

Why should you attend?
Join us in London on June 15-16 for our anticipated 9th Edition Summit.
Following two sold out events in 2022, Vendor & Third Party Risk Europe is the go-to risk Summit for vendor and third party industry experts and professionals at global institutions looking to advance their professional development and make meaningful connections.
Key highlights
- RESILIENCE:
Reviewing and managing the regulatory expectations on external services provide and driving resilience of supply chains
- INFOSEC:
Managing the increase of data breach risks through third parties with the usage of data sharing
- GEOPOLITICAL RISK:
Pre-empting the impact of geopolitical risks on vendors and the emerging effects within the supply chain
- PROCUREMENT:
Ensuring effective due diligence across vendor lifecycles by aligning procurement and rsks
- NTH PARTY:
Managing risk across supply chain and monitoring vulnerabilities beyond third parties
- CYBER SECURITY:
Managing risk and identifying vulnerabilities beyond a tick box exercise
- EXIT PLANNING:
Developing exit plans for material suppliers and testing planned and unplanned exits
- ESG:
Reviewing ESG frameworks for third parties and their considerations across the vendor lifecycle
Hear from subject matter experts and industry front-runners

An engaging and interactive agenda spread across 2-days
Participate in a comprehensive exploration of the topics at hand via presentations, panel discussions, and live Q&As to facilitate learning and engagement.

Listen in as subject matter experts share their knowledge
Our line-up of 30+ knowledgeable and experienced practitioners speakers bring the highest standard within the industry, offering fresh perspectives and insights for you to return to your department with.

7+ hours of available networking opportunities
Continue conversations from inside the auditorium over coffee, lunch, and at our complimentary drinks reception. Make meaningful career-long industry connections to use to your professional advantage.
Key speakers

Joanne Emmerson
Head of Third Party Risk Management Oversight
NatWest

Kishan Majitha
Executive Director, Cyber and Technology Controls
J.P. Morgan Chase

Gemma Stewart
Global Head of Vendor Management
Zurich Insurance Company

Hasintha Gunawickrema
Chief Control Officer, Wealth & Personal Banking
HSBC

Ameet Jugnauth
Director, Cyber Governance, Risk and Compliance
Capital One

Joe Bakowski
Director of Procurement, Supplier Risk & Commercial Management
Metro Bank

Rosalyn Aryee
Head of Outsourcing & TPRM and Operational Resilience
Santander Corporate & Investment Banking

Desmond Campbell
Vice President – Compliance Oversight and Operational Risk
Barclays Bank

