Search Results

Artificial intelligence (AI) is everywhere, and it’s transforming the way we live and work. It’s rapidly revolutionizing industries with its potential to solve complex problems, enhance decision-making, and improve efficiency. As such, the integration of AI into many products and services offered by third-party vendors to organizations is also becoming more widespread, many times without the organization’s awareness. Understanding the Risks of Third-Party AI AI is an impressive technology, but it also comes with significant risks, especially when it’s integrated into vendor products or services. Let’s examine two of the most common risks of third-party AI usage: Data security and privacy – AI systems need a significant amount of data to function efficiently. Therefore, it’s essential to protect the data from theft and misuse. AI systems may access different types of data such as: Customer/consumer information and personal identifiable information (PII): This includes addresses, driver's licenses, passports, family members, financial or health information, social media or web use data, shopping behaviors, and more. Sensitive company data: This includes employee records, financial information, customer data, legal and compliance information, supply chain inventory, logistics, forecasting, and all types of intellectual property. Compliance and legal – It’s vital to understand there are significant legal and compliance concerns related to the use of data and other assets when they’re accessed and processed with AI. The use of AI in data processing may be subject to numerous laws and regulations, including: Health Insurance Portability and Accountability Act (HIPAA) Children's Online Privacy Protection Act (COPPA) Gramm-Leach-Bliley Act (GLBA) Electronic Communications Privacy Act (ECPA) California Consumer Privacy Act (CCPA) Numerous state privacy laws Additionally, there’s a risk of violating permissible use requirements preventing out of context, unrelated, or unfair use of data. While these are two significant risks associated with AI, they’re not the only ones. Ethical risks, including bias and fairness, require attention, as do algorithm transparency, financial risk, and intellectual property risks. As AI technology becomes more widespread, the risks associated with it are also expanding. Identifying AI Risk in Your Third-Party Vendor Portfolio You likely have third parties who are currently using AI in their products and services. If you haven't done so already, it’s important to identify these third-party vendors and assess the specific AI risks they pose to your organization and customers. It's crucial to update your third-party risk management (TPRM) framework and tools to include AI risks. However, many TPRM programs haven’t incorporated AI risks, and it’s important to address this issue now. A practical, two-prong approach can ensure you’re identifying existing third-party AI risks and building the infrastructure to properly assess and mitigate them: Getting started – Develop a short questionnaire to help identify the products and services utilizing AI. Here are three suggested questions that can provide a wealth of information: Has AI technology been used in the research, development, or production of any of your products or services? It's worth noting that different types of AI carry different levels of risk. For instance, a vendor might use image recognition for research purposes, generative AI to create a system that interacts with customers directly, such as a chatbot, or machine learning to identify fraud across a series of transactions. Are there any plans to incorporate AI in your products, services, or operations? It's crucial to consider that your third-party vendor's adoption of AI can significantly impact your organization, even if they aren't currently using it today. Do you have any policies on employee use of AI? Inquire whether your third-party vendor has any limitations or prohibitions regarding the workers' usage of AI for work-related assignments. With the increasing popularity of generative AI systems such as ChatGPT, it’s essential to understand how your vendor is supervising the utilization of such technologies among their employees, especially if the AI-based service uses the data input to train its model.   Begin with your critical and high-risk vendors and work your way down the list. This simple approach can help you determine where additional due diligence and risk reviews are needed. Updating your TPRM framework – It's not enough to identify third-party vendors with AI; you’ll also need proper tools and processes to ensure they have adequate AI risk management practices and controls, and that risks are well-managed and monitored throughout the contract. This means incorporating AI risk across your entire TPRM framework. Here are key areas to review and update: Incorporate AI-related questions in the inherent risk assessment Update vendor questionnaires to include AI-related questions Identify the types of due diligence documentation you’ll request as evidence of AI controls Review and update standard contract language to address AI risks Consider how AI will be factored into third-party performance monitoring and management Consider how AI will be factored into third-party risk monitoring Update governance documentation Evaluate stakeholder education and collaboration Note: Don’t overlook this important consideration! It’s crucial to update your TPRM processes and tools with a sense of urgency. However, it should be noted that AI isn’t yet as well understood as other established risk domains. Even experienced TPRM professionals may face unique challenges when dealing with AI, which could lead to delays, rework or, in the worst case, ineffective risk identification, assessment, and management. To help prevent these AI challenges and issues, your organization should find and work with a qualified AI subject matter expert who can guide you through the process of updating the TPRM framework. This expert can help determine the right questions to ask on a vendor risk questionnaire, identify the appropriate due diligence documents, and provide ongoing support for vendor risk reviews. If you don't have access to this expertise within your organization, you may need to engage external resources or consultants. By taking this simple approach, your organization can begin to identify vendor AI usage within your organization and start taking steps to mitigate the risks. This will leave your organization in a safer, more prepared position.

