Vendor & Third Party Risk USA

Aligning industry best practice and incorporating innovation and automation to increase efficiency

3rd Annual

Vendor & Third Party Risk USA

June 5-6 2018 | New York City | Crowne Plaza Hotel

Aligning industry best practice and incorporating innovation and automation to increase efficiency.

Key topics to be addressed:


Interactive panel discussion taking the pulse of third party risk management


Integrating departments and increasing communication across the lifecycle


Increased automation and standardization for an enterprise view of risks


Limiting over reliance on single third parties and managing outsourcing to limit concentration risk


Leveraging intelligence to support third party risk and monitoring the evolving cyber landscape


Managing fourth parties and beyond for full supply chain oversight


Looking beyond prevention to ensure recovery and continuity


Aligning with internal policy and case study of a global policy rollout

Hear from 20+ Senior Vendor, Third Party & Procurement Professionals from a diverse range of institutions including:

Yakut Akman

Yakut Akman
Chief Third Party Management Officer
Citigroup Inc

Roger Parsley

Roger Parsley
Head of Third Party Risk & Control
Deutsche Bank

Michele Miuta

Michele Miuta
Director, Procurement and Vendor Management
Sterling National Bank

Ken Wolckenhauer head shot

Kenneth Wolckenhauer
VP, Vendor Management
Nordea Bank

James Orioles

James Orioles
Director, Vendor Governance

Michael Casey

Michael Casey
Head of Outsourcing and Supplier Risk, Americas

Vendor & Third Party Risk USA Agenda

Day One | June 5 | New York City

08:00 Registration and breakfast

08:50 Chair’s opening remarks
Dennis Frio, MD, Business Advisory Services, Grant Thornton

09:00 Third Party Risk Management. Expectation vs Reality and how to Accelerate your Journey towards Maturity

  • Key results from the 2018 TPRM Benchmarking Survey
  • Expectation vs. Reality – what the regulators expect vs. what we’re seeing
  • The maturity play – how does the maturity of a program impact the ability to meet objectives?
  • What were identified as the greatest challenges and the greatest opportunities for TPRM
  • How to accelerate maturity – tools and approaches to evolve your program faster.

Anna Mazzone, MD, International Global Head of Financial Services, Aravo

Kimberley Allen, Chief Marketing Officer, Aravo

09:40 Navigating today’s changing third party risk landscape: Adjusting course to stay ahead 

  • Why third party information security, data breaches and cyber risk have spun out of control: What steps you can take to address them across your enterprise?
  • The roles of questionnaires, evidence and frameworks: How you can both benefit from and move beyond them
  • What roles controls play and what management, audit and regulators expect
  • Practical takeaways and best practices other organizations have taken to reduce risk

Dov Goldman, VP, Innovation and Alliances, Opus

10:20 Morning refreshment break and networking

10:50 Aligning and integrating departments across the lifecycle for increased governance and oversight

  • Aligning processes across each stage of the vendor life cycle
  • Working with Operational Risk to align practices
  • Managing vendors and their 3rd parties
  • Incorporating a strong 3 Lines of defence model
    • First line owning risk
    • Aligning 1st and 2nd line to understand inherent risks and controls
    • Clear understanding and definition of roles and responsibilities of each

Olivia Sirett, Commercial Specialist, Vendor Management Office, CLS Bank

Scott Messner, Operational Risk lead, ORM, CLS Bank

11:30 Increasing automation and standardization for an enterprise view of risks associated with vendor and third parties

  • Automation of risk reporting and efficiency
  • What can be standardised as the industry matures
  • Move from ad-hoc reporting to continuous monitoring
  • Taking in external data and mapping to organization for a holistic view
  • Reviewing tools for touchpoints across a lifecycle
  • Managing levels of complexity across organizations

Anders A. L. Rodenberg, Head of Financial Institutions & Advisory, Americas, Bureau van Dijk

Bill Hauserman, Senior Director, Compliance Solutions, Bureau van Dijk

12:10 Scaling your third-party cyber-security risk management program

  • Common cybersecurity risks with third-parties
  • How to detect internal and external cybersecurity risks
  • Effective cost-saving methods
  • How to free up resources so staff can focus on reporting, analysis and remediation
  • Whether audits can be relied on for cyber security attestation
  • Remediation strategies

Jeff Rowley, Principal Consultant, ACA Aponix

12:50 Driving value from your 3rd party risk management program

Mick Kless, President & CEO, Compliance Education Institute

1:00 Lunch break and networking


1:50 Aligning disparate systems to pull data from different areas for a holistic view of the end to end process and lifecycle

  • Managing data from disparate systems
  • Incorporating a vendor ID across different systems for enterprise view
    • Accounts payable, contracts, incidents etc.
  • Capturing losses
  • Complexity of institutions
    • Pulling data for a holistic view
  • Increased reporting capability for senior management

Maureen Vance, Director and Regional Head of Vendor Risk Management, Americas, Deutsche Bank

Michele Miuta, Director of Procurement and Vendor Management, Sterling National Bank

Aric Perminter, Founder and Chairman, Lynx Technology Partners

2:50 Evolution of the vendor risk management professional: Current skill sets and keeping up with an evolving remit

  • Managing risk in a fast manner whilst being responsive to the business interest and needs
  • Professional background of a vendor risk manager
  • Compliance and active risk management function
  • Senior level visibility
    • Quantifying and articulating to the Board
  • Translating risks and exposure to Board and senior management

Amy Feran, VP, Americas Regulatory, Credit Suisse

3:30 Afternoon refreshment break and networking

4:00 Is it time to rethink third party risk?