Alex Dorlandt
Head of Risk and Policy
Lloyds Banking Group

Mike Day
Head of Group IT Procurement Third Party Management Programme
RSA Insurance
Session previews and related insights
Get an insight of what to expect from the Summit with our past and present speaker session previews.
Developing IT and operational resilience and reviewing progress towards implementation
Developing IT and operational resilience and reviewing progress towards implementation Benjamin Brundell, Head of Operational and Technology Risk, Lloyds Banking Group Below is an insight into what can be expected from Benjamin's session at Risk EMEA 2023 {{ vc_btn: title=Find+out+more+about+Risk+EMEA+2023&style=outline-custom&outline_custom_color=%23001c64&outline_custom_hover_background=%23001c64&outline_custom_hover_text=%23ffffff&link=url%3Ahttps%253A%252F%252Fwww.cefpro.com%252Fforthcoming-events%252Frisk-emea%252F%7Ctarget%3A_blank }} The views and opinions expressed in this article are those of the thought leader as
Managing increased risk of data breaches through third parties with increased data sharing
Managing increased risk of data breaches through third parties with increased data sharing Matthew Browning, former Head of Cyber Oversight, Direct Line Group Below is an insight into what can be expected from Matthew's session at Vendor & Third Party Risk Europe 2023. {{ vc_btn: title=Find+out+more+about+Vendor+%26amp%3B+Third+Party+Risk+Europe&style=outline-custom&outline_custom_color=%23001c64&outline_custom_hover_background=%23001c64&outline_custom_hover_text=%23ffffff&link=url%3Ahttps%253A%252F%252Fwww.cefpro.com%252Fforthcoming-events%252Fvendor-third-party-risk-europe%252F }} The views and opinions expressed in this article are
The business impacts of TPRM technology in 2023
The business impacts of TPRM technology in 2023 Brian Shaw, Director of Financial Services, Mirato Below is an insight into what can be expected from Brian's session at Vendor & Third Party Risk Europe 2023. {{ vc_btn: title=Find+out+more+about+Vendor+%26amp%3B+Third+Party+Risk+Europe&style=outline-custom&outline_custom_color=%23001c64&outline_custom_hover_background=%23001c64&outline_custom_hover_text=%23ffffff&link=url%3Ahttps%253A%252F%252Fwww.cefpro.com%252Fforthcoming-events%252Fvendor-third-party-risk-europe%252F }} The views and opinions expressed in this article are those of the thought leader as an individual,
Third-party management success secrets: mastering the art of due diligence and risk management
Third-party management success secrets: mastering the art of due diligence and risk management Nikki Stoy, GRC Cloud Specialist, OneTrust Below is an insight into what can be expected from Nikki's session at Vendor & Third Party Risk Europe 2023. {{ vc_btn: title=Find+out+more+about+Vendor+%26amp%3B+Third+Party+Risk+Europe&style=outline-custom&outline_custom_color=%23001c64&outline_custom_hover_background=%23001c64&outline_custom_hover_text=%23ffffff&link=url%3Ahttps%253A%252F%252Fwww.cefpro.com%252Fforthcoming-events%252Fvendor-third-party-risk-europe%252F }} The views and opinions expressed in this article are those of the thought
Sponsors
Knowledge partners
Co-sponsors
Associate sponsors
Content and media partners
Agenda
8:00 – 8:50
Registration and breakfast
8:50 – 9:00
Chair’s opening remarks
![]() |
Penny Flint, Partner, PwC UK |
9:00 – 9:45
RESILIENCE – PANEL DISCUSSION
Reviewing regulatory expectations and driving resilience of supply chains
Identifying important businesses and systems
Determining tolerance levels
Scenario testing to reflect emerging risks
Proactive and continuous monitoring
Regulatory approach to operational resilience
Managing geopolitical repercussions
Overlaps of third party risk and resilience requirements
![]() |
Rosalyn Aryee, Head of Outsourcing & TPRM and Operational Resilience, Santander Corporate & Investment Banking |
![]() |
Sonia Sordini, Head of Group Third Party Risk Management and Governance, QBE Insurance |
![]() |
Hasintha Gunawickrema, Chief Control Officer, Wealth & Personal Banking, HSBC |
![]() |
Sundeep Gupta, Associate Partner, PA Consulting |
![]() |
Wayne Scott, Regulatory Compliance Lead, NCC Group |
9:45 – 10:20
EXIT PLANNING
Reviewing current legislation for exit and stressed exit planning of third parties
Updating exit plans
Prioritizing material and high risk third parties
Frequency of tests and testing exit plans
Practicality of running tests
Testing exit plans for a stressed exit scenario
Developing and testing enhanced exit plans
Understanding contingencies and alternative providers
![]() |
Michelle Adu-Darko, VP TPRM and Outsourcing, Santander Corporate & Investment Bank |
10:20-10:50
Morning refreshment break and networking
10:50-11:25
CONCENTRATION RISK
Approaches to measure and quantify concentration risk and translating to decision making
Measurement strategies of concentration risk
Application of methodologies
Establishing an industry wide consensus
Determining risk appetite
Managing supply chain interlinkages
Identifying measurable tolerances
Inclusion of third party subcontractors
Establishing limits and thresholds for concentration risk
Reviewing EBA guidelines on concentration risk
![]() |
Mike Day, Head of Third Party Management, RSA Insurance |
11:25-12:10
CRITICAL SUPPLIERS – PANEL DISCUSSION
Developing a consistent and standardized approach to criticality and materiality
Defining criteria for definition of critical
Defining services and suppliers
Industry approaches to identifying criticality
Comparing industry and regulatory view of critical
Effective oversight of critical third parties
Managing concentration of critical suppliers
Determining level of scrutiny over critical third parties
Regulation of critical third parties
Due diligence on an ongoing basis
![]() |
Anil Agarwal, Third Party Governance, BNY Mellon |
![]() |
Shabbir Tahasildar, Operational Risk Lead for Technology, Information Security and Third-Party Risk, Handelsbanken plc. (UK) |
![]() |
Anne McGowan, Head of IT Supplier Management, Governance & Risk, Lloyds Banking Group |
12:10-12:45
The business impacts of TPRM technology in 2023
Process improvement reduction
Realising human capital potential
Maximising the value of data
Reducing hidden risk
Continuous monitoring assessment
Transitioning from survival to innovation
![]() |
Brian Shaw, Director of Financial Services, Mirato |
12:45-1:45
Lunch break and networking
1:45-2:20
AUTOMATION
Making better Due Diligence decisions
Managing vendors in an ever-changing regulatory environment
Mitigating tedious processes that are prone to error
Assessing the impact of new technologies with their reliability and maturity
Staying ahead of the curve by leveraging crucial data, automated procedures, validated assessments and managed services.
![]() |
Rogier Binsbergen, Director, Commercial Lead EMEA, KY3P® S&P Global |
![]() |
Eustathios Triantafellou, Commercial Director, KY3P® S&P Global |
2:20-2:55
CYBER SECURITY
How the approach to cyber security has altered in recent years
Highlighting the complications of cyber to navigate a clear landscape
What questions should I ask or be prepared to answer?
What head start can we make in preparing the way to procure or deliver a service with cyber security in mind?
What new risks are coming our way and how can we prepare ourselves?
![]() |
Simon Thomas, Executive Chairman, Thomas Murray |
2:55-3:30
Identifying vulnerabilities and managing risk beyond a tick box exercise
Collecting real time intelligence
Partnering with suppliers to manage cyber risks
Enhancing cyber resilience
Moving to a holistic resilience position
Approaches to manage denial of service attacks
Continuous monitoring and control to alert of risks
Overlaps between data privacy and cyber requirements
Supplier assurance controls
![]() |
Ameet Jugnauth, Director, Cyber Governance, Risk and Compliance, Capital One |
