Agenda
8:00 – 8:50
Registration and breakfast
8:50 – 9:00
Chair’s opening remarks
9:00 – 9:45
REGULATION – PANEL DISCUSSION
Understanding and effectively managing multiple regulatory agendas and managing third party risk
View Session Details
- Overcoming and managing risk in a space with a heavy focus on compliance
- Reviewing the current regulatory expansion on third party risk
- Realigning procedures and policies to meet regulatory demands
- Fed requirements for increased governance on risk reporting
- Reviewing SEC proposal for conflict of interest in the third party risk space
- Basel committee consultation on outsourcing principles
- Managing the NYDFS cybersecurity regulation
- Finalization of FSB’s third party risk management toolkit
|
Melissa Mellen, Head of Third Party Risk Management, Federal Reserve Bank of New York |
|
Stuart Hoffman, Bank Examiner, OCC |
|
Babette Reynolds, Compliance Senior Director, Head of Enterprise Compliance Program Office, Truist |
9:45 – 10:20
TPRM STRATEGY
Strategically positioning third party risk programs to align with strategic goals
View Session Details
- Understanding long term risks failure to align strategic goals with outsourcing
- Importance of aligning goals with risk appetite when outsourcing
- Correlation between aligning goals when outsourcing with a firm’s maturity
- Managing a lack of maturity in programs to align strategic goals
- Reducing unnecessary outsourcing
- Neglection of planning outsourcing from firms and its impacts
- Effective due diligence in planning and selecting a correct vendor
10:20-10:50
Morning refreshment break and networking
TPRM
10:50-11:35
FOURTH PARTY RISK – PANEL DISCUSSION
Developing capabilities to monitor and review the increased risk across fourth parties
View Session Details
- Expanding programs to include fourth, fifth and nth parties
- Ensuring a sufficient inventory list of your fourth parties
- Assurance of fourth parties through tools and third parties
- Advancing policies and procedures around fourth parties
- Utilizing data gathered from fourth parties
- Assessing vulnerabilities of fourth parties
- Enforcing controls with a fourth party
|
Madiha Fatima, Executive Director, JP Morgan |
|
Kholofelo Mothibi, Head of TPRM, Corebridge Financial |
|
David N. Braxton, SVP, Global Third Party Risk, Bank of America |
|
Varun Agarwal, Director, Enterprise Risk Management, Western Alliance Bank |
RESILIENCE
10:50-11:35
BCM – PANEL DISCUSSION
Collaborating with third parties to ensure business continuity and stability across the supply chain
View Session Details
- Effectively reviewing third party business continuity controls
- Integration of business continuity plans between the client and third parties
- Importance of an effective business continuity plan on supply chains
- Importance of a fully integrated business continuity playbook
- Challenges of fully integrating continuity between different systems
- Purpose of sharing access to individual networks
|
Spruille Braden, Enterprise Head of Operational Resilience, Citi |
|
Olga Voytenko, SVP, Head of Operational Resilience, Forbright Bank |
|
Brett Turk, Global Head of Business Continuity and Crisis Management, Vangaurd |
11:35-12:10
TPRM IN AN UNSTABLE WORLD
Assessing the results of Aravo’s third party risk maturity survey and report
View Session Details
- Review overall survey results and what they mean for the industry
- Determine the current maturity of TPRM programs in the marketplace and why it may be a concern
- Identifying critical elements for maturing and enhancing TPRM programs
- Understanding the strategic value of investing in a competent, adaptable, and resilient TPRM progran
- Examining how leadership defines performance, priorities, and next steps
- Assessing the measurability and impact of mature TPRM programs on the business
|
Loren Johnson, Director of Product Marketing, Aravo |
11:35-12:10
INCIDENT MANAGEMENT
Developing effective response plans to manage incidents from vendors under attack
View Session Details
- Ensuring better understanding around a vendors incident response
- Reviewing incidents to potentially identify vulnerabilities
- Joint testing incident management with vendors
- Keeping up with the pace of incidents
- Demand for more timely updates on incidents
