Third Party Therapy

podcast artwork

Podcast by Mike Day

Third Party Therapy

A bi-weekly podcast about the world of third party risk. Many of us are in the same position, facing ever evolving challenges, trying to keep up with new regulations and laws and it often feels like we are struggling to keep up. I want to really open up the conversation on this topic by speaking with practitioners to discuss key topics, understand what worked well and what went wrong, what people struggle with and to bring in ideas from other industries too. I’ll be asking the questions that folks may feel silly or uncomfortable asking too. So, why not join me for a series of informal interviews and discussions to really open up the conversation for the third party risk community?

Latest episodes

episode artwork

29 June 2026

Third Party Therapy - Chloe Dellow - Walk Before You Run: AI, TPRM Maturity and the Build vs Buy Decision

What does a successful TPRM transformation actually look like — and why do so many organisations get it wrong?

Mike sits down with Chloe Dellow, TPRM and GRC specialist at Diligent, who brings nearly eight years of experience helping organisations build, mature and optimise their third party risk programmes. Chloe offers a frank, experience-led perspective on why technology should enable a well-defined programme — not compensate for an absent one.

In this episode:

🔍 Why most organisations should sort their operating model before they even open an RFP ⚠️ The "magpie effect" — chasing features before understanding your own problem 🤖 How AI is entering TPRM in phases, from SOC 2 document review to continuous monitoring 🔨 Why the build vs buy debate is back — and the hidden risks of going DIY 🧩 Why AI risk isn't really "emerging", and what that reframing means for your framework ✈️ Which industries actually do supply chain visibility well (aerospace and automotive may surprise you) 🔄 The biggest mistake organisations make when switching platforms — and how to avoid rewriting history

Whether you're just starting out or looking to optimise a mature programme, this is a practical and honest conversation about what good looks like in TPRM today.

Timestamps 00:00 Introduction 02:15 Chloe's background — from JavaScript to TPRM advisory 06:30 How TPRM technology has evolved 11:00 Regulatory pressure and programme maturity 16:45 Helping clients through the "where do I start" problem 23:00 The magpie effect and the risk of over-configuration 29:30 AI adoption in TPRM — phased approaches and real use cases 38:00 Build vs buy — and the shadow AI risk 45:00 Is AI really an emerging risk? 51:30 Supply chain visibility — who gets it right? 58:00 What goes wrong in TPRM transformations 1:04:00 Where to start before you go to market

Guest: Chloe Dellow, Diligent Host: Mike Day

🔔 Subscribe for more episodes | 🌐 thirdpartytherapy.com | 📧 Sign up to the mailing list

#TPRM #ThirdPartyRisk #GRC #RiskManagement #AI #OperationalResilience #DORA #Compliance #Podcast

00:00

55:49

episode artwork

16 June 2026

Third Party Therapy - Dave Rusher - Is TPRM Actually Mature? AI, Cross-Sector Lessons & Getting Started Right

In this episode of Third Party Therapy, Mike Day is joined by Dave Rusher, Chief Customer Officer at Aravo, one of the longest-standing dedicated TPRM technology platforms. With 15 years at Aravo and decades of experience across the Americas, UK, Europe and Asia-Pacific, Dave brings a genuinely global perspective on how third party risk management has evolved — and where it still has growing up to do.

They cover the maturity landscape across financial services, pharma and manufacturing, the real-world AI use cases that are already delivering results, and the three most common mistakes organisations make when implementing TPRM technology. Whether you're just starting your TPRM journey or trying to evolve an existing programme, this episode is packed with practical insight.

Topics covered in this episode:

  • How TPRM maturity differs across financial services, pharma and manufacturing — and why FS and pharma led the way
  • The difference between a US "compliance-driven" approach and a more principles-based European one
  • Why manufacturing actually has a head start on Nth-party visibility and ESG — and what FS can learn from it
  • The cross-sector skills that are genuinely portable (anti-bribery/anti-corruption, cybersecurity) versus those that aren't
  • The consolidation vs. diversification tension in TPRM technology ecosystems
  • Where AI is delivering tangible results today — and why cyber/infosec assessment automation is the most mature use case
  • Why getting AI approved internally is often the biggest blocker to adoption in regulated industries
  • How shadow AI usage by employees is compressing organisations' due diligence timelines
  • Dave's three biggest TPRM implementation pitfalls: overestimating maturity, overcomplicating scope, and over-relying on technology
  • Why iterative, objectives-first implementation beats the traditional ERP-style "big bang" rollout
  • How Aravo is building AI capabilities along two parallel tracks — for customers who are ready and those who aren't yet

