Vendor & Third Party Risk Europe

Addressing most recent regulatory guidelines to maximise utilisation of high-end technology

4th Annual Vendor & Third Party Risk Europe

18-19 June 2019 | London

2019 Key Agenda Highlights

REGULATION
Complying to global regulatory requirements and reviewing changes on the horizon 

RESILIENCE
Understanding how third party risk impacts operational resilience and aligning to regulatory requirements

CONCENTRATION RISK
Tracking and limiting concentration risk across supply chain to avoid over reliance on any party

CATEGORISING VENDORS
Best practice for categorising vendors to determine level of due diligence and oversight required

DATA ANALYTICS
Utilising data analytics to provide an enterprise wide view of vendor and third party risks and aligning to appetite

REPORTING
Effective measurement and reporting of risks to provide comprehensive enterprise wide analysis

Hear from 15+ Third Party Risk Experts Including:

Charles Forde

Charles Forde
Global Head of Third Party, Outsourcing & Inter-Entity Risk
UBS

Matthew Browning

Matthew Browning
Head of Third Party Oversight and PCI Compliance
Direct Line

steven wyles

Steven Wyles
Head of Services Risk & Director of Third-Party Risk Management
Santander UK

Rashni Chahal Holden

Rashni Chahal Holden
Global Head of Professional Services and Regional Head of Procurement and Third Party Risk
Standard Chartered Bank

Ann Stokes

Ann Stokes
Head of Procurement
MUFG

Emma Mansfield

Emma Mansfield
Head of Outsourced Services Assurance
Bank of Ireland UK

Joe Bakowski Headshot

Joe Bąkowski
Head of Procurement and Supplier Management
Metro Bank plc

Nick Brazier

Nick Brazier
Head of Third Party Management
Close Brothers

Why Attend?

Vendor & third party risk management is gaining, year after year, more significance in the risk process for every financial institution. Many areas need to be considered: new regulations to implement, different jurisdictions in which to be compliant, high-end technologies developing in cloud storage and data collection.

The industry needs more platforms where to gather, discuss and try to standardize approaches, both on the regulatory and on the outsourcing sides. Industry wide, assessing concentration risk, operational resilience, reporting issues and data protection will help businesses to improve their performances.

Sponsorship

Can your organisation contribute? Please contact the Center for Financial Professionals today to discuss how we can deliver your thought-leadership at the event, help you generate leads, and provide you with unique networking and branding opportunities. For more information on what we can offer, please contact sales@cefpro.com or call us on +44 (0) 20 7164 6582 where a member of the team will be happy to tailor the right package for you.

4th Annual Vendor & Third Party Risk Europe

18-19 June 2019 | London

AGENDA

08:00 registration and breakfast

08:50 Chair’s opening remarks

REGULATORY PANEL DISCUSSION

09:00 Complying to global regulatory requirements and reviewing changes on the horizon

  • What’s on the horizon?
  • Move towards digital services
    • PSD2 and AML regulations
  • Move towards cloud computing
  • Regulatory plan for managing increased digitalisation
  • How it all comes together
  • Emerging trend to standardise operational resilience
    • ECB, FINMA, BIS approaches
  • Managing global regulators
    • Prescriptive vs. non-prescriptive approaches

Matthew Browning, Head of Third Party Oversight and PCI Compliance, Direct Line
Charles Forde, Global Head of Third Party, Outsourcing & Inter-Entity Risk,
UBS
Steven Wyles,
Head of Santander Services Risk & Director Third Party Risk Management,  Santander UK
Dean Lumer, Managing Director, Knadel Software Solutions

09:45 EBA Guidelines on outsourcing – a new high water mark

  • What are the main themes and actions of the Guidelines and when are they due?
  • What are firms doing? How prepared are they? Sell side/Buy side/insurance, others.
  • What do the Guidelines mean for Third Party/Vendor Risk practice generally?
  • How effective are questionnaires and when do I need to perform an onsite or a remote verification?
  • Tools and processes to provide more effective transparency and diligence. How is technology driving change?

Session reserved for IHS Markit

10:20 Morning refreshment break and networking

RESILIENCE
10:50 Understanding how third party risk impacts operational resilience and aligning to regulatory requirements

  • How to consistently measure impact tolerances for the different parts of resilience
  • What existing data and MI can be leveraged
  • Understanding third party relationships underpinning client services
  • Major dependency on third parties to ensure operational resilience
    • Understanding vulnerabilities and bringing into overall operational resilience programme
  • Response to loss of service or failure to supply contractual obligations
  • Resilience planning and testing
  • Leveraging existing monitoring capabilities and processes
    • Prescriptive vs. non-prescriptive approaches
  • Tools and processes to provide more effective transparency and diligence
  • Validating the risks in the supply chain
  • How effective are questionnaires and when do I need to perform an onsite or a remote verification?

Charles Forde, Global Head of Third Party, Outsourcing & Inter-Entity Risk, UBS

Eric Blatte, President and co-founder, RiskRecon

11:50 How to develop effective information gathering for third parties

  • How to evaluate your information needs
  • Prioritizing, planning and structuring the information gathering
  • Use of categorization, tiering and risk scoring
  • Building the question library
  • Reducing the manual administrative burden from the system

Alex Hollis, GRC Practice Director, SureCloud

12:25 Lunch break and networking

CLOUD TECHNOLOGY PANEL DISCUSSION
13:25 Ensuring effective controls for cloud providers to understand where data is stored and pinpoint liability

  • Understanding the new risk and data protection issues when using cloud
  • GDPR compliance when storing data on the cloud
  • Concentration risk: market wide implications of cloud failure
  • Changing policies imbedded in organisations to manage cloud
  • Ensuring physical security in a cloud environment
  • Using other reports and certifications of compliance as sufficient coverage
  • Undertaking independent reviews on controlled environment
  • Identifying vendors using cloud services
  • Realities of exit from/transfer between cloud providers for the enablement of effective exit strategies

Julie Hoesli Stewart, Executive Director – Compliance & Operational Risk Control, UBS
Sean O’Brien,
Managing Director, DVV Solutions