- Reviewing the increase of incidents due to cyber activity
12:10-1:55
ERM
Reviewing how vendor risk is being integrated to observe at the enterprise level
View Session Details
- Importance and benefits of viewing third party risk across the business
- Ensuring organizations holistically understand TPRM goals
- Introducing a holistic model for risk teams to develop management of all risks
- Reviewing how third party information can support other areas of the business
- Scaling outsourcing to the enterprise level
- Case study of effective integration
12:10-12:45
INTERAGENCY GUIDANCE
Leveraging interagency guidance as a framework to effectively set up and manage third party risk management programs
View Session Details
- Alignment and clear understanding of guidelines
- Increased continuous monitoring requirements
- Understanding the broader definition of a third party
- Increased board oversight on critical relationships
- Impact of guidance on smaller-mid-sized firms
- Preparing for implementation deadline of inter-agency guidance
- Impacted of guidance on current third party risk programs
|
Tausif Khan, Director, Third Party Risk, DTCC |
|
Kristin L. Ciridon, Head of Third Party Risk, DTCC |
12:45-1:45
Lunch break and networking
1:45-2:20
VENDOR MANAGEMNT CAPABILITIES
Reviewing the evolution of vendor management: Understanding what it takes for firms to be “Brilliant at the Basics”
View Session Details
- Ensuring clear alignment and understanding of what “good vendor management” looks like
- Importance of winning trusted advisor status with stakeholders
- Overcoming the challenges when building a relationship vendor management team
- Skills, mindset and culture
- Investing in process and platforms to ensure performance goals are achieved
- Understanding the importance of balancing supplier risk vs. supplier commercials
|
Naveen Balakrishnan, Head of Third Party Risk Management, TD Bank |
1:45-2:20
CRITICAL RELATIONSHIPS
Assessing the maturity of third parties and updating processes for effective oversight of critical relationships
View Session Details
- Assessing a firms resilience when outsourcing to critical third party relationships
- Addressing the influence the UK critical third party regimes will have on US firms
- Determining the definition of a critical third party
- Enhancing operating models to better manage critical relationships
- Overcoming difficulties of identifying critical third parties
- Critical relationship approval requirements from the board
|
Donovan Tanner, Third Party Industry Expert tbc |
2:20-3:05
VENDOR RELATIONSHIPS – PANEL DISCUSSION
Managing and monitoring third party relationships in line with policy requirements and contractual agreements
View Session Details
- Expanding focus and control to better manage non-traditional contracted vendors
- Identifying and mitigating risks beyond traditional contracted vendors
- Adaptation of relationship management as outsourcing increases
- Importance of relationship manager monitoring changes to a third party
- Challenges of actively managing complex vendor relationships
- Developing a managed service model to improve vendor relationships
- Increased credible challenges on issues identified
|
Thomas Brandt, Chief Risk Officer / Director, Office of Planning and Risk, Federal Retirement Thrift and Investment Board |
|
Charmi Patel, VP, Vendor Risk Management, Israel Discount Bank of New York |
|
Chelsea Tieken, Business Strategy and Planning Director, TPRM Strategy and Initiatives, USAA |
2:20-3:05
DORA – PANEL DISCUSSION
Understanding what steps need to be in place to meet EU DORA implementation
View Session Details
- Ensuring compliance with vendors operating under Europe’s DORA Act
- Assessing how implementation of DORA in Europe will impact US firms
- Reviewing implementation requirements
- Overcoming additional governance and document requirements
- Alignment with other regulatory initiatives
3:05-3:40
CONTRACT MANAGEMENT
Monitoring contracts to ensure adherence to and maintenance of terms
View Session Details
- Ensure all parties within a contract comply with contract terms
- Amending agreements to ensure ‘right to ask’ for certain information
- Demand for increased assessments on contract terms
- Enforcing contractual agreements on your third parties to disclose required information