3:30-4:00
Afternoon refreshment break and networking
4:00-4:45
INFOSEC – PANEL DISCUSSION
Managing increased risk of data breaches through third parties with increased data sharing
Ensuring security of smaller vendors
Reviewing cybersecurity protection and maturity
Gaining visibility of entire supply chain
Moving ratings from declarative to evidence based
Ensuring maturity of vendor cybersecurity practices
Alignment of risk and procurement to gain visibility of supply chain
Ensuring effective handling and treatment of data
Understanding supply chain vulnerabilities beyond third parties
Risk assessing third party cybersecurity
![]() |
Kishan Majitha, Executive Director, Cyber and Technology Controls, JP Morgan Chase |
![]() |
Haydn Brooks, CEO, Risk Ledger |
![]() |
Matthew Browning, former Head of Cyber Oversight, Direct Line Group |
![]() |
Anders Norremo, VP Product Management for TPRM, Bitsight |
4:45-5:20
CYBER SECURITY
How to manage the cybersecurity footprint of an expanding network?
The network cyber challenge: Third parties – the weakest link
A necessary cooperation: InfoSecurity, Procurement and Business collaboration on cyber risks mitigation
Why is an evidence-based assessment the only reliable way to evaluate your cyber risks?
Assessed? What’s next? An efficient remediation process and scale up
![]() |
Thibault Lapedagne, Cybersecurity Research Director, CyberVadis |
5:20-5:30
Chair’s closing remarks
5:30
End of day 1 and networking drinks reception
8:00 – 8:50
Registration and breakfast
8:50 – 9:00
Chair’s opening remarks
![]() |
Day two moderator: |
9:00 – 9:35
PROCUREMENT
Aligning procurement and risks to ensure effective due diligence across vendor lifecycle
Information security considerations at procurement stage
Ensuring cybersecurity checks at onboarding
ESG considerations during tender process
Managing onboarding within procurement framework
Enhancing third party risk and due diligence
Onboarding practices and due diligence
Ensuring robustness of due diligence processes
![]() |
Gemma Stewart, Global Head of Vendor Management, Zurich Insurance Company |
9:35-10:10
STRATEGIC SUPPLIER MANAGEMENT
Journey to standardisation – optimising efficiency and maturation of strategic supplier management programs
How can standards and regulations align?
The integrated acceptance of standard risk frameworks and diligence practices.
Achieving common set of set of third-party diligence and management.
Focus on cyber, ESG, and privacy standards
Guidance to program managers and risk professionals – so does and don’t dos
![]() |
Andrew Moyad, Chief Executive Officer, Shared Assessments |
10:10-10:40
Morning refreshment break and networking
10:40-11:15
DUE DILIGENCE
Third-party management success secrets: mastering the art of due diligence and risk management
The primary goals of successful TPRM and TPDD programs
The distinction between the two discipline areas
Details about the unique risk domains for both programs
How to align your TPRM and TPDD programs to achieve workflow efficiencies
![]() |
Nikki Stoy, GRC Cloud Specialist, OneTrust |
11:15-11:40
CONTINUOUS RESILIENCE
Carve through the noise by prioritizing the most critical security threats
Identify threats to your security posture to make proactive, informed decisions
Stay one step ahead of threat actors with actionable insights
Prioritize remediation of critical threats using limited resources
Achieve continuous, outside-in visibility to reduce your cyber risk exposure
Optimize and automate third-party risk management
Consolidate and integrate vendor risk data into your existing security stack
Set KPIs, track ROI, and communicate clearly to stakeholders
Ruthlessly prioritize to keep your organization secure
Use your security posture to help make your organization the vendor of choice
![]() |
Will Gray, Field Sales Director EMEA, SecurityScorecard |
11:40-12:25
TECHNOLOGY & DATA
Leveraging data insights and technology capabilities to better understand supply chain risks
Data integration and visualization tools for a holistic view
Gathering data beyond questionnaire responses
Collecting monitoring information
Leveraging data to represent true risks
Integrating technology into systems
Using third party tools to provide AI
![]() |
Hannah Macdonald, Head of Procurement & Third Party Risk, Supplier Operations Lead, Monzo |
12:25-1:25
Lunch break and networking
1:25-2:00
HOLISTIC VIEW
Viewing suppliers on aggregate across portfolio for a holistic view of risk
Developing tangible actions off of data
Monitoring risks beyond cyber
Reviewing capabilities to manage end to end risk lifecycle
Providing board and senior management full visibility
Developing a centralized oversight function
Creation of oversight and ongoing monitoring
Gaining a full view of outsourced activities
![]() |
Joanne Emmerson, Head of Third-Party Risk Management, NatWest |
2:00-2:45
GEOPOLITICAL RISK – PANEL DISCUSSION
Pre-empting and managing the impact of geopolitical risks on vendors and supply chain
Repercussions and ripple effect of Russia invasion of Ukraine
Identifying emerging risks
Monitoring instabilities globally
Energy crisis impact on supply chains
Increased financial health risks
Impact of European crises on supply chains
Long term repercussions from Covid-19
![]() |
Alex Dorlandt, Head of Risk and Policy, Lloyds Banking Group |
![]() |
Merlin Linehan, Risk Manager, EBRD |
2:45-3:15
Afternoon refreshment break and networking
3:15-3:50
NTH PARTY
Reviewing potential risks within supply chain ecosystem
Contractual requirements for fourth party oversight
Mapping critical third parties and outsourcing
Expectations to map extended supply chain
Including contractual provisions for fourth parties
Developing controls at fourth party level
Reviewing cross sector best practice mapping supply chains
Auditability and onsite review requirements of material subcontractors
![]() |
Desmond Campbell, Vice President, Compliance Oversight and Operational Risk, Barclays |
3:50-4:35
ESG – PANEL DISCUSSION
Reviewing footprint of third parties and including ESG considerations across lifecycle
Reducing carbon footprint across supply chain
Measuring carbon footprint in an intangible supply chain
Engaging third parties in ESG requirements
Meeting regulatory and internal expectations
Aligning supplier management process with ethical values
Application of metrics to small organizations
Applying leverage to large organizations
Climate risk adaptation: Measuring physical risk through science and technology
Measuring financial impact of climate risk for the next two decades with confidence
![]() |
Anita Barber, VP, Supplier Management, HSBC |
![]() |
Edit König-Bihari, Sustainable Supply Chain, Danske Bank |
![]() |
Joe Bakowski, Director of Procurement, Supplier Risk & Commercial Management, Metro Bank |
![]() |
Lukky Ahmed, CEO & Co-Founder, Climate X |
4:35-5:10
RELIANCE
Managing the increased use and reliance on external service providers
Increased use of vendors as a result of Covid-19
Reliance on external services to enhance digitalization
Tracking data across vendors
Increased risk with increased reliance
Monitoring and oversight of non-critical vendors
Cybersecurity audit of all third parties
Aligning third parties with company strategy
![]() |
Daniel Crease, former Managing Director, Third Party Risk Management and Operational Resilience, Deutsche Bank |
5:10-5:20
Chair’s closing remarks
5:20
End of Summit
Would your organization like to partner with us on this event?
To discuss how we can deliver your thought-leadership at the event, help you generate leads, and provide you with unique networking and branding opportunities, please contact sales@cefpro.com or call us on +1 888 677 7007 ext. 207 for more information.
Sponsors
Knowledge partners
Co-sponsors
Associate sponsors
Content and media partners
Speakers

