Vendor & Third Party Risk USA

4th Annual Vendor & Third Party Risk USA

June 4-5, 2019 | New York City

AGENDA

8:10 Registration and breakfast

8:50 Chair’s opening remarks

Dennis Frio, Managing Director, Risk Advisory Services, Grant Thornton

PANEL DISCUSSION
9:00 Managing the regulatory push for vendor and third party risk management and ensuring compliance across jurisdictions

• Looking holistically across jurisdictions
• Complexity of complying with local regulators
• Prioritizing and reporting on data
• Alignment in requirements with divergence in priorities
• Lessons learnt from 2018 horizontal review
• Regulatory pressure and expectations moving forward

James McPherson, Director, Credit Agricole CIB
John Gilbride, ED, Head of Third Party Risk Management Governance and Regulatory Engagement, JP Morgan
Maureen Vance, Director, Vendor Risk Management, Deutsche Bank
Marshall Toburen, Risk Management Strategist, Risk Management Solutions, RSA

9:50 Program maturity: Oversight and due diligence across the life cycle of a third party

• Implementing standard requirements
• Integrating across the institution
• Ensuring consistent processes and methodologies

Ellen Schubert, CEO, KY3P by IHS Markit
T.R. Kane, Partner, Global Third Party Risk Leader, PwC
Douglas W. Roeder, Managing Director, Financial Services Risk & Regulatory Group, PwC
Brian Diddens, Head of Technology Risk, Senior Vice President, Northern Trust

10:25 Morning refreshment break and networking

10:55 Third-party due diligence: What does maturity look like within VLM?

• The regulatory and reputational expectations
• Aligning the operational risk goals of the organization
• Moving from tiering vendors and risks to knowing them all
• Integrating risk assessment into the lines of business seamlessly
• Ongoing risk detection made sustainable

Bill Hauserman, Senior Director, Compliance Solutions, Bureau van Dijk, A Moody’s Analytics Company

11:30 Continuous monitoring of vendor and third parties for full portfolio analysis of risks

• Funding for continual monitoring and review of vendors
• Detailed analysis to determine risk and prioritize G
• Portfolio analysis of full vendor inventory for high risk/critical vendors
• Criteria to determine vulnerability
• Holistic risk intelligence and analysis
  • Considering all risk factors
• Combining internal data with external data to gain a true picture of risk profile

Ken Wolckenhauer, VP, Vendor Management, Nordea Bank

12:05 Vendor complaints – A Cause for enforcement actions

• Customer complaint response management system
• Responsibility on financial institutions to manage complaint data
• What you need to know about vendor complaints
• Setting performance and complaints management expectations
• What to watch for with the vendor
• Improving vendor performance
• Examples of enforcement actions / a review of relevant industry news
• Managing consumer complaints

Branan Cooper, Chief Risk Officer, Venminder

12:40 Luncheon address delivered by
Jagmeet Lamba, Founder and CEO, Certa

12:50 Lunch break and luncheon roundtable discussions

2:10 Vendor risk: Due diligence, scaling, analysis, and ongoing oversight

• Common challenges for managing vendor risk
• Best practices and key mistakes in the due diligence process
• Scaling your third-party risk management program
• The importance of vendor oversight and ongoing monitoring

Marc Lotti, Partner, ACA Aponix
Jeff Rowley, Principal Consultant, ACA Aponix

2:45 A journey through the development and implementation of a robust third-party risk management program

• Challenges and lessons learned, including the impact of a technology on the end-to-end program
• Operating model and organizational design
• Guiding principles and building blocks for developing and enhancing
• TPRM programs
• Key elements of a robust program
• Use of technology and automation

Chris Monk, Managing Director, Protiviti
Kathryn Hardman, Director of Centralized Third Party Management Office, BBVA US

3:20 Afternoon refreshment break and networking

3:50 Managing contractual obligations and navigating increased use of technology

• Understanding terminology in contracts
• Ensuring effective escalation and crisis management timelines
• Control processes throughout contract negotiation
• Engaging legal at final contract review process
• Incentive compensation
  • Reputational risk implications
• Bringing issue escalation into overall reporting
• Setting out and bringing obligations, compliance and reporting into the aggregated risk process

James McPherson, Director, Credit Agricole CIB

4:25 Defining critical vendors and services: Techniques to rate criticality and effective oversight

• Business critical systems
• Business continuity for business critical systems
  • Limiting impact on customers
• Definition of critical across regulatory bodies
  • Local regulators concerned for local customers
• Determining key revenue lines and business processes
• Top down view of critical services and then identifying vendors

