Managing vendor and third party risk and ensuring resilience in an increasingly complex environment

Vendor & Third Party Risk USA

7th Annual | June 1-2, 2022 | New York City

Developing holistic BCM plans and incorporating resilience

Lessons learnt from the pandemic and leveraging opportunities of change

Incorporating ESG into TPRM practices and developing metrics and scoring

Streamlining processes and leveraging machine learning and data science techniques

An overview of the threat landscape and mitigating risks of vulnerabilities across vendors

Reviewing risk beyond third and fourth parties and establishing due diligence best practices

Assessment and managing fintech as a third party service and establishing strategic partnerships

Managing increased prevalence and use of cloud services and mitigating concentration risks

Screenshot_2022-03-08_at_15.34.15 (1)

Olga Voytenko
MD, Head of Third Party Risk Management
State Street

Rob_Haven_Professional_Photo (1)

Rob Haven
Director of Vendor Management
Renasant Bank

1516305834347 (1)

Kristen Schneider
Director of Risk Management

Ken_Wolckenhauer (1)

Ken Wolckenhauer
VP, Vendor Management
Nordea Bank, New York Branch


Roxane Romulus
Director, Third Party Risk Management
Voya Financial


Amanda Xu
SVP, Head of Third Party Risk Management
EastWest Bank


Madiha Fatima
Director, Third Party Risk Management
Angelo Gordon


Jeremy Resler
SVP, Director Third Party Risk Management Governance
U.S. Bank


Please contact the Center for Financial Professionals today to discuss how we can deliver your thought-leadership at the event, help you generate leads, and provide you with unique networking and branding opportunities. For more information on what we can offer, please contact or call us on +1 888 677 7007 ext. 207 where a member of the team will be happy to tailor the right package for you.


8:00 Registration and breakfast

8:50 Chair’s opening remarks


9:00 Reviewing the global regulatory environment and the future of regulation in financial services

Session details 

  • Finalization of OCC and Federal Reserve guidance
  • Reviewing changes on the horizon
  • Enhancements to guidance from regulators and what they mean
  • Cyber security and info sec regulations
  • Prescriptive nature of guidance
  • Reviewing the current regulatory environment
  • Changing expectations as a result of Covid
  • Implementing changes across a TPRM program

Olga VoytenkoMD, Head of Third Party Risk Management, State Street
Kristen SchneiderDirector of Risk Management, USAA


9:45 Understanding resilience requirements and lessons learnt from PRA on material outsourcing implementation

Session details 

  • Understanding regulatory requirements
  • Practical application and experience
  • Guidance for global institutions
  • Feedback post implementation
  • Impact to TPRM teams
  • Management across supply chain
  • Developing resilience across departments and business lines

10:20 Morning refreshment break and networking


10:50 Developing holistic business continuity plans and resilience programs and adapting to changing environments

Session details 

  • Impact of work from home and hybrid environments
    • Internally and across vendors
  • Access control risks with work from home
  • Implementing continuity plans for disruption in service
  • Ensuring adherence to SLA regardless of external changes
  • Managing new trends and ways of working
    • Identifying new risks
  • Protecting data with emote work forces
  • Developing robust BCP and validating plans across the business
  • Regulatory expectations for internal exercises and planning

Barbara-Ann Beohler, Regulatory Compliance Analyst, Aravo


11:25 Aligning global privacy and data requirements for effective oversight across jurisdictions

Session details 

  • Understanding GDPR, DPIA and impact of Schrems II
  • Alignment of expectations and requirements
  • Managing global data privacy expectations
  • Practical application of regulations
  • Business impact of compliance


12:00 Lessons learnt from Covid-19: Updating and testing controls with evolving working environments

Session details 

  • Changes to due diligence processes with work from home models
  • Evaluating vendor controls with different working environments
  • Information security assessments across vendors
  • Resilience considerations
  • Privacy concerns with work from home
  • Monitoring locations of employees and vendors
  • Replacements for on-site assessments and future technology opportunities
  • Reviewing changes that will be continued in a post Covid environment
  • Updating terms and code of conduct to mitigate risk

Alpa Inamdar, Transformation Leader, AIG
Senior Executive, Ekran System
Roxane Romulus, Director, Third Party Risk Management, Voya Financial  
Brian Shaw, Director of Financial Services Sales, Mirato

12:45 Lunch break and networking

1:45 Reviewing risk across suppliers and outsourced services and assessing country risk when offshoring