CONCENTRATION RISK
14:10 Tracking and limiting concentration risk across supply chain to avoid over reliance on any party

  • Focus for regional branches or larger institutions
    • Understanding operation locally and globally
  • Large banks outsourcing to top 4 firms
  • Market wide implications of vendor failure
  • Avoiding concentration in third party outsourcing

Amit Lakhani, Head of Third Party Risk Management, CIB, BNP Paribas

AUDIT
14:45 Beginners guide to navigating a regulatory inspection

  • Preparing for the inspection and understanding the scope
  • The engagement process – how the day to day engagement with the regulator worked
  • Responding to requests – management of the documentation review and response process
  • The close out process and managing follow-up actions

Fiachra Crean, Head of Supplier Relationship Management, AIB

15:20 Afternoon refreshment break and networking

REGULATOR’S OVERVIEW
15:50 Outsourcing: recent regulatory developments

Orlando Fernández Ruiz, Senior Technical Specialist, Governance & Remuneration Team, Prudential Policy Directorate, Bank of England

CYBER RISK
16:25 Managing cyber risk in an increased technology landscape to stay ahead of threats

  • Changing systems and view of analytics
  • Increased use of technology and cloud services
  • Reviewing risk and defining controls
  • Raising awareness of risks and protecting against them
  • Tools to support assessment
  • Understanding what you are assessing
  • Industry standard for measuring cyber risk

Sam Lee, Head of Operational Risk, EMEA, Sumitomo Mitsui Banking Corp

4TH AND 5TH PARTIES
17:00 Managing material subcontractors hidden in supply chain for full oversight and due diligence

  • Setting standards for how suppliers manage their subcontractors
  • Ensuring good visibility of management across the supply chain
  • Right to audit across the supply chain
  • Identifying fourth parties across the industry supporting major systems
  • Understanding of deeper supply chains
  • Identifying critical fourth parties and effective due diligence

18:00 Chair’s closing remarks

18:10 End of day one and drinks reception

08:15 Registration and breakfast

08:50 Chair’s opening remarks

REPORTING PANEL DISCUSSION
09:00 Effective measurement and reporting of risks to provide comprehensive enterprise wide analysis

  • Representing third party risk
  • Internal management
  • Aggregating risk across the institution
  • Presenting consistently in a “value added” way
  • Informing business units and decision makers
  • Understanding where the risk lies
  • Aligning with risk appetite

Steven Wyles, Head of Santander Services Risk & Director Third Party Risk Management, Santander UK
Rashni Chahal Holden, Global Head of Professional Services and Regional Head of Procurement and Third Party Risk, Standard Chartered Bank
Shamial Afzal, Head of Supplier Risk Management (SRM), M&G Prudential

BUSINESS CONTINUITY
09:50 Developing and testing business continuity plans for risk mitigation for supplier failure

  • Impact on service delivery
    • Impact on service delivery
  • Implications if suppliers do not deliver
    • Customer outcomes, costs, regulatory impact
  • Defining supplier obligation and tracking
  • Testing exit plans and updating annually
  • Continuum from Supplier BCPs through basic client BCPs through and extreme Exit Strategy scenarios
  • Successful processes for longer supply chain resilience

Tom Garrubba, Senior Director & CISO,
Shared Assessments & The Santa Fe Group

10:30 Morning refreshment breaks and networking

DATA ANALYTICS
11:00 Utilising data analytics to provide an enterprise wide view of vendor and third party risks and aligning to appetite

  • Standardising approaches to data analytics
  • Front to back transparency of the risk landscape
  • Techniques and innovation for data analytics
  • Assessing services over provider increasing diligence numbers
  • Tools to manage as a risk-based approach
  • Including non-risk professionals and examining different angles on different professional capabilities

Julie Hoesli Stewart, Executive Director – Compliance & Operational Risk Control, UBS

ACCOUNTABILITY
11:40 Aligning third party management with wider operational resilience frameworks and risk appetite statements

  • Challenges of a decentralised organisational structure
  • Operational resilience at a vendor level and aligning to risk appetite
  • Supporting management of operational resilience at an enterprise level

Nick Brazier, Head of Third Party Management, Close Brothers
Anna Gurney, Head of Supplier Relationship Management, Close Brothers

12:20 Lunch break and networking

CATEGORISING VENDORS PANEL DISCUSSION
13:20 Best practice for categorising vendors to determine level of due diligence and oversight required

  • Determining material vendors and services
  • Deploying resources for oversight of supplier
  • Aligning with risk appetite
  • Criteria to determine level of oversight
  • Third parties supporting multiple services: What are critical services
  • Critical service approach
    • Is there a common list of services/official taxonomy
    • Navigating SYSC 8
  • Basic questions to tier vendors at onboarding

Ann Stokes, Head of Procurement, MUFG
Emma Mansfield, Head of Outsourced Services Assurance,
Bank of Ireland UK
Joe Bąkowski, Director of Procurement and Supplier Risk,
Metro Bank plc
Ben Joyce, Head of Sourcing – Global Commercial Services,
ICBC Standard Bank Plc

HUMAN RISK
14:10 Accounting for and putting controls in place to monitor and mitigate human risk

  • Ensuring controls to mitigate human risk
  • Intentional or accidental actions by humans
  • Impact on resilience of a service
  • Controls of people

Andrew Sparry, Head of Information Assurance – Third Party Management, Capital One

14:50 Afternoon refreshment break and networking

BREXIT
15:20 Reviewing implications of Brexit on vendor and third party risk three months in

  • Risks associated after Brexit
  • Cost of supply increases
  • Cross border delays for importing
  • Taxation and access to market
  • Ambiguity around regulations and what apples
  • Passporting rights
  • Assessing critical suppliers for Brexit impact

EMERGING RISKS
16:00 Emerging risk: Reviewing potential risks of tomorrow to prepare for today

  • What is the risk of tomorrow?
  • Horizon scanning to prepare ahead
  • The future of technology
  • Impact of digitalisation on vendor risk

17:35 Chair’s closing remarks

17:45 End of Summit

Please note, this agenda may be subject to change.

