Become a Creator today!Start creating today - Share your story with the world!
Start for free
00:00:00
00:00:01
#6: Charmi Patel image

#6: Charmi Patel

Transformation Stories
Avatar
75 Plays4 months ago

IDB NY's Charmi Patel sits down with David Stanton to discuss her career and personal transformations, and the role AI will have on 3rd party vendor management in the near future. 

Transcript

Introduction to Transformation Stories

00:00:00
Speaker
This is Transformation Stories, a podcast from Atlas Systems, exploring how companies are leaping into the future through deliberate change and innovation. In today's digital landscape, businesses face a choice to transform or risk falling behind.
00:00:18
Speaker
Here the insights of visionaries and changemakers were driving transformation across various industries and roles. They'll share their experiences, strategies, and the most potent opportunities for success. Join us as we uncover the secrets of transformation.

Meet Charmy Patel

00:00:38
Speaker
Charmy Patel is head of vendor risk management at Israel Discount Bank of New York, or ITBNY. She oversees risk and operational efficiencies of the bank's entire portfolio of vendors and all the process and procedures entailed in vendor risk management.
00:00:56
Speaker
Patel has a proven track record of implementing innovative and comprehensive vendor risk management programs, began her vendor risk management career at Millennium Management LLC, then transitioned to Federal Reserve Bank of New York. Patel holds a master's degree in IT project management from Webster University, Florida.
00:01:21
Speaker
Ashami Patel, it's great to welcome you to Transformation Stories. I want to thank you for taking the time to talk to us today. Thank you. It's my pleasure. I want to start off by talking about a little bit about your personal journey. So, you know, our theme is Transformation Stories. And so I'd like to sort of understand what your personal transformation has been like. Do you feel like you've gone through any transformations in terms of your career, for example?
00:01:50
Speaker
Sure. So I'll start with how I started my career in finance industries in New York City. It's the right when the pandemic introduced to the world. In December 2020, when I started my career as a vendor management analyst at Millennium Management. And the reason why I moved from Florida to all the way to New York, it's because I was getting married.
00:02:15
Speaker
So there was already a change that I was preparing myself. It was a huge change in my life. And then all of a sudden pandemic introduced into the world and that's changed the whole perspective of people's looking at their life and then the other certain things has been changed.

Career Shift and Personal Growth

00:02:34
Speaker
The more I would say it, the pandemic accelerated a trend to our
00:02:41
Speaker
more digitalization instead of like in person like or less reliance on in person and the finance industry is the one who was undergoing a massive shift driven by technological advancement or the regulation compliance pressure cyber security and on that same side
00:03:02
Speaker
I was also undergoing an aggressive shift, embracing, nurturing the new relation that I have added to my life. And the only thing I was able to succeed in my personal and in my professional life is just because the great family, the great employer I had at that time, the work-life balance,
00:03:27
Speaker
Also, I believed in myself, the confidence I had. And then again, the vendor management, vendor management is all about the, it's nothing about the rocket science. It's all about the collaborating with other people, risk management, project management, something that I would love to do.
00:03:46
Speaker
And this is what I have been dreaming since I was teenage or in the middle school that I wanted to manage the projects. I wanted to analyze the risks. So the way or the few things that helped me to drive this shift, it's the work that I used to love and
00:04:08
Speaker
That's the way I drive the transformation, the first small transformation, I would say, but then the major transformation after being married and then from the promoted of not just being analyst.

Keys to Success in Transformation

00:04:24
Speaker
to a head of vendor management team happened in august 2022 and at that time i was almost eight months pregnant i was expecting a baby another milestone in my personal life and in the professional life so i believe that.
00:04:42
Speaker
I mean, and at that time I was kind of inexperienced how to manage and how to succeed at your both personal and the professional life because it wasn't the first time, of course. And again, I believed in myself. I know what I was going to do. And when I was tasked with heading or laying down the framework for scalable modern third party risk management program, and again,
00:05:12
Speaker
I was fortunate enough that at my professional life, I was working with such a great leaders who helped me in every step of my journey. And that's where I'm here. And same thing at my personal life, I couldn't have done whatever I have without my family. So I believe that there are change that I've been victim enough in like last four years.
00:05:41
Speaker
And there were a lot of lessons learned, the ups and downs that I have seen, specifically in this TPRM organization. So support and teamwork are really, really crucial to managing transformation and making it happen.
00:05:57
Speaker
Yes. Excellence, the team management, the collaboration, leadership, that all helps to support the transformation, the change management, the leadership's value insights to our TPRM program that helps, that ease the pain or the journey to our transformation.

