AI Contracting Is Broken and Andrew Moyad Has a Better Way

Event Q&A

How Legacy Risk Practices Are Breaking Under AI Pressure

Andrew Moyad, CEO of Shared Assessments, exposes the flaws in current AI contracting practices for third-party risk. He argues traditional frameworks are dangerously outdated for today’s rapidly evolving AI systems. Financial institutions must move beyond checklist-style diligence and adopt contextual, risk-based approaches that align with both operational reality and ethical standards.

Jul 16, 2025

Andrew Moyad, Chief Executive Officer, Shared Assessments

Tags: Vendor and Third Party Risk AI and Technology (including Fintech)

How Legacy Risk Practices Are Breaking Under AI Pressure

The views and opinions expressed in this content are those of the thought leader as an individual and are not attributed to CeFPro or any other organization

Andrew Moyad doesn’t hold back - AI is breaking traditional risk management models, and financial services need a total mindset shift.

In a world where AI evolves in real-time and decisions are increasingly delegated to automated systems, conventional contract clauses and long-form diligence templates are not just inadequate—they’re counterproductive. Moyad warns that blindly applying boilerplate cyber clauses to AI vendors creates negotiation gridlock and fails to reflect actual risk.

Instead, he calls for a smarter, layered approach rooted in strategic understanding. Not all AI is the same, and not every vendor deserves the same scrutiny. Financial institutions must start by asking: Is this actually AI? and How is it being used? - before jumping into contracts. Moyad emphasizes collaboration across legal, procurement, cyber, and business teams to develop agile playbooks. And he raises a rarely discussed point: resilience.

As AI becomes core to operations, the ability to recover from vendor failure isn’t just good practice - it’s existential. From model clauses to ethical oversight, this session is a wake-up call for the future of AI risk governance in finance.

Andrew Moyad Bio

Andrew Moyad is the Chief Executive Officer of Shared Assessments. Andrew is an accomplished leader and trailblazer in third party risk management. As a practitioner and a senior risk management executive he has driven a culture of accountability and diligence in safeguarding information. Andrew has more than 25 years in risk management and information security. He has contributed greatly to the transformation and advancement of risk management as a strategic function that intersects with and helps guide all aspects of organizations. Most recently Andrew served as Senior Vice President Vendor Risk Management at Blackstone where he led a team of risk professionals responsible for overseeing all phases of the vendor lifecycle at the firm including risk assessments control diligence contract reviews financial checks performance monitoring issue tracking and management reporting. Prior to Blackstone he served as a director and global head of vendor risk management and BlackRock and Senior Vice President for Citigroup where he was a Business Information Security Officer in Global Fixed Income and led third party risk assessments for several years. Andrew holds a Bachelor of Arts Degree in Natural Sciences from Harvard University and a Master of Science Degree in Information Systems from the Stevens Institute of Technology.