Why Third-Party Risk Demands Back-to-Basics Discipline

Video

Beyond the Tech: Why Third-Party Risk Demands Back-to-Basics Discipline

In a candid conversation at Risk Evolve, Cedric d'Albis of Rabobank dismantles the myth that technology alone can manage third-party risk. From hidden software dependencies to blind spots in supplier inventories, he reveals why mastering the basics - and knowing your full vendor stack - is more vital than ever in today’s AI-driven world.

May 14, 2025

Ellie Dowsett, Growth Marketing Manager, CeFPro

Cedric D'albis, Chief Auditor Innovation and Technology, Rabobank

Tags: Vendor and Third Party Risk

The views and opinions expressed in this content are those of the thought leader as an individual and are not attributed to CeFPro or any other organization

In this insightful interview at Risk Evolve, Cedric d'Albis, Chief Auditor for Innovation and Technology at Rabobank, discusses the growing complexity of supply chains and the crucial importance of maintaining strong foundational controls in third-party risk management.

Dalbis warns that as digital ecosystems become more intricate, organizations often overlook the basics, such as maintaining an accurate inventory of third-, fourth-, and fifth-party suppliers, which is essential before introducing advanced risk technologies.

He advocates for a pragmatic approach where technology like AI and advanced analytics are used not as a silver bullet, but as tools to enhance existing, well-structured processes.

With the increase in cyber threats, especially through third-party vectors, Dalbis emphasizes the necessity of sound internal security hygiene and scenario planning that factors in supplier failures. Ultimately, he urges financial institutions to stop chasing tech fads and start with the fundamentals—good governance, transparency, and continuous vendor engagement.

Ellie Dowsett Bio

Biography coming soon

Cedric D'albis Bio

Cédric is the Chief Auditor for Innovation and Technology at Rabobank. Cédric started his career as a developer for derivatives trading desks in New York and London, he then worked as a Security Architect for the leading web hosting company and spend 10 years at PwC advising Financial Services Companies on Risks and Controls related to trading and technology, he then became Head of Group Technology Audit at HSBC. Cédric developed the fist UK-based pooled audit of a cloud service provider for a professional services firm and has testified as an expert witness for a court case brought under the Computer Misuse Act Cédric is a Certified Information Security Auditor (CISA), has a BA in Economics from the University of Chicago and a Masters in International Management from Thunderbird School of Global Management.