In this episode of The Third Party Risk Institute Podcast, we sit down with David Dunn, Chief Risk Officer at FIS, to explore what it takes to manage third party risk at a global fintech that serves as a systemically significant service provider to thousands of banks worldwide.

With 30+ years of experience leading risk and audit functions across top financial institutions, including Bank of America, PNC, and Truist, David shares a behind-the-scenes view of how to build resilient risk programs, navigate regulatory expectations like interagency guidance and DORA, and align innovation with a strong risk appetite.

Whether you’re leading a TPRM program in a regulated industry or working with critical vendors, this episode will help you rethink how to scale your program without losing sight of risk ownership, performance, and resilience.

What we cover in this episode:
• The role of fintechs in global financial infrastructure and the regulatory pressure they face
• Why outsourcing services doesn’t mean outsourcing risk
• How FIS manages concentration risk, critical dependencies, and long-tail events
• What it means to be a "systemically significant service provider" under regulatory scrutiny
• Leveraging AI for internal security and innovation in product development
• Risk appetite: balancing innovation with a conservative approach to risk-taking
• The growing importance of managing nth party (4th, 5th+) risks
• How to operationalize interagency guidance and DORA within large-scale risk programs. And a lot more.

You’ll walk away with practical guidance on:
• Applying interagency guidance and DORA to third-party risk
• Designing scalable vendor management frameworks
• Integrating AI into risk management and product design responsibly
• Managing concentration and systemic risk with contingency planning
• Building RCSAs that extend beyond surface-level checks
• Identifying and assessing material fourth parties tied to core operations
• Reinforcing your Three Lines of Defence with accountability and clarity
• Optimizing SOC reports for assurance, not just compliance
• Structuring SLAs that are strategic and useful
• Improving relationship oversight and vendor offboarding processes
• Communicating risk clearly to internal stakeholders and executive leadership

This episode is perfect for:
• Chief Risk Officers (CROs)
• Risk and Audit Leaders
• Procurement and Third-Party Program Managers
• Compliance and Governance Professionals
• CISOs and Information Security Executives
• Business Resilience and Operational Risk Managers
• Anyone working with critical vendors in finance, fintech, or tech

🎧 Enjoying the podcast?
Explore more resources, expert insights, and certification programs at www.thirdpartyriskinstitute.com

📱 Follow us on LinkedIn for real-world conversations and industry trends: Third Party Risk Institute Ltd.

📬 Have a question or topic you'd like us to cover?
Email us at: info@thirdpartyriskinstitute.com