Scaling Third-Party Risk Management: When Frameworks Fail and Why

Event Q&A

The Third-Party Strain No One Plans For

Justin Van Beek shares the real-world breaking points in third-party risk frameworks and why scaling requires more than just onboarding and automation.

May 06, 2025

Justin Van Beek, Head of Professional Practises, Community Bank, N.A.

Tags: Vendor and Third Party Risk

The views and opinions expressed in this content are those of the thought leader as an individual and are not attributed to CeFPro or any other organization

In this deep-dive interview, Justin Van Beek draws from two decades of experience in financial services to unpack the evolution—and frequent breakdown—of third-party risk management (TPRM) programs as organizations grow.

He reflects on his work across several financial institutions where he helped build, implement, and mature TPRM frameworks, and outlines the challenges that arise when volume outpaces early design decisions.

Van Beek describes how many organizations take an iterative approach, building a minimum viable product (MVP) version of TPRM to get off the ground. However, cracks begin to show as businesses hit data volume thresholds, leading to unforeseen liabilities and operational strain.

He shares a striking example where a managed services provider couldn't keep pace with scale, forcing the institution to absorb risk and stand up additional support far earlier than planned.

He also explores how misalignment between internal stakeholders and risk teams creates friction, especially when the latter becomes overly focused on risk documentation rather than enabling informed decision-making.

The solution, Van Beek argues, lies in creating “self-service” risk intelligence—giving business units the tools and visibility they need to engage third parties responsibly.

Finally, he emphasizes that while onboarding gets a lot of attention, legacy vendors and post-contract monitoring often become blind spots.

Automation and GRC platforms can help—but only if data feeds are integrated, contextualized, and kept alive long after the contract is signed.

Justin Van Beek Bio

I've helped financial service and fintech organizations build resilient risk cultures, balanced by both prevention and self-correction and driven by a deep commitment to enable their mission. In risk assurance leadership roles across the US, I've helped architect, and implement practical program frameworks that identify opportunities, manage risks, exercise internal control, and link risk and performance metrics to help orgs navigate complex regulatory, strategic, and operational challenges. I have built and led highly engaged teams that apply sound risk management and assurance principles to enable strategic and organizational objectives. I've helped develop processes, people, and enabling GRC technology and tools to mature risk and audit functions of financial service organizations subject to enhanced prudential standards and organizations with unique, singular risk profiles. I’ve enabled Risk and Audit Committees to productively and proactively engage with management through meaningful and contextualized assurance and performance reports and updates.