8:00 Registration and breakfast

8:50 Chair’s opening remarks

Moderated by:

Colin Campbell, Sr Director of Solution Strategy, Aravo 


9:00 Managing increased complexity of global supply chain challenges and leveraging technology to stay ahead

Session details 

  • Increased likelihood of staff turnovers in an uncertain economic environment
    • Incorporating within supply chain due diligence
  • Continuation of supply chain risks as a result of Ukraine war
  • Challenges sourcing raw materials through to energy availability
  • Availability of critical materials and increased transportation costs
  • Managing concentration risks in geographies on supply of raw materials
  • Implications across industries financing and sourcing materials
  • Managing variability in lead time with fluctuations in delays
  • Understanding third party ability to deliver within supply chain
  • Understanding down and upstream impacts of disruptions at any point

Tallen Franklin, Senior Analyst, Third-Party Risk Management, T-Mobile
Dave CrozierSVP Digital Transformation Services, Certa


9:45 Evolving the definition of critical to identify critical services and providers stay agile in the new normal

Session details 

  • Defining business criticality
  • Capturing suppliers providing critical service to customers
  • Being a pioneer in industry whilst mitigating risk
  • Identifying key features of ‘criticality’
  • Evolving definitions in an emerging market
  • Ensuring critical third parties are addressing emerging risks
  • Oversight requirements for key suppliers
    • Ensuring vendors are protecting the organization from impact

Michael Chang, Manager, North America Regional Partner – Speciality Chemicals,
Johnson & Johnson
Danny Uhlemann, Industry Principal, Interos
Kenneth Martinez, Managing Director, Financial Risk Management, Delta Air Lines

10:30 Morning refreshment break and networking


11:00 Onboarding suppliers in heavily regulated industries whilst balancing risk assessment requirements

Session details 

      • Onboarding small and diverse suppliers quicker
      • Managing pressures on fast turnaround from the business
      • Enhancing competitiveness and inclusivity with small and diverse suppliers
      • Balancing cost to supplier with lengthy processes
      • Risk evaluating company instead of service
      • Implementing pre-assessment techniques
      • Impact to supply chain with delays in onboarding
        • Need for faster turnaround with continued supply chain challenges
      • Managing reputation risks working with organizations in Russia whilst onboarding new suppliers

Andrew Moyad, Chief Executive Officer, Shared Assessments 


11:35 Monitoring and understanding supply chains from 4th to Nth party and determining security protocols

Session details 

    • Industry specific access to equipment and firewalls
      • Healthcare case study with remote access to heart monitors
    • Procuring insight into fourth parties
    • Evidencing third parties have solid TPRM programs
    • Managing concentration risk across supply chains beyond 4th parties
      • Financial services case study
    • Managing access to data with fourth parties and beyond
    • Concentration risk with fourth and fifth parties 

Anit Banerjee, Third Party Risk Officer – Legal Risk Management, Meta


12:10 Leveraging supplier performance management to its full potential and indicators to monitor core suppliers

Session details 

  • Indicators to determine when action is required
    • Using poor performance as an indicator
  • Identifying value in performance monitoring
  • Tracking SLAs and identifying strong vendors
  • Termination of non performing vendors
  • Relying on relationships as a fix to disruptions
  • Advancing supplier relationship management practices

Stefani Nick, Manager, Procurement Policy & Compliance, Board Governs of the Federal Reserve System Department of Finance Management (DFM)

12:40 Lunch break and networking


1:40 Developing advanced continuous monitoring capabilities to look beyond a point in time assessment

Session details 

      • Monitoring vendors after risk assessments
      • Moving away from point in time assessments
      • Aggregators of data
      • Ensuring information security and privacy risks are protected
      • Developing an escalation plan
      • Prioritising and mapping controls
      • Financial reporting of private companies

Roxane Romulus, Third Party Risk Management, Voya Financial 


2:20 Addressing and tracking geopolitical risks and macroeconomic trends within a TPRM program

Session details 

  • Impact of the war in Ukraine on global supply chains across industries
    • Service and product chains
  • Managing inflationary pressures and economic instability
  • Continuity of the great resignation and impact to professional services
  • Due diligence and ongoing monitoring techniques
    • Management of material suppliers
  • Preparing for changes in availability and cost of key commodities
    • Spanning from energy costs to technology infrastructure
  • Identifying disruptions early and preparing
  • Counteracting a diminished workforce with reduced resources and funding
  • Benchmarking renegotiation of contracts with inflation rises

John Bree, Chief Evangelist and Chief Risk Officer, Supply Wisdom 


2:55 Third Party Risk Management is not a One Size Fits All

Session details 

  • Compare how companies screen and use risk-ranking into low, medium and high risk categories to ensure an appropriate level of due diligence is done on those entities.
  • Explore what levels of Due Diligence are appropriate for the high risk entities.
  • Understand your Third Parties and how they approach risk management on their third and fourth parties in the process
  • Third Party Risk Management Maturity Curve – How can that be used to help to identify where your organization is and where and how can that be leveraged to get budget/C-suite support as your program grows.