Michelle Adu-Darko
VP TPRM and Outsourcing
Santander Corporate & Investment Banking

Michelle Adu-Darko
Michelle is a Third-Party Risk Management (TPRM) and Outsourcing Manager at Santander Corporate and Investment Bank (SCIB) where she manages the maintenance of a comprehensive Third-Party Risk policy framework in accordance with the Bank’s Risk Appetite, wider Group and Regulatory requirements. She has 7+ years’ experience in defining and implementing robust TPRM governance framework to meet regulatory expectations.
Michelle’s career spans across a range of risk management disciplines, including BC, Crisis Management and Operational Controls. She made significant contribution in supporting the establishment of a firm wide TPRM framework for the newly formed Banco Santander S.A London Branch, and now leads programmes that support maturing of the framework.
Outside of work, Michelle enjoys gardening, and has a passion for empowering young people. She holds a first class in International Business from Middlesex University, London Campus.

Anil Agarwal
Third Party Governance
BNY Mellon

Anil Agarwal
Ros Aryee is recognised as a thought leader on Operational Resilience and Third-Party Risk Management. Coming from an Engineering background, she has over 20 years’ experience in defining and transforming governance frameworks to mitigate operational risks. Her career has spanned various financial organisations including the Bank of England, Lloyds Banking and Standard Chartered Bank where she has held senior management roles both locally and internationally across BCM, TPRM, IT SCM, Crisis Management, Operational Risk and Compliance.
In her current role, as an Executive Director at the Santander London branch, she heads up the TPRM & Outsourcing and Operational Resilience functions and is accountable for embedding a framework to meet both EU and UK regulatory expectations.
Ros is a Certified Third-Party Risk Professional and holds a BSc in Electrical and Electronic Engineering, and a post graduate diploma in BCM. Outside work she serves as a committee member on the City of London Police Advisory Group and on the steering board for the on the TPRM Shared Assessment PSC to support and provide thought leadership. She also works with local church groups in her community to mentor disadvantaged youth in the BAME Community.

Lucky Ahmed
CEO & Co-Founder
Climate X

Lucky Ahmed
Lukky Ahmed’s got more than a decade of international banking experience with leading institutions, covering risk management, regulatory change, stress testing and consultancy. Never one to shy away from the big problems, he went into the rabbit hole of understanding how climate change would impact the world’s financial stability.

Rosalyn Aryee
Head of Outsourcing & TPRM and Operational Resilience
Santander Corporate & Investment Banking

Rosalyn Aryee
Ros Aryee is recognised as a thought leader on Operational Resilience and Third-Party Risk Management. Coming from an Engineering background, she has over 20 years’ experience in defining and transforming governance frameworks to mitigate operational risks. Her career has spanned various financial organisations including the Bank of England, Lloyds Banking and Standard Chartered Bank where she has held senior management roles both locally and internationally across BCM, TPRM, IT SCM, Crisis Management, Operational Risk and Compliance.
In her current role, as an Executive Director at the Santander London branch, she heads up the TPRM & Outsourcing and Operational Resilience functions and is accountable for embedding a framework to meet both EU and UK regulatory expectations.
Ros is a Certified Third-Party Risk Professional and holds a BSc in Electrical and Electronic Engineering, and a post graduate diploma in BCM. Outside work she serves as a committee member on the City of London Police Advisory Group and on the steering board for the on the TPRM Shared Assessment PSC to support and provide thought leadership. She also works with local church groups in her community to mentor disadvantaged youth in the BAME Community.

Joe Bakowski
Director of Procurement, Supplier Risk & Commercial Management
Metro Bank

Joe Bakowski
Joe runs Procurement, Supplier Management and Supplier Risk for Metro Bank, having set up the team six years ago. He has a broad range of previous experience across sectors including engineering, construction, consulting, education and design.

Anita Barber
VP, Supplier Management
HSBC

Anita Barber
I obtained a degree in Law with the dream to bring change, drive innovation and argue my views. After completing law school, I realised that was certainly not the career for me. I signed up to an internship programme in New York and worked on the world’s largest trading floor – UBS Stamford Connecticut. This is where I found my passion for Banking. Following this I worked at Barclays, KPMG and joined HSBC 6 years ago. In these 6 years I have developed specialist knowledge in Vendor management, Third Party Risk and now focusing on building a Supplier Management framework for the Bank. The Supplier landscape is forever changing, but what interests me the most is how we can leverage our relationships to better advance our Sustainability goals. I am actively involving in a number of coaching and mentoring programmes as well as running a Diversity and Inclusion working group.

Rogier Binsbergen
Director, Commercial Lead EMEA
KY3P® S&P Global

Rogier Binsbergen
Biography coming soon.

Haydn Brooks
CEO
Risk Ledger

Haydn Brooks
Originally a big 4 cyber risk consultant Haydn experienced the day to issues that came with running a supply chain assurance programme. He found that current programmes actively caused clients and their suppliers’ headaches. These pain points led him to found Risk Ledger. Risk Ledger is a technology platform that combines a security governance platform with a secure social network. In the last couple of years, Risk Ledger has gone from strength to strength, receiving 2.1 million in seed funding, winning the Cyber Den/Most Innovative Cyber Company Award and being named as one of Forbes’ Tech Champions of 2022.

