Search Results

Many third-party risk management (TPRM) programs today have reached a level of operational maturity. They have defined processes, lifecycle coverage, and established workflows for intake, due diligence, and monitoring. But a critical question remains: Is your program actually improving—or just maintaining the status quo? In this episode of the TPRM Exchange Podcast , Hilary , Senior Membership & Education Coordinator at TPRA, speaks with Keith Frantz, Director of Vendor Management at Prosper Marketplace, to explore the difference between maturity and true progress, emphasizing that strong programs continuously evolve alongside changing risks, technologies, and business needs. “If it’s a check-the-box exercise, you have room for improvement.” From identifying signs of stagnation to adapting for emerging risks like AI, this conversation highlights practical ways practitioners can refine assessments, strengthen monitoring, and deliver more meaningful insights to the business. What You’ll Learn Why maturity doesn’t equal improvement Signs your TPRM program may be stagnant How to modernize risk assessments and evidence standards The growing impact of AI and emerging risk domains How better reporting and monitoring drive stronger decisions Why collaboration across procurement, legal, and the business is critical Key Takeaway “Collaboration, communication, and education—that’s what makes a program successful.” About the Guest Keith Frantz, Prosper Marketplace Graduate of Baylor University, worked in Financial Industry for over 20 years under numerous umbrellas. While in the mortgage industry, I worked primarily in default and risk management providing oversight for mortgage servicers. After moving to risk and vendor management, I have built and matured several programs at different companies and now oversee Procurement, Third Party Risk, and Internal Controls for Prosper Marketplace. Have a question or topic idea? Send us your suggestions at: pod@tprassociation.org

It's impossible to ignore what's happening in the world these days. Headlines are nonstop, commentary is everywhere, and every update appears urgent. Many news stories are meant to grab attention or push an agenda, but not all deserve equal focus. For third party risk management (TPRM) teams, the main challenge isn't just keeping up with the news. It's figuring out what actually matters. With so much information available, the important part is connecting outside events to your key third parties, suppliers, and services, and then deciding if you need to take action. Geopolitical issues do not always arrive as dramatic, obvious events, although sometimes they do. War breaks out. Military tensions escalate. Governments impose sudden restrictions. Just as often, the impact shows up through day-to-day operations. A third party can look perfectly fine in a due diligence review and still carry real exposure because of where it operates, what it relies on, and how those dependencies are structured Geography as a Starting Point, Not the Full Picture In many TPRM programs, geography is treated as a separate risk factor. Teams look at where a third party is based, where it operates, and which laws apply. Geography sets the foundation and shapes the legal, regulatory, and business environment for that third party .  Geopolitical risk changes how we think about geography . A place that once seemed stable can quickly become difficult to operate in if sanctions shift, governments add new rules, or broader instability starts to impact business. When Stability Shifts Without Warning  A region that seemed stable can change quickly. Conflict, political decisions, or new regulations can alter operating conditions with little notice. Third parties and key suppliers that looked safe yesterday might need attention today, even if the third party itself hasn't changed.  That's the challenge so many TPRM teams face right now.  The issue isn’t just that instability happens. It’s how fast it can impact critical third parties and their sub-servicers, even when you have strong due diligence and monitoring in place.  A third party in a country that has been stable in the past can still face problems because of its dependencies. Subcontractors, infrastructure providers, logistics networks, and supply chains can all bring risk. Changes in regulations and cross-border rules can also affect how services are delivered.  The impact doesn’t have to be local to be real . It often shows up as disruptions, delays, or changes in how services operate.  Programs that solely depend on periodic reassessment will feel those impacts first. By the time the next review comes around, the situation might already be affecting operations.  The Impacts of Geopolitical Events  When things change, the impact rarely stays in just one area. It usually affects several risk areas at once.  Operational disruption as service delivery slows or degrades  Compliance pressure as sanctions, restrictions, or regulatory expectations change  Dependency exposure as subcontractors and providers are affected  Concentration risk when multiple services rely on the same region or provider  Geography is only the starting point. The real impact comes from how it influences the rest of your third party ecosystem.  What Deserves your Attention  This is where context and nuance matter. The event that gets the most attention isn’t always the one with the biggest impact on your operations. A major event somewhere in the world might not affect your third parties, but a quieter regulatory or policy change could have immediate effects on your operations, data, supply chain, or service delivery.  