Agenda
8:00 – 8:50
Registration and breakfast
8:50 – 9:00
Chair’s opening remarks
REGULATION
Balancing compliance with risk management in an increasingly complex regulatory environment
View Session Details
- Reviewing the regulatory landscape over the next 2 years
- Aligning business processes with regulatory expectations
- Alignment with risk tolerance and appetite
- Future-proofing supplier relationships to meet regulation
- Understanding impact of regulation on the organization
- Aligning increasing regulatory requirements
- Operational resilience, cyber resilience, NIST, EU AI Act, GDPR etc.
- Minimum requirements to ensure alignment with all changes
- Managing variations in templates and reporting expectations
- Prioritizing changes and expectations
 |
Gerard Doyle, Chief Operating Officer, Head of Third Party, Operational Resilience and OCIR, Credit Suisse |
EXIT PLANS – PANEL DISCUSSION
Advancing exit plans aligned with current and future expected regulatory requirements
View Session Details
- Developing stressed and unstressed exit plans
- Determining what is proportionate
- Exit plans at service level for organizations providing multiple services
- Reviewing expectations for cloud service providers
- Identifying gaps on service and impact to customer
- Reviewing timelines for compliance and benchmarking progress
- Documenting all services and reliance of third party
- Leveraging expertise internally and within suppliers
- Updating contracts to include stressed exit plan provisions
- Managing the practical realities of supplier failure
- Monitoring financial stability of third parties
- Setting risk appetite for supplier or service outages
- Minimizing duplication of work for bank wide vs individual third party exit plans
|
|
Jean-Marc Boulo, Director, Head of Global Sourcing & Procurement UK, Credit Agricole |
|
|
Anne McGowan,Head of Supplier Management, Governance & Risk, Lloyds Banking Group |
|
|
Anita Barber, VP, Supplier Management, HSBC |
BUSINESS CONTINUITY
Developing an integrated approach to business continuity and disaster recovery planning
View Session Details
- Substitutability and business continuity
- Identifying suppliers with a monopoly on certain markets
- Reviewing alternative options
- Enhancing SLAs for Monopoly Suppliers
- Monitoring overall performance
- Managing transition across suppliers in stressed and unstressed exit
- Developing a seamless exit strategy
- Enhancing business continuity plans
- Developing immediate contingency plans to support exit plans
- Practical steps for implementing contingency plans
Morning refreshment break and networking
CRITICAL THIRD PARTIES
Reviewing future treatment of critical third parties as regulated entities
View Session Details
- Defining critical third parties in line with regulatory requirements
- Implementing legislation within timelines
- Managing cost and reporting implementation
- Implementing in a proportionate way
- Identifying potential concentration or systemic risk
- Management of critical services that don’t meet the definition of outsourcing
- Potential to increase efficiency in the industry with pooled information
- Impact of frequency of reporting and granularity of data
- Implementing expectations into an efficient process
|
|
Orlando Fernandez Ruiz, Senior Technical Specialist, Operational Resilience/TPRM, Prudential Policy, Bank of England (tbc) |
RESILIENCE
Embedding and implementing resilience in third party and supply chain risk management
View Session Details
- Reviewing links between resilience and third party risk
- Translating impact tolerances into something measurable
- Inventorying IT assets and linking to service
- Outreach to resolve incidents
- Developing maturity in resilience practices
- Reviewing cross-impact of resilience regulations
- Understanding downstream and upstream impacts
- Developing strong vendor relationships
- Communicating risk appetite and monitoring activities
- Enhancing industry collaboration
Lunch break and networking
DORA – PANEL DISCUSSION
Reviewing practical implementation approaches for EU DORA regulation and regional variations
View Session Details
- Working with suppliers in order to meet requirements
- Reviewing global operational resilience requirements
- Managing vast scale of change
- Undertaking gap analysis to define expectations
- Enhancing inventories and controls
- Managing additional governance and documentation requirements
- Centralizing teams and assessments at a group level
- Enhancing relationship management with single point of contact
- Reviewing impact to fintech companies: How are fintech’s adopting the new requirements
|
|
Sophie Bishop, Head of Supplier Relationship Management, Legal & General |
|
|
Mihaela Breg, Head of Operational Resilience & Third Party Oversight, Europe Arab Bank |
CONCENTRATION RISK
Gaining a full view of concentration risk: Minimizing and monitoring geographic and organization concentrations
View Session Details
- Varying nature of concentration risk
- Identifying company and jurisdictional concentrations
- Monitoring geopolitical risk and impact to supply base
- Approaches to map data to identify concentration risk
- Tools available to map data
- Increased concentration in areas with heightened geopolitical tension
- Collecting data to visualize concentration
- Leveraging data to inform sourcing decisions
|
|
