Introduction to the Third Party Therapy podcast - an independent bi-weekly podcast bringing insights and ideas from different industries to the TPRM community.

Why not visit www.thirdpartytherapy.com to sign up for more information

In this debut episode of Third Party Therapy, host Mike Day sits down with Paul Huggett, Managing Director at Hellios and former TPRM lead at major financial institutions like Nationwide and Lloyds Banking Group.

Here is the optimized, "copy-paste" set of show notes for Episode 1: Paul Huggett, designed to perform across Spotify, Apple Podcasts, and YouTube.

Episode Summary: TPRM has moved from a "check-the-box" exercise to a high-stakes regulatory requirement. In this debut episode of Third Party Therapy, Mike Day is joined by Paul Huggett, Managing Director at Hellios and former TPRM lead at Nationwide and Lloyds. Paul shares his journey from "poacher to gamekeeper" and explains how the Community Due Diligence model is solving the industry's biggest headache: the "many-to-many" web of repetitive supplier questionnaires.

00:00 – Introduction: The evolution of TPRM since the 90s

05:20 – Paul’s Journey: From Practitioner to Managing Director

12:45 – The "Many-to-Many" Problem: Why the current model is broken

18:10 – What is Community Due Diligence? (The "Collect Once, Share Many" model)

26:30 – Big Banks vs. Small Firms: How different sized companies benefit

34:15 – Crisis Management: Using community data during the Russia-Ukraine conflict

42:50 – The Future of Tech: Why AI is the "new cloud"

51:10 – The Golden Rule: Why technology won't solve a data problem

55:30 – Closing thoughts and how to get started

• The Efficiency Win: In a community model, suppliers provide data once to a central "pool," which is then accessed by dozens of buying firms, saving thousands of hours in administrative work.
• Speed of Response: Learn how community models allowed firms to map their entire supply chain exposure to global conflicts in minutes rather than weeks.
• Avoid the "Shiny System" Trap: Paul warns against buying expensive workflow tools before you have a solid data strategy—don't just buy a "shinier problem" to grapple with.
• ESG & Pooled Audits: The next frontier is moving beyond data collection into virtual site visits and shared environmental, social, and governance assessments.

• Official Website: thirdpartytherapy.com
• Join the Community: Sign up for our mailing list for TPRM deep-dives.
• Guest Info: Learn more about Helios and Paul Huggett at [Insert Link].

Keywords: #TPRM #ThirdPartyRiskManagement #CommunityDueDiligence #SupplyChainRisk #Helios #FSQS #RiskManagement #FinancialServices #ThirdPartyTherapy #RegulatoryCompliance

Episode Summary: Modern slavery isn’t just about chains and locks—it’s a hidden, systemic crisis embedded in global supply chains. In this episode of Third Party Therapy, host Mike Day sits down with Shayne Tyler from TylerBladon Practical Ethics, a supply chain expert with 20+ years of experience in worker exploitation. Shayne reveals why traditional audits often fail, how to spot the subtle signs of exploitation, and why TPRM professionals are uniquely positioned to save lives by looking beyond the paperwork.

00:00 – Intro: Why Modern Slavery is a TPRM priority

04:15 – Shayne’s story: From the food industry to the front lines

11:30 – The "Invisible" Victim: Defining modern slavery today

19:45 – Why your current audit process might be missing the truth

28:10 – The tiers of risk: Going deeper than your primary suppliers

36:50 – Practical advice for risk managers: Trusting your gut

45:20 – The human cost of the "race to the bottom" on price

52:00 – Final thoughts and where to start

• Beyond Compliance: Moving from the "UK Modern Slavery Act" checklist to active, ethical risk management.
• The Audit Trap: Why pre-announced audits allow exploiters to coach victims and hide evidence.
• The Power of Curiosity: Why asking "How is this price possible?" is your best defence against slavery in your supply chain.
• Operational Reality: Understanding that exploitation often hides in the recruitment and labor agencies used by your suppliers.

• Official Website: thirdpartytherapy.com
• Join the Community: Sign up for our mailing list to receive episode deep-dives and TPRM resources.
• Guest Info: Connect with Shayne Tyler [Insert LinkedIn/Website Link].

