8:00 Registration and breakfast

8:50 Chair’s opening remarks

Moderated by:

Colin Campbell, Sr Director Product Marketing, Aravo 

SUPPLY CHAIN – PANEL DISCUSSION

9:00 Managing increased complexity of global supply chain challenges and leveraging technology to stay ahead

Session details 

  • Increased likelihood of staff turnovers in an uncertain economic environment
    • Incorporating within supply chain due diligence
  • Continuation of supply chain risks as a result of Ukraine war
  • Challenges sourcing raw materials through to energy availability
  • Availability of critical materials and increased transportation costs
  • Managing concentration risks in geographies on supply of raw materials
  • Implications across industries financing and sourcing materials
  • Managing variability in lead time with fluctuations in delays
  • Understanding third party ability to deliver within supply chain
  • Understanding down and upstream impacts of disruptions at any point

Ayall Sagni, Vice President of Supply Chain, BFA Industries

Senior Executive, Certa 

CRITICAL SUPPLIERS

9:45 Evolving the definition of critical to identify critical services and providers stay agile in the new normal

Session details 

  • Defining business criticality
  • Capturing suppliers providing critical service to customers
  • Being a pioneer in industry whilst mitigating risk
  • Identifying key features of ‘criticality’
  • Evolving definitions in an emerging market
  • Ensuring critical third parties are addressing emerging risks
  • Oversight requirements for key suppliers
    • Ensuring vendors are protecting the organization from impact

Kenneth Martinez, Managing Director, Financial Risk Management, Delta Air Lines 

10:20 Morning refreshment break

ONBOARDING

10:50 Onboarding suppliers in heavily regulated industries whilst balancing risk assessment requirements

Session details 

      • Onboarding small and diverse suppliers quicker
      • Managing pressures on fast turnaround from the business
      • Enhancing competitiveness and inclusivity with small and diverse suppliers
      • Balancing cost to supplier with lengthy processes
      • Risk evaluating company instead of service
      • Implementing pre-assessment techniques
      • Impact to supply chain with delays in onboarding
        • Need for faster turnaround with continued supply chain challenges
      • Managing reputation risks working with organizations in Russia whilst onboarding new suppliers

Andrew Moyad, Chief Executive Officer, Shared Assessments 

4TH PARTIES

11:35 Monitoring and understanding supply chains from 4th to Nth party and determining security protocols

Session details 

    • Industry specific access to equipment and firewalls
      • Healthcare case study with remote access to heart monitors
    • Procuring insight into fourth parties
    • Evidencing third parties have solid TPRM programs
    • Managing concentration risk across supply chains beyond 4th parties
      • Financial services case study
    • Managing access to data with fourth parties and beyond
    • Concentration risk with fourth and fifth parties

PERFORMANCE

12:10 Leveraging supplier performance management to its full potential and indicators to monitor core suppliers

Session details 

  • Indicators to determine when action is required
    • Using poor performance as an indicator
  • Identifying value in performance monitoring
  • Tracking SLAs and identifying strong vendors
  • Termination of non performing vendors
  • Relying on relationships as a fix to disruptions
  • Advancing supplier relationship management practices

Kenna Arrington, Third Party Risk Management Analyst SR, Synovus 

12:45 Lunch break and networking

CONCENTRATION RISK

1:45 Monitoring concentration risk across suppliers including supply chain and location concentrations

Session details 

  • Geographic concentration for services or products
    • Thailand flooding case study
  • Supply chain risks as a result of concentration
  • Managing demand with low supply
  • Understanding vulnerabilities in offshore organizations
  • Identifying signals from the noise
    • Filtering useable data from the vast amount of information available
  • Leveraging data to understand true risks

MACROECONOMIC RISKS

2:15 Addressing and tracking geopolitical risks and macroeconomic trends within a TPRM program

Session details 

  • Impact of the war in Ukraine on global supply chains across industries
    • Service and product chains
  • Managing inflationary pressures and economic instability
  • Continuity of the great resignation and impact to professional services
  • Due diligence and ongoing monitoring techniques
    • Management of material suppliers
  • Preparing for changes in availability and cost of key commodities
    • Spanning from energy costs to technology infrastructure
  • Identifying disruptions early and preparing
  • Counteracting a diminished workforce with reduced resources and funding
  • Benchmarking renegotiation of contracts with inflation rises

John Bree, Chief Evangelist and Chief Risk Officer, Supply Wisdom 

LOCATION

2:50 Managing location challenges and risk of concentration and upheaval in certain geographies

Session details 

  • Monitoring risks across locations
    • Climate events and political unrest
  • Alignment with ESG challenges
    • Evaluating environmental status and social justice
  • Downstream impact on industries of unrest in certain locations
  • Health services in countries with operations or facilities
  • Vendor concentration in geographies
  • Offshoring risks with teams in areas of political instability
  • Changing regulations across jurisdictions

3:25 Afternoon refreshment break and networking

ESG – PANEL DISCUSSION

3:55 Tracking environmental, societal and governance risks across supply chains and integrating within a TPRM program

Session details 

      • Monitoring diversity and inclusion of suppliers onboarded
      • Tracking modern slavery risks: Legislation globally across sectors
      • Alignment of standard setting organizations
        • Increased standardization within and across sectors
      • Evaluating third party risk against ESG metrics
      • Monitoring negative news stories and quantifying impact
      • Exploring measurable ways to progress ESG agendas
      • Balancing sustainability with realistic business practices
      • Scope 1, 2 & 3 emissions requirements

