Managing Third-Party Risk at Scale Without Drowning in Surveys - with Carey Smith

Managing third-party risk at scale requires a fundamental shift from static, survey-based compliance to continuous, automated monitoring. Carey Smith, Chief Technology Innovation Officer of Blue Cross and Blue Shield of Minnesota, argues that traditional annual questionnaires fail to provide visibility across thousands of suppliers, leaving organizations "insight-poor" and vulnerable to cascading risks from unknown lower-tier vendors. Effective risk management utilizes AI to ingest real-time threat feeds and prioritize material risks based on their impact on revenue and operations. To avoid the "black box" problem, AI-driven risk scoring must remain deterministic and traceable, ensuring human oversight focuses on strategic decisions rather than administrative tasks. Building true ecosystem resilience involves codifying automated playbooks that trigger instant remediation—such as contract reviews or alternate supplier activation—the moment a vulnerability is detected, transforming risk identification into proactive action.