Vendor & Third Party Risk Europe

Addressing most recent regulatory guidelines to maximise utilisation of high-end technology

5th Annual Vendor & Third Party Risk Europe

June 2020 | London

2019 Key Agenda Highlights Included:

Complying to global regulatory requirements and reviewing changes on the horizon 

Understanding how third party risk impacts operational resilience and aligning to regulatory requirements

Tracking and limiting concentration risk across supply chain to avoid over reliance on any party

Best practice for categorising vendors to determine level of due diligence and oversight required

Utilising data analytics to provide an enterprise wide view of vendor and third party risks and aligning to appetite

Effective measurement and reporting of risks to provide comprehensive enterprise wide analysis

2019 Speakers Included:


Charles Forde
Global Head of Third Party, Outsourcing & Inter-Entity Risk


Shamial Afzal,
Head of Supplier Risk Management (SRM),
M&G Prudential


Steven Wyles
Head of Services Risk & Director of Third-Party Risk Management
Santander UK


Rashni Chahal Holden
Global Head of Professional Services and Regional Head of Procurement and Third Party Risk
Standard Chartered Bank


Ann Stokes
Head of Procurement


Emma Mansfield
Head of Outsourced Services Assurance
Bank of Ireland UK


Joe Bąkowski
Head of Procurement and Supplier Management
Metro Bank plc


Nick Brazier
Head of Third Party Management
Close Brothers


Can your organisation contribute? Please contact the Center for Financial Professionals today to discuss how we can deliver your thought-leadership at the event, help you generate leads, and provide you with unique networking and branding opportunities. For more information on what we can offer, please contact or call us on +44 (0) 20 7164 6582 where a member of the team will be happy to tailor the right package for you.

5th Annual Vendor & Third Party Risk Europe

June 2020 | London


Find our Vendor Risk thought-leadership articles here. These articles feed from our much larger Risk Insights section of our website which provides you with thought-leadership, white papers, articles and more across risk and regulation.

9th August 2019

Integrating conduct requirements and maturing risk culture of a firm

By Benoît Saint-Jevin, Head of OPC & TAC Coordination, Global Markets Americas, BNP Paribas
9th August 2019

Linking risk appetites to decision making

By Jacob Rosengarten, Principal, Wolf/Rosengarten Group
7th August 2019

Benefits of a Traditional RCSA

By Thomas Tobin, Director, Operational Risk, Mizuho
2nd August 2019

Exploring the uses of AI and machine learning technology in operational risk

By Saqib Jamshed, Head of Model Risk Governance, The Options Clearing Corporation
1st August 2019

Director of Operational Risk at Mizuho Americas discusses universal language, taxonomies and data sharing

1st August 2019

Increasing accountability in the first line and minimizing duplication of efforts for risk assessments

By Hugo Ramirez, SVP, Director of Corporate Assurance, BBVA
8th July 2019

Presentation: The increasing risk of vendor and third parties and ensuring effective controls across lifecycle

7th June 2019

Building operational resilience in financial services and ensuring compliance to regulatory standards

By Sucharita Banerjee Lodha, General Insurance International (GII) Business Resiliency and Operational Governance, AIG
6th June 2019

TPRM insights from Dov Goldman, VP, Innovation and Alliances, Opus

28th May 2019

Operational risk control framework: Technology and regulatory requirements

22nd May 2019

Risk Webinar: Vendor & third party risk – Adapting to the evolving regulatory landscape

22nd May 2019

Risk Webinar: A discussion on the key findings from CeFPro’s Global Conduct Risk Survey

21st May 2019

Survey Suggests Third-party Risk Practices Are Maturing

By Aravo
21st May 2019

Vendor risk: Due diligence, scaling, analysis, and ongoing oversight

By Marc Lotti, Partner, ACA Aponix and Jeff Rowley, Principal Consultant, ACA Aponix
14th May 2019

Developing and testing business continuity plans for risk mitigation for supplier failure

By Tom Garrubba, Senior Director & CISO,  Shared Assessments & The Santa Fe Group
14th May 2019

Monitoring and mitigating insider risk and limiting insider fraud

14th May 2019

Strengthening process and communication to align frameworks across the lifecycle

13th May 2019

Risk Webinar: Managing third parties, it’s more than just cyber risk

13th May 2019

Third-party due diligence: Has your program evolved enough to keep up with changes in regulations and advancements in technology?

