Episode 49
What's the Purpose of Third-Party Risk Management? A Practitioner's Answer
Most financial institutions build third-party risk management programs designed to pass an exam, not manage actual risk. Michael Carpenter, VP of Risk Management at Ncontracts and author of The Upside of Third-Party Risk Management: A Practitioner's Guide to Turning Vendor Management into Strategic Value, joins Ncast host Rafael DeLeon to explain what separates a vendor management program that merely exists from one that actually works — and what decades of building these programs from scratch at community banks, credit unions, and large financial institutions taught him about where they consistently go wrong.
In this episode, you will learn
-
How did Michael Carpenter get his start in third-party risk management?02:30How did Michael Carpenter get his start in third-party risk management?
-
Why do vendor management programs that pass exams still fail when it matters?04:10Why do vendor management programs that pass exams still fail when it matters?
-
What does it mean to treat your vendors as an operating model, not a risk list?09:50What does it mean to treat your vendors as an operating model, not a risk list?
-
What is the closed fist framework for connecting strategic goals to vendor risk?15:00What is the closed fist framework for connecting strategic goals to vendor risk?
-
What did military service teach Michael Carpenter about risk management and vendor oversight?18:30What did military service teach Michael Carpenter about risk management and vendor oversight?
-
How does vendor selection go wrong — and what does "defining winning before the contract" mean?24:15How does vendor selection go wrong — and what does "defining winning before the contract" mean?
-
Why does building a TPRM program around exam performance create long-term risk?30:00Why does building a TPRM program around exam performance create long-term risk?
Guests
Michael Carpenter
Michael Carpenter
Author, The Upside of Third-Party Risk Management VP of Risk Management, Ncontracts
Subscribe to the Nsight Blog
Share this
Related Episodes
COVID-19 Vendor Risk Management: Insights from the RMA

COVID-19 Vendor Risk Management: Insights from the RMA
Feb 2, 2021
Communication & Collaboration: Applying the 3 Lines Model
-1.png)
Communication & Collaboration: Applying the 3 Lines Model
Apr 13, 2021
Wealth Management Compliance: AI Governance, Vendor Risk, and the SEC and FINRA

Wealth Management Compliance: AI Governance, Vendor Risk, and the SEC and FINRA
Jun 2, 2026