Timestamps: 00:00 — Introduction 02:00 — Dave's background and 15 years at Aravo 04:30 — How TPRM maturity varies by sector and region 10:00 — Manufacturing vs. financial services: who's ahead and where 15:30 — Cross-sector lessons: what's portable, what isn't 20:00 — Technology trends: consolidation vs. proliferation 25:00 — AI in TPRM: hype vs. reality 31:00 — The biggest AI use case delivering results today 37:00 — Why internal AI approval processes are the real bottleneck 43:00 — AI as a "tool not a transformation" — Mike's take 47:00 — Aravo's AI development roadmap 53:00 — The three TPRM implementation mistakes to avoid 58:00 — Where to start: outcomes-first, iterative delivery

00:00

54:42

episode artwork

06 April 2026

Third Party Therapy - Prof. Richard Wilding OBE | The Academic Lens on Supply Chain Resilience

How do you build a supply chain that doesn't just survive disruption but thrives through it? Mike Day is joined by Professor Richard Wilding OBE, Emeritus Professor of Supply Chain Strategy, to bridge the gap between academic theory and frontline risk management.

Professor Wilding shares his expert perspective on why the "Cost to Serve" must be applied to risk, how to segment vendors effectively, and why "Robustness" is no longer enough in a volatile global economy.

🕒 Timestamps:

  • 00:00 – Introduction: Bringing the Academic Lens to TPRM.
  • 03:45 – Richard’s journey: From Engineering and the "Brit Industry" to OBE.
  • 14:20 – Why "Efficiency" is a dangerous goal for modern supply chains.
  • 25:10 – Resilience vs. Robustness: What’s the difference?
  • 38:45 – The Cost to Serve: Why you shouldn't treat every vendor the same.
  • 52:30 – Advice for the next generation of supply chain leaders.

SEO Keywords: #SupplyChain #Logistics #Procurement #RichardWilding #RiskManagement #Resilience #Strategy #OBE

00:00

54:16

episode artwork

23 March 2026

Third Party Therapy - Clarence Chio | The Pace of TPRM: Faster Horses or a New Way to Travel?

Is the pace of change in Third-Party Risk Management (TPRM) keeping up with the complexities of the modern marketplace? In this episode of Third Party Therapy, Mike Day sits down with Clarence Chio, founder of Coverbase.

Clarence, a Stanford-trained engineer and cybersecurity veteran, shares his unique perspective on the "assessor fatigue" felt by both sides of the table. They dive deep into how AI can move beyond just making existing processes "faster horses" and instead fundamentally change how trust is established between organizations.

🕒 Timestamps

00:00 – Introduction: Is TPRM falling behind the market?

03:45 – Clarence’s Journey: From Stanford to Anti-Money Laundering (AML)

12:10 – The "Assessor’s Dilemma": Why busy work doesn't always equal risk reduction

21:30 – The Pace of Change: Why traditional assessments are static in a dynamic world

30:50AI & Coverbase: Moving from manual checklists to automated trust

38:15 – The "Faster Horse" Problem: Re-imagining the future of TPRM

47:40 – Elevating the Job: How automation allows risk managers to focus on strategy

55:30 – Closing thoughts: Mapping out the next 5 years of TPRM

💡 Key Takeaways

  • The Problem with Static Assessments: Clarence explains why an annual review is often obsolete the moment it's finished and how the pace of software updates requires a new approach to monitoring.
  • Assessor Fatigue: Insight into why critical vendors feel "put through the wringer" and how this friction actually hinders true risk transparency.
  • AI as an Efficiency Engine: How Coverbase uses AI to bridge the gap, allowing for a more holistic and real-time understanding of vendor security postures.
  • Rethinking the Function: Why the industry needs to stop asking for "faster horses" (doing the same manual tasks quicker) and start looking for the "automobile" (fundamentally changing the workflow).

🔗 Connect & Resources

Search & SEO

Keywords: #TPRM #ThirdPartyRisk #ClarenceChio #Coverbase #Cybersecurity #AI #RiskAutomation #VendorManagement #SupplyChainSecurity #ThirdPartyTherapy #Innovation

00:00

57:26

episode artwork

11 March 2026

Third Party Therapy - Mo Randeree - TPRM at Speed: Using AI to Bridge the Gap Between Risk and Procurement

Episode Summary: How do you build a world-class Third-Party Risk Management (TPRM) function in a digital-first, fast-paced environment? In this episode of Third Party Therapy, Mike Day sits down with Mo Randeree from Atom Bank. Mo shares his journey from a PwC auditor to a TPRM leader, discussing how to break down the traditional silos between Procurement, Risk, and Resilience.

The highlight of this episode is Mo’s deep dive into the practical use of Google Gemini (AI) to automate risk assessments, moving the dial from "policing" the business to "partnering" with it.