Session details 

  • Developing systems to protect data
  • Enforcing contracts for protection of data
  • Managing privacy and data challenges
  • Analysis of jurisdictions to monitor risk
  • Determining level of risk from offshoring
  • Regulatory requirements for data and privacy
  • Moving systems to the cloud
    • Reviewing placement of data centers


2:20 Incorporating ESG into third party risk practices and developing metrics and scoring criteria to ensure compliance

Session details 

  • Ensuring sustainable energy practices across supply chain
  • Viewing as essential risk control areas: Documenting goals and policies to demonstrate action
  • Regulatory views and future of regulation
  • Developing a risk based approach for review and assessment
  • Managing carbon footprint an defining tolerance of carbon impact
  • Augmenting assessment process to include ESG concerns
  • Staffing requirements to implement change
  • Impact of limited data across the industry
    • Leveraging external data

Ken Wolckenhauer, VP, Vendor Management, Nordea Bank, New York Branch
Justin Boehm, Senior Manager, Consulting, EY
Senior Executive, Riskonnect


3:05 Incorporating diversity and inclusion reviews across risk and onboarding processes

Session details 

  • Diversity and inclusion practice considerations across vendors
  • Protecting reputation working with certain companies and industries
  • How far to review third parties and outsourced services
  • Changes to decision making process and onboarding of new vendors
  • Monitoring supplier diversity
  • Managing in risk and procurement
  • MWBE – minority or women owned business/enterprise
  • Encouraging diversity in bid process

3:40 Afternoon refreshment break and networking


4:10 Streamlining processes and leveraging machine leaning and data science techniques

Session details 

  • Leveraging external data
  • Data science and AI technology uses and capabilities
  • Evolution of technology in TPRM
  • Enhancing efficiencies in programs
  • Automation of reviews and assessments
  • Streamlining onboarding processes
  • Managing workflows to move from excel
  • Efficiency gains with increased use of tools and technology
  • AI and machine learning use cases
  • Demonstrating value of technology implementation

Session reserved for Grant Thornton


4:45 Moving strategic sourcing within a third party risk framework for a holistic view

Session details 

  • Onboard processes for new vendors
  • Impact to strategy of the business
  • Identifying vendors that could benefit across the firm
  • Viewing the whole vendor population to drive strategy
    • Utilizing vendors for strategic benefit
  • Identifying vendor concentration
  • Getting senior management buy in

Patrick Potter, Risk Strategist, Archer

5:20 Chair’s closing remarks 

5:30 End of day one and networking drinks reception

8:00 Registration and breakfast

8:50 Chair’s opening remarks


9:00 Reviewing the cyber threat landscape and mitigation tactics to limit vulnerabilities across vendors

Session details 

  • Dependence on vendor transparency with risk assessment and controls
  • Verifying controls in place: Adopting a trust but verify model
  • Verification and testing of patches before onboarding
  • Regulatory expectations and requirements for notification and communication
  • Understanding potential risk exposure across vendors
    • Custody and access to data
  • Monitoring vendors cyber health

Ryan LougheedDirector of Product Management, Onspring


9:45 Reviewing regulatory expectations for oversight of fourth parties and due diligence best practices

Session details 

  • Due diligence for effective oversight
  • Identifying critical fourth parties
  • Assessment through third party program vs. direct to fourth parties
  • Determining appropriate oversight for the business
  • Tying to incident response management
  • Maintaining visibility into fourth party risk
  • Managing limitations in assessments process
  • Limitations in availability of information

10:20 Morning refreshment break and networking


10:50 Identifying critical third parties and determining effective oversight requirements

Session details 

  • Defining critical in a third party risk perspective
  • Aligning with resilience
  • Additional oversight once critical vendors are identified
  • High inherent risk vs. high residual risk vs. critical third parties
  • Outlining criteria of what makes a vendor critical
  • Implementing a sustainable solution
  • Aligning perspectives across the business
  • Developing exit strategies to minimize the impact
  • Execution and preparation for exit strategies

Amanda XuSVP, Head of Third Party Risk Management, EastWest Bank
Madiha Fatima, Director, Third Party Risk Management, Angelo Gordon


12:00 Understanding and managing risk for emerging technologies in vendor service offerings

Session details 

  • An overview of emerging technologies increasingly present in vendor service offerings – Artificial Intelligence, Distributed Ledger, Robotic Process Automation
  • Applying operational risk lense to determine in scope risks for emerging technologies
  • Risk assessment and mitigation strategies for new technology offerings

George KaniarasserilManager, Information Risk Management, CarMax

12:35 Lunch break and networking


1:35 Assessing risk and managing treatment of fintech as a third party service provider