By Bill Hauserman, Senior Director, Compliance Solutions, Bureau van Dijk, A Moody’s Analytics Company
13th May 2019

Full oversight for risk reporting: Aggregating reporting across multiple systems and jurisdictions

By David Stomski, Director, Operational Risk Management, Credit Suisse
10th May 2019

Ensuring effective controls for cloud providers to understand where data is stored and pinpoint liability

By Sean O’Brien, Managing Director, DVV Solutions
8th May 2019

Aligning third party management with wider operational resilience frameworks and risk appetite statements

By Nick Brazier, Head of Third Party Management, Close Brothers & Anna Gurney, Head of Supplier Relationship Management, Close Brothers
7th May 2019

Boosting vendor risk reporting accuracy

By Shamial Afzal, Head of Supplier Risk Management (SRM), M&G Prudential
2nd May 2019

Aggregating reporting across multiple systems and jurisdictions for full oversight for risk reporting

By Roxane Romulus, MBA, Director, Third Party Risk Management, Voya Financial
29th April 2019

Continuous monitoring of vendor and third parties for full portfolio analysis of risks

By Ken Wolckenhauer, VP, Vendor Management, Nordea Bank 

5th Annual Vendor & Third Party Risk Europe

June 2020 | London


The survey aims to assess the following topics: Preference for in-house developed software vs. purchasing vendor provided software | Key criteria used by organizations to select the most appropriate vendor software | Most widely implemented vendor provided software | Typical implementation challenges and solutions adopted to address these |Most widely used consulting and service providers for designing frameworks and supporting implementation of the software | The key emerging business requirements.

All who take part will receive a complimentary copy of the final results, inclusive of peer-led vendor rankings.

5th Annual Vendor & Third Party Risk Europe

June 2020 | London



Can your organisation contribute? Please contact the Center for Financial Professionals today to discuss how we can deliver your thought-leadership at the event, help you generate leads, and provide you with unique networking and branding opportunities. For more information on what we can offer, please contact or call us on +44 (0) 20 7164 6582 where a member of the team will be happy to tailor the right package for you.

2019 Co-Sponsors:


Prevalent helps enterprises manage risk in third party business relationships. It is the industry’s only purpose-built, unified platform that integrates a powerful combination of automated assessments, continuous monitoring, and evidence sharing for collaboration between enterprises and vendors. No other product on the market combines all three components, providing the best solution for a highly-functioning, effective third-party risk program.


Aravo Solutions delivers award-winning, marketleading cloud-based solutions for managing third party governance, risk, compliance and performance. We help companies protect their business value and reputation by managing the risks associated with third parties and suppliers, and to build business value by ensuring that their third party relationships are optimized. Aravo TPRM for Financial Services allows firms to centralize all their third parties into a single, quickstart cloud solution for assessing risk, conducting initial and ongoing due-diligence, managing and monitoring contractual compliance and performance, and transitioning and off-boarding third parties. Providing unrivaled regulatory agility and ease-of-use, together with actionable executive reporting, Aravo supports a user base of 124,000 corporate users, managing more than 4.3 million third party users in 36 languages and 154 countries. Learn more at aravo. com


BitSight Technologies is transforming how companies manage information security risk with objective, evidence-based security ratings. The company’s Security Rating Platform continuously analyzes vast amounts of external data on security behaviors in order to help organizations manage third party risk, benchmark performance, and assess and negotiate cyber insurance premiums.

DVV Solutions

DVV Solutions are a specialist provider of Cyber Security, Third Party Supplier Risk and Governance, Risk & Compliance (GRC) solutions including:
– Third Party risk management (TPRM) managed services
– Cloud-based risk assessment workflow automation
– Remote and onsite security risk assessment delivery
– Continuous monitoring and threat intelligence of suppliers
– Simplified risk assessments for small and medium-sized suppliers
– GDPR conformity assessments for Third Party data processors

As a Shared Assessments program member and recognised Assessment Firm we utilise industry-standard practices such as Standardised Information Gathering (SIG) questionnaires to perform initial supplier risk assessments, and Standardised Control Assessment (SCA) procedures for best-practice onsite audits.