  • Key findings of global TPRM survey
  • Highlighting key trends moving the marketplace
    • Collective market
    • Consortiums
  • Global landscape of TPRM maturity
  • Innovation agenda

Matt Moog, Principal, EY

Casey Ryan, Senior Manager, EY


4:40 Reviewing the ability to effectively manage fourth parties including outsourcing, supply chain and oversight

  • Managing fourth parties and subcontractors
  • Understanding third party outsourcing
  • Managing concentration risk of fourth parties
  • How far to go when looking at the supply chain
  • Understanding supply chain management vs. outsourcing

Michael Casey, Head of Outsourcing and Supplier Risk, Americas, UBS

5:20 Chair’s closing remarks

5:30 End of day one and drinks reception

Download the PDF Brochure

Vendor USA Brochure

Register Now

Day Two | June 6 | New York City

08:15 Registration and breakfast

08:50 Chair’s Opening remarks
Anna Mazzone, Managing Director, International, Global Head of Financial Services, Aravo


09:00 Results of global survey ‘Taking the pulse of third party risk management’ in collaboration with Aravo

  • Part A of the survey results will provide methodology and key findings of the global survey undertaken by CeFPro and Aravo.

Andreas Simou, Director, CeFPro

Anna Mazzone, Managing Director, International, Global Head of Financial Services, Aravo


09:15 Taking the pulse of third party risk management: industry benchmarking to understand program maturity

  • Part B will take the form of a uniquely interactive panel discussion, with a number of anonymous polls throughout the session to benchmark industry progress and maturity.

Roger Parsley, Head of Third Party Risk & Control, Deutsche Bank

Yakut Akman, Chief Third Party Management Officer, Citigroup Inc

Robert Koszkalda, Director, Third Party Risk Management, SVP, KeyBank

10:00 Morning refreshment break and networking

10:30 Calculating inherent risk – How KeyBank brought efficiency and consistency to their current program

  • KeyBank and Grant Thornton teamed up to make the assignment of inherent risk more efficient
  • By leveraging historical risk assessment data, they created service types profiles with similar services and inherent risks profiles. These profiles also contained predefined due diligence and ongoing monitoring routines, bringing efficiency and consistency to the bank’s overall process.

Ash Rao, Consultant, Grant Thornton

Jenny Faivre, Third Party Management Strategist, KeyBank

11:10 Embracing a siloed approach to third party risk management

  • Efficiency and practicality of implementing third party risk management as a siloed function.
  • Approach, prioritization and opportunity
  • Introducing program policies, data driven process and other capabilities in small teams
  • Leveraging capabilities to:
    • Act as enterprise influencers
    • Push risk management culture
    • Promote sustainable best practice from the bottom up
  • Understanding maturity process

Justin Riehl, Enterprise Risk Management Principal, CastleHill


11:50 Worldwide rollout and alignment of internal policy and managing jurisdictional requirements

  • Acceptance of contract owners and gaining vendor sign off
  • Managing local and regional deviations
  • Working with frameworks within the organisation
  • Nordea case study: Corporate social responsibility and sustainability bank in Europe
  • Guidelines on selecting suppliers that agree with our values

Kenneth Wolckenhauer, VP, Vendor Management, Nordea Bank

12:30 Lunch break and networking


1:30 Leveraging intelligence to support third party risk due diligence across the life cycle

  • Defining the threat landscape, intelligence, and application to due diligence
  • Adding due diligence to all phases of the third-party life cycle
  • Breaking down silos across the enterprise
  • Advanced due diligence reports to assessors before going on site
  • Continuous monitoring – how far do you go?
  • Bringing cyber risk awareness to business lines
  • Leveraging system driven inputs and human analysis to explore tools
  • Bridging the gap between disparate teams to leverage internal knowledge

Marc Lieberman, VP – Third Party Risk Intelligence, Citigroup Cyber Intelligence Center


2:15 Utilizing predictive tools and analytics to better monitor and remediate cyber risks associated with vendors and third parties

  • View of risk exposure to monitor vendor rating
  • Using security ratings
  • Quantitative measurement of performance-based cybersecurity requirements and remediation clauses
  • Identifying systemic risk across the industry
  • Leveraging technology and innovation to streamline the process
  • Continuous monitoring of daily performance

Jake Olcott, VP, Strategic Partnerships, BitSight Technologies

Marc Lieberman, VP – Third Party Risk Intelligence, Citigroup Cyber Intelligence Center tbc

John Bys, Enterprise Sales Management, Third Party Risk, CyberVadis

3:00 Afternoon refreshment break and networking

3:30 The new ecosystem: Vendor risk management from CSR to cybersecurity

  • Moving from compliance checks to performance ratings
  • Moving from risk management to supplier capability building
  • Collaboration between IT, Procurement, and other business units
  • The need for cross-industry collaboration

Pierre-Francois Thaler, Co-Founder and Co-CEO, EcoVadis and CyberVadis


4:10 How the three lines of defense model is impacting third-party risk management

  • Subject Matter Experts (SME) vs Risk Management domains
  • Heightened Standards: Roles and Responsibilities
  • 1st Line of Defense Third Party Assessments
  • 2nd Line of Defense Policies and Guidance
  • 2nd Line of Defense Review and Challenge
  • The 1.5 Line of Defense position
  • TPRM alignment within the evolving Three Lines of Defense Model

Dan Morrison, Managing Director, Group Head, Third Party Risk Management, MUFG Union Bank

4:50 Chair’s closing remarks

5:00 End of Congress

Vendor & Third Party Risk USA Presenters

Find out more about our 20+ Senior Vendor, Third Party & Procurement Professionals that will be presenting at the Vendor & Third Party Risk USA Congress in June.

Yakut Akman
Yakut Akman, Chief Third Party Management Officer, Citigroup Inc

Yakut Akman brings 35 years of diverse banking experience to her role of Chief Third Party Management Officer. She has responsibility, authority and accountability for the end-to-end Third Party Management Program, and leads global efforts to strengthen Citi’s organizational framework, as well as processes and tools to manage third party risk.

Yakut’s Citi career started in Istanbul, Turkey, as a Management Trainee. She then managed several trading support groups in New York ranging from Capital Markets and Fixed Income to Foreign Exchange, and was instrumental in establishing Citi’s Interest Rate Derivatives Operations in the early 1990s. In 1996 she transferred to London as Director of Trade Services in Europe, managing Citibank’s main service delivery hub in London supporting Europe.