Courtnee Smith, Senior Director, Enterprise Supplier Management, Capital One

PANEL DISCUSSION
5:00 Aggregating reporting across multiple systems and jurisdictions for full oversight for risk reporting

• Aggregating reporting across multiple systems
• Monitoring across jurisdictions and complying locally
• Reporting minimum requirements based on global regulations
• Approaches for regional vs global institutions
• Collecting sufficient data across systems

Roxane Romulus, MBA, Director, Third Party Risk Management, Voya Financial
Jeannie Pumphrey, Director, Third-Party Risk Management, Union Bank
David Stomski, Director, Vendor Risk Management, Credit Suisse

5:50 Chair’s closing remarks

6:00 End of day one and drinks reception

DAY 2

8:10 Registration and breakfast

8:50 Chair’s opening remarks

Aravo

INTERACTIVE PANEL DISCUSSION
9:00 Integration of procurement and vendor risk management to manage risk prior to onboarding

• Defining the process: Where each sit in the process
• Shared assessments for vendor risk management to determine:
  • Onboarding, risk assessment, due diligence and contract handling
• Third party risk management with 1st and 2nd line roles
• Executing on planning prior to onboarding
• Shared risk assessments across all groups
  • Responsibility and oversight
• Procurement and control roles

Michael Gallerani, Director, Third Party Risk Management, GE Capital
Theresa Martillano, VP, Enterprise Risk Officer, Enterprise Risk Management, Freddie Mac
Bob Koszkalda, Director, Third Party Risk Management, SVP, KeyBank
Mick Kless, President and CEO, Compliance Education Institute
George Kaniarasseril, Third Party Risk Program Manager, Standard Chartered Bank
Bryan Burnhart, Head of Strategic Alliances, ProcessUnity

10:20 Morning refreshment break and networking

10:50 Implementing service categories

Jenny Faivre, Third Party Management Strategist, KeyBank
Rachel Venezuela, Third Party Management Strategist, KeyBank

11:25 Reviewing results of global survey: Taking the pulse of vendor and third party risk

reserved for Aravo

12:00 Uncovering unknowns: Understanding the intersection of vendor management and business continuity planning

• Identify critical vendors and key contact provisions
• Assess and break down silos between departments handling vendor management and business continuity planning
• Manage third-party vendors via risk assessment, vendor due diligence, monitoring and contract structuring

Michael Berman, Founder & CEO, Ncontracts

12:35 Lunch break and networking

1:35 Managing cyber security and portraying clear messaging of responsibilities internally and across supply chain

• Case studies of third party/vendor cyber breaches
• Understanding vulnerabilities
• Dependency on third parties increasing vulnerability
• Effective due diligence on all vendors
• Making cyber security a focus for all: basic best practices
• Understanding and managing vulnerabilities internally and externally
• Reviewing and managing all vendors regardless of criticality
  • E.g. Paper shredding vendor and cleaners

Nasser Fattah, MD, MUFG

PANEL DISCUSSION
2:20 Implementation challenges and impacts of changes to treatment and oversight of vendors and third parties under DFS 500

• Granularity of control requirements
• Third party assessment provisions
• Ensuring vendor compliance of DFS 500
• Adjustments to ensure compliance
• Data encryption proposition
  • Data on third party systems

Ken Wolckenhauer, VP, Vendor Management, Nordea Bank
Natallia Aliakseyenka, CIB NAR – Head of Third Party Risk Management, BNP Paribas
Nasser Fattah, MD, MUFG

3:10 Afternoon refreshment break and networking

3:40 Over the past several years OCC keeps getting questions on how banks can work with fintechs as third party service providers.

• Should banks apply different standards for finetch?
• Does OCC guidance sufficiently cover fintech?
• What are the unique issues in contracting with fintech?
• How should a bank risk manage the relationship with a fintech?

Lazaro Barreiro, Director Governance and Operational Risk Policy, OCC

4:15 Third party risk management professionals today

• Current professional backgrounds
• Skillsets required within this space
• Evolution of the ideal candidate

Amy Feran, VP, Third Party Risk, Credit Suisse

5:50 Chair’s closing remarks

6:00 End of Congress

4th Annual Vendor & Third Party Risk USA

June 4-5, 2019 | New York City

SPEAKERS

Natallia Aliakseyenka, Head of Third Party Risk Management, Director, BNP Paribas

Natallia Aliakseyenka will be presenting at Vendor & Third Party Risk USA

Lazaro Barreiro, Director, Governance and Operational Risk Policy, OCC

Lazaro Barreiro is the Director for Governance and Operational Risk Policy within the Operational Risk Policy Division at the Office of the Comptroller of the Currency (OCC). In this role, Mr. Barreiro manages a team responsible for establishing governance and operational risk policy and guidance for the agency. He assumed these duties in 2016. Prior to his current role, Mr. Barreiro served as an Assistant Deputy Comptroller for the OCC’s Pittsburgh Field Office. He has more than 31 years of financial services examination experience with the OCC, the former Office of Thrift Supervision, and the U.S. Securities and Exchange Commission.