4th Annual Vendor & Third Party Risk Europe

18-19 June 2019 | London

SPEAKERS

Shamial Afzal Headshot
Shaimal Afzal, Head of Supplier Risk Management (SRM), M&G Prudential

Shamial comes with 25 years commercial experience in a variety of roles dominated in the financial services sector. From managing contracts up to values of £50m+ and leading global supplier assurance programmes Shamial is a passionate leader and encourages  collaboration and diversity of thought.

His current role includes standing up a mature Procurement & Supply Chain function implementing a SRM Framework and Supplier risk management approach across M&G Prudential. Shamial is also an ambassador for diversity and inclusion agenda and sits on various panels and groups representing a voice for all people from all cultures. He also serves as experienced mentor and coach.

Shamial is a very proud father of two beautiful girls Safiyah and Sara who keep him very busy outside his ‘day’ job.

Joe Bakowski Headshot
Joe Bąkowski, Director of Procurement and Supplier Risk, Metro Bank PLC

Joe set up the Procurement & Supplier Risk teams at Metro Bank.  He has overseen a significant investment in tooling, data and team to build out the functions from a greenfield start.  Joe chairs the governance group of the Financial Services Supplier Qualification System (FSQS) – a community of 20 banks and FIs working together to operate a supplier risk utility.

eric blatte from li
Eric Blatte, President and co-founder, RiskRecon

Eric Blatte is the President and co-founder of RiskRecon, where he is transforming third-party cyber risk management. Before co-founding RiskRecon, Eric ran global sales and services at Trusteer (acquired by IBM), a global leader in anti-malware and fraud prevention solutions for the financial services industry. Prior to that, he built customer-facing organizations at Centra (IPO) and Imprivata (IPO). Eric earned BS from Wharton (University of Pennsylvania) and MBC from MIT Sloan. Eric is also an active participant and past speaker and Board Observer at FS-ISAC.

Nick Brazier
Nick Brazier, Head of Third Party Management, Close Brothers

A Fellow of the Chartered Institute of Purchasing and Supply with almost 20 years Procurement with a proven track record of Procurement transformation, value creation and third party risk management within market leading organisations across an eclectic mix of industries and organisations (including Fulham Football Club, Harrods, BNP Paribas and Allianz)

A passionate Procurement professional with a desire to develop the awareness and standing of Procurement in the corporate environment through peer group collaboration, continuous improvement of best practices and knowledge sharing through contribution to industry events and publications.

Matthew Browning
Matthew Browning, Head of Third Party Oversight and PCI Compliance, Direct Line

Matthew Browning will be presenting at 4th Annual Vendor and Third Party Risk Europe

Rashni Chahal Holden
Rashni Chahal Holden, Global Head of Procurement Services and Regional Head of Procurement and Third Party Risk, Standard Chartered Bank

Rashni Chahal Holden will be presenting at 4th Annual Vendor and Third Party Risk Europe

Idan Cohen
Idan Cohen, CEO & Co-founder, Reflectiz

Idan is the CEO and co-founder of Reflectiz, a cyber security company that helps businesses identify and mitigate third-party security and privacy risks on their websites. Idan is a former Cyber IDF officer and brings an extensive experience in Information Security, including senior roles as a senior attacker, Deputy CEO and CTO for BugSec – the largest offensive consulting security group in Israel, and CTO at Cynet a cyber security company that offers an innovative endpoint protection platform. Idan is a passionate entrepreneur, a developer and an enthusiastic hacker. He started his computer science degree at the age 14 and now specializes in the most complexed development and security challenges.

fiachra crean
Fiachra Crean, Head of Supplier Relationship Management , AIB

Fiachra Crean is the Head of Supplier Relationship Management at AIB, and the business lead for AIB’s Third Party Management program. Fiachra passionately believes that strong supplier relationships are essential to continuously achieve successful results. Fiachra has been responsible for significant change programs within AIB, with the most significant being the replacement of our enterprise-wide Procure-to-Pay system in 2017. Fiachra is a Chartered Engineer, who’s early career involved project and contract management roles within the oil and gas and construction sectors. Fiachra has more than ten years’ experience within the financial services sector, with the last four years within AIB’s Strategic Sourcing team.

Charles Forde Headshot
Charles Forde, Global Head of Third Party, Outsourcing & Inter-Entity Risk, UBS

Charles is currently the Global Head of Third Party, Outsourcing & Inter-Entity Risk at UBS. The function is part of Compliance & Operational Risk, the 2nd Line of Risk in the firm. Previously, Charles held the position of COO of Operations & Technology for Group Data, Reconciliations and the Client Data Confidentiality Programme at UBS. Before joining UBS 7 years ago, Charles was with ERNST & YOUNG in London in the Risk Advisory practice. Charles has previously held roles managing risk and operations for Goldman Sachs, JP Morgan and Barclays. He began his career at the UNITED NATIONS managing technology and operations to support military peace-keeping operations and humanitarian programmes.

Tom Garrubba Headshot
Tom Garrubba, Senior Director & CISO, Shared Assessments & The Santa Fe Group

Tom Garrubba, Senior Director/CISO at Shared Assessments, is an internationally recognized thought leader, lecturer, and blogger on third party risk, and is the head instructor for their Certified Third Party Risk Professional (CTPRP) program. An active writer and blogger on business risk, he has provided insight and commentary for various industry websites including the Huffington Post, Future of Outsourcing Magazine, Corporate Compliance Insights, Brilliance Security Magazine, Risk.net, Government Health IT, and ISACA. Previously, Tom was Senior Privacy Manager at a Fortune 10 US-based Healthcare company where he implemented and managed a world-class third party risk program. He has over 20 years of experience in IT security, privacy, audit, and compliance in industry and public consulting.

blank woman
Anna Gurney, Head of Supplier Relationship Management, Close Brothers

Anna will be presenting at 4th Annual Vendor and Third Party Risk Europe

Julie Hoesli Stewart
Julie Hoesli Stewart, Executive Director – Compliance & Operational Risk Control, UBS

Julie is an experienced risk manager with 22 years at UBS and specialises in outsourcing and procurement and, more widely operational resilience. She advises senior management on risk management and control globally and on how to improve communications to staff throughout the organisation with respect to her specialisation. Julie leads global investigations on breaches to the firm’s policies with respect to outsourcing and procurement and advises the firm on their root cause remediation. In addition, Julie also designed the global tool for outsourcing risk assessments.