Yakut is known for her abilities to connect operational details to the strategic business vision and drive meaningful change – an approach sharpened by many years in Operation & Technology and her role as Program Director in in Citi’s Internal Audit, overseeing critical Investment and Consumer banking businesses, and also serving as Deputy Chief Auditor of Citi’s Student Loan Corporation.

Prior to her current role, Yakut served as Global Head of Risk Management for Citi’s Enterprise Infrastructure. Her responsibilities covered all operational risk disciplines including Information Security, Continuity of Business, and Third Party Management.

Yakut is a member of the Information Systems Audit and Control Association (ISACA) and is certified in CISA (Certified Information Systems Auditor). She is a Magna Cum Laude graduate of Mount Holyoke College with a degree in Economics.

John Bys
John Bys, Enterprise Sales Manager, Third Party Risk, CyberVadis

John Bys will be speaking at the Vendor & Third Party Risk Congress 2018

Michael Casey
Michael Casey, Head of Outsourcing and Supplier Risk, Americas, UBS
  • Risk Controller 2nd LOD, Outsourcing approver, regulatory liaison, and project manager for regulatory remediation.
  • Advise and provide support across the full range of risk management lifecycle activities
  • Outsourcing & Supplier Risk interface to major programs, projects, and governance and resiliency forums.

Prior to UBS

  • North American Practice Lead – Wipro Consulting – Business Intelligence & Information Management
  • Consultant for KPMG / KPMG Consulting / BearingPoint for 10 years delivering large process improvement, compliance, and regulatory remediation projects


  • CPA
  • Certified Anti Money-laundering Specialist
  • Six Sigma Green Belt
Jenny Faivre, Third Party Management Strategist, KeyBank

Jenny Faivre is a Third Party Management Strategist with Corporate Procurement at KeyBank. In this role, she is responsible for partnering with lines of business, second line of defense, and risk partners to identify and mitigate risks associated with third parties. Jenny is currently leading the Service Category Project which aims to streamline the risk assessment process for third party engagements while consistently identifying and managing inherent risks.

Jenny has been with KeyBank for 12 years, in varying roles including Loan Servicing and Asset Management. Jenny holds a bachelor’s degree from Franklin University and is CRVPM II certified through the Compliance Education Institute.

Nasser Fattah Head Shot
Nasser Fattah, Managing Director, Bank of Tokyo Mitsubishi UFJ

Nasser Fattah is a Managing Director at MUFG Union Bank overseeing information security risk management program for the Americas.  This includes working with business on major initiatives (cloud transformation, mobility, etc.), new markets (direct and self-service banking), and conducting risk assessments on Bank’s technologies (applications and infrastructures), internal and customer-facing information systems, and 3rd-party vendors based on Bank’s regulatory requirements (GLBA, PCI, HIPAA, SOX, etc.) and best practices (ISO 27001, COBIT, NIST, etc.).

He works closely with senior management across various lines (business executives, privacy, enterprise risk, compliance, legal and others) to discuss and proactively address actual and potential information security risks, as well as report to executives the status of the bank’s information security risk posture, including recommended mitigation plans, to support the bank’s mission and objectives.

Before joining MUFG Union Bank, Nasser managed the Information Security Program for AIG Financial Division across Latin America and Asia.  He also worked at ADP to achieve ISO certification, and managed the information security risk management program, including 3rd-party reviews.

Nasser began his Information Security career as a federal subcontractor where he maintained and managed the security posture of IT systems as per federal requirements (FISMA, OMB 130, NIST, etc.).   Also assisted with identification and reporting of Medicare fraud.

Amy Feran
Amy Feran, VP, Americas Regulatory, Credit Suisse

Amy Feran leads US regulatory initiatives within the Sourcing and Vendor Management organization in Credit Suisse.
She is the​ point of contact for all third party regulatory, audit, compliance and control related topics, which also includes supporting Service Co / Legal Entity Programs. Prior to this role, Amy spent 3 years at American Express as a Compliance risk SME to the Third Party Risk Management group.

Dennis Frio Headshot[1]
Dennis Frio, Managing Director, Business Advisory Services, Grant Thornton

Dennis is a Managing Director at Grant Thornton and leads the firm’s Third Party Risk Management practice. He has 25 years of consulting and industry expertise specializing in the implementation and optimization of third-party risk management and supply chain processes and applications More specifically, Dennis has experience managing a broad array of initiatives designed to reduce costs, improve efficiency or manage risk:

· 3rd Party Risk Management & Remediation
· Third Party Systems implementations
· Expertise in third-party regulations (OCC, FRB, FDIC, CFPB)
· Source to Pay and Finance process optimization
· Full lifecycle procure to pay and system implementations
· Shared Service and Outsourcing assessments

Dov Goldman
Dov Goldman, VP, Innovation and Alliances, Opus

Dov Goldman is VP, Innovation & Alliances for Opus, the leading provider of innovative compliance and risk management solutions. He is an expert in regulatory compliance and information security, and is responsible for the company’s Third Party Management (3PM) Information Security and CyberRisk strategy, focused on the Hiperos 3PM product line. He advocates a strategic, controls-based approach to infosec risk, based on his ongoing work with Chief Information Security Officers and IT vendor risk professionals, and speaks regularly on how organizations can free themselves from infosec risk. Prior to joining Opus, Dov played a key role in the creation and marketing of a solution for anti-bribery and corruption-focused third party management.  He has a background in software development and deep experience implementing multiple generations of technology solutions.

Bill Hauserman head shot
Bill Hausermann, Senior Director, Compliance Solutions, Bureau van Dijk

Bill is focused on anti-corruption compliance solutions at Bureau van Dijk. As a rapidly evolving global risk within financial institutions, corruption risk management requires a far more systematic approach encompassing customers, third-party partners and employees. Bill joined Bureau van Dijk after 12 years of designing and deploying global compliance and ethics programs for SAI Global and NAVEX Global. For the last seven years he has focused on the perplexing problem of creating efficient due diligence technology and content to truly understand the risks of customers and business partners. Bill has seen first-hand the potentially false sense of security found in current due diligence programs.