Session details 

  • How to address emerging privacy and cybersecurity risks in fintech services and technologies
  • Best practices for limited use or pilot programs with fintech companies
  • Developing a program for hybrid vendors
  • Managing regulatory expectations for un-regulated institutions
  • Contractual considerations to mitigate risk
  • Identifying pitfalls in acquisitions

Erin Jane Illman, Partner and Fintech Practice Lead, Bradley Arant Boult Cummings LLP
Leah M. Campbell, Senior Attorney, Bradley Arant Boult Cummings LLP


2:10 Strategic Fintech partnerships: Finding the right fit

Session details 

  • Aligning fintech partnerships with strategic goals
  • Fintech due diligence & monitoring
  • Overcoming the fintech-banking language barrier
  • Managing relationships between fintech partners and internal and external stakeholders

Michael Berman, Founder & CEO, Ncontracts

2:45 Afternoon refreshment break and networking


3:15 Managing increased prevalence of cloud services and potential concentration risks

Session details 

  • Effective oversight of cloud providers
  • Managing reliance and concentration on certain providers
  • Diversification of providers
  • Downstream impact
  • Structuring cloud providers
  • Determining impact to risk profile
  • Increased reliance on providers
    • Business resilience considerations

Jeremy Resler, SVP, Director Third Party Risk Management Governance, U.S. Bank


4:00 Managing heightened M&A activity and alignment of programs and expertise

Session details 

  • Challenges merging two programs
  • Transitioning to one single platform
  • Drawing the best of both programs
  • Retraining people to new program

Rob Haven, Director of Vendor Management, Renasant Bank

4:45 Chair’s closing remarks

4:55 End of congress

Please check back soon as this agenda will be updated and new speakers will be added. Request more information here.

biophoto (1)

Barbara-Ann Beohler
Regulatory Compliance Analyst


Barbara is an attorney and adjunct lecturer with over twenty years of compliance experience. Barbara currently serves as a Product Marketing Director, at Aravo Solutions, Inc. and teaches “Compliance Practice Skills” at both Suffolk University Law School and Boston University Law School. Barbara formerly served as the Director of Programming and Education at Compliance Week, Securities SME at Wolters Kluwer Financial Services, Global Chief Compliance officer for Arete Research, a limited-purpose, FINRA-registered broker/dealer specializing in equity research. Barbara has also held compliance roles at Fidelity Investments, JP Morgan Invest, Standish Mellon Asset Management, and Babson Capital Management. Barbara holds a BA from Suffolk University, a JD from Suffolk University Law School, and an LL.M. from Boston University School of Law.

Screenshot_2022-03-08_at_16.00.30 (1)

Michael Berman
Founder & CEO


Mr. Berman has been practicing law for almost 20 years. He was General Counsel for Goldleaf Financial Solutions, Inc., a publicly-traded information technology company on the NASDAQ. He has also worked as General Counsel for Tecniflex, Inc. and Imagic Corporation. During his legal career, he was involved in numerous financial institution regulatory matters and contract management issues and assisted in the development of many information management systems. He is a frequent speaker at financial institution conferences, regarding vendor and contract management. He graduated from Cornell University with a B.S. in Communications and holds a J.D. degree from the University of Tennessee.

Clean_Final_Cropped_-_Sml_frame_-_20210123_154208 (1)

Justin Boehm
Senior Manager, Consulting


Justin K. Boehm is a Senior Manager in the Consulting practice of Ernst & Young LLP. He is a high performing risk and markets leader with 10+ years of strategic governance, operational and project management experience; interfacing with senior leadership and regulators across multiple disciplines – Brand / Reputational, Enterprise / Operational and Third Party risk.
Relevant experience
Manages several global, on-shore and off-shore teams of ~40 resources executing against a pipeline of ~3,000+ third party risk assessments annually across multiple risk domains (e.g. Information Security, Cyber, Regulatory Compliance, Business Continuity / Resiliency, Financial Health, OFAC / AML, etc.) for key financial services, insurance, technology and payments clients.
Led multiple program development and transformation advisory projects across Third Party Risk Management (TPRM), Enterprise / Operational Risk, Internal Audit, Franchise / Brand, Procurement / Finance, Business Continuity / Resilience and Information / Cyber Security functions at multinational, financial services, asset management, insurance and technology / payment clients.
Developed and implemented risk-based process simplification.
Recommended robust policy / procedure development and oversight across multiple risk dimensions.
Advised front-to-back control-set development aligned with regulatory requirements – enabling effective Internal Audit and FRB reviews.
Guided strong change-control strategy development / implementation to prioritize system builds / updates to GRC tools – Hiperos 3PM and MetricStream – driving enhanced on-going risk management and governance / reporting.
Enabled the change management, communication and learning strategy implementations across multiple global financial and accounting / advisory institutions focused on risk and change management to sustain momentum in matrixed organizations
NE TPRM Market Leader and Consulting risk lead on two key EY accounts in financial services and payments, enabling our clients to meet their goals and deliver against strategies across functions through strong market presence, relationships and thought leadership.