🕒 Timestamps

00:00 – Introduction: Managing risk at the speed of a digital bank

03:45 – Mo’s Background: Stumbling into TPRM via PwC

12:10 – The Integrated Operating Model: Merging Procurement, TPRM, and Resilience

20:30 – Speed to Market: Why "Check-the-Box" compliance doesn't work in FinTech

28:50AI in Action: Using Google Gemini to solve the "data mountain" problem

37:15 – Shifting the Culture: Moving from a "No" function to a "Business Enabler"

45:40 – Proactive Supplier Management: Having hard conversations about control gaps

53:00 – Closing thoughts and advice for the next generation of risk leaders

💡 Key Takeaways

  • The "One-Stop-Shop" Model: Discover how Atom Bank integrates procurement and risk into a single lifecycle, ensuring risk is considered at the start of a project, not as a final hurdle.
  • Leveraging Generative AI: Mo explains the specific prompts and processes used with Google Gemini to digest complex supplier documents, allowing a lean team to achieve massive scale.
  • Bridging the Gap: Practical tips on how to align the conflicting goals of Procurement (speed/cost) and Risk (safety/compliance).
  • Relationship-Driven Risk: Why the most effective TPRM tool isn't a piece of software, but the ability to build trust across the organization.

🔗 Connect & Resources

  • Official Website: thirdpartytherapy.com
  • Join the Community: Sign up for our mailing list to receive our "AI in TPRM" guide.
  • Guest Info: Connect with Mo Randeree on LinkedIn to follow his work at Atom Bank.

Search & SEO

Keywords: #TPRM #ThirdPartyRisk #AtomBank #GoogleGemini #GenerativeAI #RiskManagement #ProcurementStrategy #FinTech #BusinessResilience #ThirdPartyTherapy #SupplyChainRisk

00:00

52:37

episode artwork

23 February 2026

Third Party Therapy - Layla White - Beyond Third Parties: Mapping Fourth-Party Risk and Early-Stage Suppliers

Beyond Third Parties: Mapping Fourth-Party Risk and Early-Stage Suppliers – with Layla White (TechPassport)

Episode overview

Season 2 opens with a practical deep dive into one of the hardest problems in modern third-party risk management: understanding what sits beyond your immediate suppliers. Mike is joined by Layla White, founder of TechPassport, to unpack why fourth- and fifth-party dependencies remain opaque, how early-stage suppliers change the risk profile, and why traditional questionnaires and web-scraping approaches struggle to keep up with today’s supply chains.

The conversation blends lived experience from financial services procurement and vendor management with a grounded look at how supply chain mapping actually works in the wild, where outages, cloud concentration, geopolitics, and cyber incidents collide.

What you’ll hear in this episode

  • Why fourth- and fifth-party risk is still a blind spot for many organisations
  • The limits of questionnaires and AI/web-scraped data for mapping supply chains
  • How to identify critical dependencies deeper in the supply chain
  • The problem of hidden concentration risk (especially with cloud and shared infrastructure)
  • Why small suppliers and early-stage tech firms introduce different resilience risks
  • The importance of validating supplier-provided data rather than guessing from public sources
  • How outages propagate through unseen dependencies
  • Why supply chain risk now stretches beyond cyber into resilience, data, ESG, and modern slavery
  • Where regulation is pushing firms to understand and evidence extended dependencies

Key takeaways

  • Supply chain risk is no longer a third-party problem. The real fragility often sits further down the chain.
  • Public signals and scraped data are useful clues, not ground truth. Critical dependencies usually only emerge when suppliers confirm them directly.
  • Concentration risk is rarely obvious until something breaks. Mapping dependencies before an incident is the difference between response and surprise.
  • Early-stage suppliers need structure and support to meet enterprise expectations, not just scrutiny.
  • Effective TPRM is a system of approaches, not a single tool. Questionnaires, live data, mapping, and supplier engagement all have different strengths.

Guest bio

Layla White is the founder of TechPassport, a platform focused on improving how organisations gather and manage supplier information, map extended supply chains, and engage early-stage technology providers. Layla previously worked in financial services procurement and vendor management, where she experienced first-hand the friction, delays, and blind spots that exist in traditional third-party onboarding and supply chain visibility.

Who this episode is for

  • Third-Party Risk and Operational Resilience leaders
  • Procurement and Vendor Management teams
  • Cyber and Cloud risk practitioners
  • Risk, Compliance, and Resilience professionals
  • Anyone grappling with fourth-party visibility, concentration risk, or supplier onboarding in complex ecosystems

Listen to the episode

🎧 Full episode: https://thirdpartytherapy.com

Tags / themes

TPRM, Fourth-Party Risk, Supply Chain Mapping, Concentration Risk, Operational Resilience, Early-Stage Suppliers, Cloud Dependencies, Cyber Resilience

00:00

48:10

Copyright © Third Party Therapy. All rights reserved.

Powered by