bank.

Search & SEO

Keywords: #TPRM #ThirdPartyRisk #AtomBank #GoogleGemini #GenerativeAI #RiskManagement #ProcurementStrategy #FinTech #BusinessResilience #ThirdPartyTherapy #SupplyChainRisk

00:00

52:37

episode artwork

23 February 2026

Third Party Therapy - Layla White - Beyond Third Parties: Mapping Fourth-Party Risk and Early-Stage Suppliers

Beyond Third Parties: Mapping Fourth-Party Risk and Early-Stage Suppliers – with Layla White (TechPassport)

Episode overview

Season 2 opens with a practical deep dive into one of the hardest problems in modern third-party risk management: understanding what sits beyond your immediate suppliers. Mike is joined by Layla White, founder of TechPassport, to unpack why fourth- and fifth-party dependencies remain opaque, how early-stage suppliers change the risk profile, and why traditional questionnaires and web-scraping approaches struggle to keep up with today’s supply chains.

The conversation blends lived experience from financial services procurement and vendor management with a grounded look at how supply chain mapping actually works in the wild, where outages, cloud concentration, geopolitics, and cyber incidents collide.

What you’ll hear in this episode

  • Why fourth- and fifth-party risk is still a blind spot for many organisations
  • The limits of questionnaires and AI/web-scraped data for mapping supply chains
  • How to identify critical dependencies deeper in the supply chain
  • The problem of hidden concentration risk (especially with cloud and shared infrastructure)
  • Why small suppliers and early-stage tech firms introduce different resilience risks
  • The importance of validating supplier-provided data rather than guessing from public sources
  • How outages propagate through unseen dependencies
  • Why supply chain risk now stretches beyond cyber into resilience, data, ESG, and modern slavery
  • Where regulation is pushing firms to understand and evidence extended dependencies

Key takeaways

  • Supply chain risk is no longer a third-party problem. The real fragility often sits further down the chain.
  • Public signals and scraped data are useful clues, not ground truth. Critical dependencies usually only emerge when suppliers confirm them directly.
  • Concentration risk is rarely obvious until something breaks. Mapping dependencies before an incident is the difference between response and surprise.
  • Early-stage suppliers need structure and support to meet enterprise expectations, not just scrutiny.
  • Effective TPRM is a system of approaches, not a single tool. Questionnaires, live data, mapping, and supplier engagement all have different strengths.

Guest bio

Layla White is the founder of TechPassport, a platform focused on improving how organisations gather and manage supplier information, map extended supply chains, and engage early-stage technology providers. Layla previously worked in financial services procurement and vendor management, where she experienced first-hand the friction, delays, and blind spots that exist in traditional third-party onboarding and supply chain visibility.

Who this episode is for

  • Third-Party Risk and Operational Resilience leaders
  • Procurement and Vendor Management teams
  • Cyber and Cloud risk practitioners
  • Risk, Compliance, and Resilience professionals
  • Anyone grappling with fourth-party visibility, concentration risk, or supplier onboarding in complex ecosystems

Listen to the episode

🎧 Full episode: https://thirdpartytherapy.com

Tags / themes

TPRM, Fourth-Party Risk, Supply Chain Mapping, Concentration Risk, Operational Resilience, Early-Stage Suppliers, Cloud Dependencies, Cyber Resilience

00:00

48:10

episode artwork

15 December 2025

Third Party Therapy - Robert Hannigan - Cybercrime-as-a-Service, Data Poisoning and the future of Cyber Crime.

Great conversation with Robert Hannigan from Blue Voyant, former Director of GCHQ and author of "Counter Intelligence - What The Secret World Can Teach Us About Problem Solving & Creativity". Talking about the business model of cyber crime, how companies can protect themselves and the role of the human in combatting the cyber criminal.

00:00

59:06

episode artwork

01 December 2025

Third Party Therapy - Charlie Lewis - Beyond the Third: Navigating 4th Parties and Cyber Risk in TPRM

A great conversation with Charlie Lewis from McKinsey exploring the cyber risk that develops from a complex supply chain and how companies can take a business focussed approach to risk management

Read Charlie's article on Taking a business-critical approach to supplier nth-party IT risk management

Distributed in conjunction with CEFPRO Connect

00:00

57:02

Copyright © Third Party Therapy. All rights reserved.

Powered by