DORA 2026: Exposing Critical Gaps in Financial Third-Party Risk Management (TPRM) episode artwork

EPISODE · Dec 17, 2025 · 15 MIN

DORA 2026: Exposing Critical Gaps in Financial Third-Party Risk Management (TPRM)

from The Third Party Risk Institute Podcast · host Linda Tuck Chapman

In this in-depth episode of The Third Party Risk Institute Podcast, we take a hard look at how the Digital Operational Resilience Act (DORA) is fundamentally changing expectations for third-party risk, cybersecurity, procurement, compliance, and governance teams.Rather than treating DORA as another regulatory checkbox, this episode focuses on what DORA will expose inside most third-party risk management programs including gaps that many organizations are not yet prepared to defend during regulatory inspections.This conversation goes beyond regulatory summaries. We break down the organizational, operational, and technical impact of DORA, and explain why many existing TPRM programs will struggle to meet the “prove it” resilience standard regulators are now enforcing.Together, we unpack:• Why DORA is not just an ICT regulation, but a resilience mandate• How third-party risk programs are being stress-tested for the first time• Where vendor oversight, incident response, and exit strategies fall short• Why policies alone will no longer satisfy regulators• How real third-party failures explain why DORA existsWe also examine real-world third-party incidents and outages to show how concentration risk, fourth-party exposure, and untested recovery assumptions can quickly become systemic failures.What We Cover in This Episode• What DORA will expose in most third-party risk management programs• Why operational resilience is replacing checkbox compliance• How DORA reshapes expectations for vendor oversight and governance• The most common gaps in third-party risk, incident response, and resilience testing• Why dependency mapping and critical service identification are failing points• How vendor concentration and fourth-party risk are coming under scrutiny• What regulators expect organizations to prove, not just document • Why exit strategies and substitutability matter more than ever • Lessons from real-world third-party outages and cyber incidents • How organizations should prepare for DORA inspections and auditsThis Episode Is Essential For:• Chief Risk Officers (CROs) and Operational Resilience Leaders• Third-Party Risk and Vendor Risk Management Professionals• Cybersecurity and ICT Risk Teams• Procurement and Strategic Sourcing Leaders• Compliance and Governance Professionals• Executives accountable for regulatory readiness and resilienceIf your intrested in learning about DORA and getting certified check out our upcoming live class: https://thirdpartyriskinstitute.com/dora/🎧 Enjoying the podcast? Explore more resources, expert insights, and certification programs at www.thirdpartyriskinstitute.com📱 Follow us on LinkedIn for real-world conversations and industry trends: Third Party Risk Institute Ltd.📬 Have a question or topic you'd like us to cover? Email us at: [email protected]

In this in-depth episode of The Third Party Risk Institute Podcast, we take a hard look at how the Digital Operational Resilience Act (DORA) is fundamentally changing expectations for third-party risk, cybersecurity, procurement, compliance, and governance teams. Rather than treating DORA as another regulatory checkbox, this episode focuses on what DORA will expose inside most third-party risk management programs including gaps that many organizations are not yet prepared to defend during reg...

NOW PLAYING

DORA 2026: Exposing Critical Gaps in Financial Third-Party Risk Management (TPRM)

0:00 15:51

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

Big Old Life: Heather Blackbird interviews people on planet earth. Heather Blackbird loves asking questions. This podcast is a learning experience. Join me, Heather Blackbird, as I talk to people about their lives. Frequency of new episodes is a little all over the place and I'm learning as I go. Big Old Life is a small way of talking about the vastness of life, one person at a time. If you are reading this or found this podcast it's probably because someone you know gave you a link to it. :) Explicit Tales Of A Superstar DJ The Insomniac Spun seemingly out of nowhere from her complacent life in the corporate world, turned seemingly overnight from 16-Hour shift work and into the life of a literally starving artist and working musician, The Protagonist navigates her supposed rise to fame and superstardom on a journey through spiritual awakening, coming-of-age, and intimate self-realization--guided by an omnipresent force and equipped with the power of love, magic, and music. {Enter The Multiverse.} [The Festival Project] The Festival Project, Inc.™ is a multidimensional multimedia platform which encompasses exploratory and artistic social personifications and expressions on cosmic theory, spirituality, growth, health & wellness, philosophy and theoretic dynamics in entertainment such as music, design, film, television, radio, dance and festival culture, art, fashion, literature, and science. The Festival Project™ and its subsidiary Non-Profit, The Collective Complex © aims to challenge modern artistic and philosop Explicit Bitcoin Is Dead Trey Carson Welcome to Bitcoin is Dead, the ultimate Bitcoin variety show where host Trey takes you on a journey through the ever-evolving world of Bitcoin. Each episode brings new personalities, fascinating locations, and insightful conversations with politicians, educators, and innovators shaping the future of Bitcoin. Whether you're a seasoned Bitcoiner or just starting your journey, tune in for thought-provoking discussions, unique perspectives, and a deep dive into the ideas and people driving the Bitcoin revolution. Explicit The Sacred +Profane Podcast nephtaragrace The Sacred + Profane Podcast is a provocative conversation dedicated to cementing a better future for all. We specialize in unpacking the nuances of what is considered sacred and profane, particularly focusing on sex, death, and all that pertains to the circle of life. Our aim in focusing on such ”taboo” subject matter is to demystify what is unconscious, bring to light what has been known for centuries as ”the occult,” and empower the rapid transformation that is occurring on the Planet. Explicit

Frequently Asked Questions

How long is this episode of The Third Party Risk Institute Podcast?

This episode is 15 minutes long.

When was this The Third Party Risk Institute Podcast episode published?

This episode was published on December 17, 2025.

What is this episode about?

In this in-depth episode of The Third Party Risk Institute Podcast, we take a hard look at how the Digital Operational Resilience Act (DORA) is fundamentally changing expectations for third-party risk, cybersecurity, procurement, compliance, and...

Can I download this The Third Party Risk Institute Podcast episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!