Mick Kless
Mick Kless, President & CEO, SVPCompliance Education Institute

Mick Kless is the Founder, President & CEO of Compliance Education Institute. He is responsible for day-to-day operations and company strategic direction. Mick is the author of the Certified Regulatory Vendor Program Manager (CRVPM®) course which was the first certification course of its kind available to the financial services sector. He is also the author of ten additional courses focused on 3rd Party Risk Management issues.

Mick heads up the CEI Advisory Services Group which specializes in developing 3rd Party Risk Management Program Strategy and Structure and conducts 3rd party risk management program audits, assessment, gap analyses and roadmaps for growth. In addition, he is the author of numerous 3rd party risk and performance scorecards, including 3rd Party Toolbox.

Mr. Kless founded Compliance Education Institute in 2013 and professional services consultancy, RISC Associates, in 2008 but has focused on GLBA 501(b) issues since 2001. He has deep expertise and hands-on experience in designing, building, implementing, and managing 3rd party risk management programs during his 38 years in the financial services sector.

Robert Koszkalda
Robert Koszkalda, Director, Third Party Risk Management, SVPKeyBank
Bob became Director of Third Party Risk Management at KeyBank in April of 2016.  He is responsible for the development of and adherence to Key’s third party management policy, program and practices in alignment with Key’s enterprise risk management requirements and corporate risk appetite.
Previous to this role, Bob established the technology & operations Business Risk and Controls organization.  In this role Bob’s accomplishments include:
  • Developing Key’s Technology Risk Management program consisting of polices, standards, governance, and IT asset risk assessments based on ISACA, FFIEC, ISO and other frameworks.
  • Implementing access control, continuity, change & problem management, and Sarbanes-Oxley processes and controls.
  • Founding the Regional Bank Technology Risk Forum where over a dozen banks similar to Key’s size share technology risk best practices and insight.
Bob has over 20 years of internal audit experience at Key and Centerior Energy. Bob holds a bachelor’s degree in Computer Science and a diploma from the Stonier Graduate School of Banking held at Georgetown University.  Bob is a Certified Information Systems Auditor and is ITIL Foundations certified.
Marc Lieberman
Marc Lieberman, VP – Third Party Risk Intelligence, Citigroup Cyber Intelligence Center

Marc Lieberman is a member of Citi’s Cyber Intelligence Center, leading a program dedicated to leveraging intelligence to enhance third party risk due diligence. As a member of Citi’s broader Cyber Security Fusion Center – affectionately dubbed “A Team of Teams” within Citi – Marc works with a number of cyber and corporate security teams and consistently engages with both internal Citi stakeholders and external partners. Borne out of a true labour of love—Marc has made inroads collaborating with third party risk professionals and is always pursuing new use-cases and opportunities to provide intelligence and insights at various stages of the lifecycle.

Anna Mazzone Head shot
Anna Mazzone, Managing Director, International Global Head of Financial Services, Aravo

Anna Mazzone leads and drives Aravo’s global expansion and is responsible for building operations and direct and partner channels internationally. She also leads growth initiatives and client engagement across financial services, bringing with her over 20 years’ financial services industry experience in the international markets.

The former Global Head of KYC Managed Services at Thomson Reuters, Anna founded and grew Thomson Reuters’ Org ID KYC Managed Service, leading a team of more than 150 staff and managing clients in more than 80 countries.

Ms. Mazzone’s deep domain expertise in Technology for Financial markets (FinTech), GRC (Governance Risk & Compliance technologies), and Know Your Customer (KYC) as well as Know Your Supplier/Vendor (KYS/KYV) has contributed to significant growth at companies including BAML, Thomson Reuters, CME Group, Markit and Trunomi.

Anna is on the Board of the Non-profit, Junior League of London, having supported the organization for over 14 years, on the Advisory Board for Trunomi, and is a business mentor for Level39 London Accelerator. In 2016 Anna was named in Innovate Finance’s “Women in Fintech Powerlist” which recognizes women who are playing a vital role in the development of the global Fintech sector. She holds a Bachelor of Science, Finance and Insurance from the University of South Carolina – Darla Moore School of Business.

RSK - Scott Messner
Scott Messner, Operational Risk Lead, ORM, CLS Bank

Scott is currently the Operational Risk Lead at CLS Bank International, a global FX settlement utility. Prior to joining CLS Bank, Scott held leadership positions in Risk Management at American Express and Goldman Sachs.  Scott holds a Bachelor of Science degree in Business Administration from the University of Pittsburgh.

Michele Miuta
Michele Miuta, Director of Procurement and Vendor Management, Sterling National Bank

Michele Miuta will be presenting at Vendor & Third Party Risk USA 2018

Matthew Moog
Matthew Moog, Principal, EY

Matthew is a New York-based Principal with Ernst & Young’s Advisory practice in the Financial Services Office (FSO). Matthew is the Global leader for Third-party Risk Management for Financial Services and brings over 15 years of experience working in the financial services industry. Matthew has spent the last 8 years fully dedicated to Third-party Risk Management and has experience working with large financial institutions on risk management tools and processes, sourcing/third-party risk management, analytics and regulatory and compliance (i.e. FED/OCC) projects. He has worked on global projects and assisted in international coordination with multiple engagement teams.

Dan Morrison, Managing Director, Group Head, Third Party Risk Management, MUFG Union Bank

Dan Morrison will be presenting at Vendor & Third Party Risk USA 2018

Jake Olcott Headshot
Jake Olcott, VP, Strategic Partnerships, BitSIght Technologies

Jake Olcott is VP of Business Development at BitSight. He previously managed the cybersecurity consulting practice at Good Harbor Security Risk Management. Prior to Good Harbor, he served as legal advisor to the Senate Commerce Committee, and also served as counsel to the House of Representatives Homeland Security Committee. He completed his education at the University of Texas at Austin and the University of Virginia School of Law.

Roger Parsley
Roger Parsley, Head of Third Party Risk & Control, Deutsche Bank

Roger Parsley will be presenting at Vendor & Third Party Risk USA 2018

Aric K. Perminter
Aric Perminter, Founder and Chairman, Lynx Technology

Aric K. Perminter, Chairman, Founder and Chief Revenue Officer, has embodied all three roles while guiding Lynx Technology Partners through its evolution into a multi-million dollar Information Security and Risk Management company.