We’d be pleased to hear from you and help find the most cost-effective way to develop, maintain or expand your Third Party risk management efforts.

IHS Markit

KY3P® is the first centralized data hub that simplifies and standardizes third-party risk management processes. Third-party relationships are under growing scrutiny by global regulators, including the US Office of the Comptroller of the Currency (OCC), FINRA, the UK Financial Conduct Authority, and the Monetary Authority of Singapore. As firms increase reliance on third parties to deliver business-critical processes and services, oversight complexity also increases. The lack of standardization around collecting due diligence data can lead to duplicate efforts, creating inefficient processes that might result in delays in response times, revenue recognition, increased costs and overall inconsistency of information. KY3P®, developed in partnership with global banks, asset managers, and Big 4 consulting firms, is designed to help you simplify third-party risk management processes. By standardizing due diligence questionnaires and storing third-party information centrally, the service minimizes efforts around information requests and responses.

MYRIAD Group Technologies

MYRIAD Group Technologies was founded in 2004. We have three established platforms – MYRIAD, Embus and CODUDE.
MYRIAD targets the Network and Vendor Management function at major Financial Institutions and Corporates. Embus addresses enterprise-level needs for pre-onboarding of prospects, Client Onboarding and Client Lifecycle Management and leverages a Client’s existing investments in ALM and KYC. And CODUDE is our questionnaire engine, so-called because CODUDE is short for Collaborative Due Diligence.

It is no coincidence that our lead product is called ‘MYRIAD’ because of the wide capabilities of the platform. A large European Bank sponsored our initial project and our three product platforms all stem from a deep understanding and appreciation of the challenges faced in counterparty management. Counterparties can be variously described as Vendors, Providers, Suppliers and even Clients but fundamentally our data-driven approach to creating, tracking, reporting on and managing these relationships – often in great detail – is what underpins our functionality. Ultimately the data our platforms manage provides output which directly feeds GRC (Governance, Risk and Compliance) disciplines at companies of all sizes.


OneTrust is the largest and most widely used technology platform to operationalize privacy, security and third-party risk management. According The Forrester New Wave™: GDPR and Privacy Management Software, Q4 2018, OneTrust “leads the pack for vision and execution.” Additionally, Fast Company named OneTrust as one of 2019’s World’s Most Innovative Companies.

More than 2,500 customers use OneTrust to implement their privacy, security and third-party risk programs, automatically generating the specific record keeping needed to demonstrate compliance with privacy regulations including the GDPR, California Consumer Privacy Act, Brazil LGPD, and hundreds of the world’s privacy laws.

To learn more, visit


Protiviti is a global consulting firm that helps companies solve problems in finance, technology, operations, governance, risk and internal audit, and has served more than 60 percent of Fortune 1000® and 35 percent of Fortune Global 500® companies.


RiskRecon’s continuous monitoring solution delivers risk-prioritized action plans that enable precise and efficient elimination of your most critical third-party security risks. Only our SaaS delivers the data-driven evidence necessary for you to pinpoint security weaknesses within a vendor and across your third-party portfolio.

Rather than simply provide a laundry list of issues, RiskRecon automatically quantifies and describes the true risks associated with every vendor’s IT assets. Our solution employs passive, direct analysis of each organization’s Internet-facing systems to create detailed IT, security, and asset valuation profiles. Using these profiles, RiskRecon automatically produces risk-prioritized plans based on the severity of security issues present and the impact if the system is compromised.

Only RiskRecon enables clients to build a scalable, third-party risk reduction program that compresses remediation cycles, improves analyst productivity, and ensures constructive vendor collaboration. With our SaaS solution, you can monitor large third-party portfolios and make efficient, accurate decisions based on objective findings. Learn more at


SecurityScorecard is a security ratings platform that enables enterprises to instantly rate, understand and continuously monitor the security risk of any company worldwide, non-intrusively and from an outside-in perspective.