Mr. Barreiro holds a bachelor’s degree in finance from Florida State University and a master’s in business administration in information technology from Barry University.

Michael Berman, Founder & CEO, Ncontracts

Michael Berman is the founder and CEO of Ncontracts, a leading provider of risk management solutions. His extensive background in legal and regulatory matters has afforded him unique insights into solving operational risk management challenges and is driven by the Ncontracts mission to efficiently and effectively manage operational risk. During his legal career, Mr. Berman was involved in numerous regulatory and compliance issues, contract management challenges, and assisted in the development of information systems to better manage these efforts. Prior to founding Ncontracts, he was General Counsel for Goldleaf Financial Solutions, Tecniflex, Inc. and Imagic Corporation. Mr. Berman is a well-regarded speaker at financial institution conferences on risk management. He received his undergraduate degree from Cornell University and holds a J.D. degree from the University of Tennessee.

Bryan Burnhart, Head of Strategic Alliances, ProcessUnity

As Head of Strategic Alliances for ProcessUnity, Bryan Burnhart is responsible for extending ProcessUnity’s partner ecosystem and enhancing customer value through strategic alliances. Bryan works with Content Providers, Managed Service Providers, Referral Partners, Co-Sell Partners, and Consulting Partners to develop and execute key strategies and leverages these alliance relationships to increase revenues for both the partner and ProcessUnity. Bryan has more than 15 years in governance risk and compliance, including several positions at Thomson Reuters and as a technology risk consultant, SOX consultant, and as an internal auditor. Bryan earned his BBA from the University of Georgia with a dual major in Finance and Management Information Systems. Bryan is a member of GARP, IIA and ISACA and is CISA certified.

Branan Cooper, CRO, Venminder

As Head of Strategic Alliances for ProcessUnity, Bryan Burnhart is responsible for extending ProcessUnity’s partner ecosystem and enhancing customer value through strategic alliances. Bryan works with Content Providers, Managed Service Providers, Referral Partners, Co-Sell Partners, and Consulting Partners to develop and execute key strategies and leverages these alliance relationships to increase revenues for both the partner and ProcessUnity. Bryan has more than 15 years in governance risk and compliance, including several positions at Thomson Reuters and as a technology risk consultant, SOX consultant, and as an internal auditor. Bryan earned his BBA from the

Brian Diddens, Head of Technology Risk, Senior Vice President, Northern Trust

Brian Diddens, Senior Vice President, is the Head of Technology Risk for the Corporate Risk Management organization and manages a global risk assessment team. In this role, he oversees, assesses, and reports on Technology risks as well as their respective mitigating controls.

Jenny Faivre, Third Party Risk Management Strategist, KeyBank

Jenny Faivre is a Third Party Management Strategist with Corporate Procurement at KeyBank. In this role, she is responsible for partnering with lines of business, second line of defense, and risk partners to identify and mitigate risks associated with third parties. Jenny is currently leading the Service Category Project which aims to streamline the risk assessment process for third party engagements while consistently identifying and managing inherent risks.

Jenny has been with KeyBank for 12 years, in varying roles including Loan Servicing and Asset Management. Jenny holds a bachelor’s degree from Franklin University and is CRVPM II certified through the Compliance Education Institute.

Nasser Fattah, MD, MUFG

Nasser Fattah is a Managing Director at MUFG Union Bank overseeing information security risk management program for the Americas. This includes working with business on major initiatives (cloud transformation, mobility, etc.), new markets (direct and self-service banking), and conducting risk assessments on Bank’s technologies (applications and infrastructures), internal and customer-facing information systems, and 3rd-party vendors based on Bank’s regulatory requirements (GLBA, PCI, HIPAA, SOX, etc.) and best practices (ISO 27001, COBIT, NIST, etc.). He works closely with senior management across various lines (business executives, privacy, enterprise risk, compliance, legal and others) to discuss and proactively address actual and potential information security risks, as well as report to executives the status of the bank’s information security risk posture, including recommended mitigation plans, to support the bank’s mission and objectives..
Before joining MUFG Union Bank, Nasser managed the Information Security Program for AIG Financial Division across Latin America and Asia. He also worked at ADP to achieve ISO certification, and managed the information security risk management program, including 3rd-party reviews.
Nasser began his Information Security career as a federal subcontractor where he maintained and managed the security posture of IT systems as per federal requirements (FISMA, OMB 130, NIST, etc.). Also assisted with identification and reporting of Medicare fraud.