In his 25-year career, Mr. Perminter has held a wide variety of leadership positions across key parts of Information Technology businesses. He founded Lynx in March 2009 and served as the CEO through August 2015. Prior to founding Lynx, he was Regional Sales Manager of Lumension Security’s Northeastern region, which services clients’ endpoint security and risk management needs.

Mr. Perminter represents a number of external venues. He is the second member and shareholder of THREAT STREAM, serves on the executive board of BCT Partners, is a member of the Employer Advisory Council for Per Scholas, an Advisory Board Member of CloudeAssurance, and investor in SecurityCurrent.

Rao Ash
Ash Rao, Consultant, Grant Thornton

Ash is a consultant within Grant Thornton’s advisory practice where he focuses on third party risk management. He has assisted multiple Fortune 500 clients with the full suite of TPRM services from program assessment to supporting technology implementation. Ash’s experience in optimizing programs has included the identification and pursuit of initiatives designed to reduce costs, improve efficiency and better manage risk.

Justin CastleHill
Justin Riehl, Enterprise Risk Management Principal, CastleHill

Justin Riehl – CastleHill Principal with 20 of years of experience, Justin is a Certified Third-Party Risk Professional primarily responsible for delivery of Enterprise Risk Management and more specifically, Vendor Risk Management solutions to CastleHill customers, implementation partners and their clients. In addition to his business acumen, Justin is a technologist and data management professional providing Systems Development, Data Integration, Data Intelligence Architecture, Analysis and Reporting. Justin’s responsibilities include development and implementation of risk scoring methodologies and GRC best practice specific to Third-Party Risk Management (TPRM) objectives. He establishes best practice vendor management programs and analyst teams and deploys business critical supporting processes aligned to maintaining the efficiency and effectiveness of TPRM programs.

Anders Rodenberg
Anders A. L. Rodenberg, Head of Financial Institutions & Advisory, Americas, Bureau van Dijk

Anders A. L. Rodenberg, M.Sc. is the Head of Financial Institutions and Advisory in the Americas for Bureau van Dijk. Originally from Scandinavia, Anders previously served as Head of Compliance for the Nordic European Region at Bureau van Dijk before transferring to the U.S., which gave him key compliance insight and experience on both sides of the Atlantic.

Anders has been involved in multiple projects in areas ranging from Credit risk of clients and suppliers, Tax risk, Sanctions Risk, Money Laundering risk to FATCA and FCPA, helping to improve the overall risk management at various financial institutions, insurance companies and traditional corporates. Much of his work has been focused on creating operational efficiencies and reducing financial and regulatory risk through global standardization as well as introducing global ownership structures into risk models and procedures.

Anders has met with regulatory authorities and industry leaders in numerous countries, giving him key industry knowledge with a special focus on trends and developments. He also often speaks at conferences. Anders graduated from Aarhus University in Denmark and studied at London School of Economics and Copenhagen Business School.

Jeff Rowley, Principal Consultant, ACA Aponix

Jeff Rowley is a Principal Consultant at ACA Aponix, the cybersecurity and IT risk division of ACA Compliance Group. Jeff has over twenty years of experience in technology and risk in the financial sector. Most recently, Jeff served as Vice President for Bank of America Merchant Services where he was responsible for designing, implementing, and sustaining OCC compliant third party programs.
Jeff earned his Bachelor of Science from the University of North Texas and has accumulated advanced studies in Accounting and Computer Science from the University of Hartford and Rensselaer Polytechnic Institute, respectively. Jeff is a Certified Third Party Risk Professional (CTPRP).

Casey Ryan
Casey Ryan, Senior Manager, EY

Casey is a New York-based Senior Manager with EY’s Advisory practice in the Financial Services Office. Casey has helped multiple clients assess and develop their cybersecurity, IT risk, regulatory compliance, and vendor risk management programs. In this experience she’s worked with C-suite executives for some of the largest banks and insurance companies on the street, while managing complex global teams. She’s also managed vendor risk assessment teams for global banking clients, supervising on-site and remote reviewers in twenty countries across Asia-Pacific, EMEIA, the Americas and Japan, while training and managing dedicated teams in the US, India, South America, and Mexico.

Andreas Simou Head shot
Andreas Simou, Director, CeFPro

Andreas is Head of events and Commercial Director at the Center for Financial Professionals. He has worked in events and publishing for nearly 20 years in a number of capacities including 10 years spent at the Global association of risk professionals as the head of events and commercial ventures.

Olivia Sirett, Commercial Specialist, Vendor Management Office, CLS Bank

Olivia Sirett is currently a Commercial Specialist in the Vendor Management Office at CLS Bank International, a global FX settlement utility. Olivia is responsible for rolling out an enhanced global vendor management program, first at CLS London before continuing the program at CLS New York. Olivia is the third party risk management lead within the Vendor Management Office and has a current focus on cyber security. Olivia is also a founding member of the CLS Women’s Forum and is passionate about promoting diversity and inclusion within the financial services industry.

Olivia holds a Law LLB (BA Hons) degree from the University of Leeds UK. Olivia is currently waiting admission to the New York State Bar.

Pierre-Francois Thaler
Pierre-Francois Thaler, Co-Founder and Co-CEO, EcoVadis and CyberVadis

Pierre-Francois Thaler will be speaking at the Vendor & Third Party Risk USA Congress

Maureen Vance
Maureen Vance, Director and regional Head of Vendor Risk Management, Americas, Deutsche Bank

Maureen has been with the combined Deutsche Bank / Bankers Trust organization for 28 years. Her prior roles at DB include Head of Information Security and Control Policy in the GTO Divisional Control & Regulatory Office, Global Head of Control for Global Business Services, Americas Head of Control for Investment Banking Operations and Head of Global Loan Operations Accounting & Control. Before joining DB, Maureen had control and project roles at Citibank, NA and Columbia Pictures Industries, Inc., and was a Senior Auditor with Arthur Andersen & Co.