Matthew Browning
former Head of Cyber Oversight
Direct Line Group

Matthew Browning
Matthew joined Direct Line Group in 2016 as Head of IT Third Party Oversight
where he oversees activities of the Third Party Assurance and PCI Compliance teams. Third Party Assurance focusses on ensuring the operational resilience and security of DLG’s supply chain and the PCI Compliance team ensures DLG maintains daily compliance to PCI Data Security Standard and conducts the annual PCI DSS assessment.Previously Matthew was a Qualified Security Assessor at Gemserv Ltd, where, as Principal Consultant, he delivered Cyber Security consultancy and PCI assessments for merchants and service providers in a variety of industries.

Desmond Campbell
Vice President Compliance Oversight and Operational Risk
Barclays

Desmond Campbell
An Alumni of De Monfort University & London Metropolitan University, Demond is a seasoned Third-Party Risk Management Lead as well as a specialist in Supplier Relationship Management. He has worked both in the Public and Private sectors gaining foundational experience at London Underground over a 17 year career. He has also worked for Deutsche Bank, HSBC and now with Barclays.

Daniel Crease
former Managing Director, Third Party Risk Management and Operational Resilience
Deutsche Bank

Daniel Crease
With over twenty years experience in procurement and supply chain within the Financial Services sector, Dan has successfully led the strategy, transformation and operation of third party risk management across three global banks in the last 14 years (Barclays, HSBC and Deutsche Bank). Now an advisory consultant on the topic, Dan continues to support both FS and non-FS clients with establishing sustainable solutions across both first and second lines of defence.

Mike Day
Head of Third Party Management
RSA Insurance

Mike Day
Mike is Head of UK&I Third Party Management at RSA Insurance. Joining in March 2017 to focus on identifying and unlocking global IT Procurement opportunities and increasing collaboration between regions on procurement initiatives, he moved into Third Party Management in 2019 to implement a new programme and has subsequently run the function since. Mike is currently running the TPMv2 project to enhance the processes and frameworks to meet the new regulatory requirementsPrevious to joining RSA Mike has held senior IT Procurement and Third Party Risk roles across a number of sectors, including roles at Zurich Insurance, EY, Morgan Stanley, Inmarsat and O2. He was the European lead for setting up the global Morgan Stanley Supplier Risk process in 2009/10Mike is married with three children but still finds time to enjoy playing football and cricket – the rest of his time is spent on family crowd control.

Alex Dorlandt
Head of Risk & Policy
Lloyds Banking Group

Alex Dorlandt
Alex is Head of Supply Chain Risk for Lloyds Banking Group (LBG), responsible for ensuring that the supplier onboarding & management frameworks drive effective risk management and regulatory compliance. Alex has worked with LBG for 10 years, and has over 20 year experience in Sourcing and Supply Chain Risk.

Joanne Emmerson
Head of Third-Party Risk Management
NatWest

Joanne Emmerson
With over 20 years banking and risk management experience working across the financial industry, including Bank of Scotland, Barclays and currently with the NatWest Group, Joanne is an industry expert on all aspects of Third Party Risk Management and Outsourcing regulatory requirements. In her current role she is the Risk lead for NatWest on all outsourcing matters working with external and internal outsourcing central teams on their business strategy, processes and control environment to ensure they operate within the bank’s risk appetite and meet regulatory expectations. As a purpose-led business NatWest fosters strong relationships with all key stakeholders across their supply chain.

Penny Flint
Partner
PwC UK

Penny Flint
Penny has over 20 years of experience in third party management and outsourcing. She has helped a number of large international Banks, investment management and insurance firms stand-up, operationalise, or streamline existing programs to increase value or remove cost.
Penny has also led the build out of our full TPRM capability across both advisory and execution managed services (EMS). Penny has a wealth of experience of both Third Party Risk and transitioning the management of complex, global services and supply chains.

Will Gray
Field Sales Director
SecurityScorecard

Will Gray
Will Gray has 18 years experience in Security and Risk Management, primarily focused on bringing emerging technologies to market.
Having joined SecurityScorecard in 2018, when Cyber Risk Ratings was a nascent industry, he has seen a rapid rise in adoption of the concept which now underpins board reports, risk management discussions, supply chain security assessments and cyber insurance underwriting for 1000’s of organisations globally.

Hasintha Gunawickrema
Chief Control Officer, Wealth & Personal Banking
HSBC

Hasintha Gunawickrema
Hasintha Gunawickrema is currently the Chief Control Officer for HSBC UK Wealth and Personal banking. Over her 17-year career in Financial Services, she has worked with markets across Europe and Asia. She is currently reading for an Executive Leadership program with Harvard Business School and is also a qualified accountant.
Hasintha has led large scale business, digital and culture transformational programs to deliver better customer outcomes, improve operational excellence and drive effective risk management.
Hasintha is passionate in coaching and mentoring and has a large mentee base across Europe and Asia. She is back in the UK after a successful stint in India as the COO for Wealth and Personal Banking for HSBC. During her time in India, Hasintha was engaged in supporting charities that are focused on educating less privileged girls. She is passionate in supporting colleagues and customers who are disadvantaged due to their physical abilities, mental health challenges and neurodiversity. She is the Diversity and Inclusion Ability lead for Global Wealth and Personal Banking in HSBC.
Hasintha leads the ‘Data driven risk management’ agenda to support businesses deliver sustainable growth and meet customer needs effectively.

Sundeep Gupta
Associate Partner
PA Consulting

Sundeep Gupta
Sundeep leads PA Consulting’s Third Party Risk Management capability for Financial Services. With over 20 years experience, Sundeep has significant experience in working with boards and executive committees, bringing deep experience in delivering programmes against evolving regulatory expectations.

Ameet Jugnauth
Director, Cyber Governance, Risk and Compliance
Capital One

Ameet Jugnauth
Ameet Jugnauth is an experienced Cyber and Technology leader within the Financial Services sector. With over 15 years of experience across insurance and banking, Ameet has led global information security initiatives, large scale risk and control transformation programmes and recently led risk oversight for strategic transformation at a large banking group. Ameet joined Capital One in 2022 as the Cyber Governance and Risk Director, responsible for third party management, cyber risk and compliance, developing thought leadership across both UK and US teams. Appearing at events regularly in the UK and Europe, he shares his insights into resilience best practices, innovation and is a strong advocate for diversity and inclusion as a lever to organisational success.