Justin holds a BS in Finance and Marketing from The Martin J. Whitman School of Management at Syracuse University and is Certified in Risk and Information Systems Control (CRISC).

Madiha- (1)

Madiha Fatima
Director, Third Party Risk Management 
Angelo Gordon


Madiha is speaking at Vendor & Third Party Risk USA

Rob_Haven_Professional_Photo (2)

Rob Haven
Director of Vendor Management
Renasant Bank

Rob Haven is First Vice President & Vendor Management Director for Renasant Bank, a $17 billion regional bank in the southeastern US.  He is responsible for third party risk and vendor monitoring.
He has a M.A. in Business Administration, is married, with two grown children, and two sophisticated cats.  Highlights of his 40+ years of financial and community leadership include:
• Managing for Toyota and a Toyota/General Motors joint venture in Finance, HR and General Affairs
• Credit Union CEO serving sponsor companies, including Clorox, Gap, Oakland Athletics and Ghirardelli Chocolate Company
• Senior VP, Treasurer, and Trustee for a community bank
• Hospital Treasurer
• Rotary Club President
• Leading largest Toyota contingent to support National Public Lands Day

Erin Jane Illman
Partner and Fintech Practice Lead
Bradley Arant Boult Cummings LLP


Erin Illman is co-chair of Bradley’s privacy and cybersecurity practice and leader of the firm’s fintech team, who is an experienced thought leader in fintech, privacy, data security and the integration of technology into business practices. She works closely with clients in the growing fintech space in the areas of payment technology, digital banking and lending, personal finance and robo-advising, investing and venture capital, cryptocurrency, blockchain, and electronic products and services. In addition to providing proactive privacy and information security compliance and legal advice, Erin manages privacy-related enforcement actions and litigation. Her practice includes representing companies in reactive incident response situations, including insider cybersecurity threats, electronic and physical theft of trade secrets, and investigation, analysis and notification efforts with respect to security incidents and breaches.

Alpa-Pic_1_1016192-copy-120x120 (1)

Alpa Inamdar
Transformation Leader


Alpa is speaking at Vendor & Third Party Risk USA


George Kaniarasseril
Manager, Information Risk Management


Throughout his 24 years in the financial services sector, George has steadily evolved into a thought leader around technology risk and third party risk management for various financial institutions, Fortune 500 companies, and within Big 4 Consulting. With specific expertise in information security, business resilience and data privacy, George is incredibly passionate to help forward facing organizations analyse and control risks related to technology risk and outsourcing. Our landscape requires thought leaders who understand core business processes and goals and can strengthen partnerships throughout organizations to address risks around third parties. George welcomes the opportunity to partner with people-oriented organizations looking to build out their technology risk and third party risk management programs to collectively evolve these practices within the industry as a whole.

Ryan-Lougheed (1)

Ryan Lougheed
Director of Product Management


After spending a career working with the Fortune 1000 to implement new technology platforms, Ryan is now a lieutenant at Onspring leading product innovation. Much of his role is focused on working with individuals across businesses to understand their team’s pain points and how software can help them produce more efficient processes, communication, and better business intelligence.

Patrick-Potter-120x120 (1)

Patrick Potter
Risk Strategist


Patrick has over 30 years’ experience leading risk management, operational resiliency, compliance, internal audit, third-party management, strategic planning and process improvement in both practitioner and consulting roles. He has developed a unique perspective working with analysts, partners and customers spanning many industries including financial services, healthcare, government, energy, education, and travel and hospitality.

He has been a speaker for the Institute of Internal Auditors, Disaster Recovery Journal, RSA Archer Summit, Financial Executives Networking Group, Association of Continuity Planners, Audit World and the Information Systems Audit and Control Association.  Patrick has also contributed thought leadership articles for such publications as Continuity Insights, Internal Auditor Magazine, SC Magazine and Disaster Recovery Journal.