Maureen is a Certified Public Accountant, Series 99 Operations Professional and has a BS in Business Administration with a major in Accounting from Georgetown University.

Caree Wagner, MD, Operational Risk Management, BNY Mellon

Caree Wagner will be presenting at Vendor & Third Party Risk USA 2018

Ken Wolckenhauer head shot
Ken Wolckenhauer, Head of Vendor Management, Nordea

Ken Wolckenhauer is the Head of Vendor Management at Nordea Bank’s New York branch. Leading up to this position, Ken was as a subject matter expert, trainer, solutions provider, and consultant for FIS, the world’s largest global provider dedicated to banking and payments technologies. With FIS, Ken specialized in financial industry regulatory risk and compliance, mostly in the area of anti-money laundering and watchlist compliance. Nordea Bank leveraged Ken’s risk and compliance knowledge to build out the vendor management program for the New York branch, developing a program that would properly manage risk as well as gaining acceptance to the US regulators. The success of the US program is now being used to advise Nordea’s European branches on enhancements to its TPRM program. Ken is a graduate of Bucknell University and is a Certified Anti-Money Laundering Specialist.

Vendor and Third Party Risk USA 2018 | Global Survey

We will be releasing the results of this survey and distributing the final report at the Vendor and Third Party Risk USA Congress.

The survey is designed to help benchmark some of the key questions that can indicate the status and health of your third party risk/supplier risk/vendor risk program.

It covers some of the questions we hear most often:

· What is the typical organizational structure supporting third party risk management?
· How do you know if your program is receiving the funding it requires?
· How are third party risk professionals remunerated?
· What are the key elements of a robust program?
· How mature are programs and what are the greatest challenges facing programs today?

Please click the button below to receive a copy of the of the final report and results

Vendor and Third Party Risk USA 2018 | Insights

Find our Vendor Risk thought-leadership articles here. These articles feed from our much larger Risk Insights section of our website which provides you with thought-leadership, white papers, articles and more across risk and regulation.

24th May 2018

Taking the pulse of third party risk management: Industry benchmarking to understand program maturity

By Robert Koszkalda, Director, Third Party Risk Management, SVP, KeyBank.
18th May 2018

Effectively managing fourth parties

By Michael Casey, Head of Outsourcing and Supplier Risk, Americas, UBS.
18th May 2018

Three lines of defense model impact on third-party risk management

By Dan Morrison, Managing Director, Group Head, Third Party Risk Management, MUFG Union Bank.
9th May 2018

Increasing automation and standardization for an enterprise view of risks associated with vendor and third parties

By Anders Rodenberg, Director of Sales and Bill Hauserman, Senior Director, Compliance Solutions, Bureau van Dijk.
4th May 2018
Marc Lieberman

Leveraging intelligence to support third party risk due diligence across the life cycle

By Marc Lieberman, Third Party Cyber Intelligence, Citigroup Cyber Intelligence Center
2nd May 2018

Aligning disparate systems to pull data from different areas for a holistic view of the end to end process and lifecycle

By Michele Miuta, Director of Procurement and Vendor Management, Sterling National Bank.
11th April 2018

Advancing internal/intragroup agreements to the same level of rigorous as external third party partnerships

Presentation by John Bree, SVP & Partner, Neo Group Inc. 
10th April 2018

The evolution of vendor risk management

By Alice Kelly, Head of Research and Production, CeFPro. 
8th February 2018

Second line: Effective challenge and validation

By Theresa Reynolds, Director of Operational Risk, Management Validation, Capital One.
12th December 2017

3rd party concentration risk – Below the tip of the iceberg – Part 1

15th November 2017

Global report: Perspectives on operational risk management and practice

5th October 2017

The three lines of defense, roles and responsibilities

By Glenn Hursh, Managing Director at KPMG LLP.
4th October 2017

Operational risk management: Emerging challenges and changing landscape

By Candice Nonas, Managing Consultant at RGP.
18th September 2017

Supercharging your ERM/risk program

31st August 2017

Governance of your Enterprise Risk Management: How to stay in control of your ERM programme and prove it

Vendor and Third Party Risk USA 2018 | Sponsorship

Can your organization contribute at our Vendor & Third Party Risk USA Congress?

Please contact the Center for Financial Professionals today to discuss how we can deliver your thought-leadership at the event, help you generate leads, and provide you with unique networking and branding opportunities. Download our sponsorship package for an outline of what we can offer, but please contact or call us on +1 888 677 7007 where a member of the team will be happy to tailor the right package for you.

2018 Co-Sponsors:

ACA Aponix

ACA Aponix are co-sponsors at the Vendor & Third Party Risk USA Congress.


Aravo Solutions delivers award-winning, market-leading cloud-based solutions for managing third party governance, risk, compliance and performance. We help companies protect their business value and reputation by managing the risks associated with third parties and suppliers, and to build business value by ensuring that their third party relationships are optimized.

Aravo TPRM for Financial Services allows firms to centralize all their third parties into a single, quick-start cloud solution for assessing risk, conducting initial and ongoing due-diligence, managing and monitoring contractual compliance and performance, and transitioning and off-boarding third parties.

Providing unrivaled regulatory agility and ease-of-use, together with actionable executive reporting, Aravo supports a user base of 124,000 corporate users, managing more than 4.3 million third party users in 36 languages and 154 countries.

Learn more at

Bureau van Dijk

Certainty is a highly prized commodity in business. Data might be getting bigger all the time, but this only makes extracting value from it more difficult.

Bureau van Dijk captures and treats private company information for better decision making and increased efficiency.
With information on nearly 280 million companies, we are the resource for company data. A key benefit of our information is how simple we make it to compare companies internationally.

Our information includes:
– What companies do, how they’re performing and the people that run them
– Financial data, legal entity details, M&A activity and news
– Corporate structures and ownership

You can access our information via a range of interfaces that are designed to help different business challenges and streamline workflows. Many of our customers blend our information with their own internal data for superior insight.