Gabriela Martes, CCEPCustomer Success Director, Due Diligence Refinitiv, LSEG 

Brad McAdams, Solutions Consultant, ProcessUnity

3:35 Afternoon refreshment break and networking


4:05 Third party risk: Your responsibility, but not in your control

Session details 

  • How TPRM has evolved: Latest trends, challenges and overcoming them
  • Establishing world class TPRM with limited resources
  • Challenges with setting up and maintaining a relevant program
  • Impact of the “Great Retirement”
  • Operating outside major metropolitan areas
  • Timely detection of risks
  • Reporting and transparency of supplier risk

Peter Pernebo, Global Head of Third Pary Risk Solutions, KY3P, S&P Global


4:50 Managing people and HR risks and developing enhanced controls and diligence

Session details 

      • Training, awareness and monitoring of uses of technology infrastructure
      • Risks of shifting resources with talent moving across industries
        • Managing high voluntary and involuntary turnover
      • Inclusion of social aspects of ESG:
        • Treatment of humans across suppliers: Compensation, diversity, employee retention programs etc.
      • Managing retention in offshore centres with high turnover rate
      • Recruitment and retention schemes for top talent providing services
        • Taking a risk-based approach to identify critical services and activities
      • Evaluation of future of work from home and hybrid opportunities

Rodney Campbell, SVP – Head of Third Party Risk Management, Valley National Bank 

5:23 Chair’s closing remarks

5:35 End of day one and networking drinks reception

8:00 Registration and breakfast

8:50 Chair’s opening remarks

Moderated by:

Jeff Hodgin, VP Of Product, CyberGRX


9:00 Implementation of agile cybersecurity programs to protect the company internally and from external breaches

Session details 

      • Disaster recovery and incident response management
      • Implementation of multi factor authentication methods
        • Ensuring as a minimum standard for vendors with access to data
      • Analyzing third party controls and response plans
      • Increased cyber risks in a hybrid environment
      • Impact of moving services offshore on cyber threat landscape
      • Reviewing cyber insurance policies
      • Leveraging data to mitigate risk and financial implications
      • Cyber resilience: Recovery plans in event of a cyber breach

Phani Dasari, Head of Business Security, TikTok
Raquel Wilson, Third Party Risk Senior Analyst
Yevhen Zhurer, Head of Sales, Ekran


9:45 Managing new techniques in ransomware attacks across industries and response tactics in an event

Session details 

  • Managing increased ransomware threats
  • Developing cybersecurity hygiene programs
  • Response techniques in the event of a ransomware attack
    • Benefits and drawbacks of paying ransom
    • Reputational impacts of breach and funding criminal activity

Ondrej Krehel, Chief Scientist & Fellow, Cyber Risk & Resilience Services, SecurityScorecard

10:20 Morning refreshment break and networking

10:50 10 Best practices for streaming your third party risk management workflows

Session details 

  • Workflow development and accounting for abnormal situations​
  • Defining stakeholder roles and ensuring accountability​
  • Methods for improving collaboration and communication​
  • Metrics to track to identify workflow bottlenecks​

Chris Paterson, Director of Strategy, Third-Party Risk Management, OneTrust 


11:25 Implementing efficient risk assessment and due diligence strategies to analyze and remediate risks

Session details 

  • Identifying high risk or critical vendors
    • Developing a tiered approach to assessments
  • Future of onsite assessments in the wake of Covid-19
    • Are virtual assessments sufficient?
  • Reviewing alternatives to onsite assessments
    • Limiting use of burdensome and repetitive questionnaires
  • Determining what level of depth is appropriate
  • Modeling assessments into manageable sizes
  • Determining criticality of vendors

Colin Campbell, Sr Director of Solution Strategy, Aravo
Kenna Arrington, Senior Third Party Risk Analyst, Synovus
John Bree, Chief Evangelist and Chief Risk Officer, Supply Wisdom

12:00 Top 5 trends procurement leaders are keeping their eyes on in 2023

Session details 

  • Reviewing trends for procurement leaders in 2023

  • Managing unprecedented supply chain disruptions
  • Navigating global turmoil including record high inflation and the impacts of COVID-19
  • Implementing non-traditional procurement strategies to stay afloat
  • Preparing for upcoming ESG regulations from the SEC


Jared Ezzell, Chief Customer Officer and Head of Partnerships, Certa

12:35 Luncheon Address

Jim Ciortan, Chief Sales Officer & Executive Vice President, Venminder

12:45 Lunch break and networking 


1:35 Developing robust predictive risk modeling capabilities and reviewing opportunities within TPRM

Session details 

  • Investment for TPRM teams
  • Examples of where predictive risk modeling has been applied in TPRM
  • Staying ahead of risks on the horizon
  • Taking mitigating measures ahead of time
  • Reducing need for traditional manual due diligence
  • Sourcing higher level insights for informed decision making
  • Predicting where material outsourcers may incur problems
  • Future of predictive analytics
    • Specific metrics to make better decisions

Jeff Hodgin, VP Of Product, CyberGRX


2:10 Reviewing lessons learnt across industries to determine best practice in varying levels of regulated sectors

Session details 

  • Cross industry best practices
  • How to set up an effective TPRM program
  • Developing robust controls to detect and prevent data sharing
  • Mitigating risk of exploitation
  • Managing APIs and interfaces between vendors
  • Reviewing regulatory obligations across industries
  • Where can best practice be leveraged? Educating wider business staff on complexity of risk
  • Advise to teams on managing risk and what part they play
  • Identifying what ‘good’ practice looks like

Roxane Romulus, Third Party Risk Management, Voya Financial 

Adam Moore, Senior Manager, Supplier Divserity, Former CVS


2:55 TPRM: What you really need to know

Session details 

  • Managing inter-connected nature of TPRM
  • Building relationships across TPRM internally and externally
  • Developing an accurate and complete inventory
    • Including third parties, business owners & integrations/connections
  • Understanding what data is shared throughout relationships
  • Teaching peers the correct format of risk assessments
  • Diversifying internal teams to facilitate risk assessments
    • Technical and non-technical
  • Utilizing correct vendors for security ratings and continuous monitoring
  • Understanding Nth party risk

Phil Lioio, Senior Third Party Risk Analyst, lululemon

3:30 Chair’s closing remarks

3:40 End of Congress