Patrick is a subject matter expert for Archer where he provides strategic input into the development of the Archer Suite and works with customers on best practices.

Jeremy_Resler_Headshot_-_LI (1)

Jeremy Resler
SVP, Director Third Party Risk Management Governance
U.S. Bank


Jeremy has over ten years of experience and expertise in the financial services and legal sectors, and is currently a Senior Vice President and the Director of Governance in the Corporate Third Party Risk Management group at U.S. Bank.

Jeremy is responsible for overseeing various functions and teams within the centralized, enterprise TPRM Program, including quality assurance, policy and audit/exam management, fourth party risk, joint venture/strategic alliance risk, merger and acquisition operational risk, enterprise RCSA third party risk and external risk request management. Jeremy graduated with an Economics degree from the University of Minnesota and a Juris Doctor from the William Mitchell College of Law in St. Paul, MN. Prior to U.S. Bank, Jeremy worked for a legal publishing company and subsequently clerked for a District Court Judge in Hennepin County, MN.


IMG_6098 (1)

Roxane Romulus
Director, Third Party Risk Management
Voya Financial


Ms. Romulus is currently Director, Third Party Risk Management for Voya Financial. In this role, she is responsible for vendor risk policy, third-party risk oversight and implementation of best practices in third-risk and controls.
Ms. Romulus strives to build strong partnerships and ensure joint accountability when it comes to protecting the company’s employees, clients, information and brand. Her expertise spans
a number of well-respected firms including, SunTrust Bank, MetLife, Deloitte & Touché, Putnam Investments and Bank of America.
Ms. Romulus is a graduate of Suffolk University and holds her MBA from Simmons University. A lover of new challenges, she’s completed the Atlanta 13.1 Half Marathon and Tough Mudder Competition, one of the toughest endurance races on the planet. However, her most rewarding role is the one of mother to her four year old daughter Layla Rose.

1516305834347 (2)

Kristen Schneider
Director of Risk Management 

Kristen is speaking at Vendor & Third Party Risk USA
Screenshot_2022-03-08_at_15.38.05 (1)

Brian Shaw
Director of Financial Services Sales


Brian has worked in business process automation targeting risking and compliance for over 25 years, supporting hundreds of Fortune 500 and mid-market firms across all industries. Since 2011 Brian has focused on Third-Party Risk, Compliance and Performance Management for the Financial Services Industry, as well as Master Data Management and Know Your Customer (KYC) challenges. At Mirato, Brian serves as Director of Financial Services Sales, responsive for sales to financial services firms in North America and Europe.


Screenshot_2022-03-08_at_15.34.15 (2)

Olga Voytenko
MD, Head of Third Party Risk Management 
State Street


Olga Voytenko is a Managing Director, Global Head of Third Party Risk Management. She is responsible for managing third party and outsourcing risk arising from State Street’s reliance on third parties performing services or activities on State Street’s behalf. This includes risks related to ineffective third party selection and failure to oversee and monitor our third parties. Ms. Voytenko is responsible for building, deploying and supporting the technology and processes to support business functions in mitigating Third Party Risks.
Prior to her current role, Ms. Voytenko served as Vice President within Global Treasury leading Global Liquidity Risk Management team across State Street, as well as, prior leadership roles within Recovery Resolution Planning, Valuation & Analytics, Corporate Audit, and Institutional Services.
Before joining State Street, Ms. Voytenko worked at Sun Life Financial, where she held various leadership positions in an Investment Finance and Security Valuation teams.
Ms. Voytenko holds a Master of Science in Business Administration from Suffolk University and a Bachelor of Science in Accounting and Finance from Boston University.

Ken_Wolckenhauer (2)

Ken Wolckenhauer
VP, Vendor Management
Nordea Bank, New York Branch

Ken Wolckenhauer is the Head of Vendor Management at Nordea Bank’s New York branch. Leading up to this position, Ken was as a subject matter expert, trainer, solutions provider, and consultant for FIS, the world’s largest global provider dedicated to banking and payments technologies. With FIS, Ken specialized in financial industry regulatory risk and compliance, mostly in the area of anti-money laundering and watchlist compliance. Nordea Bank leveraged Ken’s risk and compliance knowledge to build out the vendor management program for the New York branch, developing a program that would properly manage risk as well as gaining acceptance to the US regulators. The success of the US program is now being used to advise Nordea’s European branches on enhancements to its TPRM program. Ken is a graduate of Bucknell University and is a Certified Anti-Money Laundering Specialist.
amandaxu-200x200-1 (1)