• Keywords: #ModernSlavery #TPRM #SupplyChainEthics #RiskManagement #HumanRights #ThirdPartyRisk #ESG #Sustainability #ThirdPartyTherapy

Aki Eldar | Using AI to Solve the TPRM Data Overload

Episode Summary: The volume of data in Third-Party Risk Management has become unmanageable for manual teams. In this episode of Third Party Therapy, Mike Day sits down with Aki Eldar, founder of Mirato, to discuss how Artificial Intelligence is moving from a "future concept" to a practical tool. Aki explains how AI can automate the heavy lifting of evidence analysis—reading SOC2s and ISO certs for you—so that risk professionals can focus on making actual decisions rather than just processing paperwork.

00:00 – Introduction: AI as a risk vs. an opportunity

03:15 – Aki’s 30-year journey: From Cybersecurity & DLP to TPRM

11:40 – The "Mountain of Evidence" problem in modern risk management

19:25 – How AI actually "reads" and validates third-party documentation

27:50 – "Shadow AI": Managing the risks of unauthorized AI use in your business

36:10 – Why AI won't replace the human-in-the-loop

44:30 – The "MVP" Strategy: Why you should start standalone and scale later

52:15 – Closing thoughts and how to avoid the "Everest" trap

• Automated Analysis: Move beyond simple data collection. Learn how AI can cross-check supplier questionnaires against their actual evidence (like SOC2 reports) to find gaps instantly.
• The Productivity Shift: By automating the "boring" work, AI allows risk managers to focus on the 20% of high-risk cases that actually require human expertise.
• Managing Shadow AI: Aki shares critical insights on how to handle employees using tools like ChatGPT and the data privacy risks that come with "dirty" AI models.
• Don't Climb Everest at Once: Why a "Minimum Viable Product" (MVP) approach is the most successful way to implement AI without disrupting your entire organization.

• Official Website: thirdpartytherapy.com
• Join the Community: Sign up for our mailing list for the latest in AI and TPRM.

Keywords: #AI #ArtificialIntelligence #TPRM #ThirdPartyRisk #RiskAutomation #Mirato #CyberSecurity #RiskManagement #DigitalTransformation #ThirdPartyTherapy #SupplyChainRisk

A great conversation with an ex-colleague of mine from Zurich Insurance. Gemma Stewart has been designing and evolving their approach to concentration risk for a number of years and she joins me on the podcast to share that experience on what to do and what not to do...

Episode Summary: What does your Third-Party Risk Management (TPRM) process look like from the other side of the table? In this episode of Third Party Therapy, Mike Day is joined by Ian Ellis, an innovation expert who has spent years working with Microsoft for Startups and various tech accelerators.

Ian shares the "bruising" reality of how emerging tech companies experience corporate due diligence. They discuss why a "one-size-fits-all" questionnaire can paralyze a 5-person dev team and how organizations can adapt their risk appetite to foster innovation without compromising security.

00:00 – Introduction: The challenge of assessing small, high-impact suppliers

04:20 – Ian’s Journey: From corporate innovation to the startup trenches

11:50 – The "Startup View": How a 100-question spreadsheet feels to a founder

19:15 – The Resource Gap: Why startups don't have "Compliance Departments"

27:40 – Litmus Test: Does your process actually measure risk or just persistence?

35:10 – Right-Sizing Risk: How to scale assessments for emerging tech

44:30 – The Human Element: Building respect and transparency into the onboarding flow

52:15 – Closing thoughts: Moving toward a more inclusive TPRM ecosystem

• The "Bruising" Effect: Understand the operational impact that heavy-handed corporate processes have on small, agile companies.
• Proportionality is Key: Why asking a 5-person startup for the same evidence as a global conglomerate is a barrier to entry for innovation.
• Contextual Due Diligence: Learn how to look past the "missing" controls to understand the actual risk profile of a niche technology provider.
• The Reputation Risk: How your onboarding process defines your company's reputation in the tech community—are you a partner or a hurdle?

• Official Website: thirdpartytherapy.com
• Join the Community: Sign up for our mailing list to receive our guide on "Right-Sizing TPRM for Startups."
• Guest Info: Connect with Ian Ellis and learn more about his work with emerging tech EnterpriseTech.London: Posts | LinkedIn

Keywords: #TPRM #Startups #EmergingTech #Innovation #RiskManagement #ThirdPartyRisk #Procurement #FinTech #BusinessAgility #ThirdPartyTherapy #Podcast

Great conversation with Stephen Boyer - Chief Innovation Officer and co-founder of Bitsight about the growth of the cyber threat and how TPRM can use data to dynamically monitor this risk.

Join me in a conversation with Charlie Jones from Reversing Labs to talk about the limitations of traditional cyber controls, a new approach to testing - Static Binary Analysis - and the impact of recent regulations.