In this episode of The Third Party Risk Institute Podcast, we sit down with Vishal Thakkar, Chief Risk Officer at the Options Clearing Corporation (OCC), to explore what it takes to manage third-party risk at the world's largest equity derivatives clearing organization, designated as a Systemically Important Financial Market Utility (SIFMU). Given OCC's profound interconnectedness within the financial ecosystem, their approach to risk management sets a benchmark for market integrity and stability.

With over 20 years of experience leading risk, regulatory compliance, operational management, cybersecurity, and internal audit functions across various organizations, Vishal shares a behind-the-scenes view of how OCC safeguards market integrity by delivering reliable clearing and settlement services for millions of transactions globally. Drawing from his unique vantage point, having worked in all three lines of defence, Vishal provides invaluable insights into building resilient risk programs and navigating complex regulatory expectations.

What we cover in this episode:

• OCC’s lifecycle-based third-party risk management (TPRM) framework
• Defining the “extended enterprise” to include non-vendor critical entities
• Using scenario analysis to test operational resilience
• Aligning the three lines of defence in risk governance
• Rationalizing controls for efficiency
• Board engagement on outsourcing and cloud strategy

You’ll walk away with practical guidance on:

• How to identify “crown jewel” third parties
• Strategies to scale TPRM without losing control
• Applying standards like NIST CSF, ISO, and Interagency Guidance
• How OCC prepares for regulatory reviews and evolves its risk posture

This episode is perfect for:

• Chief Risk Officers and other risk management professionals.

• Internal auditors and compliance officers.

• Cybersecurity leaders and professionals.

• Business leaders and operational managers responsible for critical third-party relationships.

• Anyone dedicated to building robust risk management frameworks and operational resilience in financial services, critical infrastructure, or other highly regulated industries.

🎧 Enjoying the podcast?
Explore more resources, expert insights, and certification programs at www.thirdpartyriskinstitute.com

📱 Follow us on LinkedIn for real-world conversations and industry trends: Third Party Risk Institute Ltd.

📬 Have a question or topic you'd like us to cover?
Email us at: info@thirdpartyriskinstitute.com

In this episode of The Third Party Risk Institute Podcast, we sit down with David Dunn, Chief Risk Officer at FIS, to explore what it takes to manage third party risk at a global fintech that serves as a systemically significant service provider to thousands of banks worldwide.

With 30+ years of experience leading risk and audit functions across top financial institutions, including Bank of America, PNC, and Truist, David shares a behind-the-scenes view of how to build resilient risk programs, navigate regulatory expectations like interagency guidance and DORA, and align innovation with a strong risk appetite.

Whether you’re leading a TPRM program in a regulated industry or working with critical vendors, this episode will help you rethink how to scale your program without losing sight of risk ownership, performance, and resilience.

What we cover in this episode:
• The role of fintechs in global financial infrastructure and the regulatory pressure they face
• Why outsourcing services doesn’t mean outsourcing risk
• How FIS manages concentration risk, critical dependencies, and long-tail events
• What it means to be a "systemically significant service provider" under regulatory scrutiny
• Leveraging AI for internal security and innovation in product development
• Risk appetite: balancing innovation with a conservative approach to risk-taking
• The growing importance of managing nth party (4th, 5th+) risks
• How to operationalize interagency guidance and DORA within large-scale risk programs. And a lot more.

You’ll walk away with practical guidance on:
• Applying interagency guidance and DORA to third-party risk
• Designing scalable vendor management frameworks
• Integrating AI into risk management and product design responsibly
• Managing concentration and systemic risk with contingency planning
• Building RCSAs that extend beyond surface-level checks
• Identifying and assessing material fourth parties tied to core operations
• Reinforcing your Three Lines of Defence with accountability and clarity
• Optimizing SOC reports for assurance, not just compliance
• Structuring SLAs that are strategic and useful
• Improving relationship oversight and vendor offboarding processes
• Communicating risk clearly to internal stakeholders and executive leadership

This episode is perfect for:
• Chief Risk Officers (CROs)
• Risk and Audit Leaders
• Procurement and Third-Party Program Managers
• Compliance and Governance Professionals
• CISOs and Information Security Executives
• Business Resilience and Operational Risk Managers
• Anyone working with critical vendors in finance, fintech, or tech

🎧 Enjoying the podcast?
Explore more resources, expert insights, and certification programs at www.thirdpartyriskinstitute.com

📱 Follow us on LinkedIn for real-world conversations and industry trends: Third Party Risk Institute Ltd.