With our 2024 in-person conference just around the corner, Third Party Risk Association (TPRA) would like to share the wide array of benefits which come from attending an industry-specific conference. In the ever-evolving landscape of professional development and networking, conferences stand out as vibrant hubs for knowledge exchange, innovation, and collaboration. Throughout this five-part blog series, we will delve into the multifaceted advantages that conferences offer. Each installment will explore a different facet of how conferences empower individuals and organizations alike. Today’s blog focuses on the Impact of Conferences on Industry Insight & Innovation.  It highlights how these events provide a platform for professionals to engage with peers and leaders in the exchanging of research, trends, and innovative ideas. Attendees benefit from interactive sessions, panel discussions, and networking events, gaining insights that fuel forward-thinking strategies. This blog will explore how attendees can maximize these opportunities for staying updated, engaging with industry leaders, and contributing to their respective fields' growth. Embracing Technology, Trends, & Research Conferences are a conduit for collaboration on emerging risks, solving for TPRM challenges, and working together on new and innovative approaches to mitigate third party risk. These interactions not only deepen individual knowledge, but also contribute to industry growth and development by promoting innovation and shaping future techniques. Attending the Third Party Risk Madness conference will help you stay updated on the latest advancements in technology and industry trends. With 56 total sessions spread over 4 days, including three keynote speakers, 12 roundtables, and four demo sessions, you can gain insights from knowledgeable industry professionals. Participate in sessions on technology and emerging risks, engage with industry leaders during networking events and roundtable sessions, and follow up with speakers and attendees post-conference for further discussions and insights. View the full agenda > Following a conference, thank speakers and attendees for their insights, follow-up through email or social media, share thoughts on their presentations, ask about resources available, and offer to connect via coffee meetups, virtual discussions, or collaborative projects to strengthen relationships and foster knowledge sharing.  This ensures that conversation don’t stop with the conference.  That you, as a practitioner, can further develop ideas discussed at the event, and work to implement new TPRM strategies. Conference materials can be a great resource for deepening your understanding of the topics covered.  They allow you to not re-create the wheel and implement strategies and processes that have worked for others.  They can also validate mature processes your organization has in place; thereby, adding credibility to your program. Do some research before and learn about the latest research and trends that the conference may be addressing. Before attending a conference, conduct thorough research to understand the latest research findings and emerging trends. Explore publications, industry reports, and articles to understand the current landscape and find key topics, challenges, and innovations to discuss.  Bring those thoughts, ideas, and questions to the conference and actively participate in conversations during presentations and roundtables.  Also come with pain points and questions from your own program to benchmark off fellow peers in similar situations. Professional Development Conferences offer professional development opportunities to enhance attendees' skills, knowledge, and capabilities. Workshops and training sessions cover emerging technologies, best practices, and industry-specific regulations. Networking opportunities promote mentorship, knowledge sharing, and learning, allowing attendees to broaden their perspectives and gain insight from experienced professionals. Take notes during sessions to capture key insights, ideas, and strategies shared by speakers and panelists. This will help you gather key insights, ideas, and strategies that you do not want to forget. Use these notes to transform concepts into plans, driving change within your organization, and start discussions about innovative TPRM approaches.  Often times, an idea from a conference can influence your perspective on processes and activities within your organization. Use networking breaks and social events to set up connections with industry peers, potential mentors, and collaborators. As we discussed in our last blog, networking is the best way to connect with fellow attendees and collaborate with industry peers. Make sure to take advantage of opportunities such as networking events and lunchtime meetups to foster conversations that could lead to future partnerships. Conclusion Attending conferences like our very own Third Party Risk Madness provides opportunities for professional growth and networking. Attendees can stay updated on technological advancements and engage in discussions with industry leaders. Post-conference follow-ups allow for collaborations. Conference materials promote understanding, particularly in Third Party Risk Management, pushing for deeper exploration. Networking breaks allow connections with professionals, mentors, and potential collaborators, paving the way for future partnerships. Prior to attending the conference, research emerging trends to ensures active participation and meaningful contributions. Join us at Third Party Risk Madness – where basketball, business, and TPRM unite for an epic showdown of innovation and success. Dribble your way to victory in Phoenix, Arizona, on April 9-12, 2024! Secure your court-side seat and take advantage of exclusive offers here. Hurry, space is limited, and you won't want to be left on the bench for this thrilling event.