The practical question is simple: Does this event connect to a specific third party, supplier, service, location, dependency, or requirement that matters right now? If you’re not sure, that’s where you should start looking.  Where the Real Exposure Sits  Organizations will often gather information about dependencies during due diligence, but that’s not the same as thoroughly assessing those dependencies. It also doesn’t mean the third party has examined its own third parties, providers, or sub-servicers as closely.  The question is not always whether the third party itself is in an unstable region. Sometimes the third party looks fine, its geography looks fine, and the real issue sits deeper in the chain. Sub-servicers, supply chains, and infrastructure can be affected long before the direct third party shows visible signs of strain.  Where Monitoring May Fall Short Many people use headline alerts, news aggregators, and general monitoring tools. These might help you stay informed, but more often create a lot of noise without much guidance.  They tell you what’s happening, but not whether it matters for your third party environment.  Where Risk Intelligence and Alert Services Add Value  Risk intelligence services are more effective because they are designed to connect outside events to your third party group.  Different services offer different capabilities. Some focus on company-level monitoring and alert you when a specific third party is affected. Others track geopolitical and regulatory developments across regions. Some provide visibility into supply chains and downstream dependencies, including subcontractors and infrastructure providers. Others focus on cyber or operational disruption tied to external events.  Most programs depend on a combination of these capabilities.  The real value comes from how well alerts are linked to your actual risks.   A useful alert doesn’t just report that something happened in a region. It shows how that event connects to specific third parties, services, or dependencies.  What This Looks Like in Practice  A geopolitical alert might show up as:  A sanctions update affecting a region where a critical supplier operates  A regulatory change affecting data transfer requirements where a third party processes data  A conflict disrupting a logistics route tied to a supplier  A government restriction affecting infrastructure used by a subcontractor  These alerts don’t need to be escalated right away on their own. They need context.  The first step is to check if the alert connects to a third party, service, or dependency that is important to your business.  If it does, the response can stay focused:  confirm whether the third party is directly affected  assess service continuity and contingency plans  check downstream providers and subcontractors  validate whether regulatory obligations have changed  document whether escalation or monitoring is needed  The goal isn’t to react to every alert. It’s to quickly figure out what matters and what steps to take next.  Making it Operational  Managing geopolitical risk in TPRM comes down to three things: knowing which events are relevant to your specific third parties and dependencies, monitoring with tools that connect external developments to your actual environment, and having a program that can move from information to action. These elements reinforce each other, and all three need to be in place.  Taking these actions can help.  Map exposure clearly.  Know where your critical third parties operate, what they depend on, and which services are most important  Be able to report quickly.  When something changes, you should be able to quickly identify affected third parties, including downstream dependencies.  Define triggers for action.  Decide what kinds of changes require outreach, reassessment, or escalation  Assign ownership.  Assign someone to review developments and decide on next steps  Keep responses proportionate.  Not every development needs action, but the next steps should be clear when action is required.  Conclusion   Geopolitical risk is not going away, and the amount of information around it will only continue to grow. Most of that information will be noise. The difference for TPRM teams is whether they can filter it quickly and focus on what actually affects their third party ecosystem.  That is the real work. Not tracking everything, but knowing what matters, when it matters, and what to do about it. When a TPRM program is built that way, it does not need to predict every disruption. It is already positioned to respond when it counts.  Author Bio Hilary Jewhurst Sr. Membership & Education Coordinator at TPRA Hilary Jewhurst  is a seasoned expert in third party risk and risk operations, with nearly two decades of experience across financial services, fintech, and the nonprofit sector. She has built and scaled third party risk programs from the ground up, designed enterprise-wide training initiatives, and developed widely respected content that helps organizations navigate regulatory complexity with clarity and confidence. Known for turning insight into action, Hilary’s thought leadership and educational work have become go-to resources for professionals looking to mature their TPRM programs. She regularly publishes articles, frameworks, and practical guides that break down complicated risk topics into meaningful, accessible strategies. Hilary recently joined the  Third Party Risk Association (TPRA)  as a staff member, supporting industry-wide education, peer learning, and advancing best practices. She is also the founder of  TPRM Success , a boutique consultancy that helps organizations strengthen their third party risk management capabilities through targeted training, tools, and strategic guidance.

