Third Party Therapy

Podcast by Mike Day

Third Party Therapy

A bi-weekly podcast about the world of third party risk. Many of us are in the same position, facing ever evolving challenges, trying to keep up with new regulations and laws and it often feels like we are struggling to keep up. I want to really open up the conversation on this topic by speaking with practitioners to discuss key topics, understand what worked well and what went wrong, what people struggle with and to bring in ideas from other industries too. I’ll be asking the questions that folks may feel silly or uncomfortable asking too. So, why not join me for a series of informal interviews and discussions to really open up the conversation for the third party risk community?

Listen onApple Podcasts

Listen onSpotify

Listen onDeezer

Latest episodes

23 March 2026

Third Party Therapy - Clarence Chio | The Pace of TPRM: Faster Horses or a New Way to Travel?

Is the pace of change in Third-Party Risk Management (TPRM) keeping up with the complexities of the modern marketplace? In this episode of Third Party Therapy, Mike Day sits down with Clarence Chio, founder of Coverbase.

Clarence, a Stanford-trained engineer and cybersecurity veteran, shares his unique perspective on the "assessor fatigue" felt by both sides of the table. They dive deep into how AI can move beyond just making existing processes "faster horses" and instead fundamentally change how trust is established between organizations.

🕒 Timestamps

00:00 – Introduction: Is TPRM falling behind the market?

03:45 – Clarence’s Journey: From Stanford to Anti-Money Laundering (AML)

12:10 – The "Assessor’s Dilemma": Why busy work doesn't always equal risk reduction

21:30 – The Pace of Change: Why traditional assessments are static in a dynamic world

30:50 – AI & Coverbase: Moving from manual checklists to automated trust

38:15 – The "Faster Horse" Problem: Re-imagining the future of TPRM

47:40 – Elevating the Job: How automation allows risk managers to focus on strategy

55:30 – Closing thoughts: Mapping out the next 5 years of TPRM

💡 Key Takeaways

The Problem with Static Assessments: Clarence explains why an annual review is often obsolete the moment it's finished and how the pace of software updates requires a new approach to monitoring.
Assessor Fatigue: Insight into why critical vendors feel "put through the wringer" and how this friction actually hinders true risk transparency.
AI as an Efficiency Engine: How Coverbase uses AI to bridge the gap, allowing for a more holistic and real-time understanding of vendor security postures.
Rethinking the Function: Why the industry needs to stop asking for "faster horses" (doing the same manual tasks quicker) and start looking for the "automobile" (fundamentally changing the workflow).

🔗 Connect & Resources

Official Website: thirdpartytherapy.com
Guest Info: Learn more about Clarence Chio and Coverbase at Clarence Chio | LinkedIn

Search & SEO

Keywords: #TPRM #ThirdPartyRisk #ClarenceChio #Coverbase #Cybersecurity #AI #RiskAutomation #VendorManagement #SupplyChainSecurity #ThirdPartyTherapy #Innovation

00:00

57:26

11 March 2026

Third Party Therapy - Mo Randeree - TPRM at Speed: Using AI to Bridge the Gap Between Risk and Procurement

TPRM at Speed: Using AI to Bridge the Gap Between Risk and Procurement

Episode Summary: How do you build a world-class Third-Party Risk Management (TPRM) function in a digital-first, fast-paced environment? In this episode of Third Party Therapy, Mike Day sits down with Mo Randeree from Atom Bank. Mo shares his journey from a PwC auditor to a TPRM leader, discussing how to break down the traditional silos between Procurement, Risk, and Resilience.

The highlight of this episode is Mo’s deep dive into the practical use of Google Gemini (AI) to automate risk assessments, moving the dial from "policing" the business to "partnering" with it.

🕒 Timestamps

00:00 – Introduction: Managing risk at the speed of a digital bank

03:45 – Mo’s Background: Stumbling into TPRM via PwC

12:10 – The Integrated Operating Model: Merging Procurement, TPRM, and Resilience

20:30 – Speed to Market: Why "Check-the-Box" compliance doesn't work in FinTech

28:50 – AI in Action: Using Google Gemini to solve the "data mountain" problem

37:15 – Shifting the Culture: Moving from a "No" function to a "Business Enabler"

45:40 – Proactive Supplier Management: Having hard conversations about control gaps

53:00 – Closing thoughts and advice for the next generation of risk leaders

💡 Key Takeaways

The "One-Stop-Shop" Model: Discover how Atom Bank integrates procurement and risk into a single lifecycle, ensuring risk is considered at the start of a project, not as a final hurdle.
Leveraging Generative AI: Mo explains the specific prompts and processes used with Google Gemini to digest complex supplier documents, allowing a lean team to achieve massive scale.
Bridging the Gap: Practical tips on how to align the conflicting goals of Procurement (speed/cost) and Risk (safety/compliance).
Relationship-Driven Risk: Why the most effective TPRM tool isn't a piece of software, but the ability to build trust across the organization.

🔗 Connect & Resources

Official Website: thirdpartytherapy.com
Join the Community: Sign up for our mailing list to receive our "AI in TPRM" guide.
Guest Info: Connect with Mo Randeree on LinkedIn to follow his work at Atom Bank.