With our 2024 in-person conference just around the corner, TPRA would like to share the wide array of benefits which come from attending an industry-specific conference. In the ever-evolving landscape of professional development and networking, conferences stand out as vibrant hubs for knowledge exchange, innovation, and collaboration. Throughout this five-part blog series, we will delve into the multifaceted advantages that conferences offer. Each installment will explore a different facet of how conferences empower individuals and organizations alike. Today’s blog will highlight the notable benefit of NETWORKING in conference settings, including sharing industry insights & trends, building connections, and participating in collaborative forums, as well as some tips for enhancing your networking skills at conferences. Learn from industry experts: Within a networking environment like a conference, you can discuss a wide variety of topics with industry experts and peers. This allows you to gain a deeper understanding of your particular area of interest. It can also expand your horizons with new conversation topics by interacting with established and seasoned industry professionals within, or even outside of, your field. Attending conferences provides a special chance to network with peers and fellow industry professionals within an in-person setting. Engaging and participating in activities offered such as panels, roundtables, and in-house networking events provides you with valuable knowledge and understanding not regularly gained from an online setting. By simply talking to other seasoned professionals and tapping into their knowledge and expertise, you are able to gain a more in-depth understanding of new technological innovations, industry trends, and best practices. Through these interactions, you can evaluate ideas, deepen your knowledge base, and get access to expertise and information that is not typically available through conventional channels. Building meaningful connections: Professionals from various organizations, backgrounds, and positions come together at conferences, which results in the perfect setting for building deep connections. Whether it is during a special networking event, a roundtable, or even just a coffee break, conferences offer a plethora of networking opportunities. During these opportunities, you are able to build potential connections, partnerships, and collaborations by striking up conversations and exchanging contact details. These relationships grow your professional network and offer a helping hand in overcoming current challenges as chances are that someone else has already gone through what you are going through. “Networking is so important for any professional and is how TPRA was founded,” Julie Gaiaschi, CEO & Co-Founder of the Third Party Risk Association, said. “I met my former partner at a TPRM-related conference.  He was a speaker and after his presentation, I went up to him to ask him questions as it relates to developing a new TPRM program. The discussion turned into benchmarking sessions over Zoom.  I then said if we have these questions, others do as well. Thus started a roundtable that turned into TPRA.  At the time, I had no idea what that conversation would lead to.  So often I hear from others how networking has led to a career opportunity, a program enhancement, or a personal opportunity.” Conference networking makes it possible to create lasting relationships that go beyond the mere exchange of business cards and LinkedIn connections. These relationships act as a bases of support, providing motivation, guidance, and useful knowledge that promotes both professional and personal development. Conference goers create the basis for collaborative projects, shared knowledge, and ongoing relationships that strengthen their careers and personal lives by dedicating time and energy to developing these connections. Exploring Collaborative Opportunities Among the main advantages of networking at conferences is the chance to explore collaborative efforts with peers and business associates. Conferences serve as a nurturing environment for creativity and cooperation, creating settings in which concepts can be exchanged, improved upon, and cooperatively carried out. You might find opportunities for collaboration on joint research projects or business ventures with other practitioners through discussions, brainstorming sessions, and informal interactions. Conference discussions have the power to push innovation, advance your industry, and leave a lasting impression. Keeping Up With Industry Trends Keeping up with industry trends and developments is crucial for professional development and organizational success in today's rapidly shifting business landscape.  Attending conferences offers networking opportunities that give you a firsthand look at the newest developments in technology, industry trends, and changes in laws and regulations. Through talks with key individuals, attending keynote discussions, and taking part in sessions specific to your industry, you can learn a great deal about the opportunities and problems that are new to your field. You can use this knowledge to position your organization and yourself for future success by preparing for changes in the market and adjusting your strategies accordingly. Here are some additional tips for enhancing your networking skills: Set Objectives: Establish your networking objectives before you go to the conference.  