In today’s third party risk landscape, the most significant incidents often don’t originate within your organization; they come from vendors, suppliers, and partners you depend on. When that happens, your team is left responding to an event you don’t control, with limited visibility and increasing pressure from leadership and regulators. In this episode of the TPRM Exchange Podcast , host Hilary Jewhurst sits down with Sagar Sudhir Behere , Enterprise (ERM) & Third Party Risk (TPRM) Oversight Senior Manager, to explore what effective incident response looks like in a third party context. Drawing from deep experience in resilience planning and complex outsourced environments, Sagar shares practical insights on how organizations can better coordinate, communicate, and respond when vendor incidents occur. “Early response is about decision-making under uncertainty—not perfect information.” Together, they discuss the key differences between internal and third party incidents, common misconceptions around vendor visibility, and why contractual protections alone aren’t enough. The conversation also dives into how to balance speed with accuracy, manage internal stakeholder tension, and build stronger recovery and resilience practices after an incident. “Move fast with awareness. Slow down with conclusions.” Whether you’re building or maturing your TPRM program, this episode offers actionable guidance to help you improve incident response coordination and strengthen your organization’s readiness. What You’ll Learn How third-party incidents differ from internal incidents—and why that matters What information is critical in the first hours of an incident Common blind spots, including fourth-party dependencies Why contracts don’t guarantee effective incident response How to balance speed, uncertainty, and communication What defines a truly successful recovery A practical exercise to improve vendor incident readiness “You’ll learn more in one hour of a vendor scenario than months of questionnaires.” About the Guest Sagar Sudhir Behere is a recognized thought leader in Third Party Risk Management (TPRM) and Enterprise Risk Management (ERM), with decades-long years of experience implementing innovative risk frameworks across Fortune 100s, Tech, FinTech, and FAANG organizations. As Head of TPRM at Circle Internet Financial, he has built Circle’s TPRM program from the ground up, achieving industry-leading efficiency and automation, including reducing vendor risk assessment processes by over 90%. His work integrates blockchain, AI, and automation to optimize compliance, risk oversight, and operational resilience. Sagar is an active contributor to industry standards and best practices, mentoring emerging leaders in risk management. He regularly shares his expertise at global conferences and the customer advisory board, influencing how organizations worldwide approach AI, automation, and blockchain integration in risk programs. His contributions are recognized for driving original, impactful solutions that redefine efficiency, governance, and innovation in global risk management. Have a question or topic idea? Send us your suggestions at: pod@tprassociation.org

Explore jobs in third party risk management from organizations hiring TPRM professionals. New listings added regularly. Start your search today. TPRM Job Listings Searching for a TPRM-specific job? Check out the listings below from organizations looking for talented TPRM professionals! Note: TPRA reserves the right to remove any job listing for any reason and without communication to the contact. Post a Job Wells Fargo Lead Business Execution Consultant - Third Party Risk Insights View Job Charlotte, NC The Hanover Insurance Group Director of Vendor Management View Job Worcester, MA or Remote N-iX TPRM Risk Manager View Job United States (Remote) Morgan Stanley Director, Operations (Strategic Partner and Vendor Management) - Parametric View Job Seattle, WA DLB Associates Risk and Contracts Manager View Job United States (Remote) Point72 Third Party Risk Specialist View Job New York, NY (onsite) Sayari Senior Product Manager - TPRM View Job Washington, DC (onsite) Humana AVP, Vendor Performance and Value Management View Job United States (remote) Citi Vice President - Third Party Resilience 2nd LOD Lead Analysts - Risk View Job Tampa, FL (hybrid) Dynasty Financial Partners Vendor Relations Specialist View Job St. Petersburg, FL Byline Bank Vendor Management Analyst View Job Hybrid Schedule IL LOAD MORE

Empowering Enterprises seeks to highlight organizations that are not only making strides in TPRM but are also committed to gender equality and diversity. Empowering Enterprises Spotlighting the Leaders Driving Change in TPRM Welcome to "Empowering Enterprises," a program dedicated to celebrating and amplifying the voices of companies that are making a significant impact in the Third-Party Risk Management (TPRM) industry by supporting and uplifting women. In a field traditionally dominated by men, these forward-thinking enterprises are breaking barriers, fostering inclusivity, and paving the way for a new generation of women leaders in TPRM. "Empowering Enterprises" seeks to highlight organizations that are not only making strides in TPRM but are also committed to gender equality and diversity. We believe that empowering women in the workplace leads to stronger, more resilient businesses. Through this program, we will shine a light on those companies that are leading by example, creating opportunities for women to thrive, and setting new standards for the industry. "Empowering Enterprises" is more than just a showcase—it's a call to action. We encourage all companies in the TPRM field to reflect on their own practices and consider how they can contribute to a more inclusive and equitable industry. If you're interested in being highlighted, apply here . Supply Wisdom Supply Wisdom is dedicated to ensuring equality and diversity within its organization, enabling these goals through its programs, policies, and practices. Read More Empowering Enterprises Application Complete this form if your organization is interested in becoming an "Empowering Enterprises" spotlight. Selected companies will be contacted for an interview, which will be recorded and used to make a video, as well as an accompanying article. Criteria All companies in the TPRM space welcome to apply. If you are a TPRM service provider, you must be a TPRA Vendor Member to be approved. You may apply at any time, but your application will not be accepted until your company's membership status is verified. Point of Contact First name* Last name* Job title* Email* Company Information Company name Website URL* Career Page URL* LinkedIn Page URL* 1-2 sentence description of company* What maturity level do you think your program is in?