Edit König-Bihari
Sustainable Supply Chain
Danske Bank

Edit König-Bihari
Edit König-Bihari is a business strategist with 20 years of experience combining sustainability, strategic sourcing and compliance mindset in the financial industries. Currently working at Danske Bank Group, Edit is responsible for building up the Group’s sustainable supply chain focusing on ESG risk, sourcing strategies and change management which enables the transformation. Edit holds an MBA from Technology University in Budapest and a master education in sustainability from the Norwegian BI Business School.

Thibault Lapedagne
Cybersecurity Research Director
CyberVadis

Thibault Lapedagne
Since CyberVadis creation Thibault Lapédagne has been at the heart of the cybersecurity assessment department. Having his professional background in consulting (Wavestone) he created the CyberVadis reference model and the processes to assess a company’s cybersecurity performance. Today he manages an international team of cybersecurity experts responsible for all assessment operations. Thibault Lapédagne participates in cybersecurity events as a keynote speaker to raise awareness on the importance of third-party cybersecurity risk assessments and CyberVadis methodology.

Merlin Linehan
Risk Manager
EBRD

Merlin Linehan
Merlin Linehan is a Risk Manager at the European Bank for Reconstruction & Development (EBRD), working across Crisis management and business resilience. Merlin has supported the Bank through a number of major geopolitical and IT events including Covid, Ukraine and Log4j. Merlin is also a regular contributor to publications such as Frontera, PRMIA and Risk Screen and others covering geopolitics, risk and technology. He has also appeared in various media outlets including the FT, BBC and Global Capital commenting on China’s global role and emerging markets

Hannah Macdonald
Head of Procurement &Third Party Risk, Supplier Operations Lead
Monzo

Hannah Macdonald
Biography coming soon

Kishan Majitha
Executive Director, Cyber and Technology Controls
JP Morgan Chase

Kishan Majitha
Biography coming soon.

Anne McGowan
Head of Supplier Management, Governance & Risk
Lloyds Banking Group

Anne McGowan
Anne is Head of IT Supplier Management , Governance and Risk at Lloyds Banking Group (LBG), leading a team of 35 Supplier Managers to support the delivery of the Group’s Technology Strategy.
Previously, as the Lead of LBG’s central Assurance Team, Anne successfully shaped the framework and delivered the assurance plan for suppliers across the various business divisions. This was during the backdrop of the pandemic when she moved on-site assurance to virtual.
An accomplished risk professional, Anne has extensive experience in senior roles in Third Party Risk Management and Management roles across Insurance and Retail channels.

Andrew Moyad
Chief Executive Officer
Shared Assessments

Andrew Moyad
Andrew Moyad is the Chief Executive Officer of Shared Assessments.
Andrew is an accomplished leader and trailblazer in third party risk management. As a practitioner and a senior risk management executive, he has driven a culture of accountability and diligence in safeguarding information. Andrew has more than 25 years in risk management and information security. He has contributed greatly to the transformation and advancement of risk management as a strategic function that intersects with and helps guide all aspects of organizations.
Most recently, Andrew served as Senior Vice President, Vendor Risk Management at Blackstone, where he led a team of risk professionals responsible for overseeing all phases of the vendor lifecycle at the firm, including risk assessments, control diligence, contract reviews, financial checks, performance monitoring, issue tracking, and management reporting. Prior to Blackstone, he served as a director and global head of vendor risk management and BlackRock and Senior Vice President for Citigroup, where he was a Business Information Security Officer in Global Fixed Income and led third party risk assessments for several years.
Andrew holds a Bachelor of Arts Degree in Natural Sciences from Harvard University and a Master of Science Degree in Information Systems from the Stevens Institute of Technology.

Anders Norremo
VP, Product Management for TPRM
Bitsight

Anders Norremo
Anders Norremo is an entrepreneur and company builder. He currently serves as the VP of Third Party Risk Products at Bitsight. He previously was the founder and CEO of ThirdPartyTrust, a third-party risk management SaaS, and led the company into a successful merger with Bitsight.
Anders has over 15 years of experience in information security and technology. His expertise in identifying trends and building solutions has contributed to solving the industry problem of a vulnerable supply chain by streamlining third-party risk assessments and security reviews for enterprises and their vendors.

Wayne Scott
Regulatory Compliance Lead
NCC Group

Wayne Scott
In his role as Regulatory Compliance Solutions Lead, Wayne manages NCC Group’s relationships with the global financial services regulators. This involves co-writing NCC Group’s consultation paper responses relating to third-party risk management, supply chain risk and operational resilience, as well as ensuring its products meet global regulatory requirements. Much of Wayne’s time is spent advising systemic financial institutions and their suppliers on how to build “demonstrably successful stressed exit plans” as instructed by the PRA.

Brian Shaw
Director of Financial Services
Mirato

Brian Shaw
Brian has worked in business process automation targeting risk and compliance for over 25 years, supporting hundreds of Fortune 500 and mid-market firms across all industries. Since 2011 Brian has focused on Third-Party Risk, Compliance and Performance Management for the Financial Services Industry, as well as Master Data Management and Know Your Customer (KYC) challenges. At Mirato, Brian serves as Director of Financial Services Sales, responsible for sales to financial services firms in North America and Europe.

Sonia Sordini
Head of Group Third Party Risk Management and Governance
QBE Insurance

Sonia Sordini
Biography coming soon.