Think through your goals, whether they involve expanding your professional network, looking for collaborative opportunities, or learning about the latest market developments. Do Your Research: Prior to the conference, spend some time learning about the panelists, speakers, and other attendees. Learn about their professional backgrounds, accomplishments, and areas of specialization to find common ground and possible conversation starters. Don't Be Afraid To Initiate The Conversation: Instead of waiting for a professional to approach you, strike up a conversation with other attendees. During meals, breaks, or networking events, approach people and introduce yourself with confidence. Utilize networking games and activities provided by the hosting organization as a jumping off point for striking up conversations. These games are designed to encourage discussion and create a platform for attendees to interact with each other in meaningful ways, so take advantage of them. Attend The In-House Networking Events: Take advantage of the social events, receptions, and networking opportunities that are planned as part of the conference schedule. Our upcoming conference features two all-attendee network events, plus additional invite-only events for select attendees! These casual settings offer incredible opportunities to establish stronger connections, share contact details, and engage with peers. Use Social Media: Make use of social media sites like Instagram, X (formerly known as Twitter), and LinkedIn to expand your professional network outside of the conference room. Engage online with other attendees and share thoughts, pictures, and highlights from the conference. Follow Up: Follow up with people you met at the conference to stay in touch and keep the conversation going even after the event ends. Send personalized emails thanking the recipient for their time while giving ideas for future collaboration or interactions. Attending conferences provides plenty of networking opportunities, such as access to industry knowledge, opportunities to form close relationships, a look into collaboration possibilities, and staying up to date on industry developments. Participating in networking activities during conferences can help you build a larger professional network, acquire valuable insight, and establish yourself as an expert in your field. As you prepare for your next conference, take advantage of the opportunities for networking and collaboration, and don't pass up the chance to grow both yourself professionally, as well as your company's success. And where better to use your new networking skills than at TPRA’s very own Third Party Risk Madness conference! Join us at Third Party Risk Madness – where basketball, business, and TPRM unite for an epic showdown of innovation and success. Dribble your way to victory in Phoenix, Arizona, on April 9-12, 2024! Secure your court-side seat and take advantage of exclusive offers. Hurry, space is limited, and you won't want to be left on the bench for this thrilling event. [Register Here]  Our discounted hotel room block ends on March 11th.

< See All < Previous Next > Kim LaBarbiera Director & Counsel of Third-Party Risk American Express Biography Kim M. LaBarbiera is currently Director and Counsel for Third-Party Risk in the General Counsel’s Organization at American Express. In her practice, she provides global legal support to business and legal colleagues related to third-party risk, including strategy, third-party lifecycle management, fintech, bank vendor risk, compliance and audit functions, regulatory requirements and cloud computing, among other areas. Prior to American Express, Kim held various legal, compliance and risk roles including General Counsel and Chief Compliance Officer in London, Paris, and New York at firms including USAA, Lloyds Bank, and ING, among other global financial institutions. In April 2023, she was recommended by a U.S. Department of State’s Bureau of Educational and Cultural Affairs (ECA) and World Learning Peer Review Panel to serve as a risk management expert in the Fulbright Specialist Program, serving countries and institutions around the globe. Kim holds a BA in Political Science with a minor in Spanish from Boston College, a JD as a Centennial Scholar from Seton Hall Law School and a Masters of Law in Financial Regulation from Georgetown University, where she authored her thesis on the Regulation of Credit Default Swaps. In addition, she holds leadership and technology program certificates from Harvard and FINRA. She has also served in the Observer Program in the Division of Enforcement for the SEC. Kim is GDPR, CAMS, and CTPRP certified and has previously held Equity and Options FINRA principal licenses, among others. Kim is fluent in Spanish, and conversant in Italian and French, in which she has negotiated contracts for her various clients. She is a member of the New York and New Jersey state bar associations. Kim resides in Old Town Alexandria, VA, with her husband Rob and her chocolate lab and two cats. They enjoy travel, art appreciation, sailing, skiing, and scuba diving. Leadership Characteristics Kim believes in the servant-leader model of leadership and places her clients' needs and satisfaction as the cornerstone of her practice. A few of Kim's work mottos are: Some management principles will never go out of style, especially the one where you realize it is all about the people; Be the change you want to see in the company; Consider adopting progress over perfection and, Insist on having a job you love and loving your job, without compromise. Leadership Challenges "The financial services field has always been feast or famine which means members of its community must learn to embrace and thrive in periods of change. I have lost track of all the mergers, acquisitions and other industry changes through which I have navigated. If you work very hard, and stay passionate, the opportunities to weather the storm present themselves. The trick is to stay focused on the core principles: do your very best, freshen your skills everyday if possible, especially tech, be an excellent steward of the company, care about others, be fair, be patient, and try to smile and laugh as much as possible. Everything else takes care of itself." Key Take-a-ways "The financial services field has always been feast or famine which means members of its community must learn to embrace and thrive in periods of change. I have lost track of all the mergers, acquisitions and other industry changes through which I have navigated. If you work very hard, and stay passionate, the opportunities to weather the storm present themselves. The trick is to stay focused on the core principles: do your very best, freshen your skills everyday if possible, especially tech, be an excellent steward of the company, care about others, be fair, be patient, and try to smile and laugh as much as possible. Everything else takes care of itself." Fun Fact I am an avid scuba diver and white water rafter and have been lucky enough to have gotten to go all over the world: Australia, Bali, Croatia, Italy, Mexico, Florida Keys, Oman, Grand Caymen and Belize.