With 65% of breaches caused directly or indirectly through third parties, SecurityScorecard helps you effectively interact with your vendors through:

Transparent, understandable and accurate scoring model
Scalable self-service platform with over 1.000.000 companies rated
Collaborative workflow where vendors can generate score remediation plans
Timely reflection of remediated items in scorecards

Headquartered in New York City, we are funded by top investors like Sequoia Capital, Google Ventures, NGP, Moody’s, Intel, and others.

SFG Shared Assessments

The Shared Assessments Program helps the world’s leading organizations manage and protect against third party IT security risks. As the only organization that has uniquely positioned and developed standardized resources to bring efficiencies to the market for more than a decade, the Shared Assessments Program has become the trusted source in third party risk assurance. Shared Assessments offers opportunities for members to address global risk management challenges through committees, awareness groups, interest groups, and special projects. Join the dialog with peer companies and learn how you can optimize your compliance programs while building a better understanding of what it takes to create a more risk-sensitive environment in your organization.


SureCloud is a provider of cloud-based, integrated Risk Management products and Cybersecurity services, which reinvent the way you manage risk. SureCloud connects the dots with integrated Risk Management solutions enabling you to make better decisions and achieve your desired business outcomes. SureCloud is underpinned by a highly configurable technology platform, which is simple, intuitive and flexible. Unlike other GRC Platform providers, SureCloud is adaptable enough to fit your current business processes without forcing you to make concessions during implementation; meaning you get immediate and sustained value from the outset.

SureCloud’s Third-Party Risk Management solution is used by many leading enterprises including TGI Friday’s and Shop Direct to manage their third party relationships consistently, assess them on a regular basis, consolidate their responses and provide visibility and reporting over the entire program. SureCloud’s Third-Party Risk Management software solution not only automates the third-party risk management process but allows you to integrate with broader IT risk management processes and even your data privacy program. Discover more about SureCloud’s most popular solution here:

2019 Associate Sponsors:


Hellios Information is a supplier information and risk management company founded by people with more than 30 years’ experience each within this niche area.
We have expertise in providing total supplier information management solutions that provide the highest degree of quality in the most cost-effective manner for both buyers and suppliers.
Hellios collects, validates and monitors supplier information provided by relevant vendors.
Our particular expertise is developing and managing industry communities to create a single pool of accurate and up to date supplier information.
We achieve this by combing word class software, validation services and audit capabilities. Each supplier has been invited by a buyer users.
Hellios are currently working with leading organisations within the financial industry and are committed to delivering the best possible service to our customers.


ProcessUnity’s cloud-based solutions help organizations of all sizes automate their risk and compliance programs. Our highly configurable, easy-to-use tools significantly reduce manual administrative tasks, allowing customers to spend more time on strategic risk mitigation. As a software-as-a-service technology, ProcessUnity deploys quickly with minimal effort from customers and their IT resources. The inherent efficiency our technology delivers faster, better results, and the ability to scale governance, risk, and compliance programs over time. Learn more at


Reflectiz is a cyber-security company that helps businesses manage and mitigate security and privacy risks resulting from third-party components installed on their websites.
The Reflectiz solution uses machine-learning capabilities and propriety profiling to scan entire websites, providing ongoing monitoring and complete third-party visibility for any given site from day one. It works seamlessly and requires no setup, no installation or any kind of integration. Our solution is designed for the financial sectors, e-services and e-commerce.
Reflectiz offers exceptional cyber roots and unique security skills, ranging from ethical hacking to highly complexed development challenges.
At Reflectiz we believe that in the era of GDPR and “Privacy First”, and as third-party risks are escalating, companies and organizations are obliged to protect their end users by all means.
The Reflectiz third-party risk solution is a must have now, and should be an integral part of any business process.


SupplierVision will be an associate sponsor at the 4th Annual Vendor & Third Party Risk Europe 2019 Summit.

Media Partnerships

We are happy to support publications, associations and organisations at this event. From a simple company listing with your logo to taking advantage of some of our sponsor benefits listed above. To discuss a media partnership further please email or call +44 (0)20 7164 6582.