Amy Feran, VP, Third Party Risk Management, Credit Suisse

Amy Feran leads US regulatory initiatives within the Sourcing and Vendor
Management organization in Credit Suisse.
She is the point of contact for all third party regulatory, audit, compliance and control
related topics, which also includes supporting Service Co / Legal Entity Programs.
Prior to this role, Amy spent 3 years at American Express as a Compliance risk SME to
the Third Party Risk Management group.
Management organization in Credit Suisse.
She is the point of contact for all third party regulatory, audit, compliance and control
related topics, which also includes supporting Service Co / Legal Entity Programs.
Prior to this role, Amy spent 3 years at American Express as a Compliance risk SME to
the Third Party Risk Management group.

Dennis Frio, Managing Director, Risk Advisory Services, Grant Thornton

Dennis facilitated the creation of a global third party risk consortium with IHS-Markit working directly with four global investment and wealth management companies. Dennis was with a global banking and wealth management company, where he was responsible for the strategic direction of their Source to Pay technology, Travel and reporting data warehouses. He led the selection and implementation of the firm’s T&E tool and vendor risk management solutions including on-boarding procedures integrated with newly instituted risk management protocols.
Prior to Grant Thornton, Dennis worked for 14 years at PwC providing expertise to Fortune 500 companies throughout the United States, Europe and Asia-Pacific across a broad range of business and technical disciplines including both shared service and outsourcing assessments, finance and supply chain process and organizational redesign and full life cycle Source to Pay system implementations.

Michael Gallerani, Director – Third Party Risk Management, GE Capital

Michael Gallerani currently leads the Third-Party Risk Management function for GE Capital. In this role, he is responsible for providing third-party risk management across the entire enterprise, including the operating framework, guidelines, governance, assessments and due diligence. He works in collaboration with sourcing, compliance, IT, cybersecurity, legal and all business units to assess and manage the risks introduced by engaging with third parties over the full lifecycle of the engagement. Michael has held numerous roles in sourcing, operations management, engineering and program management in both financial services and the industrials and brings deep knowledge of the challenges that face our third-party relationships. Michael has a BS Mechanical Engineering from Worcester Polytechnic Institute.

John Gilbride, ED, Head of Third Party Risk Management Governance and Regulatory Engagement, JP Morgan Chase

John Gilbride joined J.P. Morgan in 2008 with over 20 years of Financial Services experience including management roles of increasing responsibility spanning Investment Banking, Trading, Operations, Product Development and Equity Research at Morgan Stanley, IPO.com, Thomson Financial and Lehman Brothers.
For the past four years John has been integral in developing J.P. Morgan’s Third Party Oversight Program and is currently responsible for Governance and Regulatory Engagement. John and his team manage interactions between regulators and the Corporate TPO organization, including exams, information requests, and continuous-monitoring meetings.

John received his BS in Information Systems from Long Island University.
John and his wife Maria have three children and reside in Westchester county New York.

Kathryn Hardman, Director of Centralized Third Party Management Office, BBVA US

Kathryn Hardman is the Director of the Centralized Third Party Management Office at BBVA US. In this role, Kathryn manages a team of third party relationship managers, an operations team, and is responsible for the third party management system that on-boards and risk assesses all third parties for BBVA US. Kathryn also chairs a third party working group, is a voting member on various third party approval committees and leads the efficiency projects for Third Party Risk Management. Kathryn has 14 years of experience in risk management, having also worked in credit risk, asset recovery, and model risk management for BBVA US. Kathryn holds a Bachelor’s of Science and Master’s degree in Agribusiness from Texas A&M University.

Bill Hauserman, Senior Director, Compliance Solutions, Bureau van Dijk, A Moody’s Analytics Company

Bill is focused on anti-corruption compliance solutions at Bureau van Dijk. As a rapidly evolving global risk within financial institutions, corruption risk management requires a far more systematic approach encompassing customers, third-party partners and employees. Bill joined Bureau van Dijk after 12 years of designing and deploying global compliance and ethics programs for SAI Global and NAVEX Global. For the last seven years he has focused on the perplexing problem of creating efficient due diligence technology and content to truly understand the risks of customers and business partners. Bill has seen first-hand the potentially false sense of security found in current due diligence programs.