Amanda Xu
SVP, Head of Third Party Risk Management
EastWest Bank


Amanda Xu is the Head of Third Party Risk Management (TPRM) at
East West Bank overseeing the TPRM lifecycle including planning, due
diligence, contract negotiation, ongoing monitoring, and termination
enterprise wide. Amanda has over 25 years of experience in banking
including 12 years at KPMG. Amanda is accountable for the development
and mentoring of a high performing team in support of the bank’s third
party risk program. She leads cross-functional teams and partners with
IT to build the TPRM dashboard to provide transparency and oversight
to executive management and the board. Amanda received a Master of
Science in Business Administration/Information Systems Auditing and a
Bachelor’s degree from Cal Poly Pomona.

In her spare time Amanda is teaching the “Advanced Information Technology Auditing” class. This is a required class to complete the Master of Science in Information Security (MSIS) program at Cal Poly Pomona. The MSIS is a STEM designated degree program and is for people who wish to pursue a career in IT Auditing, Information Security, Risk Management, and Computer Forensics.




Interactive panel discussions are designed to include attendees by running a live Q&A throughout the session


Hear industry experts provide detailed insights on a range of vendor risk issues, challenges and opportunities


Networking opportunities including breakfast, lunch and refreshment breaks on both days, access to all streams and sessions.


Continue discussions beyond the auditorium and interact with speakers and attendees after their session.

March 8, 2023

Assessing cyber risk and effectiveness of controls as techniques and threats evolve

The views and opinions expressed in this article are those of the thought leader as an individual, and are not attributed to CeFPro or any particular […]
October 26, 2022

Addressing and tracking geopolitical risks and macroeconomic trends within a TPRM program

The views and opinions expressed in this article are those of the thought leader as an individual, and are not attributed to CeFPro or any particular […]
October 4, 2022

Enhancing control environment across supply chains and managing exposure to vendor and third-party risks

The views and opinions expressed in this article are those of the thought leader as an individual, and are not attributed to CeFPro or any particular […]
October 3, 2022

Leveraging data as a tool to enhance operational risk controls and tailor customer experience

The views and opinions expressed in this article are those of the thought leader as an individual, and are not attributed to CeFPro or any particular […]
September 28, 2022

Implementation of agile cybersecurity programs to protect the company internally and from external breaches

The views and opinions expressed in this article are those of the thought leader as an individual, and are not attributed to CeFPro or any particular […]
September 28, 2022

Managing increased complexity of global supply chain challenges and leveraging technology to stay ahead

The views and opinions expressed in this article are those of the thought leader as an individual, and are not attributed to CeFPro or any particular […]
September 28, 2022

Trust-based TPRM: How to extract greater value from your TPRM program

The views and opinions expressed in this article are those of the thought leader as an individual, and are not attributed to CeFPro or any particular […]
September 26, 2022

Monitoring and understanding supply chains from 4th to Nth party and determining security protocols

The views and opinions expressed in this article are those of the thought leader as an individual, and are not attributed to CeFPro or any particular […]
September 22, 2022

Reviewing requirements for operational resilience and developing agile programs in a changing environment

The views and opinions expressed in this article are those of the thought leader as an individual, and are not attributed to CeFPro or any particular […]
September 6, 2022

Risk quantification: It’s not just math

The views and opinions expressed in this article are those of the thought leader as an individual, and are not attributed to CeFPro or any particular […]
August 31, 2022

ESG: Spotlight on Social

The views and opinions expressed in this article are those of the thought leader as an individual, and are not attributed to CeFPro or any particular […]
August 15, 2022

Developing climate stress testing and forecasting capabilities to accurately assess climate impacts on the organization

The views and opinions expressed in this article are those of the thought leader as an individual, and are not attributed to CeFPro or any particular […]

Non-Financial Risk Leaders 2022

Non-Financial Risk Leaders strives to provide insights, support, and benchmarks for organizations as the traditional operational and non-financial risk arena continues to evolve, expand, and gain significance.

Take part in our survey and contribute your knowledge towards one of the most comprehensive business reports in the industry, recognized by experts as a go-to resource.

All respondents have an option to receive a complimentary copy of the final report.

Aravo are sponsoring Vendor & Third Party Risk USA 2022


Archer, an RSA company, is a leader in providing integrated risk management solutions that enable customers to improve strategic decision making and operational resiliency. As true pioneers in GRC software, Archer remains solely dedicated to helping customers understand risk holistically by engaging stakeholders, leveraging a modern platform that spans key domains of risk and supports analysis driven by both business and IT impacts. The Archer customer base represents one of the largest pure risk management communities globally, with over 1,500 deployments including more than 90 of the Fortune 100.