Search & SEO

Keywords: #TPRM #ThirdPartyRisk #AtomBank #GoogleGemini #GenerativeAI #RiskManagement #ProcurementStrategy #FinTech #BusinessResilience #ThirdPartyTherapy #SupplyChainRisk

00:00

52:37

23 February 2026

Third Party Therapy - Layla White - Beyond Third Parties: Mapping Fourth-Party Risk and Early-Stage Suppliers

Beyond Third Parties: Mapping Fourth-Party Risk and Early-Stage Suppliers – with Layla White (TechPassport)

Episode overview

Season 2 opens with a practical deep dive into one of the hardest problems in modern third-party risk management: understanding what sits beyond your immediate suppliers. Mike is joined by Layla White, founder of TechPassport, to unpack why fourth- and fifth-party dependencies remain opaque, how early-stage suppliers change the risk profile, and why traditional questionnaires and web-scraping approaches struggle to keep up with today’s supply chains.

The conversation blends lived experience from financial services procurement and vendor management with a grounded look at how supply chain mapping actually works in the wild, where outages, cloud concentration, geopolitics, and cyber incidents collide.

What you’ll hear in this episode

Why fourth- and fifth-party risk is still a blind spot for many organisations
The limits of questionnaires and AI/web-scraped data for mapping supply chains
How to identify critical dependencies deeper in the supply chain
The problem of hidden concentration risk (especially with cloud and shared infrastructure)
Why small suppliers and early-stage tech firms introduce different resilience risks
The importance of validating supplier-provided data rather than guessing from public sources
How outages propagate through unseen dependencies
Why supply chain risk now stretches beyond cyber into resilience, data, ESG, and modern slavery
Where regulation is pushing firms to understand and evidence extended dependencies

Key takeaways

Supply chain risk is no longer a third-party problem. The real fragility often sits further down the chain.
Public signals and scraped data are useful clues, not ground truth. Critical dependencies usually only emerge when suppliers confirm them directly.
Concentration risk is rarely obvious until something breaks. Mapping dependencies before an incident is the difference between response and surprise.
Early-stage suppliers need structure and support to meet enterprise expectations, not just scrutiny.
Effective TPRM is a system of approaches, not a single tool. Questionnaires, live data, mapping, and supplier engagement all have different strengths.

Guest bio

Layla White is the founder of TechPassport, a platform focused on improving how organisations gather and manage supplier information, map extended supply chains, and engage early-stage technology providers. Layla previously worked in financial services procurement and vendor management, where she experienced first-hand the friction, delays, and blind spots that exist in traditional third-party onboarding and supply chain visibility.

Who this episode is for

Third-Party Risk and Operational Resilience leaders
Procurement and Vendor Management teams
Cyber and Cloud risk practitioners
Risk, Compliance, and Resilience professionals
Anyone grappling with fourth-party visibility, concentration risk, or supplier onboarding in complex ecosystems

Listen to the episode

🎧 Full episode: https://thirdpartytherapy.com

Tags / themes

TPRM, Fourth-Party Risk, Supply Chain Mapping, Concentration Risk, Operational Resilience, Early-Stage Suppliers, Cloud Dependencies, Cyber Resilience

00:00

48:10

15 December 2025

Third Party Therapy - Robert Hannigan - Cybercrime-as-a-Service, Data Poisoning and the future of Cyber Crime.

Great conversation with Robert Hannigan from Blue Voyant, former Director of GCHQ and author of "Counter Intelligence - What The Secret World Can Teach Us About Problem Solving & Creativity". Talking about the business model of cyber crime, how companies can protect themselves and the role of the human in combatting the cyber criminal.

00:00

59:06

01 December 2025

Third Party Therapy - Charlie Lewis - Beyond the Third: Navigating 4th Parties and Cyber Risk in TPRM

A great conversation with Charlie Lewis from McKinsey exploring the cyber risk that develops from a complex supply chain and how companies can take a business focussed approach to risk management

Read Charlie's article on Taking a business-critical approach to supplier nth-party IT risk management

Distributed in conjunction with CEFPRO Connect

00:00

57:02

16 November 2025

Third Party Therapy - Natalie Druckmann - AI Unleashed: Transforming Third-Party Risk

Third Party Therapy – Episode 13

AI Unleashed: Transforming Third-Party Risk

Guest: Natalie Druckmann, Head of EMEA at Certa

Host: Mike Day

Episode Summary

How is artificial intelligence reshaping third-party risk management? In this episode, Mike Day speaks with Natalie Druckmann from Certa, exploring how AI can transform due diligence, regulatory compliance, and supplier oversight. Natalie shares her journey from delivery and procurement into technology leadership, before unpacking the real-world use cases that are redefining TPRM—from automating document review to interpreting complex regulations like DORA. Together, they discuss how organisations can move from spreadsheet chaos to continuous monitoring, and from compliance overhead to strategic insight.

Key Topics

Natalie's path from practitioner to tech leader
The evolution of TPRM tech: from Excel → platforms → modular AI solutions
Industry maturity: financial services vs pharma, retail, and defence
Using AI to analyse supplier evidence, interpret new regulations, and enable 'risk management by exception'
Why 'process → people → platform' is the right order for success
Common pitfalls in adopting technology
The future of TPRM: faster onboarding, smarter risk insight, and human + AI collaboration

Memorable Quotes

“We fixed the problem of not knowing—and created the problem of knowing too much.”

“AI in TPRM isn’t about replacing people; it’s about freeing them to focus where it matters.”

“Process first, people second, platform third.”

Takeaways

✅ Start with why and who, before deciding what or how.

✅ Design your process first—technology won’t fix a broken one.

✅ Use AI for transparency, not black-box decisions.

✅ Adopt a base-plate approach: start simple, build as you mature.

✅ Aim for risk management by exception, not exhaustion.

Links & Resources

🌐 thirdpartytherapy.com – show archive

🤖 certa.ai – learn more about Certa’s AI-driven risk solutions

💬 Connect with Mike Day on LinkedIn for future episodes

00:00

01:09:09