Del - Alex Hollis headshot
Alex Hollis, GRC Practice Director, SureCloud

With over 16 years’ experience in IT, mobile technology and software development, Alex has spent the last seven years specializing in governance, risk, and compliance (GRC). After just six months in the industry, Alex received a platinum-level excellence award for his work around risk bow-tie modeling, Solvency 2 and Basel 3. Now focusing primarily on operational risk, Alex has analyzed, designed and implemented GRC technology and IRM solutions into 60 companies, including some of the largest and most complex environments. His experience spans multiple sectors, including telecommunications, aviation, pharmaceuticals, manufacturing, retail, public sector, financial services, and insurance. A keynote speaker at prestigious industry conferences, Alex is also currently writing a book on end-to-end GRC.

Ben Joyce - Headshot
Ben Joyce, Head of Sourcing, ICBC Standard Bank Plc

Having entered the procurement profession via local government, 15 years ago, I have built substantial experience primarily in Financial Services procurement, initially in the Facilities Management category as a Category Manager, and latterly as a generalist buyer across most indirect categories of spend, including technology, and non-technology alike. This career has taken me from Barclays, through L’Oreal, Bupa and Citibank to my current role as Head of Sourcing at ICBC Standard Bank. In this role, as well as establishing and developing the strategic direction of the function and building its profile within the Bank, I also work extensively with other functions to ensure that the Bank manages third party risk effectively.

Amit Lakhani
Amit Lakhani, Head of Third Party Risk Management, CIB, BNP Paribas

Amit Lakhani has wide and varied experiences in managing risks across key areas such as cyber and third party services risks for organisations of all sizes. He started his career working as a consultant with Accenture where he developed and deployed multi-million dollar programmes involving compliance and risk elements, especially information security and cyber risks. Further, Amit worked at large multinational organisations in his role at KPMG driving strategic decision-making, investments and risk reduction programmes.

In his current role, Amit looks after third party/vendor risk management across the Corporate and Institutional Banking division for BNP Paribas. He has developed and is embedding global third party risk management initiatives and more importantly raising the risks at Boards and Executive Committee levels to have clear visibility on the identification, assessment, monitoring and reporting of third party services risks. The global role entails him to face up to regulators across many geographies, develop and establish solutions that are generic but addresses key risks that BNP Paribas faces in its operations.

Sam Lee
Sam Lee, Head of Operational Risk, EMEA, Sumitomo Mitsui Banking Corp.

Sam will be presenting at Vendor & Third Party Risk Europe 2019

blank man
Dean Lumer, Managing Director, Knadel Software Solutions

Dean will be presenting at Vendor & Third Party Risk Europe 2019

headshot2018
Emma Mansfield, Head of Outsourced Risk Assurance, Bank of Ireland

I have nineteen years’ experience in the Financial Services industry, working on both sides of the sourcing partnership. I have demonstrable experience across the three lines of defence, from sales to oversight, strategy to change, for both direct and indirect outsourced arrangements. I am customer centric in my approach, but remain focused on the needs of the business, demands of the regulators and desires of the individuals.

In my current role as Head of Outsourced Services Assurance, I am accountable for the development of Outsourced Risk Management Strategies, Policies & Frameworks. I am also responsible for providing support, and guidance, on all aspects of operational risk management for outsourced services, including promoting and developing a strong risk management culture across the end to end value chain.

I am passionate about identifying and harnessing talent and act as a mentor, both internally and externally. Additionally, I believe good corporate citizenship is the responsibility of all and as such, I am heavily engaged in the Banks Responsible Business programme.

Sean OBrien Headshot
Sean O’Brien, Managing Director, DVV Solutions

Sean has over 25 years’ hands-on experience of delivering IT security and GRC managed services within highly regulated industries and the operational and regulatory requirements required to deliver a reliable program of risk assurance and third party due diligence.

Sean is a practicing Certified Third Party Risk Professional and Assessor as well as Shared Assessments Steering Committee Member, providing a Euro-centric perspective and strategic input into development of global standards for Third Party risk and regulatory compliance programs.

blank man
Andrew Sparry, Head of Information Assurance – Third Party Management, Capital One

Andrew Sparry will be presenting at 4th Annual Vendor and Third Party Risk Europe

Ann Stokes
Ann Stokes, Head of Procurement, MUFG

Ann Stokes is head of the Procurement function for MUFG in the UK, she has 15 years’ experience in sourcing and supply chain management. Ann is responsible for circa £100million of category spend across various commodities. She is also responsible for providing guidance on best practice procurement for the MUFG EMEA regions.

Ann was involved in creating and implementing a vendor risk programme two years ago. The programme is evolving and enhancements are to be made, once finalised the framework for Vendor Risk will be extended to EMEA locations

steven wyles
Steven Wyles, Head of Santander Services Risk & Director Third Party Risk Management, Santander UK

Head of Santander Services Risk & Director of Third-Party Risk Management for Santander UK. Experience is focused on risk and control in a Financial Services context, both within Internal Audit and, more recently, Third-Party Risk Management. My involvement around Third-Party Risk Management extends to both auditing of the framework, individual third-party relationship and process audits in the third-line of defence, as well as the design and on-going implementation of an enhanced policy and control framework for Third-Party Risk Management.

4th Annual Vendor & Third Party Risk Europe Masterclass

20 June 2019 | London

Fine Tuning Your Third Party Risk Management Program for Regulatory and Continuous Monitoring Challenges

Masterclass Agenda

Registration will commence at 8:45am, with introductions and the first sessions opening at 9. There will be ample time for refreshment breaks and networking throughout the day with breakfast, morning break, lunch and afternoon break provided. The Masterclass will conclude at 5pm.