Bradley are sponsoring Vendor & Third Party Risk USA 2022

Certa are sponsoring Vendor & Third Party Risk USA 2022

Grant Thornton are sponsoring Vendor & Third Party Risk USA 2022

IHS Markit is a global leader in information, analytics and solutions for the major industries and markets that drive economies worldwide. Our company partners with clients in business, finance and government to help them see the big picture with unrivaled insights that lead to well-informed, confident decisions. IHS Markit serves more than 50,000 key customers in over 140 countries, including 85 percent of the Fortune Global 500. Headquartered in London, IHS Markit (NYSE: INFO) is committed to sustainable, profitable growth.

Ncontracts are sponsoring Vendor & Third Party Risk USA 2022

OneTrust Vendorpedia™ is the largest and most widely-used technology platform to operationalize third-party risk. The offering enables both enterprises and their vendors with technology solutions that include: the Third-Party Risk Exchange, a community of shared (and pre-completed) vendor risk assessments with 70,000+ participating vendors; Questionnaire Response Automation, a tool that helps organizations answer incoming security questionnaires; and Third-Party Risk Management software, a platform to streamline the entire vendor lifecycle, from onboarding to offboarding. More than 10,000 customers of all sizes use OneTrust, which is powered by 150 awarded patents, to offer the most depth and breadth of any third-party risk, security, and privacy solution in the market. OneTrust Vendorpedia offers purpose-built software designed to help organizations manage vendor relationships with confidence, including and integrates seamlessly with the entire OneTrust platform, including – OneTrust Privacy Management Software, OneTrust DataDiscovery™, OneTrust DataGovernance™, OneTrust GRC, OneTrust Ethics, OneTrust PreferenceChoice™, OneTrust ESG, and OneTrust DataGuidance™.

When you need to understand the companies in your ecosystem, you’ll benefit from a certain approach. With comprehensive global coverage, the richest source of beneficial ownership data available, plus information on PEPs and sanctions, we are the resource for compliance and onboarding checks. Our Orbis database has information on nearly 400 million companies worldwide and was named “Best Data Solutions for KYC” the past two years. Request a free trial at to see how we can help you mitigate risk.

Ekran System is a full-cycle insider risk management platform that helps companies to detect, deter, and disrupt any security threats from the inside.

Our customers simplify, automate, and streamline their third-party risk management activities with Ekran System. Our software is featured by Gartner in their 2020 Market Guide for Insider Risk Management Solutions and recommended in NIST Special Publication. We are also the only Microsoft Azure value-add partner that provides all-round insider threat management on their platform.

Ekran System delivers robust access management, continuous third-party user activity monitoring, and real-time incident detection and response. Thanks to the rich capabilities provided by of Ekran System, Deloitte, Samsung, Panasonic, UPS, and many other companies across the world trust us with their security.

EY are sponsoring CeFPro’s Vendor & Third Party Risk USA 2022

Mirato are sponsoring CeFPro’s Vendor & Third Party Risk USA 2022

Mitratech is a proven global technology partner for corporate legal, risk & compliance, and HR professionals seeking to maximize productivity, control expense, and mitigate risk by deepening operational alignment, increasing visibility, and spurring collaboration across their organization.

With Mitratech’s proven portfolio of end-to-end solutions, organizations worldwide are able to implement best practices and standardize processes across all lines of business to manage risk and ensure business continuity.

Mitratech serves over 1,500 organizations worldwide, including 30% of the Fortune 500 and over 500,000 users in 160 countries.

For more info, visit:

Onspring’s intelligent automation and real-time reporting software provides risk management teams with flexibility and efficiency in managing enterprise risk. Our solution captures and relates financial, operational, reputational, cyber and compliance risks across your business—so you can plot risk ownership, calculate dependencies and categorize mitigation plans.Our goal is to give you more control over risk. This happens when you’re able to generate risk evaluations, calculate impacts on your business, estimate the likelihood of occurrences and potential costs in Onspring. Plus, our no-code cloud-based platform means you can update your processes on your own without the help of IT, all while measuring the impact and results of your team.