Pandemic's Impact on Finance

00:06:20
Speaker
And
00:06:21
Speaker
Like i said after the pandemic the financial industries and not only that we didn't the financial industries i would really focus on the tpm there's there's lots of what there's lots of things going on in tpm and.
00:06:37
Speaker
On one hand, you have boards, regulators, auditors, who's pressuring you to build a scalable, robust risk management program. On that same site, you have businesses who started outsourcing more than ever before to provide the top customer services. And not only that, there are cyber criminals who gets better and better
00:07:05
Speaker
in their technologies as well. So increasing cyber risk and somewhere attacks are still there. And it's even double than the previous years. And then the fourth pillar is like technology advancement that's happening across the globe, not even just the finance industry or the TPRM industry. So there's just a lot to focus on at the same time on TPRM. How do you feel that
00:07:34
Speaker
TPRM professionals like yourself have adapted to all of these new threats, all of these new things they have to think about. I would say it really depends on each and every organization. How I did is developed a risk-based approach, and that's what all the Interagency Guidance is about. It has some sort of flexibility,
00:08:00
Speaker
by using the risk-based approach, and you can really focus on your tier one, tier two, which are critical high-risk vendors for the organization, developing centralized or standardized due diligence process, ongoing monitoring activities that
00:08:20
Speaker
Those are the things that can help us to overcome with the regulatory auditor challenges. I would say the shift that I have seen personally that even other peers have made is
00:08:36
Speaker
going from an attestation-based testing to an evidence-based testing, where you can really go into your vendor's third-party service provider's network, their organization, and see how safe and sound that they're working, or what their practices are. Because industry, at the end, compliance means it's just the stock reports.
00:09:05
Speaker
day by day, the financial industries are heavily depend on third party service provider for their critical services. And I really think that at that point, the shift from attestation-based testing to an evidence-based testing was required. And vendor was even supportive to our audits and our testing period. So that's how
00:09:31
Speaker
I think that I have survived all of the challenges. So you feel the vendors have also kind of stepped up to help with the transformation? They are and again it depends on the type of vendor you're working with because I like to acknowledge here that there are vendors who wield significant market power and they still do not entertain your
00:09:56
Speaker
this will do not entertain your due diligence process. And at that time, believe me or not, but finance industry had made that hard decisions because technology advancements are way better than it was like 10 years, 20 years before. So there is competition. You can get a better price, better service level experience from many other vendors that you do not have to use
00:10:24
Speaker
that significant market holding vendors. And that's what drives them to be more supportive and initiate our auditing period with them.