📬 Have a question or topic you'd like us to cover?
Email us at: info@thirdpartyriskinstitute.com

Global supply chains are under siege. In this episode of the Third Party Risk Institute podcast, we explore the ripple effects of the 2025 global tariff wave and its growing impact on third-party risk, supplier relationships, and operational resilience.

You’ll hear how sweeping trade measures from the U.S., China, and beyond are creating real-world challenges for organizations, including:

• Spiking vendor costs and supplier renegotiations
• Delays and disruptions in global logistics
• Regulatory risks tied to sanctions, export controls, and tariff classifications
• Rising financial instability among vendors and fourth parties
• Real cases from auto, tech, retail, and energy sectors

We also unpack practical TPRM strategies that can help companies mitigate tariff-related risks:

• Supply chain diversification and localization
• Smarter due diligence and ongoing vendor monitoring
• Contract adjustments for tariff clauses and force majeure
• Scenario planning, supplier audits, and cross-functional playbooks

🎧 Whether you’re in procurement, supply chain, compliance, or risk management, this episode offers clear, actionable insights to help you stay ahead of trade-induced third-party risks.

🔗 Explore our resources and certifications at: https://thirdpartyriskinstitute.com

🎧 Enjoying the podcast?
Explore more resources, expert insights, and certification programs at www.thirdpartyriskinstitute.com

📱 Follow us on LinkedIn for real-world conversations and industry trends: Third Party Risk Institute Ltd.

📬 Have a question or topic you'd like us to cover?
Email us at: info@thirdpartyriskinstitute.com

In this episode of The Third Party Risk Institute Podcast, we explore what it really takes to build a successful Third Party Risk Management (TPRM) program from the ground up or improve the one you already have.

Whether you're starting fresh or reassessing your current framework, this episode breaks down the seven foundational steps to help you structure a program that supports business objectives, regulatory expectations, and real-world risk mitigation.

What we cover in this episode:

• What Third-Party Risk Management really means (beyond the checkboxes)
• Common challenges and why many programs fail to scale
• The 7 essential building blocks of an effective TPRM program
• How to align TPRM with your enterprise risk and procurement functions
• Tips to avoid overwhelm while increasing efficiency and visibility
• Where most teams go wrong and how to fix it

You’ll walk away with practical guidance on:

• Governance structures that work
• Risk segmentation and lifecycle controls
• Crafting policy, standards, and procedures that are realistic (and enforceable)
• Managing stakeholders and getting executive buy-in
• Tools and frameworks to support your operations in 2025 and beyond

This episode is based on the insights from our popular blog post, "Build a Winning Third Party Risk Management Program," which has already helped hundreds of risk professionals clarify and upgrade their approach.

View Blog: https://thirdpartyriskinstitute.com/build-a-winning-third-party-risk-management-program/

This Episode is Perfect for:

• Risk Managers
• Procurement Leaders
• Compliance and Governance Professionals
• Internal Auditors
• CISOs and Vendor Risk Analysts

Want more?

Visit Third Party Risk Institute Ltd to explore our certification programs, downloadable templates, and upcoming events designed for professionals serious about advancing their TPRM capabilities.

🎧 Enjoying the podcast?
Explore more resources, expert insights, and certification programs at www.thirdpartyriskinstitute.com

📱 Follow us on LinkedIn for real-world conversations and industry trends: Third Party Risk Institute Ltd.

📬 Have a question or topic you'd like us to cover?
Email us at: info@thirdpartyriskinstitute.com