In this episode of The Third Party Risk Institute Podcast, we sit down with Matthew Moore, Director of Operational Risk at Barclays Bank in New York, to explore the complexities of third-party risk management beyond traditional vendor oversight. With more than two decades of global experience in operational risk across investment banking and capital markets, Matthew offers a rare insider’s view on managing systemic dependencies, non-vendor third parties, and regulatory expectations.

Drawing on his role overseeing operational risk for Barclays’ U.S. markets, Matthew explains why financial market infrastructures (FMIs), clearinghouses, and mandated service providers represent some of the most critical and misunderstood third-party relationships. He highlights how a principles-based approach to risk, coupled with resilience planning, is essential to protecting organizations when concentration risks and outages occur.

What we cover in this episode:
• The difference between vendor vs. non-vendor third parties and why both require tailored oversight
• How CCPs, FMIs, and exchanges create systemic dependencies for banks and other financial institutions
• The challenges of applying traditional due diligence when third parties set the rulebook, not the bank
• The role of scenario analysis and resilience playbooks in addressing outages and concentration risk
• Global regulatory expectations, from U.S. Interagency Guidance to UK PRA outsourcing rules to EU DORA
• Why operational risk teams must balance independence with collaboration to drive better business outcomes

You’ll walk away with practical guidance on:
• Designing third-party frameworks that flex between vendor and non-vendor relationships
• Building resilience through updated playbooks, outage planning, and scenario exercises
• Using industry forums, governance committees, and public disclosures to bridge information gaps
• Creating transparency in risk reporting, escalation, and board-level decision making
• Recognizing when concentration risks demand alternative providers, and when they don’t exist

This episode is perfect for:
• CROs, Heads of Operational Risk, and Risk Managers in banking and financial services
• Third-Party Risk, Procurement, and Vendor Management Leaders
• Compliance, Audit, and Governance Professionals facing regulatory scrutiny
• Anyone looking to understand how operational resilience and systemic dependencies intersect with third-party risk

🎧 Enjoying the podcast?
Explore more resources, expert insights, and certification programs at www.thirdpartyriskinstitute.com

📱 Follow us on LinkedIn for real-world conversations and industry trends: Third Party Risk Institute Ltd.

📬 Have a question or topic you'd like us to cover?
Email us at: info@thirdpartyriskinstitute.com