Please note: due to the interactive nature of the Masterclass, seats are limited and available on a first come, first served basis.

Regulatory Alignment

This morning session will share best practices and techniques with focus on regulatory alignment to:

  • Proportionality
    • Maximizing and adjusting your outsourcing position.
    • Creation of an outsourcing registry.
  • Outsourcing Arrangements
    • Creating a Sourcing Strategy Framework.
    • Defining and documenting your outsourcing policies.
    • Risk appetite guidelines.
    • Defining conflicts of interest.
  • Contracts
    • Ensure contracts meet the expected minimum requirements with regard to the outsourcing of critical or important functions.
  • Governance Framework
    • Document and align your TPRM Framework requirements.
    • Establish reasonable business continuity to both the function and vendor.
    • Integrating three lines of defense into your program.
    • Keeping your program current.
    • Work with and obtain buy-in from the internal audit function.

Continuous Monitoring

This afternoon session will share best practices and techniques in performing continuous monitoring of third party risk with added focus on how to perform this with limited resources and still be alignment to the various regulatory and audit expectations. The session will offer best practices from leading experts and practitioners and even hands on exercises as we focus:

  • On expectations, techniques and solutions being used to continuously monitor controls in:
    • Cybersecurity and cyber hygiene
    • Financial viability
    • Negative news
    • Geopolitical events and
    • Resiliency risk areas.
  • Portfolio Analysis and Risk Ranking
  • Discuss re-assessments of your vendors
  • Working with the business unit for monitoring key performance indicators (KPI’s) along with key risk indicators (KRI’s)
  • The business case and value proposition for Continuous Monitoring.

As we move through an ever-increasing risk and threat environment we need to be considering continuous monitoring solutions, which provide an uninterrupted, real-time (or near real-time) risk management technique, and are designed to improve an organization’s awareness of changes to controls that could indicate potential weaknesses.

Masterclass led by:

JB Official Picture

John Bree
SVP & Partner
Neo Group
.

Biography

John Bree is a SVP & Partner with Neo Group, Inc. an international Advisory and Solutions firm supporting major corpoartions beyond Advice to Outcomes, in the areas of, Governance Support and Risk Monitoring, Global Talent, Automation, Analytics, and Process Optimization.

John is a financial industry professional with a proven track record in developing and managing Vendor & Third Party Sourcing Risk Management, AML/CTF, KYC, and Anti-Fraud programs. John has held senior positions in New York, Tokyo, Singapore and London for Citi and Deutsche Bank covering corporate, investment, commercial and consumer banking operations. He has proficiency in developing and implementing analysis, operations, monitoring and investigation systems and processes involving transaction accounts, credit cards, debit cards and online banking.

John has managed global staffs and corresponding budgets in multiple locations and delivered cost efficient and operationally effective programs ensuring compliance with local and global regulatory requirements. Through interaction with Business Units, Internal Audit and regulatory agencies, has resolved MRIAs, MRAs and Findings, on time and without penalty.

John is a member of the Shared Assessments Steering Committee and Co-Chair of the Financial Industry Vertical Strategy Group.

image

Dr Runli Guo
Business Information Security Officer
JLT Insurance

Biography

Dr Runli Guo will be presenting at this post-event Masterclass.

Tom Garrubba Headshot

Tom Garrubba
Senior Director/CISO
Shared Assessments
.

Biography

Tom Garrubba, Senior Director/CISO at Shared Assessments, is an internationally recognized thought leader, lecturer, and blogger on third party risk, and is the head instructor for their Certified Third Party Risk Professional (CTPRP) program. An active writer and blogger on business IT risk, he has provided insight and commentary for various industry websites including the Huffington Post, Future of Outsourcing Magazine, Corporate Compliance Insights, Brilliance Security Magazine, Risk.net, Government Health IT, and ISACA, and authored the chapter on Third Party Risk for the Risk.net book “Cyber Risk”. Previously, Tom was Senior Privacy Manager at a Fortune 10 US-based Healthcare company where he implemented and managed a world-class third party risk program. He has over 20 years of experience in IT security, privacy, audit, and compliance in industry and public consulting.

Fiona O'Brien

Fiona O’Brien
Head of Outsourcing Oversight & Governance
Bank of Ireland

Biography

Fiona O’Brien will be presenting at this post-event Masterclass.

Registration Rates:

Masterclass only
All organizations

(Taking place after the main Summit on 20 June)

£399*
Until 7 June

Save £200

Main Summit + Masterclass
Representing a financial institution

(E.g. Bank, Insurance company, Asset Manager, Regulator)

£1,298*
Until 7 June

Save £800

Main Summit + Masterclass
Representing an information/service provider

(E.g. Consultant, Vendor, Executive Search Firm, Law Firm)

£1,798*
Until 7 June

Save £800

4th Annual Vendor & Third Party Risk Europe

18-19 June 2019 | London

INSIGHTS

Find our Vendor Risk thought-leadership articles here. These articles feed from our much larger Risk Insights section of our website which provides you with thought-leadership, white papers, articles and more across risk and regulation.

16th April 2019

Beginners guide to navigating a regulatory inspection

By Fiachra Crean, Head of Supplier Relationship Management, AIB
11th April 2019

Tracking and limiting concentration risk across supply chain to avoid over reliance on any party

By Amit Lakhani, Head of Third Party Risk Management, CIB, BNP Paribas
11th April 2019

Model Risk: The backbone of the asset management industry

By Abhisekh Adukia, VP, Model Risk Director, Alliance Bernstein
11th April 2019

Uncovering unknowns: Understanding the intersection of vendor management and business continuity planning

By Michael Berman, Founder & CEO, Ncontracts
10th April 2019

Best practice for categorising vendors to determine level of due diligence and oversight required

By Ben Joyce, Head of Sourcing – Global Commercial Services, ICBC Standard Bank Plc
8th April 2019

Integration of procurement and vendor risk management to manage risk prior to onboarding

By Mick Kless, President and CEO, Compliance Education Institute
8th April 2019

Managing the fraud threat landscape and increased intensity of threats

By Sean O’Malley, Head of AML Risk Management, State Street Corporation
2nd April 2019

A journey through the development and implementation of a robust third-party risk management program

By Chris Monk, Managing Director, Protiviti & Kathryn Hardman, Director of Centralized Third-Party Management Office, BBVA US
1st April 2019

Increasing cyber resilience and BCM in an advancing threat landscape

By Russell Sommers, Senior Manager, Baker Tilly
18th March 2019

Post-Event Interview: Conduct risk modelling – What works and what doesn’t?