- Business continuity and information security of contract management
- Difficulty with managing scale of terms and conditions in a contract
|
James McPherson, Director & Counsel, Credit Agricole |
3:05-3:40
RESILIENCE
Incorporating additional testing expectations on operational resilience
View Session Details
- Ensuring contracts are effective and supportive of resilience
- Aligning contract resilience between firm and vendor
- Ensuring resilience of vendors can withstand a stress event
- Testing resilience with vendors to and ensure capabilities are met
- Developing and creating new testing programs on firm and vendor side
- Use of resilience testing to address supplier vulnerabilities
- Relationship between operational resilience and third party risk management
|
Spruille Braden, Enterprise Head of Operational Resilience, Citi |
3:40-4:10
Afternoon refreshment break and networking
4:10-4:45
STRATEGIC RISK
Reviewing evolving third party risk management to effectively address strategic risks
View Session Details
- Identifying the impact of emerging strategic risks for third party risk management
- Geopolitical, cloud concentration, resilience, data protection
- Understanding the disruption and delays of strategic risk on third party risk management
- Importance of approaching strategic risks holistically
- Establishing risk appetite for strategic risks taking
- Overcoming a lack of clarity around outsourcing trade offs
|
Stefan Smith, Director, Enterprise Risk Office and Head of Third Party Risk, Bank of Canada |
4:10-4:45
GEOLOCATION
Leveraging vendors in different jurisdictions and offshoring to mitigate the impact of unforeseen risks
View Session Details
- Effective support from vendors in different geolocations
- Reviewing business continuity of locations used for outsourcing
- Monitoring locations where critical vendors are based
- Lack of data to determine where third parties are located
- Impact of outsourcing to a vendor with geolocational risks e.g. hurricanes, floods
- Assessing the impact of geolocation challenges on supply chain
- Importance of sharing vendor geolocation data with other arms of the firm
4:45-5:20
FINTECH
Managing the opportunity and balancing the risk of leveraging fintech’s as a third party
View Session Details
- Working with organizations with less developed controls
- Assessing the opportunities of enhanced controls and security on a fintech
- Ensuring fintechs meet the standard of traditional third parties
- Improved guidance to understand what regulations must be adhered to
- Ensuring policies and procedures extend to fintechs as third party vendors
- Mitigating an increased risk exposure to cybersecurity attacks
|
Firas Mustapha, , Senior Director of Compliance, Arvest Bank tbc |
4:45-5:20
TECHNOLOGY
Reviewing the technology landscape and its impact on the resilience of third party risk
View Session Details
- Managing enhanced technology requirements requiring more timely and transparent reporting
- Exploring new technologies to improve efficiencies
- Timeliness of notification of technology subcontractors in the supply chain
- Increased concern of technology outsourcing longer chains and widely spread risks
- Data challenges of using vendor technology
- Pushback from technology suppliers on what data they are willing to share
|
Scot Lynch, Executive Director, Morgan Stanley |
5:20-5:30
Chair’s closing remarks
5:30
End of day one and networking drinks reception
8:00 – 8:50
Registration and breakfast
8:50 – 9:00
Chair’s opening remarks
9:00 – 9:45
GEOPOLITICAL – PANEL DISCUSSION
Assessing the impact of global volatility on third parties and managing uncertainty
View Session Details
- Understanding how geopolitical risks are impacting global and regional supply chains
- Carrying out geopolitical analysis on where your third parties are centered
- Assessing why geopolitical risk have been overlooked by firms
- Impact of geopolitical conflicts on vendor services provided
- Anticipating how future geopolitical crisis can impact your firm
- Reviewing the impact of the 2024 US election result on vendor and TPRM programs
- Mitigating the impact of increased geopolitical risks
|
Kristen Schneider, Director, Business Strategy and Planning, USAA |
|
Nita Kohli, Board Advisor & former Global Head of Enterprise Resilience, Citi |
9:45-10:20
AI USE