Gemma Stewart, Global Head of Vendor Management, Zurich Insurance Company |
CONTINUOUS MONITORING
Enhancing continuous monitoring processes for a holistic and real time view of risk
View Session Details
- Tools for continuous and online monitoring
- Managing and monitoring tools
- Alerts to monitor all third parties
- Monitoring SLAs and compliance
- Building in operational resilience
- Online monitoring for real time global updates
- Developing a holistic view of supply chain
- Reviewing tools and capabilities
|
|
Carlos Colino, MD, Global Head of Third-Party Risk Management, Santander Corporate and Investment Bank |
Afternoon refreshment break and networking
DUE DILIGENCE
Enhancing due diligence and assessment practices to obtain and develop actionable insights
View Session Details
- Protecting reputation through effective due diligence
- Conducting due diligence down the supply chain
- Assurance requirements for 4th to Nth parties
- Monitoring for conflict of interest breaches
- Validating due diligence questionnaires
- Determining the right level of risk assessment and due diligence for third party arrangements
- Reviewing due diligence processes and action on risk and issues identified
- Demonstrating effective monitoring and remediation of risks
- Due diligence for organizations needed for immediate strategic benefit
- Minimizing process time for faster turnaround
- Managing vendor overload
- Industry collaboration opportunities to streamline processes
- Reducing manual collection of data and information
|
|
Codee Woo, Strategic Supplier Risk Management, Legal & General |
RISK CONVERGENCE – PANEL DISCUSSION
Increasing collaboration across teams to monitor risk across the lifecycle
View Session Details
- Distinguishing primary risk from cascading or downstream risk
- Increasing collaboration and communication across risk teams
- Ensuring an integrated approach
- Identifying, tracking and managing risks
- Moving from activity to risk based metrics
- Enhancing governance by focusing on risk over activity
- Gaining support from the business and effective tone from the top
- Developing a holistic third party risk management reporting program
- Integrating dashboards across third party risk
- Bringing all data into one place for third party risk management
|
|
Samikendra Gosh, Global Third-Party Risk Lead, Operational and Resilience Risk, HSBC |
|
|
Gary Lock, Global Head of Third-Party Risk Management, Fidelity International |
|
|
Alex Dorlandt, Head of Supply Chain Risk Management, Lloyds Banking Group |
INTEGRATED TPRM
Developing an integrated platform to manage end to end third party lifecycle
View Session Details
- Managing expanded portfolio of third parties
- Increased volume of third party risk
- Developing approaches to automate scoring
- Utilizing scoring for pre-screening
- Leveraging the use of AI for a central platform
- Developing an integrated third party risk management practices with automation built in
- Ensuring a full audit trail
- Developing a roadmap and engaging stakeholders
- Cross-jurisdictional challenges segregating certain business units
- Tailoring to local business units while maintaining group standards
- Developing a clear sourcing policy and governance framework
Chair’s closing remarks
End of day one and networking drinks reception
8:00 – 8:50
Registration and breakfast
8:50 – 9:00
Chair’s opening remarks
GEOPOLITICAL RISK – PANEL DISCUSSION
Reviewing implications of geopolitical tensions to supply chains and future proofing business strategies
View Session Details
- Maintaining oversight of restrictions and impact to third parties
- Considering geopolitical risk when working with new suppliers
- Approaches to assess the geopolitical risks for proactive management of risk
- Developing and testing business continuity arrangements
- Interconnected nature of risk and compliance
- Reviewing sanctions regimes in jurisdictions and data privacy
- Uses of AI in monitoring geopolitical risks
- Developing a forward looking strategic view of TPRM
- Reviewing supply chain dependencies as a result of long term horizon risks
- Scenario planning for geopolitical changes
- Exploring impacts across the supply chain and resilience
|
|
Saima Sabir, Group Head of Third-Party Risk Management & Outsourcing (2LOD), Bank of Ireland Group |
|
|
Luca Bolcato, Head of Global Procurement Policies and Risks, ING (tbc) |
|
|
Maya Goethals, Director, Compliance and Risk Management, Bank of America Merrill Lynch |
ESG
Monitoring supply chains to ensure adherence with internal ESG goals and standards
View Session Details
- Evaluating ESG risks in third-party relationships
- Strategies for ensuring ESG Compliance of suppliers
- The importance of reporting
- Using TPRM to manage our own ESG commitments
- Case study of how inadequate consideration of ESG can negatively impact outsourced processes and TPRM
|
|
Julius Herfel, Head of Audit –International Regulatory & Second Line, BNY Mellon |
Morning refreshment break and networking
AI
Explore the use of artificial intelligence within TPRM
View Session Details
- Consider How AI should and should not be used in TPRM
- Review practical application through real-world use cases
- Assess the impacts and benefits for you and your Third Parties
- Identify roles and functions that will be affected
- Evaluate the risks of implementing AI into TPRM
|
|
Brian Shaw, Director of Financial Services Sales, Mirato |
.
