Vendor & Third Party Risk Europe agenda

Day One | June 12


Registration and breakfast


Chairs opening remarks

Day one moderator: Wayne Scott, Regulatory Compliance Lead, Escode (Part of NCC Group)


Balancing compliance with risk management in an increasingly complex regulatory environment

  • Reviewing the regulatory landscape over the next 2 years
  • Aligning business processes with regulatory expectations
    • Alignment with risk tolerance and appetite
  • Future-proofing supplier relationships to meet regulation
  • Understanding impact of regulation on the organization
  • Aligning increasing regulatory requirements
    • Operational resilience, cyber resilience, NIST, EU AI Act, GDPR etc.
  • Minimum requirements to ensure alignment with all changes
  • Managing variations in templates and reporting expectations
  • Prioritizing changes and expectations

Gerard Doyle, EMEA Head of Third Party Management and Procurement, SMBC Bank


Advancing exit plans aligned with current and future expected regulatory requirements

  • Developing stressed and unstressed exit plans
  • Determining what is proportionate
    • Exit plans at service level for organizations providing multiple services
  • Reviewing expectations for cloud service providers
  • Identifying gaps on service and impact to customer
  • Reviewing timelines for compliance and benchmarking progress
  • Documenting all services and reliance of third party
    • Leveraging expertise internally and within suppliers
  • Updating contracts to include stressed exit plan provisions
  • Managing the practical realities of supplier failure
  • Monitoring financial stability of third parties
  • Setting risk appetite for supplier or service outages
  • Minimizing duplication of work for bank wide vs individual third party exit plans

Jean-Marc Boulo, Director, Head of Global Sourcing & Procurement UK, Credit Agricole

Anne McGowan, Head of Supplier Management, Governance & Risk,Lloyds Banking Group; Third Party Risk Management Advisory Board member, CeFPro

Rosalyn Aryee, Executive Director, TPRM and Operational Resilience, Santander Corporate & Investment Banking; Third Party Risk Management Advisory Board member, CeFPro

Wes Loeffler, Director of Third Party Risk Management, Fusion Risk Management


Morning refreshment break and networking


Gaining a full view of concentration risk: Minimizing and monitoring geographic and organization concentrations

  • Varying nature of concentration risk
  • Identifying company and jurisdictional concentrations
  • Monitoring geopolitical risk and impact to supply base
  • Approaches to map data to identify concentration risk
    • Tools available to map data
  • Increased concentration in areas with heightened geopolitical tension
  • Collecting data to visualize concentration
    • Leveraging data to inform sourcing decisions

Gemma Stewart, Global Head of Vendor Management, Zurich Insurance Company


Beyond the scoring: Managing the third and fourth party attack surface

  • Best practices to measure security risk consistently
  • Understanding the security posture of your entire supply chain
  • Deploy an automated approach to mitigate security incidents
  • Accelerate compliance to standards such as DORA

Will Gray, Area Director Europe North, SecurityScorecard; Third Party Risk Management Advisory Board member, CeFPro


Explore the use of artificial intelligence within TPRM

  • Consider how AI should and should not be used within TPRM
  • Review the practical application through real-world use cases
  • Assess the impacts and benefits for you and your third parties
  • Identify the roles and functions that will be affected
  • Evaluate the risks of implementing AI into TPRM

Aki Eldar, CEO & Co-Founder, Mirato


Lunch break and networking


Reviewing practical implementation approaches for EU DORA regulation and regional variations

  • Working with suppliers in order to meet requirements
  • Reviewing global operational resilience requirements
  • Managing vast scale of change
  • Undertaking gap analysis to define expectations
  • Enhancing inventories and controls
  • Managing additional governance and documentation requirements
  • Centralizing teams and assessments at a group level
    • Enhancing relationship management with single point of contact
  • Reviewing impact to fintech companies: How are fintech’s adopting the new requirements

Alan Connelly, Head of Third Party Governance, Swiss Re

Mihaela Breg, Head of Operational Resilience & Third Party Oversight (Acting Head of Business Transformation), Europe Arab Bank

Saima Sabir, Group Head of Third-Party Risk Management & Outsourcing (2LOD), Bank of Ireland Group


Assessing the results of Aravo’s third party risk maturity survey and report

  • Review overall survey results and what they mean for the industry
  • Determine the current maturity of TPRM programs in the marketplace and why it may be a concern
  • Identifying critical elements for maturing  and enhancing TPRM programs
  • Understanding the strategic value of investing in a competent, adaptable, and resilient TPRM program
  • Examining how leadership defines performance, priorities, and next steps
  • Assessing the measurability and impact of mature TPRM programs on the business