Gemma Stewart
Global Head of Vendor Management
Zurich Insurance Company

Gemma Stewart
Gemma has worked in a variety of third-party management roles over 15 years including procurement transformation and IT portfolio management. Currently leading the group strategy for third party risk management which includes the risk policy, third party governance framework, and a GRC solution for automated risk management & reporting. Gemma and her team have spent the last 18mths implementing a globally consistent framework and system across 37 countries. A lean black belt with a passion for implementing efficient operating models and using IT solutions to simplify and automate third party risk management.

Nikki Stoy
GRC Cloud Specialist
OneTrust

Nikki Stoy
Biography coming soon.

Shabbir Tahasildar
Operational Risk Lead for Technology, Information Security and Third-Party Risk
Handelsbanken plc. (UK)

Shabbir Tahasildar
Shabbir is an Operational Risk Control professional with a blend of Risk management and Digital Transformation experience. He currently leads the second line’ oversight of Technology, Information Security Risk and Internal Controls Frameworks at Handesbanken plc and in the past he has worked with KPMG for close to 11 years in their Risk & Control Transformation practices across UK, India and Southern Africa. He is passionate about simplifying risk management and actively champions use of technology to enhance risk processes within the organisation using GRC and advanced technologies. Shabbir is an IT Engineer by qualification and holds professional certifications Certified in Operational Risk Management (CORM), Certified Information Systems Auditor (CISA), ISO 27001, Privacy Lead Auditor and PRINCE2 professional.

Simon Thomas
Executive Chairman
Thomas Murray

Thomas Murray
Simon is the Executive Chairman of Thomas Murray. Before co-founding Thomas Murray in 1994, Simon trained as a chartered accountant at Coopers & Lybrand. He also worked at S.G. Warburg and KPMG Management Consultants, and was an Executive Director of Davis International Banking.

Eustathios Triantafellou
Commercial Director
KY3P® S&P Global

Shabbir Tahasildar
Eustathios is the Commercial Lead for KY3P data, framework and regulatory initiatives. He joined S&P Global from the Prudential Regulation Authority – part of the Bank of England where he was the Head of Integrated Operational Risk & Resilience in the Supervisory Risk Specialists Directorate.
He has experience in leading multidisciplinary teams across financial and operational resilience responsible for policy design, implementation and regulatory operationalisation, which includes the UK’s Operational Resilience policy. In addition, Eustathios has led the PRA’s risk modelling and analytics teams having developed the first concurrent stress test and having led numerous modelling and data initiatives for supervisory and financial stability purposes. Eustathios has in-depth exposure to regulation, central banking, retail and wholesale banking having worked in Europe and North America.
Eustathios holds an Executive MBA from the University of Exeter (UK), a Master’s degree in Finance and Econometrics from Concordia University (Montreal, Canada) following an honours Economics Bachelor’s degree from Carleton University (Ottawa, Canada).
Sponsors
Knowledge partners

S&P Global
S&P Global (NYSE: SPGI) provides essential intelligence. We enable governments, businesses and individuals with the right data, expertise and connected technology so that they can make decisions with conviction. From helping our customers assess new investments to guiding them through ESG and energy transition across supply chains, we unlock new opportunities, solve challenges and accelerate progress for the world.
We are widely sought after by many of the world’s leading organizations to provide credit ratings, benchmarks, analytics and workflow solutions in the global capital, commodity and automotive markets. With every one of our offerings, we help the world’s leading organizations plan for tomorrow, today. For more information, visit www.spglobal.com.

PwC
At PwC, we’re working to build trust, deliver sustained outcomes and help clients solve their most important problems by combining human ingenuity and understanding with the right technology.
Globally, our network employs nearly 328,000 people working in 152 countries advising and managing services for 191,000 private and public sector clients of all sizes and sectors.
From building teams with diverse perspectives, experiences and expertise to investing in our skills and technologies, we take a human-led, tech-powered approach, working alongside our clients to deliver results that make the difference.
Co-sponsors

CyberVadis
The Most Reliable Security Ratings
Manage your third party risk worldwide with evidence-based assessments
CyberVadis is a cost-effective and scalable solution for third party cybersecurity risk assessments. Our methodology maps to all major international compliance standards including NIST Cybersecurity, ISO 27001, GDPR and several business specific frameworks. Our solution combines the speed of automation with the accuracy and effectiveness of a team of infosecurity experts, providing evidence-based assessments.

Mirato
Mirato’s TPRM intelligence platform elevates existing TPRM programs and tools by streamlining an entire operation’s data into one smart platform. Using natural language processing (NLP) and advanced artificial intelligence (AI), Mirato validates and enriches this data, turning it into actionable insights. What was previously multi-destination, manual-intensive labor is now replaced by the Mirato platform and is easily managed from one dashboard. This saves time and money (up to 60% of assessment cost) while increasing an organization’s ability to mitigate risk in an ever-evolving risk landscape.

Onetrust
As society redefines risk and opportunity, OneTrust empowers tomorrow’s leaders to succeed through trust and impact with the Trust Intelligence Platform. The market-defining Trust Intelligence Platform from OneTrust connects privacy, GRC, ethics, and ESG teams, data, and processes, so all companies can collaborate seamlessly and put trust at the center of their operations and culture by unlocking their value and potential to thrive by doing what’s good for people and the planet.

SecurityScorecard
SecurityScorecard is the global leader in cybersecurity ratings and the only service with millions of organizations continuously rated. Our mission is to make the world a safer place by transforming the way organizations understand, improve, and communicate cybersecurity risk to their boards, employees, and vendors.
SecurityScorecard’s patented rating technology is used by thousands of organizations for enterprise cyber risk management, third-party risk management, board reporting, cyber insurance underwriting, and regulatory oversight to meet compliance mandates; making all organizations more resilient by allowing them to easily find and fix cybersecurity risks across their externally facing digital-footprint.
SecurityScorecard is the only provider of instant risk ratings that automatically map to vendor cybersecurity questionnaires and the largest ecosystem of integrations, providing a true 360-degree view of risk. But we don’t stop there. Through a customer-centric, solution-based commitment to our partners, we are transforming the digital landscape building a path toward resilience.

