The Third Party Risk Institute Podcast cover art

The Third Party Risk Institute Podcast

The Third Party Risk Institute Podcast

By: Linda Tuck Chapman
Listen for free

Go beyond the headlines with The Third Party Risk Institute Podcast, the official podcast of Third Party Risk Institute.


Each episode brings you into the room with top experts in third-party risk, cybersecurity, procurement, governance, and compliance. Hear how risk leaders tackle real-world challenges, share lessons learned, and stay ahead of evolving threats.


We explore the strategies that work, the mistakes that teach, and the insights you won’t hear anywhere else.


Perfect for risk professionals, procurement leaders, auditors, and decision-makers who want to lead with confidence.


🎧 Subscribe now, new episodes drop monthly on Spotify, Apple Podcasts, YouTube Music, and Amazon Music.

© 2026 Third Party Risk Institute Ltd.
Economics Management Management & Leadership
Episodes
  • Stop Treating Every Vendor the Same: Daniel Liu on the Real Work of Third Party Risk
    Jun 29 2026

    In this episode of The Third Party Risk Institute Podcast, Linda Tuck Chapman speaks with Daniel Liu, Managing Director of Enterprise Risk Management at TMX Group, about what effective third-party risk management really looks like inside complex, regulated organizations.

    Daniel shares practical insights from his experience across enterprise risk management, operational risk, financial services, data analytics, and regulatory environments. The conversation explores how operational risk and TPRM functions should work together, why risk culture matters, and why risk teams must move beyond checklists, policies, and one-time due diligence.

    This episode covers key topics including third-party risk management, operational risk management, enterprise risk management, vendor segmentation, concentration risk, fourth-party risk, exit planning, regulatory expectations, operational resilience, OSFI expectations, first line and second line responsibilities, ongoing monitoring, and risk-based due diligence.

    Listeners will also hear why vendor segmentation should be based on criticality and inherent risk, not spend or relationship history, and why overlooked risks such as exit risk, subcontractor exposure, change in control, and scope creep can create serious operational and regulatory challenges.

    This is a valuable conversation for risk leaders, TPRM professionals, procurement teams, compliance officers, auditors, financial services executives, and anyone responsible for building stronger third-party risk and operational resilience programs.

    🎧 Enjoying the podcast?
    Explore more resources, expert insights, and certification programs at www.thirdpartyriskinstitute.com

    📱 Follow us on LinkedIn for real-world conversations and industry trends: Third Party Risk Institute Ltd.

    📬 Have a question or topic you'd like us to cover?
    Email us at: info@thirdpartyriskinstitute.com

    Show More Show Less
    1 hr and 1 min
  • Third-Party Risk Monitoring in 2026: Why Annual Vendor Reviews Are No Longer Enough
    Jun 22 2026

    Third-party risk is no longer something organizations can review once a year and file away for audit season. Vendor incidents now move in hours, regulators expect stronger oversight, and a single provider can disrupt hundreds of businesses at once.

    In this episode of the Third Party Risk Institute Podcast, we discuss why traditional annual questionnaires are falling short and why continuous third-party risk monitoring is becoming a core expectation for risk, procurement, compliance, cybersecurity, and vendor management teams.

    We cover what continuous monitoring really means, why security ratings should be treated as early-warning signals rather than final answers, and how organizations can monitor vendor risk across cybersecurity, operational resilience, financial health, concentration risk, fourth-party risk, and AI-related vendor exposure.

    You’ll also hear practical insights on DORA, NIST CSF 2.0, U.S. banking guidance, security ratings, KRIs, vendor risk dashboards, concentration risk, and the operating model needed to turn alerts into action.

    If your organization still relies heavily on point-in-time assessments, spreadsheets, or annual vendor reviews, this episode will help you rethink what effective third-party risk management should look like in 2026.

    🎧 Enjoying the podcast?
    Explore more resources, expert insights, and certification programs at www.thirdpartyriskinstitute.com

    📱 Follow us on LinkedIn for real-world conversations and industry trends: Third Party Risk Institute Ltd.

    📬 Have a question or topic you'd like us to cover?
    Email us at: info@thirdpartyriskinstitute.com

    Show More Show Less
    20 mins
  • The Future of Third-Party Risk Management: AI, Resilience, Cyber Risk, and What Comes Next with Matthew Moog
    May 29 2026

    Third-party risk management is changing fast. For years, many organizations have relied on questionnaires, point-in-time assessments, manual workflows, and fragmented ownership across procurement, cyber, compliance, resilience, privacy, model risk, and business teams. But with AI, cyber ratings, data ecosystems, shared assessments, trust centers, regulatory pressure, and operational resilience expectations becoming more important, the future of TPRM is moving beyond traditional vendor due diligence.

    In this episode of the Third Party Risk Institute Podcast, Linda Tuck Chapman speaks with Matthew Moog, Principal of Risk Managed Services at EY, about where third-party risk management is heading and what risk professionals need to understand now. Matt shares lessons from his career across EY, TrueSight, and OneTrust, including the challenges of standardizing assessments, building shared third-party risk utilities, using data before sending questionnaires, and rethinking how organizations assess, monitor, and respond to supplier risk.

    This conversation explores some of the biggest issues facing risk, procurement, cybersecurity, compliance, and operational resilience teams today, including:

    • Why traditional third-party risk assessments are no longer enough
    • How AI and automation may change vendor risk management workflows
    • Why the future of TPRM depends on better data, not more questionnaires
    • The role of cyber ratings, trust centers, attestations, certifications, and standardized data
    • How organizations can reduce fragmented third-party risk processes
    • Why operational resilience, fourth-party risk, and dependency mapping are becoming critical
    • How DORA, regulatory expectations, and global financial services guidance are shaping TPRM
    • Why human judgment still matters in an AI-enabled risk environment
    • What risk professionals should focus on to build a stronger career in TPRM

    Matt also shares practical career advice for professionals entering or growing in third-party risk management, operational risk, cyber risk, vendor risk, and governance roles.

    This episode is essential listening for anyone working in third-party risk management, vendor risk management, supplier risk, operational resilience, cybersecurity risk, regulatory compliance, procurement, financial services risk, AI governance, fourth-party risk, or enterprise risk management.

    🎧 Enjoying the podcast?
    Explore more resources, expert insights, and certification programs at www.thirdpartyriskinstitute.com

    📱 Follow us on LinkedIn for real-world conversations and industry trends: Third Party Risk Institute Ltd.

    📬 Have a question or topic you'd like us to cover?
    Email us at: info@thirdpartyriskinstitute.com

    Show More Show Less
    54 mins
adbl_web_anon_alc_button_suppression_t1
No reviews yet