* Choose one Brief company bio* Logo* Upload File Questionnaire Can you share any statistics or data on the representation of women in leadership positions? How has this changed over time (optional)?* What specific programs or initiatives do you have in place to support the career development and advancement of women within your organization?* How does your company support women's professional networks and mentorship opportunities, both within the organization and in the wider industry? * Can you provide examples of how your organization has celebrated and recognized the achievements of women employees? * What measures are in place to ensure a supportive and inclusive work environment for women, including policies on work-life balance, parental leave, and flexible working arrangements? * How does your organization address and prevent gender bias in hiring, promotions, and performance evaluations? * Anything else we should know? Submit

Our Women in TPRM Resource Sharing Library contains a variety of women in business-related materials featuring inspiring women in business educating others on current topics. Resource Library Women In TPRM (WnTPRM) New Posts Jun 5, 2018 Insight: The Surprising Truth About How Others See Us, How We See Ourselves, and Why the Answers Matter More Than We Think Book Club Most people feel like they know themselves pretty well. But what if you could know yourself just a little bit better—and with this small improvement, get a big payoff…not just in your career, but in your life? Research shows that self-awareness—knowing who we are and how others see us—is the foundation for high performance, smart choices, and lasting relationships. There’s just one problem: most people don’t see themselves quite as clearly as they could. Fortunately, reveals organizational psychologist Tasha Eurich, self-awareness is a surprisingly developable skill. Integrating hundreds of studies with her own research and work in the Fortune 500 world, she shows us what it reallytakes to better understand ourselves on the inside—and how to get others to tell us the honest truth about how we come across. Through stories of people who have made dramatic gains in self-awareness, she offers surprising secrets, techniques and strategies to help you do the same—and how to use this insight to be more fulfilled, confident, and successful in life and in work. Aug 1, 2025 Top 10 Most Influential People in Risk and Compliance to Follow in 2025 Quotable Women Jennifer A. Thomason: Mentoring Multiple Generations to Reach Their Full Potential Mar 1, 2022 The Gifts of Imperfection: 10th Anniversary Edition: Features a new foreword and brand-new tools Book Club NEW YORK TIMES BESTSELLER • This tenth-anniversary edition of the game-changing #1 New York Times bestseller features a new foreword and new tools to make the work your own. For over a decade, Brené Brown has found a special place in our hearts as a gifted mapmaker and a fellow traveler. She is both a social scientist and a kitchen-table friend whom you can always count on to tell the truth, make you laugh, and, on occasion, cry with you. And what’s now become a movement all started with The Gifts of Imperfection, which has sold more than two million copies in thirty-five different languages across the globe. What transforms this book from words on a page to effective daily practices are the ten guideposts to wholehearted living. The guideposts not only help us understand the practices that will allow us to change our lives and families, they also walk us through the unattainable and sabotaging expectations that get in the way. Brené writes, “This book is an invitation to join a wholehearted revolution. A small, quiet, grassroots movement that starts with each of us saying, ‘My story matters because I matter.’ Revolution might sound a little dramatic, but in this world, choosing authenticity and worthiness is an absolute act of resistance.” Leadership Learn how to break barriers, exceed expectations, and be the most effective leader you can be with Ted Talks, blogs, and more! View Category Quotable Women Learn from inspiring women leaders on topics like women in business, balancing work and home life, carving out space for yourself in professional and personal settings, and so much more! View Category Technology Learn about Women in Tech through videos, articles, interviews, and more! View Category Soft Skills Being a leader is often about mastering the more subtle aspects of communication and interpersonal relationships. Learn how through a variety of resources. View Category Mentorship Recently joined a mentorship program or considering joining? Review these resources to ensure your experience is a success! View Category Book Club Find out what the women leaders in our community are reading, and join in for insightful advice! View Category Diversity & Inclusion Find blogs, research, timely reports, Ted Talks, and more in this category! View Category Share a Resource Have a resource you'd like to add to this library? Fill out the form below! TPRA staff will review your submission and add it to our Women In TPRM Library, provided it aligns with our content guidelines. Please note that these need to be pre-existing resources that can be found via a link. We are no longer accepting unpublished resources. Full Name * Email (for follow-up purposes only)* Check this box to have your name displayed with your resource listing. Leave unchecked for the resource to be noted as "anonymous." Resource Category* Diversity & Inclusion Technology Soft Skills Leadership Mentorship Book Club Quotable Women Other Resource Type* Ted Talk Video Blog/Article Interview Research Report Other Resource Title* Resource Description* Resource Publish Date* Month Day Year Please note the date the resource was originally published. Resource URL* Anything else we should know? Please keep in mind that TPRA reserves the right to reject resource submissions for any reason. Submit