HR/PEOPLE RISK

4:40 Managing people and HR risks and developing enhanced controls and diligence

Session details 

      • Training, awareness and monitoring of uses of technology infrastructure
      • Risks of shifting resources with talent moving across industries
        • Managing high voluntary and involuntary turnover
      • Inclusion of social aspects of ESG:
        • Treatment of humans across suppliers: Compensation, diversity, employee retention programs etc.
      • Managing retention in offshore centres with high turnover rate
      • Recruitment and retention schemes for top talent providing services
        • Taking a risk-based approach to identify critical services and activities
      • Evaluation of future of work from home and hybrid opportunities

5:15 Chair’s closing remarks
5:25 End of day one and networking drinks reception

8:00 Registration and breakfast

8:50 Chair’s opening remarks

CYBERSECURITY – PANEL DISCUSSION

9:00 Implementation of agile cybersecurity programs to protect the company internally and from external breaches

Session details 

      • Disaster recovery and incident response management
      • Implementation of multi factor authentication methods
        • Ensuring as a minimum standard for vendors with access to data
      • Analyzing third party controls and response plans
      • Increased cyber risks in a hybrid environment
      • Impact of moving services offshore on cyber threat landscape
      • Reviewing cyber insurance policies
      • Leveraging data to mitigate risk and financial implications
      • Cyber resilience: Recovery plans in event of a cyber breach

Phani Dasari, Head of Business Security, TikTok 

CONTINUOUS MONITORING

9:45 Developing advanced continuous monitoring capabilities to look beyond a point in time assessment

Session details 

      • Monitoring vendors after risk assessments
      • Moving away from point in time assessments
      • Aggregators of data
      • Ensuring information security and privacy risks are protected
      • Developing an escalation plan
      • Prioritising and mapping controls
      • Financial reporting of private companies

10:20 Morning refreshment break and networking

COVID-19

10:50 Reviewing the residual impact of Covid-19 on data security with remote and hybrid working environments

Session details 

      • Shift in priorities of vendor risks in a post-Covid environment
      • Moving to a global remote working environment
        • Impact on data driven approaches and access
      • Managing geographic sprawl of remote teams
        • Centralization of data access
      • Identifying true chain of access to data
        • Ensuring compliance with privacy laws to answer questions on access
      • Gathering insight on security controls in a remote environment

RISK ASSESSMENT AND DUE DILIGENCE

11:35 Implementing efficient risk assessment and due diligence strategies to analyze and remediate risks

Session details 

  • Identifying high risk or critical vendors
    • Developing a tiered approach to assessments
  • Future of onsite assessments in the wake of Covid-19
    • Are virtual assessments sufficient?
  • Reviewing alternatives to onsite assessments
    • Limiting use of burdensome and repetitive questionnaires
  • Determining what level of depth is appropriate
  • Modeling assessments into manageable sizes
  • Determining criticality of vendors

Colin Campbell, Sr Director Product Marketing, Aravo

AUTOMATION

12:10 Utilizing automation capabilities within a TPRM program for enhanced insight and efficiency

Session details 

  • Aggregating and assessing data touchpoints in an automated way
  • Moving away from manual processes and reactive security
  • Partnering with internal teams for effective data management
    • Data mapping, intelligence, governance, privacy etc.
  • Scarcity of resources and knowledge to drive initiatives
  • Leveraging AI for predictive analytics
  • Integrating multiple point solutions to automate processes
  • Automation of controls and response

12:45 Lunch break and networking

ROI

1:45 Demonstrating return on investment to the business and cost saving potential of TPRM

Session details 

  • Navigating effectively to maintain a TPRM program
  • Leadership insight on return and risk reward
  • Demonstrating driving down risks to the business
  • Defining a structure for best practice in demonstrating value
  • Demonstrating the program is saving money through risk avoidance

RANSOMWARE

2:15 Managing new techniques in ransomware attacks across industries and response tactics in an event

Session details 

  • Managing increased ransomware threats
  • Developing cybersecurity hygiene programs
  • Response techniques in the event of a ransomware attack
    • Benefits and drawbacks of paying ransom
    • Reputational impacts of breach and funding criminal activity

2:50 Afternoon refreshment break and networking

PREDICTIVE MODELING

3:20 Developing robust predictive risk modeling capabilities and reviewing opportunities within TPRM

Session details 

  • Investment for TPRM teams
  • Examples of where predictive risk modeling has been applied in TPRM
  • Staying ahead of risks on the horizon
  • Taking mitigating measures ahead of time
  • Reducing need for traditional manual due diligence
  • Sourcing higher level insights for informed decision making
  • Predicting where material outsourcers may incur problems
  • Future of predictive analytics
    • Specific metrics to make better decisions

CROSS SECTOR BEST PRACTICE – PANEL DISCUSSION

3:55 Reviewing lessons learnt across industries to determine best practice in varying levels of regulated sectors

Session details 

  • Cross industry best practices
  • How to set up an effective TPRM program
  • Developing robust controls to detect and prevent data sharing
  • Mitigating risk of exploitation
  • Managing APIs and interfaces between vendors
  • Reviewing regulatory obligations across industries
  • Where can best practice be leveraged? Educating wider business staff on complexity of risk
  • Advise to teams on managing risk and what part they play
  • Identifying what ‘good’ practice looks like

Mariah Fatima, Director Third Party Risk Management, Angelo Gordon 

Breann McNeil, Senior Manager, Regulatory Compliance – Internal Audit & Advisory, Cummins Inc

4:40 Chair’s closing remarks

4:50 End of day one and networking drinks reception