Prevalent takes the pain out of third-party risk management (TPRM). Companies use our software and services to eliminate the security and compliance exposures that come from working with vendors, suppliers and other third parties. Our customers benefit from a flexible, hybrid approach to TPRM, where they not only gain solutions tailored to their needs, but also realize a rapid return on investment. Regardless of where they start, we help our customers

Riskonnect are sponsoring CeFPro’s Vendor & Third Party Risk USA 2022

State of Flux are sponsoring CeFPro’s Vendor & Third Party Risk USA 2022






Please contact the Center for Financial Professionals today to discuss how we can deliver your thought-leadership at the event, help you generate leads, and provide you with unique networking and branding opportunities. For more information on what we can offer, please contact or call us on +1 888 677 7007 ext. 207 where a member of the team will be happy to tailor the right package for you.

Can I present at the Vendor & Third Party Risk USA Congress?

Yes, the Center for Financial Professionals are happy to discuss speaking opportunities at the Vendor & Third Party Risk USA Congress. For further information on this please contact or call us on +1 888 677 7007.

Are there any rules on the dress code?

Business attire is requested. The Congress is a formal opportunity to network with like-minded professionals and to gain knowledge from the industry’s finest risk management experts.

What is the cost and what is included in the registration fee?

We offer incentives for ‘early bird’ registrants of the Congress, as outlined on our pricing structure. Registration includes breakfast, refreshment breaks, lunches, the cocktail reception at the end of the day, full access to the sessions and exhibition area. Presentations from the sessions are also available, subject to speaker approval.

Where can I find the Congress documentation and speaker presentations?

All registered attendees will receive an email with access to documentation and speaker presentations after the Congress*. We will work with our presenters to include as many presentations as possible on our App during the Congress.

* Please note that our speakers often have to gain permission from their relevant compliance departments to release their presentations. On rare occasions compliance may not allow presentations to be distributed.

Will breakfast, lunch and refreshment be provided?

Yes. As with all of our events, the Center for Financial Professionals will be providing brilliant coffee, breakfast, lunch, refreshments, and smaller bites during the networking breaks.

Will there be opportunities to network with other attendees?

There are ample opportunities for networking and interaction throughout the Congress, such as:

  • Breakfast, lunch and refreshment breaks
  • Cocktail reception at the end of the day (subject to confirmation)
  • Q&A, panel discussions and audience participation technology
Are there opportunities to share my thought-leadership at the Vendor & Third Party Risk USA Congress?

Yes there are plenty of opportunities for the Center for Financial Professionals to share thought-leadership to the attendees of Vendor & Third Party Risk USA Congress and our wider risk professionals community. At the event we can distribute your material to the attendees, offer you an exhibition booth, and provide speaking opportunities so that you may enjoy a more prominent presence at the Congress. Visit the Sponsor tab for further information or contact / +1 888 677 7007

Are media partnerships available for the Vendor & Third Party Risk USA Congress?

Yes. As part of a media partnership we can offer a variety of options to increase the branding and awareness of your association, company, certificate, publication or media. We are flexible with what we can offer however we usually:

  • Provide a discounted rate to attend
  • Place your logo and profile on the Congress website
  • Place your logo on promotional content where applicable
  • Distribute your media/marketing at the Congress
  • Promote through social media channels

To discuss this further please contact or call +1 888 677 7007.

What can I do if I can't attend the event due to Covid-19?

If you are unable to attend the Congress due to national/Covid restrictions, CeFPro would be more than happy to offer you a refund, credit note or the option to transfer the ticket to a colleague who is able to attend.

Representing a financial institution or government body – (E.g. Bank, Insurance company, Asset Manager, Regulator)

Vendor & Third Party Risk USA
June 1-2, 2022


SAVE $300

Registrations before April 8


SAVE $200

Registrations before May 13




Registrations after May 13

Representing an information/service provider (E.g. Consultant, Vendor, Executive Search Firm, Law Firm)

Vendor & Third Party Risk USA
June 1-2, 2022


SAVE $600

Registrations before April 8


SAVE $400

Registrations before May 13




Registrations after May 13

PLEASE NOTE: To qualify for the preferential ‘early bird’ rates, registration must be received by the close of the ‘early bird’ working day, and payment can be made at the time of registering, or up to a week after registration is made an invoice sent. CeFPro reserves the right to increase rates should payment be delayed significantly. For Group Rates to be valid, the whole group must register at the same time, though names can be changed at any time up to the event at no additional cost. Should a delegate register at a rate that is inaccurate, CeFPro reserves the right to issue an additional invoice for the outstanding amount.




Simply email us with your
Full name
Job title
Company & address
Contact number

Email: Lauren.carter{@}

Call us on +1 888 677 7007

Click here to complete the form and submit by email