AI in Vendor Risk Management

00:10:36
Speaker
What role do you think AI is taking or will take in all of this work that you're doing in sort of adapting to the threats and sort of taking things to a new level? So, AI.
00:10:52
Speaker
It's there. It's spreading. It's spreading. There is noise. There's too much noise around AI. And it's future, definitely. But I have some pros and cons regarding the AI. It's my own due diligence regarding the AI.
00:11:11
Speaker
I have seen a lot of demos. I have attended a lot of conferences, seminars, where how AI can help streamline the third party risk management programs. And the first most thing that a lot of industry leaders are attracting or even excited to start using AI is because to believe it or not, the TBRM teams are always under stuff.
00:11:38
Speaker
doesn't matter if it's in my organization or any other organization in the world. And that's when AI can help us fast-track our due diligence, onboarding, ongoing monitoring processes. And AI has all of that capabilities, which is called like generative AI models. The only thing that gives me wrinkle, AI gives wrinkle to TPRM. And then the reason, because these are,
00:12:07
Speaker
data handle, these are like data model. You have to feed data to these models in order to, so it's depend on what you put it in there, that's what you get out of it. It's really the garbage in, garbage out kind of mechanism here. So you really have to focus on what data you're putting in.
00:12:28
Speaker
And before we even start using AI, organizations still have to figure it out or build a safe and sound data governance practices. They still have to tighten up their internal controls, which AI cannot help you there. So
00:12:49
Speaker
AI is there for organizations to use, according to me. However, organization has still homework to finish, which is the data management, data governance. However, the low-hanging fruit, if I really want to talk about regarding the AI, is the data intelligence tool.
00:13:11
Speaker
that we all use in our current life. It's for the ongoing monitoring results. That is driven by AI or the machine learning or some sort of mechanism back behind the scene that I have seen that most of the organization use like Black Kite, Security Square Garden. There are tons of investments in AI right now in AI technologies that I cannot even name. There are lots of new startups and
00:13:40
Speaker
AI is, like I said, I accept the AI as a future, but for us, the regulated industry, I really don't want to be the first one to start using AI. I really want to wait for the regulation to come up regarding the best practices to manage AI risk. And you also, I guess, have to really understand how your vendors are using AI, right? That's really a crucial part of it.
00:14:11
Speaker
That's the one of the part that I think at least I have updated my due diligence where we started including AI risk. First of all, we have to even identify the inventory, how many vendors or even their fourth parties, fifth parties up to the end parties uses AI.
00:14:33
Speaker
And that's really the extra work, unpredictable work that TPRM is undergoing with right now. So figuring out vendors or their vendors using AI, the data that our vendors is providing to their vendors. So it's really becoming the monitoring of your end party, the whole supply ecosystem.
00:14:58
Speaker
And that's where these tools, data intelligence tools, can help us. Because, again, as I mentioned, there is so much going on in TPRM, like regulators pressure, the business started outsourcing more than ever before, the new cyber risk ransomware, lots of new technology advancements.
00:15:22
Speaker
And then the major thing that we cannot ever forget is the natural disasters, the natural events that is the wars going across the world, which is not in our control. And it can, it doesn't matter where your vendor is operating from, but we really have to see where my vendor's vendors are operating from. That's all like the geopolitical risk, the ESG risk. This is all becoming the
00:15:52
Speaker
crucial part of the supply ecosystem, which it was not before the five years when I started my career. And so even in the past five years, I mean, you've
00:16:04
Speaker
had to manage and adapt to a huge amount of transformation. I mean, it sounds like the distance is completely different. There is. Every single year, every single month passing by in this TPRM, I would say every single month brings some sort of change here. And let me start how, when I started my journey as a vendor management analyst, we just had one single GRC tool supported like, I would say like it's the,
00:16:34
Speaker
they were just having the inventory of all the vendors. Other than that, everything was manual. Contacting vendor, reviewing vendors, their supporting documents, analyzing SOC reports, they all were manual. I still remember the days when I was in a meeting with the leaders and I was open up the Excel file to see where each and every vendor is, like which stage in onboarding they are. Nowadays,
00:17:01
Speaker
you have not only the GRC tool, now you have tool build just to support the whole TPRM life cycle. That includes from like building RFP to pay the payments. And I have seen the growing companies in last five years
00:17:20
Speaker
When I started my career, I had hardly 70 to 80 vendors in the market. And many of those were just giving you the GRC tool. And then the vendor management was just little small part of it. Nowadays, companies who can support the vendor onboarding, vendor ongoing monitoring,
00:17:40
Speaker
contract management, procured to pay. You have more than thousands, that number in thousands. And I have seen that shift and everyone knows that how important it is for companies to manage their third-party risk. And that's why there's lots of investments coming in into this industry, in TPRM industry.
00:18:07
Speaker
So if you think about the future, whether it's the next five years or 10 years, apart from AI, we talked about AI, or maybe including AI, how do you see or what kind of change do you think you need to lean into?