Reviewing practical uses of generative AI to further advance third party risk teams
View Session Details
- Leveraging efficiencies of AI to enhance internal processes
- Ensuring workforce in place can understand AI and how to assess it
- Providing AI services and support to clients and customers
- Generative AI use through third party risk programs
- Data gathering on third parties
- Ensuring AI understands risk appetite and tolerances
- Policy and procedure alignment with the use of AI
- Effectively assessing AI data sets
- Partnering with vendors to enhance AI use in industry
10:20-10:50
Morning refreshment break and networking
TPRM
|
Nicholas Kula, Global TPRM and Resilience Leader, Archer |
10:50-11:35
AI EXTERNAL – PANEL DISCUSSION
Reviewing the evolving AI landscape and oversight of use of AI by third parties
View Session Details
- Reviewing the evolving AI landscape and use of AI by third parties
- Importance and difficulties with validating AI use by vendors
- Data privacy concerns with the use of AI by third parties
- Ensuring governance on AI use by third parties and vendors
- Effectively integrating AI into the vendor risk management process
- Monitoring the use of AI across the supply chain
- Anticipating laws and legislation on the horizon
- Ensuring solutions meet with policies and risk tolerances
|
Dolly Singh, MD, Global Head of Third Party Oversight , JPMorgan Chase |
|
Sonia Jarvis, Director, Quantitative Modeling, Fannie Mae |
|
Sri Intan, Head of Vendor Risk Management for North America, Commerzbank AG |
RESILIENCE
10:50-11:35
EXIT PLANNING – PANEL DISCUSSION
Enhancing exit strategies in the event of planned and unplanned exits
View Session Details
- Ensuring effective design of an exit strategy
- Understanding the importance of developing exit strategies
- Incorporating geopolitical conflicts into exit strategies
- Assessing business continuity of third parties when exit planning
- Effectively aligning risk appetite when exit planning
- Determining stress points of an exit plan
|
Rick Cech, Senior Bank Manager, Federal Reserve Bank of New York |
|
David LaFalce, SVP & Global Head of Operational Resilience, Wells Fargo |
11:35-12:10
DATA
Monitoring and tracking accessibility and access to data across third parties
View Session Details
- Overcoming the challenges of external data use
- Adhering to varying data requirements in different jurisdictions
- Improving use of data provided by vendors
- Ensuring data compliance with CIPRA
- Accessibility and security of data to third parties and vendors
- Reviewing rapid evolution and increased sophistication of ratings service providers
11:35-12:10
CONCENTRATION RISK
Mitigating the varying types of concentration risks a firm can face
View Session Details
- Assessing the risk of concentration with current vendors and third parties
- Leveraging vendor concentration to manage multiple risk types
- Effective reporting around concentration risk
- Data requirements to understand and identify concentration risks
- Correlation between concentration and geopolitical risk
- Impact of conflict risk on your vendor concentration
12:10-1:10
Lunch break and networking
1:10-1:55
ESG – PANEL DISCUSSION
Assessing the current ESG landscape and understanding what it means for vendor and third party risk programs
View Session Details
- Addressing a lack of legislation and guidance on ESG
- Restriction ESG is putting on outsourcing activities
- Impact of ESG in the context of responsible supply chain
- Balancing level of protection and service whilst ensuring supplier diversity
- Identifying verifiable data points
|
Leidy Anderson, Third-Party Risk Director, Western Alliance Bancorporation |
1:10-1:55
CYBER RESILIENCE – PANEL DISCUSSION
Effectively monitoring cyber threats across the supply chain to drive resilience
View Session Details
- Assessing if providers are effectively protecting confidential information against cyber attacks
- Obtaining timely and accurate security information from third party vendors
- Importance of continuous monitoring of cyber risks
- Managing cyber security stresses across third parties
- Importance of data use to combat cyber attacks
- Ensuring cybersecurity resilience
- Benefits on partnering with vendors and sharing technologies
- Impact of SEC guidance on CISO’s
|
Tom Kartanowicz, CISO, Europe and Americas, Standard Chartered Bank |
|
Mahi Dontamsetti, EVP, Global Head of Non Financial Risk & CTRO, State Street |
|
Marta Palanques, Director, Methodologies and Practices, Technology Risk Management, Capital One |
1:55-2:30
DUE DILLIGENCE
Utilizing due diligence assessments as a tool to better understand and manage risk
View Session Details
- Defining a standard of effective due diligence on firms
- Moving away from a ‘one size fits all’ approach
- Wider regulatory expectation when carrying out due diligence
- Importance of timely information when conducting due diligence
- Leveraging AI to better carry out due diligence
- Overcoming lack of cooperation to obtain data
- Raised due diligence concern with increased technology outsourcing
- Focusing on inherent risks of vendors when carrying out due diligence
|
Brennan Lodge, Head of Analytics Engines, Cybersecurity, HSBC |
1:55-2:30
RANSOMWARE
Managing the increased risk of ransomware breaches and vulnerabilities firms are facing
View Session Details
- Protection against ransomware attacks in a technologically enhanced environment
- Keeping ahead of sophisticated ransomware attacks
- Ensuring data is secure and protected against ransomware attacks
- Understanding how ransomware attacks can impact your supply chain
- Mitigating vulnerabilities to protect against ransomware
- Importance of understanding if you have been impacted by a ransomware attack
- Impact, escalation channels, mitigation plan, disconnect and reconnect timelines
|
Fabian De Jesus, Director, Information Security Officer, Capital One |
2:30-3:05
SUPPLY CHAIN
Assessing and mitigating the risks of upcoming supply chain crisis
View Session Details
- Interconnected nature of third parties impact on supply chain
- Formulation of principles around supply chain at the global and jurisdictional level
- Understanding the impact geopolitical risk has on supply chains
- Effectively managing cybersecurity risk across the supply chain
- Applying a proportionate risk based approach to supply chain risk management
- Difficulties with subcontracting supply chain risk management
- Introduction of supply chain consultation in June 2024
- Mitigating strategies to ensure operational resilience in your supply chain
- Importance of nearshoring to avoid supply chain risks
|
Penny Cagan, former Managing Director, Americas Head of Operational Risk, UBS |
2:30-3:05
CONTINUOUS MONITORING
Importance of continuous monitoring to move beyond point in time assessments
View Session Details
- Assessing best practice within the industry
- Ensuring data quality and availability for continuous monitoring tools
- Leveraging to better identify vulnerabilities in vendor data
- Extracting value from continuous monitoring
- Comparing effectiveness of continuous monitoring with due diligence
- Use of continuous monitoring to identify threat intelligence
|
Patricia Catharino, Head of Risk Management & Internal Controls, U.S. and Caribbean, SVP, Banco Itau International |
3:05-3:35
Afternoon refreshment break
3:35-4:10
THE BOARD
Enhancing board reporting and defining information required to communicate risk
View Session Details
- Regulatory influence on how firms report to the board
- Leveraging due diligence to better report to the board
- Assessing what risks are considered a board level concern
- Reporting residual risk from vendors to the board
- Efficiently reporting important information to ensure the board can make strategic decisions
- Difficulty of creating processes around board approvals
|
Karina Volvovsky, Business Controls Officer, City National Bank tbc |
4:10-4:45
THIRD PARTY RISK MANAGEMENT
Reviewing how to develop current third party risk programs to enhance maturity and risk mitigation
View Session Details
- Understanding the interconnectedness of third parties used
- Leveraging risk intelligence to effectively manage third party risk
- Reviewing enhanced monitoring requirements of third parties
- Ensuring effective oversight of third parties
- Enhanced expectations of a third party deemed critical at the system level
- Improving value proposition in third party risk programs
- Responsibility of reporting risks found in the program
4:45-4:55
Chair’s closing remarks
4:55
End of Vendor and Third Party Risk Management USA 2024 Congress