By Dr Peter Mitic, Head of Operational Risk Methodology UK, Santander UK
14th March 2019

Uses of distributed ledger technologies to drive efficiency programs and risk management considerations

By Mariana Gomez de la Villa, Head of Wholesale Banking Blockchain, ING
14th March 2019

Removing operational risk through comprehensive spreadsheet governance

By Chris Burke, CEO, EUCplus
12th March 2019

Operational Risk

By Alice Kelly, Head of Research and Production, CeFPro
8th March 2019

RCSA: Simplifying the process to maximize benefits and business uses

By Gus Ortega, Head of Technology, Innovation and Operations Risk Management, Voya Financial
7th March 2019

The future of operational risk management – From adolescence to adulthood

By Robert Crewdson, Managing Consultant and Rob Murray, Managing Director, BCS Consulting.

4th Annual Vendor & Third Party Risk Europe

18-19 June 2019 | London

WEBINAR

FREE RISK WEBINAR

Vendor & third party risk – Adapting to the evolving regulatory landscape

 Taking place on 2 May 2019, 2pm – 3pm (GMT)

Key topics to be addressed include:

Key regulations and guidelines

EBA outsourcing guidelines

Management of Operational Risk

Internal organisation

Can’t make the live date? Still sign up for the webinar as we will be sending a recording to all those that have registered.

Including insights from:

Charles Forde

Charles Forde
Global Head of Third Party, Outsourcing & Inter-Entity Risk
UBS

Amit Lakhani

Amit Lakhani
Head of Third Party Risk Management, CIB
BNP Paribas

Rashni Chahal Holden

Rashni Chahal Holden
Global Head of Procurement Services and Regional Head of Procurement and Third Party Risk
Standard Chartered Bank

Ben Joyce

Ben Joyce
Head of Sourcing
ICBC Standard Bank

Phil East

Philip East
Regional Sales Director
BitSight

Moderator

4th Annual Vendor & Third Party Risk Europe

18-19 June 2019 | London

SURVEY

 Taking the Pulse of Third-Party Risk 2019

Annual Third-Party Risk Management Benchmarking Survey

This annual survey is designed to help benchmark some of the key questions that can indicate the status and health of your third-party risk/supplier risk/vendor risk program. For example:

  • Does your program have the appropriate funding?
  • What is the typical organizational structure?
  • How are third party risk professionals remunerated?
  • How engaged is your board?
  • How mature are programs and what are the greatest challenges?

It’s completely anonymous and will take no longer than 10 minutes to complete. All those who participate will be placed into a prize draw to win a free pass to one of our upcoming 2019 conferences. 

The report builds on last year’s research and will be an invaluable resource to benchmark your programs against your peers, drive investment conversations within your organization, and instill best practice approaches within your program. The final report will be available free of charge to participants and the wider third-party risk community to support education and benchmarking.

4th Annual Vendor & Third Party Risk Europe

18-19 June 2019 | London

SPONSORS & PARTNERS

Sponsorship

Can your organisation contribute? Please contact the Center for Financial Professionals today to discuss how we can deliver your thought-leadership at the event, help you generate leads, and provide you with unique networking and branding opportunities. For more information on what we can offer, please contact sales@cefpro.com or call us on +44 (0) 20 7164 6582 where a member of the team will be happy to tailor the right package for you.

2019 Co-Sponsors:

Aravo


Aravo Solutions delivers award-winning, marketleading cloud-based solutions for managing third party governance, risk, compliance and performance. We help companies protect their business value and reputation by managing the risks associated with third parties and suppliers, and to build business value by ensuring that their third party relationships are optimized. Aravo TPRM for Financial Services allows firms to centralize all their third parties into a single, quickstart cloud solution for assessing risk, conducting initial and ongoing due-diligence, managing and monitoring contractual compliance and performance, and transitioning and off-boarding third parties. Providing unrivaled regulatory agility and ease-of-use, together with actionable executive reporting, Aravo supports a user base of 124,000 corporate users, managing more than 4.3 million third party users in 36 languages and 154 countries. Learn more at aravo. com

BITSIGHT


BitSight Technologies is transforming how companies manage information security risk with objective, evidence-based security ratings. The company’s Security Rating Platform continuously analyzes vast amounts of external data on security behaviors in order to help organizations manage third party risk, benchmark performance, and assess and negotiate cyber insurance premiums.

IHS Markit


KY3P® is the first centralized data hub that simplifies and standardizes third-party risk management processes. Third-party relationships are under growing scrutiny by global regulators, including the US Office of the Comptroller of the Currency (OCC), FINRA, the UK Financial Conduct Authority, and the Monetary Authority of Singapore. As firms increase reliance on third parties to deliver business-critical processes and services, oversight complexity also increases. The lack of standardization around collecting due diligence data can lead to duplicate efforts, creating inefficient processes that might result in delays in response times, revenue recognition, increased costs and overall inconsistency of information. KY3P®, developed in partnership with global banks, asset managers, and Big 4 consulting firms, is designed to help you simplify third-party risk management processes. By standardizing due diligence questionnaires and storing third-party information centrally, the service minimizes efforts around information requests and responses.

DVV Solutions


DVV Solutions are a specialist provider of Cyber Security, Third Party Supplier Risk and Governance, Risk & Compliance (GRC) solutions including:
– Third Party risk management (TPRM) managed services
– Cloud-based risk assessment workflow automation
– Remote and onsite security risk assessment delivery
– Continuous monitoring and threat intelligence of suppliers
– Simplified risk assessments for small and medium-sized suppliers
– GDPR conformity assessments for Third Party data processors

As a Shared Assessments program member and recognised Assessment Firm we utilise industry-standard practices such as Standardised Information Gathering (SIG) questionnaires to perform initial supplier risk assessments, and Standardised Control Assessment (SCA) procedures for best-practice onsite audits.

We’d be pleased to hear from you and help find the most cost-effective way to develop, maintain or expand your Third Party risk management efforts.

OneTrust


OneTrust is the largest and most widely used technology platform to operationalize privacy, security and third-party risk management. According The Forrester New Wave™: GDPR and Privacy Management Software, Q4 2018, OneTrust “leads the pack for vision and execution.” Additionally, Fast Company named OneTrust as one of 2019’s World’s Most Innovative Companies.

More than 2,500 customers use OneTrust to implement their privacy, security and third-party risk programs, automatically generating the specific record keeping needed to demonstrate compliance with privacy regulations including the GDPR, California Consumer Privacy Act, Brazil LGPD, and hundreds of the world’s privacy laws.

To learn more, visit OneTrust.com

Prevalent


Prevalent helps enterprises manage risk in third party business relationships. It is the industry’s only purpose-built, unified platform that integrates a powerful combination of automated assessments, continuous monitoring, and evidence sharing for collaboration between enterprises and vendors. No other product on the market combines all three components, providing the best solution for a highly-functioning, effective third-party risk program.

Protiviti


Protiviti is a global consulting firm that helps companies solve problems in finance, technology, operations, governance, risk and internal audit, and has served more than 60 percent of Fortune 1000® and 35 percent of Fortune Global 500® companies.

RiskRecon


RiskRecon’s continuous monitoring solution delivers risk-prioritized action plans that enable precise and efficient elimination of your most critical third-party security risks. Only our SaaS delivers the data-driven evidence necessary for you to pinpoint security weaknesses within a vendor and across your third-party portfolio.

Rather than simply provide a laundry list of issues, RiskRecon automatically quantifies and describes the true risks associated with every vendor’s IT assets. Our solution employs passive, direct analysis of each organization’s Internet-facing systems to create detailed IT, security, and asset valuation profiles. Using these profiles, RiskRecon automatically produces risk-prioritized plans based on the severity of security issues present and the impact if the system is compromised.

Only RiskRecon enables clients to build a scalable, third-party risk reduction program that compresses remediation cycles, improves analyst productivity, and ensures constructive vendor collaboration. With our SaaS solution, you can monitor large third-party portfolios and make efficient, accurate decisions based on objective findings. Learn more at www.riskrecon.com

SFG Shared Assessments


The Shared Assessments Program helps the world’s leading organizations manage and protect against third party IT security risks. As the only organization that has uniquely positioned and developed standardized resources to bring efficiencies to the market for more than a decade, the Shared Assessments Program has become the trusted source in third party risk assurance. Shared Assessments offers opportunities for members to address global risk management challenges through committees, awareness groups, interest groups, and special projects. Join the dialog with peer companies and learn how you can optimize your compliance programs while building a better understanding of what it takes to create a more risk-sensitive environment in your organization.

SureCloud


SureCloud is a provider of cloud-based, integrated Risk Management products and Cybersecurity services, which reinvent the way you manage risk. SureCloud connects the dots with integrated Risk Management solutions enabling you to make better decisions and achieve your desired business outcomes. SureCloud is underpinned by a highly configurable technology platform, which is simple, intuitive and flexible. Unlike other GRC Platform providers, SureCloud is adaptable enough to fit your current business processes without forcing you to make concessions during implementation; meaning you get immediate and sustained value from the outset.

SureCloud’s Third-Party Risk Management solution is used by many leading enterprises including TGI Friday’s and Shop Direct to manage their third party relationships consistently, assess them on a regular basis, consolidate their responses and provide visibility and reporting over the entire program. SureCloud’s Third-Party Risk Management software solution not only automates the third-party risk management process but allows you to integrate with broader IT risk management processes and even your data privacy program. Discover more about SureCloud’s most popular solution here: https://www.surecloud.com/products/third-party-risk-management

2019 Associate Sponsors:

Hellios


Hellios Information is a supplier information and risk management company founded by people with more than 30 years’ experience each within this niche area.
We have expertise in providing total supplier information management solutions that provide the highest degree of quality in the most cost-effective manner for both buyers and suppliers.
Hellios collects, validates and monitors supplier information provided by relevant vendors.
Our particular expertise is developing and managing industry communities to create a single pool of accurate and up to date supplier information.
We achieve this by combing word class software, validation services and audit capabilities. Each supplier has been invited by a buyer users.
Hellios are currently working with leading organisations within the financial industry and are committed to delivering the best possible service to our customers.

ProcessUnity


ProcessUnity’s cloud-based solutions help organizations of all sizes automate their risk and compliance programs. Our highly configurable, easy-to-use tools significantly reduce manual administrative tasks, allowing customers to spend more time on strategic risk mitigation. As a software-as-a-service technology, ProcessUnity deploys quickly with minimal effort from customers and their IT resources. The inherent efficiency our technology delivers faster, better results, and the ability to scale governance, risk, and compliance programs over time. Learn more at www.processunity.com.

Reflectiz


Reflectiz is a cyber-security company that helps businesses manage and mitigate security and privacy risks resulting from third-party components installed on their websites.
The Reflectiz solution uses machine-learning capabilities and propriety profiling to scan entire websites, providing ongoing monitoring and complete third-party visibility for any given site from day one. It works seamlessly and requires no setup, no installation or any kind of integration. Our solution is designed for the financial sectors, e-services and e-commerce.
Reflectiz offers exceptional cyber roots and unique security skills, ranging from ethical hacking to highly complexed development challenges.
At Reflectiz we believe that in the era of GDPR and “Privacy First”, and as third-party risks are escalating, companies and organizations are obliged to protect their end users by all means.
The Reflectiz third-party risk solution is a must have now, and should be an integral part of any business process.