CastleHill will be supporting the forthcoming Vendor and Third Party Risk USA 2018

EcoVadis / CyberVadis


EcoVadis is the world’s most trusted provider of business sustainability ratings, intelligence and collaborative performance improvement tools for global supply chains. Backed by a powerful technology platform and a global team of domain experts, EcoVadis’ easy-to-use and actionable sustainability scorecards provide detailed insight into environmental, social and ethical risks across 190 purchasing categories and 150 countries. Industry leaders such as Johnson & Johnson, L’Oréal, Nestlé, Schneider Electric, Michelin and BASF are among the more than 45,000 businesses on the EcoVadis network, all working with a single methodology to evaluate, collaborate and improve sustainability performance in order to protect their brands, foster transparency and innovation, and accelerate growth.


CyberVadis is the first scalable solution for managing the full third-party cybersecurity risk assessment process. The CyberVadis platform is based on a methodology that maps to all major international compliance standards, and combines the speed of automation with the accuracy and effectiveness of a team of experts. This includes engaging vendors directly with assessments, validating results with an in-house team of security analysts, and issuing companies a standardized cybersecurity rating that they can share with others, along with a detailed improvement plan for increasing their score and the ability to collaborate with clients and vendors on implementing better practices. CyberVadis was developed by EcoVadis, the world’s most trusted provider of business sustainability ratings, intelligence and collaborative performance improvement tools for global supply chains. EcoVadis counts industry leaders like Johnson & Johnson, L’Oréal, Nestlé, and Michelin, among the more than 45,000 businesses on its network.


EY is a leader in serving the financial services industry.

The global network of EY firms understands the importance of asking great questions. It’s how you innovate, transform and achieve a better working world. Finance and capital markets fuel our lives. No other sector can touch so many people or shape so many futures. That’s why globally our network includes 26,000 people who focus on financial services. Our financial services teams are dedicated to providing assurance, tax, transaction and advisory services to the banking and capital markets, insurance, and wealth and asset management sectors. It’s our global connectivity and local knowledge that ensures we deliver the insights and quality services to help build trust and confidence in the capital markets and in economies the world over.

The better the question. The better the answer. The better the world works.

Grant Thornton

Are your traditional controls and safeguards being stretched to the limit amid a host of risks? Do you need a comprehensive solution to identity, assess, and monitor third-party risks? The accelerating pace of change is placing unprecedented demands on financial institutions with third party risk management as an area of growing concern among many financial services institutions.
Grant Thornton’s Advisory Services professionals are progressive thinkers who create, protect and transform value today so our clients have the opportunity to thrive tomorrow. By helping you withstand the pressures of evolving business environments, our services can support you wherever you are – whether you’re focusing on developing and implementing the right controls to mitigate risk or advancing your company’s finance and technology infrastructure to match your aspirations. Learn more at


Opus was founded on a simple premise: that faster, better decisions in compliance and risk management could give businesses an extraordinary advantage in the marketplace.

Today, the world’s most respected, global corporations rely on Opus to free their business from the complexity and uncertainty of managing customer, vendor, and third-party risks.

By combining the most innovative SaaS platforms with unparalleled data solutions, Opus turns information into action so your business thrives.

2018 Associate Sponsors:


BitSight is transforming how companies manage information security risk with trusted, time-tested and
actionable security ratings. Founded in 2011, the company built its Security Ratings Platform to
continuously analyze vast amounts of external data on security issues and behaviors in order to help
organizations manage third party risk, underwrite cyber insurance policies, benchmark performance,
conduct M&A due diligence and assess aggregate risk. Seven of the top 10 cyber insures, 20% of Fortune 500 companies, and 3 of the top 5 investment banks rely on BitSight to manage cyber risks.

Lynx Technology Partners

Lynx Technology Partners is the trusted Information Security and Risk Management Advisor that customers in highly-regulated industries worldwide depend on to improve security posture, facilitate compliance, reduce risk, and refine operational efficiency. With world-class skills and knowledge capital built over 30 years, Lynx security experts help customers recognize and control IT-related risks and maintain compliance with major industry and government standards. Through consulting, security and risk assessments, penetration testing, managed security services, and an award-winning GRC solution, Lynx supports many critical projects for security-conscious leaders in Financial Services, Federal, Energy, Healthcare, State Government, and Higher Education. For more information, please visit

2018 Luncheon Sponsor:

Compliance Education Institute

Compliance Education Institute will be sponsoring the Vendor and Third Party Risk USA Congress

2018 Exhibitors:


ProcessUnity’s cloud-based solutions help organizations of all sizes automate their risk and compliance programs. Our highly configurable, easy-to-use tools significantly reduce manual administrative tasks, allowing customers to spend more time on strategic risk mitigation. As a software-as-a-service technology, ProcessUnity deploys quickly with minimal effort from customers and their IT resources. The inherent efficiency our technology delivers faster, better results, and the ability to scale governance, risk, and compliance programs over time. Learn more at

Rapid Ratings

RapidRatingsTM is transforming the way the world’s leading companies manage enterprise and financial risk. RapidRatings provides the most sophisticated analysis of the financial health of public and private companies in the world. The company’s analytics system provides predictive insights into third-party partners, suppliers, vendors, customers and securities issuers. Every business conversation becomes more productive, transparent and efficient with the RapidRatings Financial Health SystemTM. For more information. Visit to learn more.

Media Partners:

Crowd Reviews Website Logo
Global Risk Community
IRTA Reg Tech International

We are happy to support publications, associations and organisations at this event. From a simple company listing with your logo to taking advantage of some of our sponsor benefits listed above. To discuss a media partnership further please email or call +1 888 677 7007


Vendor & Third Party Risk USA | Venue

June 5-6 2018 | New York City | Crowne Plaza Hotel


Crowne Plaza Hotel, 1605 Broadway, New York, NY 10019 USA


To book please contact Julia Aronov at the Crowne Plaza Hotel hotel directly using +1-212-315-6032 or by email

Hotels near the venue;

The Time New York – 224 W 49th Street, New York, NY 10019 / +1 212-246-5252

Renaissance New York Times Square Hotel – 2 Times Square, 714 Seventh Avenue at, W 48th Street, New York, NY 10036 / +1 212-765-7676

The Gallivant Times Square – 234 W 48th Street, New York, NY 10036 / +1 212-246-8800

Hotel Edison – 228 W 47th St, New York, NY 10036 / +1 212-840-5000

Manhattan TImes Square V2

CPE Credits

Please note that 15.5 credits are available for attending Vendor & Third Party Risk USA.