Future of AI and TPRM

00:18:22
Speaker
What sort of transformation opportunities are there right now to shape the next five years, for example? So like I said, AI gives wrinkles to TPRM.
00:18:37
Speaker
I wanna, let me tell you what my fear is in upcoming year is whatever the TPRM models technologies are, those all vendors started putting AI covered on top of their tool. And my fear is in upcoming years, there will be struggle or enhancements in AI technologies
00:19:07
Speaker
and then the risk of vendors, the TPRM purpose, then lost somewhere. I think the race would be, the competition would be, how efficient you can make your AI tool to communicate to the different AI tool. That's where all the struggle, all the investments research going on. And then the real risk, the real focus, the TPRM should left behind.
00:19:37
Speaker
So that's kind of my fear that that's what I think I'm anticipating because not every organization is the same system. So communicating between two systems, reviewing different reports generated by different systems, it's as important
00:19:58
Speaker
as managing the risk with the vendor. Otherwise, that's still gonna take the time in onboarding and due diligence process that AI promised that they can frustrate those processes. So I think that that's where the industry is gonna go. And on the brighter side, what I can see is hopefully we can onboard a vendor in a week rather than six months.
00:20:27
Speaker
Hopefully, the procurement manager doesn't have to write all 200 questions in their RFP on their own, or at the end, you still realize that, oh, we forgot to ask this question. So hopefully, AI can help automate the RFP process, risk analysis, something that I'm still not satisfied with the current risk management techniques,
00:20:53
Speaker
is correlating the dots. So what if you review the SOC report? So what if you review the SIG report? What about the risk elevation notices you receive from your data intelligence tool? A human with very short staff?
00:21:10
Speaker
We cannot correlate this dot at this point. And that's the weakness. Like, we all say, like, I did with SOC, I did with C, I did with Pentast. I'm monitoring my vendors on XYZ platform. But we're not able to correlate all of these dots and develop the whole picture of the vendor. I'm very optimistic that AI would help us with this.
00:21:42
Speaker
So that's the brighter side of the AI there. Sure. I was just wondering, thinking about the skills that you use and that you have used to manage all this transformation and really have a positive outcome, if you were going to say, what are the skills that you have that have become most valuable in doing your job in managing
00:22:10
Speaker
everything that you have to manage. Is there anything that sort of comes to mind? Sure. So, uh, I've been, let me tell you, I've been fortunate enough to have a great leaders and not just the managers throughout my career in TPRM. And they were giving me each and every opportunities where I can showcase my ideas, how differently
00:22:37
Speaker
I can do things that has been running in for some organizations for the last 20 years. And that perspective, I am the one who, I wanted to be loud and clear. I'm the always one who raised my voice. If something's going different or if something's taking too long, it was just watering me. So I am the one who just not complain,
00:23:03
Speaker
I always go to my leaders with the issue and the possible way to solve it. So that's kind of the due diligence skill, the analyze skill that I had lead me to this role that I am in. Plus, I've been my couple of my leaders in my past life always tell me that I'm go-to person. I always like to call people and I always like to hear their perspective.
00:23:32
Speaker
When I started my career in TPRM, I did not know anything about vendor management. I was a procurement analyst before there in Florida. And I don't know compliance. I don't know the regulations. I don't know SOC reports. I didn't know anything about the auditors. But
00:23:49
Speaker
I always, all I know is this isn't the rocket science. It's all about the project management. It's all about managing my day, managing my task, communication, collaboration. And I was ready to roll up my sleeve and work. And my goal to expedite, to streamline the vendor onboarding, that kind of helped me here. And
00:24:18
Speaker
I was taking each and every opportunity came to my door. Doesn't matter if it is relevant to the vendor management or if it is a procurement or even if it is accounting. I take everything. I'm like, okay, I think I can do this. I think I can do this. And I have seen that. I have seen it generally across the board, not only to stay in corporate world, but nowadays
00:24:43
Speaker
When you talk, and let me tell the funny story before I go in there, my personal, so I always tell my husband that if it is, if this doesn't scare you, then you're not in the right direction. That's crazy how my plans were from day one.
00:25:00
Speaker
Like my plans are, people like, especially my parents always think that she's crazy. She has lost her mind. That's exactly what my, my husband used to think. Like, I don't know how you would do that. I'm like, look, if this doesn't give you like enough, like anxiety, then I don't think you are on the right path. And that's how, so sometimes my leader is like, I don't think you will be able to manage these.
00:25:25
Speaker
I'm like, let me try. So that's positive attitude towards every single thing. And then the self-confidence and believing in myself that I can do this. That's what leads me to where I am.

Conclusion: Embrace Change

00:25:42
Speaker
Well, Shami, it's been really awesome talking to you. I really appreciate your insights and your sharing your journey with us. Thank you so much. No problem, David. I just wanted to have a one-shot disclaimer here that
00:25:55
Speaker
Whatever I have said during this conversation, it's expressed my personal view and not that of my current employer. Sure. Understood. Well, thank you again, Sharmi. We really appreciate it. No problem, Devi. Thank you for having me here.
00:26:12
Speaker
And that's a wrap on today's episode of Transformation Stories. If you found this episode as enlightening as we did, be sure to subscribe, rate, and leave a review. Your feedback fuels our mission to bring you more thought-provoking conversations. As we conclude today's journey, remember that transformation is within reach for every business, and it starts with deliberate choices. Keep pushing boundaries, seeking new opportunities, and embracing change.
00:26:40
Speaker
Until next time, this is Transformation Stories.