Thomas Murray
Thomas Murray is a global risk intelligence company. We help our clients to understand and manage the risks facing their businesses and organisations in today’s highly interconnected environment. From third-party risk to cyber security, decision makers use our risk, advisory and technology solutions every day to build secure and resilient organisations.
Associate sponsors

Bitsight
Bitsight is a cyber risk management leader transforming how companies manage exposure, performance, and risk for themselves and their third parties. Global enterprises, governments, and organizations rely on Bitsight to prioritize their cybersecurity investments, build greater trust within their ecosystem, and reduce their chances of financial loss. When unrelenting market pressure pushes organizations to uncertainty and caution, they turn to Bitsight to confidently navigate cyber risk and grow with confidence.
Bitsight’s universally recognized risk standard and market-leading data provides actionable insights into how companies set and manage to standards and report results to internal and external stakeholders. Built on over a decade of technological innovation, Bitsight’s integrated solutions deliver value across enterprise security performance, digital supply chains, cyber insurance, and data analysis.
Bitsight is on a mission to free the global economy from the material impact of cyber incidents. For more information, visit bitsight.com.

Climate X
Climate X’s climate risk data and analytics platform, Spectra, is a multi-award-winning SaaS solution that helps organisations become more resilient to the impacts of climate change by quantifying the probability and severity of weather events decades before they happen. With the latest regulatory requirements in mind, firms around the world trust Spectra to provide explainable and understandable data to strengthen their climate financial risk disclosures and plans for ICAAP, stress testing, origination and TCFD reporting.
Spectra delivers location-specific risk ratings, EPC ratings for transition risk and climate-adjusted loss estimates between now and 2100 under multiple climate emission pathways via an easy-to-use SaaS platform or integrated API.
To learn more about Climate X and the work we do, visit our website for a personalised demonstration: https://www.climate-x.com

NCC Group
With over 30 years’ experience, NCC Group is a world-leading Software Resilience provider ensuring the continued availability of outsourced business-critical software and data through our Escrow and Verification services. Our Software Resilience services enable businesses to easily prepare for, respond to and recover from disruption to third-party services, strengthening operational resilience and satisfying business continuity planning, regulatory compliance and supply chain risk management requirements.

PA Consulting
‘We believe in the power of ingenuity to build a positive human future.
This idea unites and inspires us as we partner with passionate, forward-thinking leaders. We combine innovative thinking and breakthrough technologies, delivering end-to-end innovation. Our clients adapt and transform, and together we achieve enduring results.’
More here in our ‘about us’ page: Bringing Ingenuity to Life. | PA Consulting

Risk Ledger
Did you know 60% of organisations have suffered a security breach through a third party? It’s understandable – the traditional processes are broken. Organisations face a burden of ineffective, inefficient admin. ‘Point in time’ cybersecurity assessments make for poor-quality data that goes out of date fast, offering little protection. Risk Ledger helps organisations get their cybersecurity risk assessment tasks done in hours, not days and scale their supplier coverage from 5% to 95% so they can spot more vulnerabilities at just 10% of the cost.
The NHS used Risk Ledger to identify a situation where several third-party suppliers were all dependent on the same fourth-party supplier. They then worked with those third parties to first understand that risk, and then take action to mitigate it.
With help from insights like this, many of our customers have improved their supplier contracts. Interested in learning more? Visit https://riskledger.com/.
Content and media partners

CeFPro Connect
CeFPro Connect aims to connect industry experts through thought leadership content and timely news, written for the industry, by the industry. Gain unlimited access to CeFPro’s unparalleled library of resources including iNFRont Magazine, market intelligence reports, filmed presentations, insights Q&A’s, and much more.
Sign up for free.

iNFRont Magazine
iNFRont Magazine is a unique publication providing regular insight on the operational and non-financial risk (NFR) sector. Featuring contributions provided by leading industry figures and experts from around the world, iNFRont Magazine touches on the most critical themes and challenges currently affecting financial professionals.
Available to download for free.
Venue & FAQs
Leonardo Royal Hotel London
Tower Bridge
45 Prescot Street
London
E1 8GP
Accommodation is available at the venue.
Frequently Asked Questions
Can I share my thought leadership at Vendor & Third Party Risk Europe?
Will there be opportunities to network with other attendees?
- Breakfast, lunch and refreshment breaks
- Drinks reception at the end of day-1
- Q&As, panel discussions, and audience participation technology
What is included within the registration fee?
Where can I find the Summit documentation and speaker presentations?
*Please note that our speakers often have to gain permission from their relevant compliance departments to release their presentations. On rare occasions compliance may not allow presentations to be distributed.
Will breakfast, lunch and refreshment be provided?
Are there any rules on dress code?
Register
Register for Vendor & Third Party Risk Europe today and join the likes of 150+ industry professionals and subject matter experts looking to engage in meaningful conversation and discuss the latest developments and challenges within the vendor and third party risk sector.
Register before May 26 and take advantage of our early bird rate.
Don’t miss out, we only have a limited number available and prices will increase.
Need assistance with your registration? Get in touch with us via email below, or call us on +44 (0)207 164 6582.
Standard rate | After May 26
E.g. Bank, Insurance company, Asset manager, Regulator
E.g. Consultant, Vendor, Executive search firm, Law firm
Prices do not include VAT
*To qualify for the preferential ‘early bird’ rates, registration must be received by the close of the ‘early bird’ working day, and payment can be made at the time of registering, or up to a week after registration is made an invoice sent. CeFPro reserves the right to increase rates should payment be delayed significantly. Should a delegate register at a rate that is inaccurate, CeFPro reserves the right to issue an additional invoice for the outstanding amount.