< See All < Previous Next > Glee Coffeen SVP, Head of Policy and Practice Adherence Truist Financial Corp Biography Glee Coffeen is a senior risk management professional who brings a practitioner's experience to the theoretical application of risk management principles. She possesses over twenty years of progressive financial services industry experience including management roles in operations, compliance, and operational risk covering brokerage, insurance, investment advisory, wealth management, banking, lending, and mortgage business lines. Her most recent role established a center-led unit focused on the operating risks of a procurement function, including compliance with third party risk requirements. Leadership Characteristics Myers-Briggs: ESTJ Strengths Finder 2.0: Responsibility, Strategic, Analytical, Achiever, Relator Leadership Challenges Having been blessed to follow a "fixer" path in her career, Glee is able to leverage her breadth of experience to observe and assess broad schemes of activity to determine a holistic approach to solutions. A common leadership challenge comes in addressing the disconnect between theorists and practitioners. Theorists often establish binary requirements, which do not enable or support a practitioner's multi-factor, dynamic world. Using her ability to bridge the dialogue and connect the needs, Glee is able to influence and drive for solutions which provide for comprehensive success. Key Take-a-ways Having been blessed to follow a "fixer" path in her career, Glee is able to leverage her breadth of experience to observe and assess broad schemes of activity to determine a holistic approach to solutions. A common leadership challenge comes in addressing the disconnect between theorists and practitioners. Theorists often establish binary requirements, which do not enable or support a practitioner's multi-factor, dynamic world. Using her ability to bridge the dialogue and connect the needs, Glee is able to influence and drive for solutions which provide for comprehensive success. Fun Fact Glee is an eclectic lover of music who has the ability to infuse positivity and fun through the way she naturally connects conversations to lyrics. Beyond the office, she enjoys genealogy research, reading, and supporting her husband's love of disc golf.

< Back Requirement Roundtable: Interagency Guidance April 12, 2024 10:00 - 10:50 AM Valley of the Sun D Type: Roundtable Format: Open Discussion Track: TPRM Fundamentals (TPRM Essentials & Better Practices) Join our roundtable discussion on TPRM Interagency Guidance, where experts will delve into the intricacies of Third-Party Risk Management (TPRM) within the framework of interagency guidelines. This session aims to provide a comprehensive understanding of the regulatory landscape, emphasizing key considerations and best practices for organizations navigating TPRM challenges. Participants will gain insights into the latest updates in interagency guidance, exploring how it impacts risk assessment, due diligence, and ongoing monitoring of third-party relationships. Engage in thought-provoking discussions on emerging trends, regulatory expectations, and effective strategies for achieving TPRM compliance. Whether you're a risk management professional, compliance officer, or industry leader, this roundtable offers a valuable platform to exchange knowledge, share experiences, and enhance your approach to TPRM in alignment with interagency directives. Don't miss this opportunity to connect with peers, deepen your expertise, and stay ahead in the ever-evolving landscape of third-party risk. Previous Next Kholofelo Mothibi | Director Third Party Risk Management | Corebridge Financial I’m a risk leader with 16 years’ experience in auditing, compliance, controls assurance, and third-party risk management in the Technology and Financial sector. Prior to joining Corebridge Financial I worked at Barclays and IBM where I held various positions in IT Security, Compliance, Internal Audit, Procurement, and the Chief Security Office. I'm from Johannesburg, South Africa and, in 2015 during my tenure at Barclays, I accepted an opportunity to move to the US to support efforts of establishing a centralized TPRM function. I’ve successfully led implementation of Third-Party Risk Management processes and managed the delivery of several control remediation projects, program implementation which helped to streamlined and standardize governance processes, reporting and quality controls. Participated in TPRM industry working groups to explore collaborative approach for managing 3rd party risk which included a creation of an industry third party risk assessment questionnaire working with industry trade association and utility company to enable organizations to leverage the concept of shared assessments which minimizes time, cost and resources that would be dedicated to annual assessments. Passionate advocate that has fostered a culture of collaboration and promoting innovative problem solving across various teams, which has been critical in all the organizations I’ve worked for. Recipient of a Barclays Diversity Award and named Empower 100 Ethnic Minority Future Leaders 2021 for delivering several programs aimed at colleague engagement, supporting recruitment efforts, and raising funds for non-profit organizations. ​ ​ ​ ​