T.R. Kane, Partner, Global Third Party Risk Leader, PwC

T.R. is a Cybersecurity & Privacy Partner based out of Cleveland, Ohio.  T.R. leads PwC’s Cybersecurity Strategy & Transformation offering focused on assisting clients enhance their end-to-end Cybersecurity and Privacy programs.  He also PwC’s Global Third Party Risk Leader, focused on end-to-end third party risk program assessments, designs, and ongoing monitoring.  T.R. has specialized in the area of operational and systems risk management, with a concentration in data privacy and cybersecurity, since joining PwC in 1996.  He has been actively involved in assisting clients throughout the United States, South America, Canada, Africa, Middle East, AsiaPac, and Europe in developing, maintaining, and assessing their overall risk profiles.  T.R. has a deep risk management background which he blends with his technical cybersecurity and data protection knowledge.

George Kaniarasseril, Third Party Risk Program Manager, Standard Chartered Bank

George is a Third Party Risk Program Manager at Standard Chartered Bank (SCB). From a 2nd line perspective, he is the primary owner TPRM program oversight for all US and LATAM operations for the bank. In addition, he works to address a variety of issues for the TPRM program in the UK and Europe.

George began his career with PWC as a cyber security risk and controls specialist. Through consulting, he worked within a wide range of industries to provide services to clients for forensics, privacy, attack and penetration, network architecture, incident response, identity and access control, and litigation support. In addition, he assisted clients to develop a strategic approach to security management, focusing on effective reporting and program measurement.

George continued his career in other public accounting firms and eventually made his way to PGIM, the trillion dollar asset management arm of Prudential.  At PGIM, he managed a number of projects to support the 1st and 2nd lines of defense and worked towards the remediation of risks and process gaps against a complex inventory of third party relationships. He has actively participated in a number of enterprise-wide initiatives, such the implementation of GRC solutions and feedback towards third party risk program design.

For over 20 years, George has served as a passionate thought leader and subject matter expert for industry associations, such as the Information Systems Security Association and Global Association of Risk Professionals. He is a Certified Public Accountant (CPA) and holds a Bachelors of Science from the Stern School of Business at NYU and a Masters of Science from the College of Old Westbury.

Mick Kless, President and CEO, Compliance Education Institute

Mick Kless is the Founder, CEO & President of Compliance Education Institute, a regulatory
compliance consultancy offering Education, Advisory Services and automated 3 rd Party Risk
Management solutions. He is responsible for day-to-day operations and company strategic
direction. Kless is the author of the Certified Regulatory Vendor Program Manager (CRVPM®)
course which was the first and still the leading certification course available to the financial
services industry with more than 1,700 graduates in 14 countries. He is also the author of 11
additional courses focused on 3 rd party risk management issues. Compliance Education
Institute is the developer and publisher of recently released 3 rd Party Toolbox, an enterprise
3 rd party risk management solution that functions as a stand-alone solution or as licensable
risk and performance modules.

Bob Koszkalda, Director, Third Party Risk Management, SVP, KeyBank

Bob became Director of Third Party Risk Management at KeyBank in April of 2016. He is responsible for the development of and adherence to Key’s third party management policy, program and practices in alignment with Key’s enterprise risk management requirements and corporate risk appetite.
Previous to this role, Bob established the technology & operations Business Risk and Controls organization. In this role Bob’s accomplishments include:
• Developing Key’s Technology Risk Management program consisting of polices, standards, governance, and IT asset risk assessments based on ISACA, FFIEC, ISO and other frameworks.
• Implementing access control, continuity, change & problem management, and Sarbanes-Oxley processes and controls.
• Founding the Regional Bank Technology Risk Forum where over a dozen banks similar to Key’s size share technology risk best practices and insight.
Bob has over 20 years of internal audit experience at Key and Centerior Energy. Bob holds a bachelor’s degree in Computer Science and a diploma from the Stonier Graduate School of Banking held at Georgetown University. Bob is a Certified Information Systems Auditor and is ITIL Foundations certified.

Jagmeet Lamba, Founder and CEO, Certa

Founder and CEO at Certa. Passionate about connecting businesses easily and safely. Servant leader committed to building a firm where all team members can fulfil their potential. Former McKinsey consultant, VC, and engineer. Avid hiker and currently training to trek to Everest Base Camp.

Marc Lotti, Partner, ACA Aponix

Marc Lotti is a Partner at ACA Aponix, the cybersecurity and IT risk division of ACA Compliance Group. Before ACA acquired the firm, Marc served as Chief Operating Officer of Aponix Financial Technologists, which he cofounded. Prior to that, he founded and funded UFlexData, a turnkey cloud technology platform for small and medium-sized businesses. He also served a leadership role at Mandragore, a boutique consultancy firm he founded in 1996. Marc earned his Bachelor of Arts degree in Economics from Stony Brook University and his MBA from the Thunderbird School of Global Management. In addition, he is a Project Management Professional (PMP®) and certified in the Governance of Enterprise IT (CGEIT).