Developing approaches and controls to monitor the use of AI across supply chain
View Session Details
- Developing controls for uses of AI across supply chain
- Developing strategies for third parties leveraging OpenAI
- Managing those with access to data
- Information to obtain from third parties using AI
- Understanding how suppliers are using AI
- Impact of use of AI on cloud management
- Ensuring data and core information remains safe and well controlled
- Monitoring data uses within generative AI tooling
- Controls to ensure information is accurate and free of bias
- Protecting data without impacting business process and development
- Managing risks across jurisdictions and governments
4TH PARTIES
Gaining a holistic view of supply chain and ensuring security of processes and services
View Session Details
- Leveraging tools to monitor vulnerabilities across the supply chain
- Understanding impact of security incidents across the supply chain
- Gaining confidence from third parties
- Identifying impacts of nth party breaches
- Managing security with complex supply chains
|
|
Zuzana Rebrova, Head of Third Party Cyber Risk Management , Swiss Re |
Lunch break and networking
SaaS
Enhancing security around SaaS and identifying vulnerabilities across suppliers
View Session Details
- Reviewing security across the supply chain and software security
- Vulnerabilities when buying and using Software as a Service
- Security with increased adoption of technology
- Heightened use of cloud and migration of applications or systems
- Developing a clear inventory of software
- Managing risks with greater use of cloud
- Alignment of contingency and exit planning for cloud service providers
|
|
Jean-Francois Valette, CTPO EMEA, JPMorgan Chase & Co. |
CYBERSECURITY
Understanding increased cyber risk with complexity in supply chains and increased use of ransomware
View Session Details
- Identifying weaknesses in vendor systems
- Understanding end to end supply chain
- Interaction and oversight of fourth parties
- Tracking data across supply chain
- Threat modeling to understand how the service works
- Understanding global landscape and increased geopolitical risk
- Developing strong monitoring, assessment and contract clauses
- Inclusion of cyber security clauses
- Future of cyber security agency for critical third parties
- Aligning programs with consumer duty to keep customers at the center
- Ensuring third party systems are as robust as internal systems
|
|
David Sheridan, Global Chief Information Security Officer, Santander Corporate and Investment Banking |
DATA
Developing centralized and aggregated data processes to better use of available data
View Session Details
- Leveraging compliance data from third party assessments and due diligence
- Monitoring threat intelligence to identify vulnerabilities
- Integrating other parts of the business into vendor management analysis
- Collecting data on vendor performance
- Approaches to collect the right data to satisfy regulatory requirements
- Maintaining data in a centralized and structured platform
- Accessibility for regulatory reviews
- Developing a data consolidation and remediation program
- Reviewing tooling available to manage data
- Capturing information and connectivity between different sources
- Structuring and cleansing data for a consolidated view of key attributes
- Developing proactive and preemptive data metrics and insights
Afternoon refreshment break and networking
MEDIA SCANNING
Leveraging technology to scan news and media for alerts and monitoring of trends
View Session Details
- Automating media scans for all suppliers
- Monitoring news for trends
- Identifying opportunities
- Enhancing efficiency through AI
- Ensuring well rounded view with positive and negativity monitoring
- Setting up alerts to aid in negotiation and ongoing monitoring
- Aligning teams to communicate incidents globally
INTRAGROUP ARRANGEMENTS – PANEL DISCUSSION
Reviewing approaches and best practice for intragroup arrangements and management of sensitive data
View Session Details
- Managing materiality trigger aligned with access to sensitive data
- Reviewing regulatory treatment of inter group agreements
- Developing exit and resilience plans
- Treatment of personal data in internal agreements
- Assessing and defining materiality for intragroup
- Developing BAU programs to assess risk
- Onboarding expertise to review deviation opportunities whilst remaining compliant.
|
|
Funke Uwaifo, Head of Outsourcing and Vendor Management, EFG Private Bank |
|
|
Raghuveer Bhanoori, Director, Third-Party, Operational Risk, Pacific Life Re |
|
|
Jean-Francois Valette, CTPO EMEA, JPMorgan Chase & Co. |
Chair’s closing remarks
End of Vendor & Third-Party Europe 2024