Third Party Therapy Third Party Therapy - Dharminder Mehmi - Bridging the Gap: from regulation to implementation in TPRM.
Oct 6, 2025
Dharminder Mehmi, former FCA regulator turned Legal & General third-party risk lead, shares his journey from regulator to practitioner. He discusses differences between FCA and PRA approaches, regulatory frameworks like DORA and CTP, supply-chain blind spots, emerging tech risks such as AI and quantum, and practical starters for building effective TPRM programs.
AI Snips
Chapters
Transcript
Episode notes
Apply Proportionality To Regulatory Expectations
- Apply regulatory expectations proportionately based on firm size and complexity.
- Large banks and insurers are held to market-leading standards while smaller firms receive scaled expectations under the same rules.
Regulators Use Specialist Experts For Complex Topics
- Supervisory teams use sector specialists and specialist divisions for topics like technology resilience and cyber.
- Dharminder notes specialists are parachuted into teams to assess complex programmes across firms.
Align TPRM To The Full Third Party Lifecycle
- Treat PRA guidance as prescriptive and align TPRM to the full lifecycle: plan, select, contract, onboard, manage, monitor, exit.
- Apply the same rigor to material non-outsourcing arrangements despite definitional debates.