5th Annual Vendor & Third Party Risk Europe

June 2020 | London



The venue will be confirmed soon


Frequently Asked Questions:

Can I present at the Vendor Risk Europe 2020?

Yes, the Center for Financial Professionals are happy to discuss speaking opportunities at Vendor Risk Europe 2019. For further information on this please contact or call us on +44 (0)20 7164 6582.

What is the dress code?

Business attire is requested. The Summit is a formal opportunity to network with like-minded professionals and to gain knowledge from the industry’s finest risk management experts.

What is the cost and what is included in the registration fee?

We offer incentives for ‘early bird’ registrants of the Summit’s, as outlined on our pricing structure. Registration includes breakfast, refreshment breaks, lunches, a drinks reception at the end of the day, full access to the sessions and exhibition area. Presentations from sessions are also available, subject to speaker approval.

Will breakfast, lunch and refreshment be provided?

Yes. As with all of our events the Center for Financial Professionals will be providing brilliant coffee, breakfast, lunch, refreshments, and smaller bites during the networking breaks.

Will there be opportunities to network with other attendees?

There are ample opportunities for networking and interaction throughout the Summit, such as

  • Breakfast, lunch and refreshment breaks
  • Drinks reception at the end of the day one (Subject to confirmation)
  • Q&A, panel discussions and audience participation technology available through the Risk Insights App
I have colleagues that would like to attend, is there a group discount?

Certainly! We are pleased to offer you a 50% discount on the third registration or provide a fifth registration for free. If you would like to register more than five colleagues please contact us at or on +44 (0)20 7164 6582. Please note:

  • Registrations must be made at the same time
  • Registrations must come from the organisation
  • The lowest registration will be discounted
Can my organisation be involved with Vendor Risk Europe 2020?

Yes there are plenty of opportunities for the Center for Financial Professionals to share thought-leadership to the attendees of Vendor & Third Party Risk Europe 2020 and our wider risk professionals community.

At the event We can distribute your material to the attendees, offer you an exhibition booth, and provide speaking opportunities so that you may enjoy a more prominent presence at the Summit. Visit the Sponsor tab for further information or contact / +44 (0) 207 164 6582. Risk Insights Feature your content on our Risk Insights website and supporting Risk Insights monthly newsletter. For further information visit our sponsorship tab!

Are media partnerships available for Vendor Risk Europe 2020?

Yes. As part of a media partnership we can offer a variety of options to increase the branding and awareness of your association, company, certificate, publication or media. We are flexible with what we can offer however we usually:

  • Provide a discounted rate to attend
  • Place your logo and profile on the Summit website
  • Place your logo on the Summit brochure
  • Place your logo on promotional content where applicable
  • Distribute your media/marketing at the Summit
  • Promote through social media channels

To discuss this further please contact or call +44 (0)20 7164 6582

We are pleased to announce that our courses have been independently evaluated for Continuing Professional Development purposes by The CPD Certification Service. This means our courses comply with universally accepted principles of Continual Professional Development (CPD) and have been structured to meet the criteria of personal development plans.

5th Annual Vendor & Third Party Risk Europe

June 2020 | London


Pre-Agenda Rate

Main Summit
Representing a financial institution
(E.g. Bank, Insurance company, Asset Manager, Regulator)

Until agenda is announced

Main Summit
Representing an information/service provider

(E.g. Consultant, Vendor, Executive Search Firm, Law Firm)

Until agenda is announced

Main Summit
Representing an information/service provider

(E.g. Consultant, Vendor, Executive Search Firm, Law Firm)

Until agenda is announced

*All rates are subject to UK VAT

Group Bookings:

Group rates are available for 3 or more attendees from the same organisation, when registering at the same time. The current rate allows every third colleague to come along for half price or a fifth colleague to attend for free!

Other Ways to Register

1. Register by Email

Simply email us with your e-signature
we will do the rest for you!

We only need your:
– Full name
– Job title
– Company & address
– Contact number

2. Contact Us Directly

+44 (0)20 7164 6582

3. Download PDF Registration Form

To claim your CPD credits please contact or call +44 (0) 207 164 6582

Connect With Us

2019 Co-Sponsors:

2019 Associate Sponsors: