Vendor & Third Party Risk Europe

Addressing most recent regulatory guidelines to maximise utilisation of high-end technology

4th Annual Vendor & Third Party Risk Europe

18-19 June 2019 | London

2019 Key Agenda Highlights

REGULATION
Complying to global regulatory requirements and reviewing changes on the horizon 

RESILIENCE
Understanding how third party risk impacts operational resilience and aligning to regulatory requirements

CONCENTRATION RISK
Tracking and limiting concentration risk across supply chain to avoid over reliance on any party

CATEGORISING VENDORS
Best practice for categorising vendors to determine level of due diligence and oversight required

DATA ANALYTICS
Utilising data analytics to provide an enterprise wide view of vendor and third party risks and aligning to appetite

REPORTING
Effective measurement and reporting of risks to provide comprehensive enterprise wide analysis

Hear from 15+ Third Party Risk Experts Including:

Charles Forde

Charles Forde
Global Head of Third Party, Outsourcing & Inter-Entity Risk
UBS

Matthew Browning

Matthew Browning
Head of Third Party Oversight and PCI Compliance
Direct Line Group

steven wyles

Steven Wyles
Head of Services Risk & Director of Third-Party Risk Management
Santander UK

Rashni Chahal Holden

Rashni Chahal Holden
Global Head of Professional Services and Regional Head of Procurement and Third Party Risk
Standard Chartered Bank

Ann Stokes

Ann Stokes
Head of Procurement
MUFG

Emma Mansfield

Emma Mansfield
Head of Outsourced Services Assurance
Bank of Ireland UK

Joe Bakowski Headshot

Joe Bąkowski
Head of Procurement and Supplier Management
Metro Bank plc

Nick Brazier

Nick Brazier
Head of Third Party Management
Close Brothers

Why Attend?

Vendor & third party risk management is gaining, year after year, more significance in the risk process for every financial institution. Many areas need to be considered: new regulations to implement, different jurisdictions in which to be compliant, high-end technologies developing in cloud storage and data collection.

The industry needs more platforms where to gather, discuss and try to standardize approaches, both on the regulatory and on the outsourcing sides. Industry wide, assessing concentration risk, operational resilience, reporting issues and data protection will help businesses to improve their performances.

Earn CPD Credits
We are pleased to announce that our courses have been independently evaluated for Continuing Professional Development purposes by The CPD Certification Service. This means our courses comply with universally accepted principles of Continual Professional Development (CPD) and have been structured to meet the criteria of personal development plans.

Sponsorship

Can your organisation contribute? Please contact the Center for Financial Professionals today to discuss how we can deliver your thought-leadership at the event, help you generate leads, and provide you with unique networking and branding opportunities. For more information on what we can offer, please contact sales@cefpro.com or call us on +44 (0) 20 7164 6582 where a member of the team will be happy to tailor the right package for you.

4th Annual Vendor & Third Party Risk Europe

18-19 June 2019 | London

AGENDA

08:00 registration and breakfast

08:50 Chair’s opening remarks

REGULATORY PANEL DISCUSSION

09:00 Complying to global regulatory requirements and reviewing changes on the horizon

  • What’s on the horizon?
  • Move towards digital services
    • PSD2 and AML regulations
  • Move towards cloud computing
  • Regulatory plan for managing increased digitalisation
  • How it all comes together
  • Emerging trend to standardise operational resilience
    • ECB, FINMA, BIS approaches
  • Managing global regulators
    • Prescriptive vs. non-prescriptive approaches

Matthew Browning, Head of Third Party Oversight and PCI Compliance, Direct Line Group
Charles Forde, Global Head of Third Party, Outsourcing & Inter-Entity Risk,
UBS
Steven Wyles,
Head of Santander Services Risk & Director Third Party Risk Management,  Santander UK
Dean Lumer, Managing Director, Knadel Software Solutions

09:45 EBA Guidelines on outsourcing – a new high water mark

  • What are the main themes and actions of the Guidelines and when are they due?
  • What are firms doing? How prepared are they? Sell side/Buy side/insurance, others.
  • What do the Guidelines mean for Third Party/Vendor Risk practice generally?
  • How effective are questionnaires and when do I need to perform an onsite or a remote verification?
  • Tools and processes to provide more effective transparency and diligence. How is technology driving change?

Will Kendal, Product Manager, IHS Markit

10:20 Morning refreshment break and networking

RESILIENCE
10:50 Understanding how third party risk impacts operational resilience and aligning to regulatory requirements

  • How to consistently measure impact tolerances for the different parts of resilience
  • What existing data and MI can be leveraged
  • Understanding third party relationships underpinning client services
  • Major dependency on third parties to ensure operational resilience
    • Understanding vulnerabilities and bringing into overall operational resilience programme
  • Response to loss of service or failure to supply contractual obligations
  • Resilience planning and testing
  • Leveraging existing monitoring capabilities and processes
    • Prescriptive vs. non-prescriptive approaches
  • Tools and processes to provide more effective transparency and diligence
  • Validating the risks in the supply chain
  • How effective are questionnaires and when do I need to perform an onsite or a remote verification?

Charles Forde, Global Head of Third Party, Outsourcing & Inter-Entity Risk, UBS

Eric Blatte, President and co-founder, RiskRecon

11:50 How to develop effective information gathering for third parties

  • How to evaluate your information needs
  • Prioritizing, planning and structuring the information gathering
  • Use of categorization, tiering and risk scoring
  • Building the question library
  • Reducing the manual administrative burden from the system

Alex Hollis, GRC Practice Director, SureCloud

12:25 Lunch break and networking

CLOUD TECHNOLOGY PANEL DISCUSSION
13:25 Ensuring effective controls for cloud providers to understand where data is stored and pinpoint liability

  • Understanding the new risk and data protection issues when using cloud
  • GDPR compliance when storing data on the cloud
  • Concentration risk: market wide implications of cloud failure
  • Changing policies imbedded in organisations to manage cloud
  • Ensuring physical security in a cloud environment
  • Using other reports and certifications of compliance as sufficient coverage
  • Undertaking independent reviews on controlled environment
  • Identifying vendors using cloud services
  • Realities of exit from/transfer between cloud providers for the enablement of effective exit strategies

Julie Hoesli Stewart, Executive Director – Compliance & Operational Risk Control, UBS
Sean O’Brien,
Managing Director, DVV Solutions

14:10 Driving greater innovation in vendor risk management

  • Assessing the considerable variation within vendor risk management, driven by industry, organisational size and market segment
  • Different processes maturity, from driven through spreadsheets, to more mature GRC-driven approaches with large scale audit requirements
  • Opportunities to innovate and achieve better outcomes more efficiently
  • Enhancements in technology and processes deployed
  • Exploring areas where innovation helps to improve the efficiency and effectiveness of third party risk management activities

Philip Greaves, Director, TC Practice, Protiviti

CONCENTRATION RISK
14:45 Cyber security & risk management: discussing experiences and the value of security ratings to the Lloyds Banking Group

  • Goals & objectives; why LBG are using BitSight security ratings in their business
  • Observations that they have made over the last two plus years
  • Key learnings as individuals and as a business

Bronwyn Boyle, Consultant, Lloyds Banking Group
Ewen O’Brien, VP EMEA, BitSight

15:20 Afternoon refreshment break and networking

REGULATOR’S OVERVIEW
15:50 Outsourcing: recent regulatory developments

Orlando Fernández Ruiz, Senior Technical Specialist, Governance & Remuneration Team, Prudential Policy Directorate, Bank of England

AUDIT
16:25 Beginners guide to navigating a regulatory inspection

  • Preparing for the inspection and understanding the scope
  • The engagement process – how the day to day engagement with the regulator worked
  • Responding to requests – management of the documentation review and response process
  • The close out process and managing follow-up actions

Fiachra Crean, Head of Supplier Relationship Management, AIB

CYBER RISK
17:00 Managing cyber risk in an increased technology landscape to stay ahead of threats

  • Changing systems and view of analytics
  • Increased use of technology and cloud services
  • Reviewing risk and defining controls
  • Raising awareness of risks and protecting against them
  • Tools to support assessment
  • Understanding what you are assessing
  • Industry standard for measuring cyber risk

Sam Lee, Head of Operational Risk, EMEA, Sumitomo Mitsui Banking Corp

17:35 Chair’s closing remarks

17:45 End of day one and drinks reception

08:15 Registration and breakfast

08:50 Chair’s opening remarks

REPORTING PANEL DISCUSSION
09:00 Effective measurement and reporting of risks to provide comprehensive enterprise wide analysis

  • Representing third party risk
  • Internal management
  • Aggregating risk across the institution
  • Presenting consistently in a “value added” way
  • Informing business units and decision makers
  • Understanding where the risk lies
  • Aligning with risk appetite

Steven Wyles, Head of Santander Services Risk & Director Third Party Risk Management, Santander UK
Rashni Chahal Holden, Global Head of Professional Services and Regional Head of Procurement and Third Party Risk, Standard Chartered Bank
Shamial Afzal, Head of Supplier Risk Management (SRM), M&G Prudential
Idan Cohen, CEO & Co-founder, Reflectiz

BUSINESS CONTINUITY
09:45 Developing and testing business continuity plans for risk mitigation for supplier failure

  • Impact on service delivery
    • Impact on service delivery
  • Implications if suppliers do not deliver
    • Customer outcomes, costs, regulatory impact
  • Defining supplier obligation and tracking
  • Testing exit plans and updating annually
  • Continuum from Supplier BCPs through basic client BCPs through and extreme Exit Strategy scenarios
  • Successful processes for longer supply chain resilience

Tom Garrubba, Senior Director & CISO,
Shared Assessments & The Santa Fe Group

10:20 Morning refreshment breaks and networking

10:50 Third party risk program maturity – What are the hallmarks of an agile programme?

  • Key progress in 12 months – how far has the industry come?
  • How mature are programmes and how can organizations become more agile?
  • What are the greatest challenges and opportunities that programmes face?
  • Remuneration matters – are third party professionals getting paid enough?
  • Board engagement in third party programs – how engaged are board in third party programmes and does this influence maturity?

Kimberley Allan, CMO, Aravo Solutions

11:25 From spreadsheets to streamlined: Automating the third-party vendor risk lifecycle

  • Managing third-party vendor risk before, during and after onboarding
    • Continuous effort under global privacy laws and security regulations
  • Outsourcing operations to vendors can alleviate business challenges
    • Complexity and time constraints of managing the associated risk with manual tools like spreadsheets
  • Streamlining the process – organizational procedures to secure sufficient vendor guarantees
    • Effectively working together during an audit, incident or much more
  • Six-step approach for third-party vendor risk management
  • Exploring helpful tips and real-world practical advice to automate third-party privacy and security risk programmes

Jaro Semerak, Privacy Consultant, OneTrust

12:00 The future of third party risk governance

  • Senior managements’ stronger emphasis on finding and mitigating risks associated with third parties
  • Addressing partners’ key role in supply chains and potential reputational risks because of data sharing
  • Understanding how vendors handle data and cyber risk, to gain an outside-in and inside-out view
  • Requirements to implement evolutionary economic approaches
  • Complying with ever changing regulatory requirements to foster risk resiliency across the ecosystem

Alastair Parr, Operations Director, Prevalent

12:35 Lunch break and networking

DATA ANALYTICS
13:35 Utilising data analytics to provide an enterprise wide view of vendor and third party risks and aligning to appetite

  • Standardising approaches to data analytics
  • Front to back transparency of the risk landscape
  • Techniques and innovation for data analytics
  • Assessing services over provider increasing diligence numbers
  • Tools to manage as a risk-based approach
  • Including non-risk professionals and examining different angles on different professional capabilities

Julie Hoesli Stewart, Executive Director – Compliance & Operational Risk Control, UBS

CATEGORISING VENDORS PANEL DISCUSSION
14:10 Best practice for categorising vendors to determine level of due diligence and oversight required

  • Determining material vendors and services
  • Deploying resources for oversight of supplier
  • Aligning with risk appetite
  • Criteria to determine level of oversight
  • Third parties supporting multiple services: What are critical services
  • Critical service approach
    • Is there a common list of services/official taxonomy
    • Navigating SYSC 8
  • Basic questions to tier vendors at onboarding

Ann Stokes, Head of Procurement, MUFG
Emma Mansfield, Head of Outsourced Services Assurance,
Bank of Ireland UK
Joe Bąkowski, Director of Procurement and Supplier Risk,
Metro Bank plc
Ben Joyce, Head of Sourcing – Global Commercial Services,
ICBC Standard Bank Plc
Colin Maund, CEO, Hellios
Todd Boehler, Vice President of Product Strategy, ProcessUnity

15:00 Afternoon refreshment break and networking

CONCENTRATION RISK
15:30 Tracking and limiting concentration risk across supply chain to avoid over reliance on any party

  • Focus for regional branches or larger institutions
    • Understanding operation locally and globally
  • Large banks outsourcing to top 4 firms
  • Market wide implications of vendor failure
  • Avoiding concentration in third party outsourcing

Amit Lakhani, Head of Third Party Risk Management, CIB, BNP Paribas

ACCOUNTABILITY
16:05 Aligning third party management with wider operational resilience frameworks and risk appetite statements

  • Challenges of a decentralised organisational structure
  • Operational resilience at a vendor level and aligning to risk appetite
  • Supporting management of operational resilience at an enterprise level

Nick Brazier, Head of Third Party Management, Close Brothers
Anna Gurney, Head of Supplier Relationship Management, Close Brothers

HUMAN RISK
16:40 Accounting for and putting controls in place to monitor and mitigate human risk

  • Ensuring controls to mitigate human risk
  • Intentional or accidental actions by humans
  • Impact on resilience of a service
  • Controls of people

Andrew Sparry, Head of Information Assurance – Third Party Management, Capital One

17:15 Chair’s closing remarks

17:25 End of Summit

Please note, this agenda may be subject to change.

4th Annual Vendor & Third Party Risk Europe

18-19 June 2019 | London

SPEAKERS

Shamial Afzal Headshot
Shaimal Afzal, Head of Supplier Risk Management (SRM), M&G Prudential

Shamial comes with 25 years commercial experience in a variety of roles dominated in the financial services sector. From managing contracts up to values of £50m+ and leading global supplier assurance programmes Shamial is a passionate leader and encourages  collaboration and diversity of thought.

His current role includes standing up a mature Procurement & Supply Chain function implementing a SRM Framework and Supplier risk management approach across M&G Prudential. Shamial is also an ambassador for diversity and inclusion agenda and sits on various panels and groups representing a voice for all people from all cultures. He also serves as experienced mentor and coach.

Shamial is a very proud father of two beautiful girls Safiyah and Sara who keep him very busy outside his ‘day’ job.

Joe Bakowski Headshot
Joe Bąkowski, Director of Procurement and Supplier Risk, Metro Bank PLC

Joe set up the Procurement & Supplier Risk teams at Metro Bank.  He has overseen a significant investment in tooling, data and team to build out the functions from a greenfield start.  Joe chairs the governance group of the Financial Services Supplier Qualification System (FSQS) – a community of 20 banks and FIs working together to operate a supplier risk utility.

eric blatte from li
Eric Blatte, President and co-founder, RiskRecon

Eric Blatte is the President and co-founder of RiskRecon, where he is transforming third-party cyber risk management. Before co-founding RiskRecon, Eric ran global sales and services at Trusteer (acquired by IBM), a global leader in anti-malware and fraud prevention solutions for the financial services industry. Prior to that, he built customer-facing organizations at Centra (IPO) and Imprivata (IPO). Eric earned BS from Wharton (University of Pennsylvania) and MBC from MIT Sloan. Eric is also an active participant and past speaker and Board Observer at FS-ISAC.

Todd Boehler -- 2019
Todd Boehler, Vice President of Product Strategy, ProcessUnity

As Vice President of Product Strategy, Todd Boehler collaborates with customers, partners and internal product teams to develop and deliver high-value risk and compliance solutions. In his role, he drives the company’s cloud services roadmap and defines ProcessUnity’s overall strategic direction.

For nearly 20 years, Todd has served in product management and strategy roles for leading technology providers. In 2003, his governance, risk and compliance (GRC) startup was purchased by Stellent, which was soon after bought by Oracle Corporation. Todd worked for Oracle for seven years before joining ProcessUnity in 2014. He has extensive GRC experience, working with organizations’ engineering, services and sales teams to develop solutions, enable sales and deliver customer success.

Todd lives in Connecticut with his wife Jenn and two sons. He enjoys snowboarding, golf and sampling finely crafted New England beer.

IMG-20190418-WA0005
Bronwyn Boyle, Consultant, Lloyds Banking Group

With over twenty years’ experience working in technology, operations, risk and compliance for Big 4 and leading Financial Services organisations, Bronwyn now works as an independent consultant, supporting heavily regulated organisations through times of growth and challenge. She advises a diverse range of clients, from high-street and challenger banks, to cyber security and RegTech start-ups, and specialises in supporting organisations innovate and evolve. She has been supporting the Lloyds Banking Group 3rd party risk team from the start of their journey in adopting BitSight and is continuing to help them drive value and insights from the platform.

Nick Brazier
Nick Brazier, Head of Third Party Management, Close Brothers

A Fellow of the Chartered Institute of Purchasing and Supply with almost 20 years Procurement with a proven track record of Procurement transformation, value creation and third party risk management within market leading organisations across an eclectic mix of industries and organisations (including Fulham Football Club, Harrods, BNP Paribas and Allianz)

A passionate Procurement professional with a desire to develop the awareness and standing of Procurement in the corporate environment through peer group collaboration, continuous improvement of best practices and knowledge sharing through contribution to industry events and publications.

Matthew Browning
Matthew Browning, Head of Third Party Oversight and PCI Compliance, Direct Line Group

Matthew Browning will be presenting at 4th Annual Vendor and Third Party Risk Europe

Rashni Chahal Holden
Rashni Chahal Holden, Global Head of Procurement Services and Regional Head of Procurement and Third Party Risk, Standard Chartered Bank

Rashni Chahal Holden will be presenting at 4th Annual Vendor and Third Party Risk Europe

Idan Cohen
Idan Cohen, CEO & Co-founder, Reflectiz

Idan is the CEO and co-founder of Reflectiz, a cyber security company that helps businesses identify and mitigate third-party security and privacy risks on their websites. Idan is a former Cyber IDF officer and brings an extensive experience in Information Security, including senior roles as a senior attacker, Deputy CEO and CTO for BugSec – the largest offensive consulting security group in Israel, and CTO at Cynet a cyber security company that offers an innovative endpoint protection platform. Idan is a passionate entrepreneur, a developer and an enthusiastic hacker. He started his computer science degree at the age 14 and now specializes in the most complexed development and security challenges.

fiachra crean
Fiachra Crean, Head of Supplier Relationship Management , AIB

Fiachra Crean is the Head of Supplier Relationship Management at AIB, and the business lead for AIB’s Third Party Management program. Fiachra passionately believes that strong supplier relationships are essential to continuously achieve successful results. Fiachra has been responsible for significant change programs within AIB, with the most significant being the replacement of our enterprise-wide Procure-to-Pay system in 2017. Fiachra is a Chartered Engineer, who’s early career involved project and contract management roles within the oil and gas and construction sectors. Fiachra has more than ten years’ experience within the financial services sector, with the last four years within AIB’s Strategic Sourcing team.

Orlando
Orlando Fernández Ruiz, Senior Technical Specialist, Governance & Remuneration Team, Prudential Policy Directorate, Bank of England

Orlando Fernandez is a Senior Technical Specialist in the Governance & Remuneration team in the Bank of England/ PRA Prudential Policy Directorate. He joined the (at the time) FSA in 2011 and has been leading the development of the PRA’s Policy on the Senior Managers and Certification Regime (SM&CR) since its inception in 2013. He has also represented the PRA in the development of a range of European and international standards on governance and fitness and propriety at the BCBS, EBA and FSB and advised overseas financial regulators in the implementation of regimes modelled on the UK SM&CR. More recently, Orlando has been focusing on outsourcings, in particular to the Cloud and the impact of technology on firms’ governance. He represented the PRA at the EBA expert group which developed the 2019 Outsourcing Guidelines. Orlando has a Master of Laws from Nottingham University.

Charles Forde Headshot
Charles Forde, Global Head of Third Party, Outsourcing & Inter-Entity Risk, UBS

Charles is currently the Global Head of Third Party, Outsourcing & Inter-Entity Risk at UBS. The function is part of Compliance & Operational Risk, the 2nd Line of Risk in the firm. Previously, Charles held the position of COO of Operations & Technology for Group Data, Reconciliations and the Client Data Confidentiality Programme at UBS. Before joining UBS 7 years ago, Charles was with ERNST & YOUNG in London in the Risk Advisory practice. Charles has previously held roles managing risk and operations for Goldman Sachs, JP Morgan and Barclays. He began his career at the UNITED NATIONS managing technology and operations to support military peace-keeping operations and humanitarian programmes.

Tom Garrubba Headshot
Tom Garrubba, Senior Director & CISO, Shared Assessments & The Santa Fe Group

Tom Garrubba, Senior Director/CISO at Shared Assessments, is an internationally recognized thought leader, lecturer, and blogger on third party risk, and is the head instructor for their Certified Third Party Risk Professional (CTPRP) program. An active writer and blogger on business risk, he has provided insight and commentary for various industry websites including the Huffington Post, Future of Outsourcing Magazine, Corporate Compliance Insights, Brilliance Security Magazine, Risk.net, Government Health IT, and ISACA. Previously, Tom was Senior Privacy Manager at a Fortune 10 US-based Healthcare company where he implemented and managed a world-class third party risk program. He has over 20 years of experience in IT security, privacy, audit, and compliance in industry and public consulting.

blank man
Philip Greaves, Director, TC Practice, Protiviti

Philip will be presenting at Vendor & Third Party Risk Europe 2019

blank woman
Anna Gurney, Head of Supplier Relationship Management, Close Brothers

I have been Head of Supplier Relationship Management at Close Brothers since 2017. I am responsible for ensuring we drive value and manage risk within our supply chain. Prior to this I started my career at Deloitte where, after a short spell in Internal Audit and qualifying as a Chartered Accountant, I specialised in third party risk. Whilst predominately working in the finance services industry on the design and implementation of third party governance and risk management frameworks, one of the benefits of being a consultant was that I got the opportunity to work on a wide range of projects in multiple industries on this topic, something which I found very interesting and insightful.

Julie Hoesli Stewart
Julie Hoesli Stewart, Executive Director – Compliance & Operational Risk Control, UBS

Julie is an experienced risk manager with 22 years at UBS and specialises in outsourcing and procurement and, more widely operational resilience. She advises senior management on risk management and control globally and on how to improve communications to staff throughout the organisation with respect to her specialisation. Julie leads global investigations on breaches to the firm’s policies with respect to outsourcing and procurement and advises the firm on their root cause remediation. In addition, Julie also designed the global tool for outsourcing risk assessments.

Del - Alex Hollis headshot
Alex Hollis, GRC Practice Director, SureCloud

With over 16 years’ experience in IT, mobile technology and software development, Alex has spent the last seven years specializing in governance, risk, and compliance (GRC). After just six months in the industry, Alex received a platinum-level excellence award for his work around risk bow-tie modeling, Solvency 2 and Basel 3. Now focusing primarily on operational risk, Alex has analyzed, designed and implemented GRC technology and IRM solutions into 60 companies, including some of the largest and most complex environments. His experience spans multiple sectors, including telecommunications, aviation, pharmaceuticals, manufacturing, retail, public sector, financial services, and insurance. A keynote speaker at prestigious industry conferences, Alex is also currently writing a book on end-to-end GRC.

Ben Joyce - Headshot
Ben Joyce, Head of Sourcing, ICBC Standard Bank Plc

Having entered the procurement profession via local government, 15 years ago, I have built substantial experience primarily in Financial Services procurement, initially in the Facilities Management category as a Category Manager, and latterly as a generalist buyer across most indirect categories of spend, including technology, and non-technology alike. This career has taken me from Barclays, through L’Oreal, Bupa and Citibank to my current role as Head of Sourcing at ICBC Standard Bank. In this role, as well as establishing and developing the strategic direction of the function and building its profile within the Bank, I also work extensively with other functions to ensure that the Bank manages third party risk effectively.

WillKendal 2
Will Kendal, Product Manager, IHS Markit

Will is Product Manager for KY3P® for EMEA, joining the team in 2018. His role involves partnering with users and development teams to identify opportunities to maximise the potential of the product in addressing the needs of KY3P® users in the EMEA region. Prior to this he worked in business continuity & information security at Ipreo, a business acquired by IHS Markit in August 2018. He has worked in financial technology since 2000, first at Dealogic and then at Ipreo, building platforms used by investment banks in the global equity and fixed income primary markets.

He holds an LLB in Law with German Law from King’s College London, is a Certified Scrum Product Owner and is an Associate Member of the Business Continuity Institute.

Amit Lakhani
Amit Lakhani, Head of Third Party Risk Management, CIB, BNP Paribas

Amit Lakhani has wide and varied experiences in managing risks across key areas such as cyber and third party services risks for organisations of all sizes. He started his career working as a consultant with Accenture where he developed and deployed multi-million dollar programmes involving compliance and risk elements, especially information security and cyber risks. Further, Amit worked at large multinational organisations in his role at KPMG driving strategic decision-making, investments and risk reduction programmes.

In his current role, Amit looks after third party/vendor risk management across the Corporate and Institutional Banking division for BNP Paribas. He has developed and is embedding global third party risk management initiatives and more importantly raising the risks at Boards and Executive Committee levels to have clear visibility on the identification, assessment, monitoring and reporting of third party services risks. The global role entails him to face up to regulators across many geographies, develop and establish solutions that are generic but addresses key risks that BNP Paribas faces in its operations.

Sam Lee
Sam Lee, Head of Operational Risk, EMEA, Sumitomo Mitsui Banking Corp.

Sam will be presenting at Vendor & Third Party Risk Europe 2019

Dean (landscape)
Dean Lumer, Managing Director, Knadel Software Solutions

Dean co-founded Knadel Software Solutions Ltd after a 30 year career in the asset management industry.  Dean has worked in the industry as an industry practitioner, management consultant and software consultant. Throughout much of this time Dean has advised many financial services organisations on the procurement of products and services from third party suppliers and how they govern and manage these relationships post procurement. Armed with this knowledge Dean has helped shape the evolution of SupplierVision and advises clients on how they can maximise the value from deploying such a supplier management system.

Dean has an MBA from the Open University, is a trustee of Sense International and when not running Knadel Software he enjoys skiing, trekking, music production, classic cars and golf.

headshot2018
Emma Mansfield, Head of Outsourced Risk Assurance, Bank of Ireland

I have nineteen years’ experience in the Financial Services industry, working on both sides of the sourcing partnership. I have demonstrable experience across the three lines of defence, from sales to oversight, strategy to change, for both direct and indirect outsourced arrangements. I am customer centric in my approach, but remain focused on the needs of the business, demands of the regulators and desires of the individuals.

In my current role as Head of Outsourced Services Assurance, I am accountable for the development of Outsourced Risk Management Strategies, Policies & Frameworks. I am also responsible for providing support, and guidance, on all aspects of operational risk management for outsourced services, including promoting and developing a strong risk management culture across the end to end value chain.

I am passionate about identifying and harnessing talent and act as a mentor, both internally and externally. Additionally, I believe good corporate citizenship is the responsibility of all and as such, I am heavily engaged in the Banks Responsible Business programme.

HLDLot4s
Colin Maund, CEO, Hellios

Colin founded Hellios following the sale of his previous company to private equity in 2008. Colin had a career that started in sales and marketing before moving into procurement where he worked for a number of major organisations in the public and private sector.

He became an expert on the EU procurement rules, lectured and taught throughout Europe on the introduction and practical impact of the new EU regulations. In 1993 Colin founded Achilles Group in the UK with his Norwegian colleague and was CEO of the company until 2011.

Colin has won the IT Services Section of the EY Entrepreneur of the Year. Lately he has been involved closely in the challenges posed by increased supply chain risk for supplier management.

Colin is a Trustee of the Outward Bound Trust and a Board Member of Outward Bound International, and in his spare time one of his passions is skiing with his family.

Ewen
Ewen O’Brien, VP EMEA, BitSight

Ewen O’Brien is VP Sales EMEA Enterprise at BitSight Technologies. Prior to joining BitSight, Ewen was part of the founding team in OpenPages EMEA, the market leading Governance, Risk and Compliance solution, that was acquired by IBM in 2012. He headed up financial services, where he helped expand the business, most notably in Europe, Africa and Asia.

Sean OBrien Headshot
Sean O’Brien, Managing Director, DVV Solutions

Sean has over 25 years’ hands-on experience of delivering IT security and GRC managed services within highly regulated industries and the operational and regulatory requirements required to deliver a reliable program of risk assurance and third party due diligence.

Sean is a practicing Certified Third Party Risk Professional and Assessor as well as Shared Assessments Steering Committee Member, providing a Euro-centric perspective and strategic input into development of global standards for Third Party risk and regulatory compliance programs.

Alastair Parr
Alastair Parr, Operations Director, Prevalent

Alastair Parr has spent the past 10 years managing governance, risk and compliance consultancy projects and teams. Serving as the Operations Director for the largest DLP managed service provider, Alastair was involved in the co-ordination and management of over 3 million endpoints globally, correlating business context to large volumes of data, enabling scalable remediation. More recently, as a co-founder of 3GRC, Alastair was exposed to both the problems and solutions influencing the third party management and integrated risk management space. Following Prevalent’s acquisition of 3GRC, Alastair has taken on the role of Senior Vice President of Global Products and Delivery, and with a solid background in ISO27001, ISO22301, and GDPR, Alastair is well versed in current regulations and industry expectations for building robust programmes.

blank man
Andrew Sparry, Head of Information Assurance – Third Party Management, Capital One

Andrew Sparry will be presenting at 4th Annual Vendor and Third Party Risk Europe

Ann Stokes
Ann Stokes, Head of Procurement, MUFG

Ann Stokes is head of the Procurement function for MUFG in the UK, she has 15 years’ experience in sourcing and supply chain management. Ann is responsible for circa £100million of category spend across various commodities. She is also responsible for providing guidance on best practice procurement for the MUFG EMEA regions.

Ann was involved in creating and implementing a vendor risk programme two years ago. The programme is evolving and enhancements are to be made, once finalised the framework for Vendor Risk will be extended to EMEA locations

steven wyles
Steven Wyles, Head of Santander Services Risk & Director Third Party Risk Management, Santander UK

Head of Santander Services Risk & Director of Third-Party Risk Management for Santander UK. Experience is focused on risk and control in a Financial Services context, both within Internal Audit and, more recently, Third-Party Risk Management. My involvement around Third-Party Risk Management extends to both auditing of the framework, individual third-party relationship and process audits in the third-line of defence, as well as the design and on-going implementation of an enhanced policy and control framework for Third-Party Risk Management.

4th Annual Vendor & Third Party Risk Europe Masterclass

20 June 2019 | London

Fine Tuning Your Third Party Risk Management Program for Regulatory and Continuous Monitoring Challenges

Masterclass Agenda

Registration will commence at 8:45am, with introductions and the first sessions opening at 9. There will be ample time for refreshment breaks and networking throughout the day with breakfast, morning break, lunch and afternoon break provided. The Masterclass will conclude at 5pm.

Please note: due to the interactive nature of the Masterclass, seats are limited and available on a first come, first served basis.

Regulatory Alignment

This morning session will share best practices and techniques with focus on regulatory alignment to:

  • Proportionality
    • Maximizing and adjusting your outsourcing position.
    • Creation of an outsourcing registry.
  • Outsourcing Arrangements
    • Creating a Sourcing Strategy Framework.
    • Defining and documenting your outsourcing policies.
    • Risk appetite guidelines.
    • Defining conflicts of interest.
  • Contracts
    • Ensure contracts meet the expected minimum requirements with regard to the outsourcing of critical or important functions.
  • Governance Framework
    • Document and align your TPRM Framework requirements.
    • Establish reasonable business continuity to both the function and vendor.
    • Integrating three lines of defense into your program.
    • Keeping your program current.
    • Work with and obtain buy-in from the internal audit function.

Continuous Monitoring

This afternoon session will share best practices and techniques in performing continuous monitoring of third party risk with added focus on how to perform this with limited resources and still be alignment to the various regulatory and audit expectations. The session will offer best practices from leading experts and practitioners and even hands on exercises as we focus:

  • On expectations, techniques and solutions being used to continuously monitor controls in:
    • Cybersecurity and cyber hygiene
    • Financial viability
    • Negative news
    • Geopolitical events and
    • Resiliency risk areas.
  • Portfolio Analysis and Risk Ranking
  • Discuss re-assessments of your vendors
  • Working with the business unit for monitoring key performance indicators (KPI’s) along with key risk indicators (KRI’s)
  • The business case and value proposition for Continuous Monitoring.

As we move through an ever-increasing risk and threat environment we need to be considering continuous monitoring solutions, which provide an uninterrupted, real-time (or near real-time) risk management technique, and are designed to improve an organization’s awareness of changes to controls that could indicate potential weaknesses.

Masterclass led by:

JB Official Picture

John Bree
SVP & Partner
Neo Group
.

Biography

John Bree is a SVP & Partner with Neo Group, Inc. an international Advisory and Solutions firm supporting major corpoartions beyond Advice to Outcomes, in the areas of, Governance Support and Risk Monitoring, Global Talent, Automation, Analytics, and Process Optimization.

John is a financial industry professional with a proven track record in developing and managing Vendor & Third Party Sourcing Risk Management, AML/CTF, KYC, and Anti-Fraud programs. John has held senior positions in New York, Tokyo, Singapore and London for Citi and Deutsche Bank covering corporate, investment, commercial and consumer banking operations. He has proficiency in developing and implementing analysis, operations, monitoring and investigation systems and processes involving transaction accounts, credit cards, debit cards and online banking.

John has managed global staffs and corresponding budgets in multiple locations and delivered cost efficient and operationally effective programs ensuring compliance with local and global regulatory requirements. Through interaction with Business Units, Internal Audit and regulatory agencies, has resolved MRIAs, MRAs and Findings, on time and without penalty.

John is a member of the Shared Assessments Steering Committee and Co-Chair of the Financial Industry Vertical Strategy Group.

Fiona O'Brien

Fiona O’Brien
Head of Outsourcing Oversight & Governance
Bank of Ireland

Biography

Fiona O’Brien will be presenting at this post-event Masterclass.

Tom Garrubba Headshot

Tom Garrubba
Senior Director/CISO
Shared Assessments
.

Biography

Tom Garrubba, Senior Director/CISO at Shared Assessments, is an internationally recognized thought leader, lecturer, and blogger on third party risk, and is the head instructor for their Certified Third Party Risk Professional (CTPRP) program. An active writer and blogger on business IT risk, he has provided insight and commentary for various industry websites including the Huffington Post, Future of Outsourcing Magazine, Corporate Compliance Insights, Brilliance Security Magazine, Risk.net, Government Health IT, and ISACA, and authored the chapter on Third Party Risk for the Risk.net book “Cyber Risk”. Previously, Tom was Senior Privacy Manager at a Fortune 10 US-based Healthcare company where he implemented and managed a world-class third party risk program. He has over 20 years of experience in IT security, privacy, audit, and compliance in industry and public consulting.

0

Rachel Whitehead
Contracts Manager
JLT Insurance

Biography

Experienced Contract Manager with a demonstrated history of working in the insurance industry. With 13 years of commercial experience, highly skilled in Negotiation and Strategy planning. The previous 3 years focussed on IT, predominantly managing software suppliers and outsourced services with the objective of cost reduction, enhancing contracts and reducing risk. and advising C-level execs.

image

Dr Runli Guo
Business Information Security Officer
JLT Insurance

Biography

Dr Runli Guo will be presenting at this post-event Masterclass.

Registration Rates:

Masterclass only
All organizations

(Taking place after the main Summit on 20 June)

£399*
Until 7 June

Save £200

Main Summit + Masterclass
Representing a financial institution

(E.g. Bank, Insurance company, Asset Manager, Regulator)

£1,298*
Until 7 June

Save £800

Main Summit + Masterclass
Representing an information/service provider

(E.g. Consultant, Vendor, Executive Search Firm, Law Firm)

£1,798*
Until 7 June

Save £800

CPD

Attendees can up to 17 CPD Credits!
Attendees can earn up to 17 CPD Credits for the Main Summit (June 18-19) and up to 7 CPD Credits for the Masterclass (June 20).

4th Annual Vendor & Third Party Risk Europe

18-19 June 2019 | London

INSIGHTS

Find our Vendor Risk thought-leadership articles here. These articles feed from our much larger Risk Insights section of our website which provides you with thought-leadership, white papers, articles and more across risk and regulation.

22nd May 2019

Risk Webinar: Vendor & third party risk – Adapting to the evolving regulatory landscape

22nd May 2019

Risk Webinar: A discussion on the key findings from CeFPro’s Global Conduct Risk Survey

21st May 2019

Survey Suggests Third-party Risk Practices Are Maturing

By Aravo
21st May 2019

Vendor risk: Due diligence, scaling, analysis, and ongoing oversight

By Marc Lotti, Partner, ACA Aponix and Jeff Rowley, Principal Consultant, ACA Aponix
14th May 2019

Developing and testing business continuity plans for risk mitigation for supplier failure

By Tom Garrubba, Senior Director & CISO,  Shared Assessments & The Santa Fe Group
14th May 2019

Monitoring and mitigating insider risk and limiting insider fraud

14th May 2019

Strengthening process and communication to align frameworks across the lifecycle

13th May 2019

Risk Webinar: Managing third parties, it’s more than just cyber risk

13th May 2019

Third-party due diligence: Has your program evolved enough to keep up with changes in regulations and advancements in technology?

By Bill Hauserman, Senior Director, Compliance Solutions, Bureau van Dijk, A Moody’s Analytics Company
13th May 2019

Full oversight for risk reporting: Aggregating reporting across multiple systems and jurisdictions

By David Stomski, Director, Operational Risk Management, Credit Suisse
10th May 2019

Ensuring effective controls for cloud providers to understand where data is stored and pinpoint liability

By Sean O’Brien, Managing Director, DVV Solutions
8th May 2019

Aligning third party management with wider operational resilience frameworks and risk appetite statements

By Nick Brazier, Head of Third Party Management, Close Brothers & Anna Gurney, Head of Supplier Relationship Management, Close Brothers
7th May 2019

Boosting vendor risk reporting accuracy

By Shamial Afzal, Head of Supplier Risk Management (SRM), M&G Prudential
2nd May 2019

Aggregating reporting across multiple systems and jurisdictions for full oversight for risk reporting

By Roxane Romulus, MBA, Director, Third Party Risk Management, Voya Financial
29th April 2019

Continuous monitoring of vendor and third parties for full portfolio analysis of risks

By Ken Wolckenhauer, VP, Vendor Management, Nordea Bank 
23rd April 2019

The innovation illusion

By Daniel Moore, Chief Risk Officer, Scotiabank
23rd April 2019

A vision of the end-state analytics architecture for your firm

By Stevan Maglic, SVP, Head of Quantitative Risk Analytics, Regions Bank
23rd April 2019

Increasing cyber resilience in an advancing threat landscape

By Philip Masqullette, SVP, CRO, Ulster Savings Bank
23rd April 2019

Effective management of model risk for end to end management

By Wei Ma, Head of Model Risk Management, Sumitomo Mitsui Banking Corp
16th April 2019

Beginners guide to navigating a regulatory inspection

By Fiachra Crean, Head of Supplier Relationship Management, AIB
11th April 2019

Tracking and limiting concentration risk across supply chain to avoid over reliance on any party

By Amit Lakhani, Head of Third Party Risk Management, CIB, BNP Paribas
11th April 2019

Model Risk: The backbone of the asset management industry

By Abhisekh Adukia, VP, Model Risk Director, Alliance Bernstein
11th April 2019

Uncovering unknowns: Understanding the intersection of vendor management and business continuity planning

By Michael Berman, Founder & CEO, Ncontracts
10th April 2019

Best practice for categorising vendors to determine level of due diligence and oversight required

By Ben Joyce, Head of Sourcing – Global Commercial Services, ICBC Standard Bank Plc
8th April 2019

Integration of procurement and vendor risk management to manage risk prior to onboarding

By Mick Kless, President and CEO, Compliance Education Institute

4th Annual Vendor & Third Party Risk Europe

18-19 June 2019 | London

WEBINAR

FREE RISK WEBINAR

Vendor & third party risk – Adapting to the evolving regulatory landscape

 Taking place on 2 May 2019, 2pm – 3pm (GMT)

Key topics to be addressed include:

Key regulations and guidelines

EBA outsourcing guidelines

Management of Operational Risk

Internal organisation

Only available to members, make your free account here to access the webinar recording.

Including insights from:

Charles Forde

Charles Forde
Global Head of Third Party, Outsourcing & Inter-Entity Risk
UBS

Amit Lakhani

Amit Lakhani
Head of Third Party Risk Management, CIB
BNP Paribas

Rashni Chahal Holden

Rashni Chahal Holden
Global Head of Procurement Services and Regional Head of Procurement and Third Party Risk
Standard Chartered Bank

Ben Joyce

Ben Joyce
Head of Sourcing
ICBC Standard Bank

Phil East

Philip East
Regional Sales Director
BitSight

Moderator

4th Annual Vendor & Third Party Risk Europe

18-19 June 2019 | London

SURVEY

 Taking the Pulse of Third-Party Risk 2019

Annual Third-Party Risk Management Benchmarking Survey

This annual survey is designed to help benchmark some of the key questions that can indicate the status and health of your third-party risk/supplier risk/vendor risk program. For example:

  • Does your program have the appropriate funding?
  • What is the typical organizational structure?
  • How are third party risk professionals remunerated?
  • How engaged is your board?
  • How mature are programs and what are the greatest challenges?

It’s completely anonymous and will take no longer than 10 minutes to complete. All those who participate will be placed into a prize draw to win a free pass to one of our upcoming 2019 conferences. 

The report builds on last year’s research and will be an invaluable resource to benchmark your programs against your peers, drive investment conversations within your organization, and instill best practice approaches within your program. The final report will be available free of charge to participants and the wider third-party risk community to support education and benchmarking.

4th Annual Vendor & Third Party Risk Europe

18-19 June 2019 | London

SPONSORS & PARTNERS

Sponsorship

Can your organisation contribute? Please contact the Center for Financial Professionals today to discuss how we can deliver your thought-leadership at the event, help you generate leads, and provide you with unique networking and branding opportunities. For more information on what we can offer, please contact sales@cefpro.com or call us on +44 (0) 20 7164 6582 where a member of the team will be happy to tailor the right package for you.

2019 Co-Sponsors:

Aravo


Aravo Solutions delivers award-winning, marketleading cloud-based solutions for managing third party governance, risk, compliance and performance. We help companies protect their business value and reputation by managing the risks associated with third parties and suppliers, and to build business value by ensuring that their third party relationships are optimized. Aravo TPRM for Financial Services allows firms to centralize all their third parties into a single, quickstart cloud solution for assessing risk, conducting initial and ongoing due-diligence, managing and monitoring contractual compliance and performance, and transitioning and off-boarding third parties. Providing unrivaled regulatory agility and ease-of-use, together with actionable executive reporting, Aravo supports a user base of 124,000 corporate users, managing more than 4.3 million third party users in 36 languages and 154 countries. Learn more at aravo. com

BITSIGHT


BitSight Technologies is transforming how companies manage information security risk with objective, evidence-based security ratings. The company’s Security Rating Platform continuously analyzes vast amounts of external data on security behaviors in order to help organizations manage third party risk, benchmark performance, and assess and negotiate cyber insurance premiums.

IHS Markit


KY3P® is the first centralized data hub that simplifies and standardizes third-party risk management processes. Third-party relationships are under growing scrutiny by global regulators, including the US Office of the Comptroller of the Currency (OCC), FINRA, the UK Financial Conduct Authority, and the Monetary Authority of Singapore. As firms increase reliance on third parties to deliver business-critical processes and services, oversight complexity also increases. The lack of standardization around collecting due diligence data can lead to duplicate efforts, creating inefficient processes that might result in delays in response times, revenue recognition, increased costs and overall inconsistency of information. KY3P®, developed in partnership with global banks, asset managers, and Big 4 consulting firms, is designed to help you simplify third-party risk management processes. By standardizing due diligence questionnaires and storing third-party information centrally, the service minimizes efforts around information requests and responses.

DVV Solutions


DVV Solutions are a specialist provider of Cyber Security, Third Party Supplier Risk and Governance, Risk & Compliance (GRC) solutions including:
– Third Party risk management (TPRM) managed services
– Cloud-based risk assessment workflow automation
– Remote and onsite security risk assessment delivery
– Continuous monitoring and threat intelligence of suppliers
– Simplified risk assessments for small and medium-sized suppliers
– GDPR conformity assessments for Third Party data processors

As a Shared Assessments program member and recognised Assessment Firm we utilise industry-standard practices such as Standardised Information Gathering (SIG) questionnaires to perform initial supplier risk assessments, and Standardised Control Assessment (SCA) procedures for best-practice onsite audits.

We’d be pleased to hear from you and help find the most cost-effective way to develop, maintain or expand your Third Party risk management efforts.

OneTrust


OneTrust is the largest and most widely used technology platform to operationalize privacy, security and third-party risk management. According The Forrester New Wave™: GDPR and Privacy Management Software, Q4 2018, OneTrust “leads the pack for vision and execution.” Additionally, Fast Company named OneTrust as one of 2019’s World’s Most Innovative Companies.

More than 2,500 customers use OneTrust to implement their privacy, security and third-party risk programs, automatically generating the specific record keeping needed to demonstrate compliance with privacy regulations including the GDPR, California Consumer Privacy Act, Brazil LGPD, and hundreds of the world’s privacy laws.

To learn more, visit OneTrust.com

Prevalent


Prevalent helps enterprises manage risk in third party business relationships. It is the industry’s only purpose-built, unified platform that integrates a powerful combination of automated assessments, continuous monitoring, and evidence sharing for collaboration between enterprises and vendors. No other product on the market combines all three components, providing the best solution for a highly-functioning, effective third-party risk program.

Protiviti


Protiviti is a global consulting firm that helps companies solve problems in finance, technology, operations, governance, risk and internal audit, and has served more than 60 percent of Fortune 1000® and 35 percent of Fortune Global 500® companies.

RiskRecon


RiskRecon’s continuous monitoring solution delivers risk-prioritized action plans that enable precise and efficient elimination of your most critical third-party security risks. Only our SaaS delivers the data-driven evidence necessary for you to pinpoint security weaknesses within a vendor and across your third-party portfolio.

Rather than simply provide a laundry list of issues, RiskRecon automatically quantifies and describes the true risks associated with every vendor’s IT assets. Our solution employs passive, direct analysis of each organization’s Internet-facing systems to create detailed IT, security, and asset valuation profiles. Using these profiles, RiskRecon automatically produces risk-prioritized plans based on the severity of security issues present and the impact if the system is compromised.

Only RiskRecon enables clients to build a scalable, third-party risk reduction program that compresses remediation cycles, improves analyst productivity, and ensures constructive vendor collaboration. With our SaaS solution, you can monitor large third-party portfolios and make efficient, accurate decisions based on objective findings. Learn more at www.riskrecon.com

SFG Shared Assessments


The Shared Assessments Program helps the world’s leading organizations manage and protect against third party IT security risks. As the only organization that has uniquely positioned and developed standardized resources to bring efficiencies to the market for more than a decade, the Shared Assessments Program has become the trusted source in third party risk assurance. Shared Assessments offers opportunities for members to address global risk management challenges through committees, awareness groups, interest groups, and special projects. Join the dialog with peer companies and learn how you can optimize your compliance programs while building a better understanding of what it takes to create a more risk-sensitive environment in your organization.

SureCloud


SureCloud is a provider of cloud-based, integrated Risk Management products and Cybersecurity services, which reinvent the way you manage risk. SureCloud connects the dots with integrated Risk Management solutions enabling you to make better decisions and achieve your desired business outcomes. SureCloud is underpinned by a highly configurable technology platform, which is simple, intuitive and flexible. Unlike other GRC Platform providers, SureCloud is adaptable enough to fit your current business processes without forcing you to make concessions during implementation; meaning you get immediate and sustained value from the outset.

SureCloud’s Third-Party Risk Management solution is used by many leading enterprises including TGI Friday’s and Shop Direct to manage their third party relationships consistently, assess them on a regular basis, consolidate their responses and provide visibility and reporting over the entire program. SureCloud’s Third-Party Risk Management software solution not only automates the third-party risk management process but allows you to integrate with broader IT risk management processes and even your data privacy program. Discover more about SureCloud’s most popular solution here: https://www.surecloud.com/products/third-party-risk-management

2019 Associate Sponsors:

Hellios


Hellios Information is a supplier information and risk management company founded by people with more than 30 years’ experience each within this niche area.
We have expertise in providing total supplier information management solutions that provide the highest degree of quality in the most cost-effective manner for both buyers and suppliers.
Hellios collects, validates and monitors supplier information provided by relevant vendors.
Our particular expertise is developing and managing industry communities to create a single pool of accurate and up to date supplier information.
We achieve this by combing word class software, validation services and audit capabilities. Each supplier has been invited by a buyer users.
Hellios are currently working with leading organisations within the financial industry and are committed to delivering the best possible service to our customers.

ProcessUnity


ProcessUnity’s cloud-based solutions help organizations of all sizes automate their risk and compliance programs. Our highly configurable, easy-to-use tools significantly reduce manual administrative tasks, allowing customers to spend more time on strategic risk mitigation. As a software-as-a-service technology, ProcessUnity deploys quickly with minimal effort from customers and their IT resources. The inherent efficiency our technology delivers faster, better results, and the ability to scale governance, risk, and compliance programs over time. Learn more at www.processunity.com.

Reflectiz


Reflectiz is a cyber-security company that helps businesses manage and mitigate security and privacy risks resulting from third-party components installed on their websites.
The Reflectiz solution uses machine-learning capabilities and propriety profiling to scan entire websites, providing ongoing monitoring and complete third-party visibility for any given site from day one. It works seamlessly and requires no setup, no installation or any kind of integration. Our solution is designed for the financial sectors, e-services and e-commerce.
Reflectiz offers exceptional cyber roots and unique security skills, ranging from ethical hacking to highly complexed development challenges.
At Reflectiz we believe that in the era of GDPR and “Privacy First”, and as third-party risks are escalating, companies and organizations are obliged to protect their end users by all means.
The Reflectiz third-party risk solution is a must have now, and should be an integral part of any business process.

SupplierVision


SupplierVision will be an associate sponsor at the 4th Annual Vendor & Third Party Risk Europe 2019 Summit.

Media Partnerships

We are happy to support publications, associations and organisations at this event. From a simple company listing with your logo to taking advantage of some of our sponsor benefits listed above. To discuss a media partnership further please email jesse.hopkins@cefpro.com or call +44 (0)20 7164 6582.

Global Risk Community
IRTA Reg Tech International
OptionMag.fr

4th Annual Vendor & Third Party Risk Europe

18-19 June 2019 | London

VENUE & FAQs

The Tower Hotel | St Katherine’s Way | London | E1W 1LD

Venue

The Tower Hotel – Guoman
St Katherine’s Way
London
E1W 1LD

Click here to view venue website

Travel

The nearest tube line is Tower Hill via the Circle or District Line.

Nearby Accommodation

The venue is within a hotel, however some of the other accommodations close by are as follows;

Novotel London Tower Bridge

DoubleTree by Hilton Hotel London – Tower of London

Apex City of London Hotel

Frequently Asked Questions:

Can I present at the Vendor Risk Europe 2019?

Yes, the Center for Financial Professionals are happy to discuss speaking opportunities at Vendor Risk Europe 2019. For further information on this please contact alice.kelly@cefpro.com or call us on +44 (0)20 7164 6582.

What is the dress code?

Business attire is requested. The Summit is a formal opportunity to network with like-minded professionals and to gain knowledge from the industry’s finest risk management experts.

What is the cost and what is included in the registration fee?

We offer incentives for ‘early bird’ registrants of the Summit’s, as outlined on our pricing structure. Registration includes breakfast, refreshment breaks, lunches, a drinks reception at the end of the day, full access to the sessions and exhibition area. Presentations from sessions are also available, subject to speaker approval.

Will breakfast, lunch and refreshment be provided?

Yes. As with all of our events the Center for Financial Professionals will be providing brilliant coffee, breakfast, lunch, refreshments, and smaller bites during the networking breaks.

Will there be opportunities to network with other attendees?

There are ample opportunities for networking and interaction throughout the Summit, such as

  • Breakfast, lunch and refreshment breaks
  • Drinks reception at the end of the day one (Subject to confirmation)
  • Q&A, panel discussions and audience participation technology available through the Risk Insights App
I have colleagues that would like to attend, is there a group discount?

Certainly! We are pleased to offer you a 50% discount on the third registration or provide a fifth registration for free. If you would like to register more than five colleagues please contact us at casey.graves@cefpro.com or on +44 (0)20 7164 6582. Please note:

  • Registrations must be made at the same time
  • Registrations must come from the organisation
  • The lowest registration will be discounted
Can my organisation be involved with Vendor Risk Europe 2019?

Yes there are plenty of opportunities for the Center for Financial Professionals to share thought-leadership to the attendees of Vendor & Third Party Risk Europe 2019 and our wider risk professionals community.

At the event We can distribute your material to the attendees, offer you an exhibition booth, and provide speaking opportunities so that you may enjoy a more prominent presence at the Summit. Visit the Sponsor tab for further information or contact sales@cefpro.com / +44 (0) 207 164 6582. Risk Insights Feature your content on our Risk Insights website and supporting Risk Insights monthly newsletter. For further information visit our sponsorship tab!

Are media partnerships available for Vendor Risk Europe 2018?

Yes. As part of a media partnership we can offer a variety of options to increase the branding and awareness of your association, company, certificate, publication or media. We are flexible with what we can offer however we usually:

  • Provide a discounted rate to attend
  • Place your logo and profile on the Summit website
  • Place your logo on the Summit brochure
  • Place your logo on promotional content where applicable
  • Distribute your media/marketing at the Summit
  • Promote through social media channels

To discuss this further please contact casey.graves@cefpro.com or call +44 (0)20 7164 6582

CPD

We are pleased to announce that our courses have been independently evaluated for Continuing Professional Development purposes by The CPD Certification Service. This means our courses comply with universally accepted principles of Continual Professional Development (CPD) and have been structured to meet the criteria of personal development plans.

4th Annual Vendor & Third Party Risk Europe

18-19 June 2019 | London

REGISTER

Early Bird
Standard Rate

Main Summit
Representing a financial institution
(E.g. Bank, Insurance company, Asset Manager, Regulator)

£1,099*
Until 07 June

Save £400

£1,499*
After 07 June

Main Summit
Representing an information/service provider

(E.g. Consultant, Vendor, Executive Search Firm, Law Firm)

£1,599*
Until 07 June

Save £400

£1,999*
After 07 June

Masterclass Only
(All organisations)

£399*
Until 07 June

Save £200

£599*
After 07 June

*all rates are subject to UK VAT

Group Bookings:

Group rates are available for 3 or more attendees from the same organisation, when registering at the same time. The current rate allows every third colleague to come along for half price or a fifth colleague to attend for free!

Other Ways to Register:

1. Register by Email

Simply email us with your e-signature
we will do the rest for you!

We only need your:
– Full name
– Job title
– Company & address
– Contact number

2. Contact Us Directly

+44 (0)20 7164 6582

3. Download PDF Registration Form

EARN CPD CREDITS
To claim your CPD credits please contact info@cefpro.com or call +44 (0) 207 164 6582

Connect With Us
#VRMEMEA

TwitterLinkedInFacebookYouTubephone icon 50px

2019  Co-Sponsors:

Bitsight

2019 Associate Sponsors: