Managing Third-Party Risk in a Complex Regulatory Environment

On Demand Course

Instructor: Kay Toscano, Kathy Tomasofsky, Leonardo Pinzon Echeverry

Duration: 1 HR

What You'll Learn

In today’s interconnected financial ecosystem, third-party relationships are no longer just operational they are a critical extension of your risk profile. From fintech partnerships and cloud service providers to offshore operations and AI-driven vendors, organizations face increasing regulatory scrutiny and heightened expectations around third-party risk management (TPRM). This course will provide a practical, regulator-informed perspective on how to design, assess, and strengthen your third-party risk framework. Drawing from real-world regulatory expectations (e.g., OCC, FRB, FDIC, NYDFS) and industry best practices, we will explore how to move beyond “check-the-box” vendor management toward a proactive, risk-based approach that enhances governance, accountability, and resilience. Attendees will gain actionable insights into risk tiering, due diligence, ongoing monitoring, and governance structures along with strategies to align third-party risk programs with broader enterprise risk and compliance objectives.

Topics covered in this course

Regulatory Expectations & Common Gaps
Building a Risk-Based TPRM Framework
Ongoing Monitoring & Governance
Practical Applications & Key Takeaways

*This course does NOT qualify, nor meet the National Standard for NASBA accreditation.

About the Author:

Kay Toscano, Kathy Tomasofsky, Leonardo Pinzon Echeverry

Kay Toscano, CRCM, CAFP, is a Senior Director at Ankura and a compliance, risk management, and audit professional with more than 30 years of experience supporting financial services institutions and fintechs. She advises organizations on designing and strengthening Third-Party Risk Management (TPRM) and vendor oversight programs across the third-party lifecycle, including risk tiering and due diligence, contract governance, ongoing monitoring, issue remediation, and audit/exam readiness. Her work spans banking and payments risk and remediation, outsourced CMS/GRC program administration, ACH and payments reviews, BSA/AML/OFAC independent audits, model validation, CRA and fair lending assessments, and regulatory/consumer compliance audit and monitoring. Kay has supported payment service provider clients by building governance, recordkeeping, incident response, and control testing approaches aligned to financial regulator expectations, including the Bank of Canada under the RPAA. In this webinar, Kay will share practical, regulator-informed approaches to operationalizing TPRM in complex, fast-evolving third-party ecosystems.

Kathy Tomasofsky is the Executive Director of the Money Services Business Association (MSBA), a national trade association focused on money transmission payments and products. The association was launched in October 2015 as a voice for the Money Service Businesses with a focus on licensed entities. In her role as Executive Director, she provides Strategic guidance to the Board and works closely with State and Federal Regulators on behalf of the membership. She is an experienced management and operations professional with more than 30 years’ experience in Insurance and Financial Services. Ms. Tomasofsky has held various senior management level positions at the Network Branded Prepaid Card Association, USF&G Insurance and First National Bank of Maryland and was an Advisory Board Member to the IAFCI. Ms. Tomasofsky earned an MS in Management Information Systems from the University of Baltimore and a BA in Business Administration from Loyola College in Maryland. She holds an MAT degree from Fairleigh Dickinson College, in New Jersey and has certifications in Project Management and Insurance.

Leonardo Pinzon Echeverry, CAMS, CMC a Senior Director, Risk Advisory at Ankura, is a Compliance and risk management professional with over 17 years of experience steering AML/CTF complex regulatory frameworks, examinations, Licensing and compliance strategies within the financial services, Money service business, BaaS, and Fintech across the Americas, serving LATAM, the Caribbean, Africa, and South Asia markets. During his career, Leonardo focused his experience on leading state examinations, Internal audits, risk assessments for products and services, managing consent order remediations, and law enforcement investigations. He built his career in compliance and risk management teams, focusing on Fraud prevention, Global sanctions, Agent oversight, Consumer protection, and Financial Intelligence. Leonardo, former CCO, led cross-functional teams and operations across multicultural jurisdictions in global operations. His contributions have improved state rates for licensed institutions, internal control systems, Data Protection, Governance, and criminal investigations. Leonardo obtained his master’s in management (MCM) from the European Business School (“CAMS”), Certified Anti-money Laundering Specialist, and is a member of the Money Service Business Association (MSBA).

On-Demand Course