Theresa Martillano, VP, Enterprise Risk Officer, Enterprise Risk Management, Freddie Mac

Tess Martillano is the Enterprise Risk Officer and Head of Domain Risk Group at Freddie Mac. She is responsible for the Second Line of Defense (SLOD) oversight of Technology Risk, Information Risk, Business Resiliency Risk, Third-Party Risk, and Fraud Risk. In her role, she is responsible for conducting independent risk oversight, providing credible challenges to the first line of defense, and advance risk management practices by incorporating external and forward-looking view to add value and improve Freddie Mac’s overall risk posture. She also oversees the publication of corporate policies and standards related to the domain risks she manages.

Prior to this, Tess served as the Senior Vice President and the Head of International Technology & Operational Risk, and Compliance for Wells Fargo where she designed and built the International Technology and Operational Risk program from the ground up. Previously, Tess served as the Managing Director and Global Head of IT Risk Management and Corporate Senior Risk Officer for IT at BNY Mellon, where she designed solutions based on industry frameworks and regulations and set the technology risk management multi-year strategy. Her other roles included Head of Cross-Functional Risks, Head of IAM, and Third-Party Risk Management at BNY Mellon and being the IT Risk Manager for Credit Suisse Americas. Tess also held technology and operations roles at Citi’s Capital Markets & Banking Technology Division, concluding as the COO of Capital Markets and Banking Technology. Tess has more than 20+ years of professional experience and has served in various leadership roles, providing strategic planning, productivity improvement, and integration risk management efforts.

Tess is a charter member of ISACA and has a Certified Risk and Information Systems Control (CRISC) certification.

James McPherson, Director, Credit Agricole CIB

James McPherson is Director & Counsel at Credit Agricole Corporate and Investment Bank in New York.  He is a member of the Regulatory Group and his work includes reviewing and negotiating a broad range of commercial agreements for the Bank, including contracts for a variety of technology and trading related services.  He also participates in various steering committees related to the procurement and ongoing monitoring of the Bank’s various service providers and outsourcing initiatives, including the Bank’s Vendor Management Committee.

Chris Monk, MD, Protiviti

Chris is a Managing Director within Protiviti and helps lead Protiviti’s Third Party Risk Management solution. Chris has over 18 years of experience in supply chain and procurement, both within industry and serving clients as a consultant. He has a proven track record of analyzing, improving, and transforming organizations, delivering performance improvement and sustainable cost savings for clients across a number of industries. His areas of focus include S&OP, Sourcing and Procurement, Accounts Payable, Enterprise Contract Management, Supplier Performance Management, and Third Party Risk Management. He is a published thought leader and has been recognized by Supply and Demand Chain Executive Magazine as a Pro to Know.

Chris has assisted financial intuitions of all sizes in the assessment, design, and implementation of leading vendor/third party risk management programs. This includes helping companies address overall 3PRM strategy and policy, risk management lifecycle processes, organization design and roles, management reporting/monitoring, risk assessment and third party segmentation methodology and tools, and enabling technologies.

Jake Olcott, VP, Communications & Government Affairs, Bitsight

For years, Jake has helped organizations create sustainable vendor risk management programs.

Jake has held a number of leadership roles at BitSight since joining the company in 2015. Prior to BitSight, Jake served as cybersecurity attorney to the Senate Commerce Committee and House Homeland Security Committee. He previously consulted with Fortune 1000 executives on cyber risk management and served as an adjunct professor at Georgetown University.

He holds degrees from the University of Texas at Austin and the University of Virginia School of Law.

Jeannie Pumphrey, Director, Third-Party Risk Management, Union Bank

James McPherson is Director & Counsel at Credit Agricole Corporate and Investment Bank in New York. He is a member of the Regulatory Group and his work includes reviewing and negotiating a broad range of commercial agreements for the Bank, including contracts for a variety of technology and trading related services. He also participates in various steering committees related to the procurement and ongoing monitoring of the Bank’s various service providers and outsourcing initiatives, including the Bank’s Vendor Management Committee

Douglas W. Roeder, Managing Director, Financial Services Risk & Regulatory Group, PwC

Since joining the firm in 2011, Doug has been active in advising large financial service firms in a broad range of banking and capital market areas, including governance, risk management, Dodd-Frank implementation and general regulatory and examination matters.