Frequently Asked Questions

Can I present at the Vendor and Third Party Risk USA 2018 Congress?

Yes, the Center for Financial Professionals are happy to discuss speaking opportunities at Vendor and Third Party Risk USA 2018 Congress. For further information on this please contact or call us on +1 888 677 7007.

Are there any rules on the dress code?

Business attire is requested. The Congress is a formal opportunity to network with like-minded professionals and to gain knowledge from the industry’s finest risk management experts.

What is the cost and what is included in the registration fee?

We offer incentives for ‘early bird’ registrants of the Congress, as outlined on our pricing structure. Registration includes breakfast, refreshment breaks, lunches, the cocktail reception at the end of the day, full access to the sessions and exhibition area. Presentations from sessions are also available, subject to speaker approval.

Where can I find the Congress documentation and speaker presentations?

All registered attendees will receive an email with access to documentation and speaker presentations after the Congress* We will work with our presenters to include as many presentations as possible on our Risk Insights App during the Congress. *Please note that our speakers often have to gain permission from their relevant compliance departments to release their presentations. On rare occasions compliance may not allow presentations to be distributed.

Will breakfast, lunch and refreshment be provided?

Yes. As with all of our events the Center for Financial Professionals will be providing brilliant coffee, breakfast, lunch, refreshments, and smaller bites during the networking breaks.

Will there be opportunities to network with other attendees?

There are ample opportunities for networking and interaction throughout the Congress, such as

  • Breakfast, lunch and refreshment breaks
  • Cocktail reception at the end of the day (Subject to confirmation)
  • Q&A, panel discussions and audience participation technology available through the Risk Insights App

I have several colleagues that would like to attend, is there a group discount?

Certainly! We are pleased to offer you a 50% discount on the third registration or provide a fifth registration for free. If you would like to register more than five colleagues please contact us on +1 888 677 7007 Please note:

  • Registrations must be made at the same time
  • Registrations must come from the organisation
  • The lowest registration will be discounted

Are there opportunities to share my thought-leadership at the Vendor and Third Party Risk USA 2018 Congress?

Yes there are plenty of opportunities for the Center for Financial Professionals to share thought-leadership to the attendees of Payments Forum 2018 and our wider risk professionals community. At the event We can distribute your material to the attendees, offer you an exhibition booth, and provide speaking opportunities so that you may enjoy a more prominent presence at the Forum. Visit the Sponsor tab for further information or contact / +44 (0) 207 164 6582. Risk Insights Feature your content on our Risk Insights website and supporting Risk Insights monthly newsletter. For further information please download our media pack here.

Are media partnerships available for Vendor and Third Party Risk USA 2018 Congress?

Yes. As part of a media partnership we can offer a variety of options to increase the branding and awareness of your association, company, certificate, publication or media. We are flexible with what we can offer however we usually:

  • Provide a discounted rate to attend
  • Place your logo and profile on the Congress website
  • Place your logo on the Congress brochure
  • Place your logo on promotional content where applicable
  • Distribute your media/marketing at the Congress
  • Promote through social media channels

To discuss this further please contact or call +1 888 677 7007

3rd Annual

Vendor & Third Party Risk Europe

13-14 June 2018 | London | Grange City Hotel

Vendor Risk EMEA

Don’t forget to tell your colleagues about our Vendor & Third Party Risk Europe Summit taking place in London on 13-14 June 2018.

The Summit will review the evolving vendor and third party processes and best practices for effective management, oversight and compliance.

Summit topics to be addressed include;

Categorising Vendors | Information Security | Aligning Departments | Business Continuity | Board Reporting | GDPR | Financial Viability | Fourth Parties | Due Diligence | and much more

Hear from more than 20 senior vendor, third party & procurement professionals including;
Shamial Afzal

Shamial Afzal

Head of Supplier Relationships and Risk

M&G Prudential

Emma Mansfield

Emma Mansfield

Head of Outsourced Risk Assurance

Bank of Ireland

Kurt Nelson

Kurt Neilson

Head of Third party Relationship Management


Daniel Middleton

Daniel Middleton

Head of Security Assurance


Charles Forde

Charles Forde

Global Head of Third party, Outsourcing & Inter-Entity Risk


Stuart Anderson

Stuart Anderson

Global Head of Supplier Risk


Vendor and Third Party Risk USA 2018 | Registration

Early Bird
Registrations before May 25
Standard Rate
Registrations After May 25
Vendor and Third Party Risk USA 2018 | June 5-6 $1,399
Save $400

Should you have any questions regarding registering, please contact the Center for Financial Professionals, please contact us on +1 888 677 7007 (US) or +44 (0)20 7164 6582, or email 

Group Bookings:

Group rates are available for 3 or more attendees from the same organisation, when registering at the same time. The current rate allows every third colleague to come along for half price! or a fifth colleague to attend for free

Other ways to register

Save time – Register by email

Simply email us your e-signature – and we will do the rest for you!

CPE Credits

Earn up to 15.5 CPE Points

To claim your CPE points please contact or call +1 888 677 7007

2. Contact Us Directly

3. Download the PDF Registration Form

Vendor USA Brochure


Earn up to 15.5 CPE Points

To claim your CPE points please contact or call +1 888 677 7007

Keep Updated


Interested in Vendor Risk Management but not ready to register? Click here to keep updated.


ACA Aponix
CastleHill_Logo[1] 245x150
Grant Thornton 245x150

Associate Sponsors:

Luncheon Sponsor:


Rapid Ratings

Connect With Us | #VendorRiskUSA

TwitterLinkedInFacebookYouTubephone icon 50px