SupplierVision


SupplierVision will be an associate sponsor at the 4th Annual Vendor & Third Party Risk Europe 2019 Summit.

Media Partnerships

We are happy to support publications, associations and organisations at this event. From a simple company listing with your logo to taking advantage of some of our sponsor benefits listed above. To discuss a media partnership further please email jesse.hopkins@cefpro.com or call +44 (0)20 7164 6582.

Global Risk Community
IRTA Reg Tech International
OptionMag.fr

4th Annual Vendor & Third Party Risk Europe

18-19 June 2019 | London

VENUE & FAQs

The Tower Hotel | St Katherine’s Way | London | E1W 1LD

Venue

The Tower Hotel – Guoman
St Katherine’s Way
London
E1W 1LD

Click here to view venue website

 

Accommodation at the Tower Hotel
We are delighted to offer our attendees a preferential rate of £209 incl VAT and Breakfast per night. If you would like to book your accommodation please use the information below. This rate is for the nights of June 17th and 18th only. The rate will either expire on May 27th or if our quota is met. Please ensure to book as soon as possible to avoid disappointment.

Telephone: 0800 330 8005 option 1 or 2

Email: reservationsadmin.tower@guoman.co.uk

Please ensure to quote the code: CFPE180619 to receive the preferential rate.

Travel

The nearest tube line is Tower Hill via the Circle or District Line.

Nearby Accommodation

The venue is within a hotel, however some of the other accommodations close by are as follows;

Novotel London Tower Bridge

DoubleTree by Hilton Hotel London – Tower of London

Apex City of London Hotel

Frequently Asked Questions:

Can I present at the Vendor Risk Europe 2019?

Yes, the Center for Financial Professionals are happy to discuss speaking opportunities at Vendor Risk Europe 2019. For further information on this please contact alice.kelly@cefpro.com or call us on +44 (0)20 7164 6582.

What is the dress code?

Business attire is requested. The Summit is a formal opportunity to network with like-minded professionals and to gain knowledge from the industry’s finest risk management experts.

What is the cost and what is included in the registration fee?

We offer incentives for ‘early bird’ registrants of the Summit’s, as outlined on our pricing structure. Registration includes breakfast, refreshment breaks, lunches, a drinks reception at the end of the day, full access to the sessions and exhibition area. Presentations from sessions are also available, subject to speaker approval.

Will breakfast, lunch and refreshment be provided?

Yes. As with all of our events the Center for Financial Professionals will be providing brilliant coffee, breakfast, lunch, refreshments, and smaller bites during the networking breaks.

Will there be opportunities to network with other attendees?

There are ample opportunities for networking and interaction throughout the Summit, such as

  • Breakfast, lunch and refreshment breaks
  • Drinks reception at the end of the day one (Subject to confirmation)
  • Q&A, panel discussions and audience participation technology available through the Risk Insights App
I have colleagues that would like to attend, is there a group discount?

Certainly! We are pleased to offer you a 50% discount on the third registration or provide a fifth registration for free. If you would like to register more than five colleagues please contact us at casey.graves@cefpro.com or on +44 (0)20 7164 6582. Please note:

  • Registrations must be made at the same time
  • Registrations must come from the organisation
  • The lowest registration will be discounted
Can my organisation be involved with Vendor Risk Europe 2019?

Yes there are plenty of opportunities for the Center for Financial Professionals to share thought-leadership to the attendees of Vendor & Third Party Risk Europe 2019 and our wider risk professionals community.

At the event We can distribute your material to the attendees, offer you an exhibition booth, and provide speaking opportunities so that you may enjoy a more prominent presence at the Summit. Visit the Sponsor tab for further information or contact sales@cefpro.com / +44 (0) 207 164 6582. Risk Insights Feature your content on our Risk Insights website and supporting Risk Insights monthly newsletter. For further information visit our sponsorship tab!

Are media partnerships available for Vendor Risk Europe 2018?

Yes. As part of a media partnership we can offer a variety of options to increase the branding and awareness of your association, company, certificate, publication or media. We are flexible with what we can offer however we usually:

  • Provide a discounted rate to attend
  • Place your logo and profile on the Summit website
  • Place your logo on the Summit brochure
  • Place your logo on promotional content where applicable
  • Distribute your media/marketing at the Summit
  • Promote through social media channels

To discuss this further please contact casey.graves@cefpro.com or call +44 (0)20 7164 6582

4th Annual Vendor & Third Party Risk Europe

18-19 June 2019 | London

REGISTER

Super Early Bird
Early Bird
Standard Rate

Main Summit
Representing a financial institution
(E.g. Bank, Insurance company, Asset Manager, Regulator)

£899*
Until 10 May

Save £600

£1,099*
Until 07 June

Save £400

£1,499*
After 07 June

Main Summit
Representing an information/service provider

(E.g. Consultant, Vendor, Executive Search Firm, Law Firm)

£1,399*
Until 10 May

Save £600

£1,599*
Until 07 June

Save £400

£1,999*
After 07 June

Masterclass Only
(All organisations)

£399*
Until 07 June

Save £200

£599*
After 07 June

*all rates are subject to UK VAT

Group Bookings:

Group rates are available for 3 or more attendees from the same organisation, when registering at the same time. The current rate allows every third colleague to come along for half price or a fifth colleague to attend for free!

Other Ways to Register:

1. Register by Email

Simply email us with your e-signature
we will do the rest for you!

We only need your:
– Full name
– Job title
– Company & address
– Contact number

2. Contact Us Directly

+44 (0)20 7164 6582

3. Download PDF Registration Form


To claim your CPD points please contact info@cefpro.com or call +44 (0) 207 164 6582

Connect With Us
#VRMEMEA

TwitterLinkedInFacebookYouTubephone icon 50px

2019  Co-Sponsors:

Bitsight

2019 Associate Sponsors:

FREE RISK WEBINAR
Vendor & third party risk – Adapting to the evolving regulatory landscape

 Taking place on 2 May 2019, 2pm – 3pm (GMT)

Led by: UBS, BNP Paribas, Standard Chartered Bank and ICBC Standard Bank

Register Here