He has led or served as a primary subject matter specialist for projects addressing the effectiveness and design of enterprise risk management and risk governance; the adequacy and design of compliance risk functions; regulatory issue remediation; and preparations for implementing new regulations and addressing supervisory expectations.
Doug spent a thirty-three year career as a senior bank regulator at the Office of the Comptroller of the Currency in Washington, D.C. Prior to his retirement from the OCC in 2010, he served nine years as the Senior Deputy Comptroller for Large Bank Supervision.

He was responsible for examinations and supervision activities in the largest national banks and federal branches and agencies. In addition, he had oversight for operations of the International Banking Supervision group and the OCC’s London Office. He served as a member of the OCC’s Executive Committee, and the Committee on Bank Supervision.

Roxane Romulus, Director, Third Party Risk Management, Voya Financial

Ms. Romulus is currently Director, Third Party Risk Management for Voya Financial. In this role, she is responsible for vendor risk policy, third-party risk oversight and implementation of best practices in third-risk and controls.

Ms. Romulus strives to build strong partnerships and ensure joint accountability when it comes to protecting the company’s employees, clients, information and brand. Her expertise spans a number of well-respected firms including, SunTrust Bank, MetLife, Deloitte & Touché, Putnam Investments and Bank of America.

Ms. Romulus is a graduate of Suffolk University and holds her MBA from Simmons University. A lover of new challenges, she’s completed the Atlanta 13.1 Half Marathon and Tough Mudder Competition, one of the toughest endurance races on the planet. However, her most rewarding role is the one of mother to her four year old daughter Layla Rose.

Jeff Rowley, Principal Consultant, ACA Aponix

Jeff Rowley is a Principal Consultant at ACA Aponix, the cybersecurity and IT risk division of ACA Compliance Group. Jeff has over twenty years of experience in technology and risk in the financial sector. Most recently, Jeff served as Vice President for Bank of America Merchant Services where he was responsible for designing, implementing, and sustaining OCC compliant third party programs.

Jeff earned his Bachelor of Science from the University of North Texas and has accumulated advanced studies in Accounting and Computer Science from the University of Hartford and Rensselaer Polytechnic Institute, respectively. Jeff is a Certified Third Party Risk Professional (CTPRP).

Ellen Schubert, CEO, KY3P by IHS Markit

Ms. Schubert is responsible for managing product and business development teams on KY3P, which was designed in partnership with leading global financial institutions to increase efficiency and standardize third-party due diligence processes. Prior to joining the firm in 2015, Ms. Schubert spent a year consulting to women-owned hedge funds, both start-ups and established funds on their marketing, human resources and compliance policies. She currently serves as a director and treasurer on Miami University’s Foundation Board and was a member of the Finance Advisory Board of Miami University’s Farmer School of Business. Ms. Schubert spent 2009-2014 as chief advisor to Deloitte’s Asset Management Services group, advising hedge fund clients on operations, product structuring, and regulation.

Courtnee Smith, Senior Director, Enterprise Supplier Management, Capital One

Courtnee Smith will be presenting at Vendor & Third Party Risk USA

David Stomski, Director, Operational Risk Management, Credit Suisse

David Stomski will be presenting at Vendor & Third Party Risk USA

Marshall Toburen, Risk Management Strategist, Risk Management Solutions, RSA

Marshall provides strategic input to the development and marketing of risk-related solutions for RSAand advises customers on risk management best practices.  Prior to joining RSA, Marshall served as Director of Enterprise RiskManagementfor a publicly traded financial services company. In that capacity, Marshall was responsible for the company’s ERMactivities, including its ERMpractices and technology solutions, information security, insurance risk transfer, loss management, third party risk management, and Sarbanes-Oxley / internal controls management.  Marshall has previously held positions in the financial services industry, including as Operational Risk Manager, Chief Audit Executive, IT Audit Director, and Assistant Controller.

Marshall holds a M.A. in Economics from the University of Missouri, B.A.s in Economics & Political Science from Baker University, and has received certifications as a CIA, CISA, and CFSA, (non-practicing)

Maureen Vance, Director, Vendor Risk Management, Deutsche Bank

Maureen has been with the combined Deutsche Bank / Bankers Trust organization for 28 years.  Her prior roles at DB include Head of Information Security and Control Policy in the GTO Divisional Control & Regulatory Office, Global Head of Control for Global Business Services, Americas Head of Control for Investment Banking Operations and Head of Global Loan Operations Accounting & Control. Before joining DB, Maureen had control and project roles at Citibank, NA and Columbia Pictures Industries, Inc., and was a Senior Auditor with Arthur Andersen & Co.

Maureen is a Certified Public Accountant, Series 99 Operations Professional and has a BS in Business Administration with a major in Accounting from Georgetown University.

Rachel Venezuela, Third Party Management Strategist, KeyBank

Rachel Venezuela is a Third Party Management Strategist with Corporate Procurement at KeyBank.  In this role, she has partnered with Corporate Procurement Strategists, Legal and other stakeholders to onboard/terminate third party engagements that are impacted by merger and acquisition activities; acts as program owner for non-vendor third parties / alternate solutions; and supports all business units in third party regulatory exams. Rachel is also facilitating the Service Category Project, which aims to streamline the risk assessment process for third party engagements while consistently identifying and managing inherent risks.

Rachel has been with KeyBank for 21 years, in various roles within Corporate Procurement. Rachel holds a Bachelor’s Degree from Chancellor University (formerly David N. Myers College) and is CRVPM certified through the Compliance Education Institute.

Ken Wolckenhauer, VP, Vendor Management, Nordea Bank

Ken Wolckenhauer is the Head of Vendor Management at Nordea Bank’s New York branch. Leading up to this position, Ken was as a subject matter expert, trainer, solutions provider, and consultant for FIS, the world’s largest global provider dedicated to banking and payments technologies. With FIS, Ken specialized in financial industry regulatory risk and compliance, mostly in the area of anti-money laundering and watchlist compliance. Nordea Bank leveraged Ken’s risk and compliance knowledge to build out the vendor management program for the New York branch, developing a program that would properly manage risk as well as gaining acceptance to the US regulators. The success of the US program is now being used to advise Nordea’s European branches on enhancements to its TPRM program. Ken is a graduate of Bucknell University and is a Certified Anti-Money Laundering Specialist.

4th Annual Vendor & Third Party Risk USA

June 4-5, 2019 | New York City

INSIGHTS

Find our Vendor Risk thought-leadership articles here. These articles feed from our much larger Risk Insights section of our website which provides you with thought-leadership, white papers, articles and more across risk and regulation.

4th Annual Vendor & Third Party Risk USA

June 4-5, 2019 | New York City

SURVEY

 Taking the Pulse of Third-Party Risk 2019

Annual Third-Party Risk Management Benchmarking Survey

This annual survey is designed to help benchmark some of the key questions that can indicate the status and health of your third-party risk/supplier risk/vendor risk program. For example:

• Does your program have the appropriate funding?
• What is the typical organizational structure?
• How are third party risk professionals remunerated?
• How engaged is your board?
• How mature are programs and what are the greatest challenges?

It’s completely anonymous and will take no longer than 10 minutes to complete. All those who participate will be placed into a prize draw to win a free pass to one of our upcoming 2019 conferences. 

The report builds on last year’s research and will be an invaluable resource to benchmark your programs against your peers, drive investment conversations within your organization, and instill best practice approaches within your program. The final report will be available free of charge to participants and the wider third-party risk community to support education and benchmarking.

4th Annual Vendor & Third Party Risk USA

June 4-5, 2019 | New York City

SPONSORS

4th Annual Vendor & Third Party Risk USA

June 4-5, 2019 | New York City

VENUE & FAQs

Venue

Crowne Plaza
1605 Broadway
New York
10019, USA

We have secured a $355++ accommodation rate for you to stay at the hotel.

To book please visit:  https://book.passkey.com/gt/216940516?gtid=8ebc663105510fd62c6f33d20f010fb6

Please note there is limited availability and we suggest you book your accommodation as soon as possible, this is also based on a first come first served basis with the rates and any remaining rooms expiring on May 13, 2019.

CPE Credits

Please note that 15.5 credits are available for attending Vendor & Third Party Risk USA.

Frequently Asked Questions

4th Annual Vendor & Third Party Risk USA

June 4-5, 2019 | New York City

REGISTER

Super Early Bird

Early Bird

Standard Rate

Representing a financial institution

(E.g. Bank, Insurance company, Asset Manager, Regulator)

$1,099

Until April 26

SAVE $500

$1,299

Until May 24

SAVE $300

$1,599

After May 24

Representing an information/service provider

(E.g. Consultant, Vendor, Executive Search Firm, Law Firm)

$1,599

Until April 26

$1,799

Until May 24

$1,999

After May 24

Group Bookings:

Group rates are available for 3 or more attendees from the same organisation, when registering at the same time. The current rate allows every third colleague to come along for half price or a fifth colleague to attend for free!

Other Ways to Register

1. Register by Email

Simply email us with your e-signature
we will do the rest for you!

We only need your:
– Full name
– Job title
– Company & address
– Contact number

2. Contact Us Directly

+1 888 677 7007

3. Download PDF Registration Form