Adelani Adesida, Senior Sales Director (EMEA), Aravo Solutions


Supplier financial instability: Successful stressed exit planning

  • Effective and compliant stressed exit planning.
  • Preventive, detective, and corrective control: Escrow, a case study.
  • Global Regulatory updates and insight.
  • Exclusive insight from our new TPRM survey & report.
  • Supplier failure, service deterioration and concentration risk

Wayne Scott, Regulatory Compliance Solutions Lead, Escode


Afternoon refreshment break and networking


Enhancing due diligence and assessment practices to obtain and develop actionable insights

  • Protecting reputation through effective due diligence
  • Conducting due diligence down the supply chain
    • Assurance requirements for 4th to Nth parties
  • Monitoring for conflict of interest breaches
  • Validating due diligence questionnaires
  • Determining the right level of risk assessment and due diligence for third party arrangements
  • Reviewing due diligence processes and action on risk and issues identified
    • Demonstrating effective monitoring and remediation of risks
  • Due diligence for organizations needed for immediate strategic benefit
    • Minimizing process time for faster turnaround
  • Managing vendor overload
  • Industry collaboration opportunities to streamline processes
  • Reducing manual collection of data and information

Codee Woo, Third Party Risk Management Lead,Legal & General; Third Party Risk Management Advisory Board member, CeFPro

Sophie Bishop, Head of Supplier Relationship Management,Legal & General


Increasing collaboration across teams to monitor risk across the lifecycle

  • Distinguishing primary risk from cascading or downstream risk
  • Increasing collaboration and communication across risk teams
    • Ensuring an integrated approach
  • Identifying, tracking and managing risks
  • Moving from activity to risk based metrics
    • Enhancing governance by focusing on risk over activity
  • Gaining support from the business and effective tone from the top
  • Developing a holistic third party risk management reporting program
  • Integrating dashboards across third party risk
  • Bringing all data into one place for third party risk management

Samikendra Gosh, Global Third-Party Risk Lead, Operational and Resilience Risk, HSBC

Gary Lock, Global Head of TPRM, Fidelity International

Alex Dorlandt, Head of Supply Chain Risk Management,Lloyds Banking Group; Third Party Risk Management Advisory Board member, CeFPro

Simon Shepherd, Managing Director, MYRIAD Group Technologies

Natalie Druckmann, VP Sales, EMEA, Certa


Chair’s closing remarks


End of day one 

Day Two | June 13


Registration and breakfast


Chairs opening remarks

Day two moderator: Adelani Adesida, Senior Sales Director (EMEA),  Aravo Solutions


Reviewing implications of geopolitical tensions to supply chains and future proofing business strategies

  • Maintaining oversight of restrictions and impact to third parties
  • Considering geopolitical risk when working with new suppliers
  • Approaches to assess the geopolitical risks for proactive management of risk
  • Developing and testing business continuity arrangements
  • Interconnected nature of risk and compliance
    • Reviewing sanctions regimes in jurisdictions and data privacy
  • Uses of AI in monitoring geopolitical risks
  • Developing a forward looking strategic view of TPRM
  • Reviewing supply chain dependencies as a result of long term horizon risks
  • Scenario planning for geopolitical changes
    • Exploring impacts across the supply chain and resilience

Maya Goethals, Director, Compliance and Risk Management,Bank of America Merrill Lynch; Fintech Advisory Board member, CeFPro

Saima Sabir, Group Head of Third-Party Risk Management & Outsourcing (2LOD), Bank of Ireland Group

Eddie Dovzhik, Co-Founder and CEO, Lema


Practical insights from MUFG and KPMG tackling the Japanese Bank’s TPRM transformation journey

  • Key challenges facing MUFG pre transformation
  • How KPMG helped MUFG through the transformation
  • Benefits and future maturity for MUFG

Rohit Nag, Director, Third Party Risk Management Lead, KPMG

John O’Neill, Head of TPRM, MUFG


Morning refreshment break and networking


Driving resilience in third party and supply chain risk management

Evaluate: Review links between resilience and third party risk

  • Understand downstream and upstream impacts
  • Inventory IT assets and linking to service
  • Review resilience regulations

Plan: Create strong vendor relationships

  • Communicate risk appetite and monitoring activities
  • Outreach plan to resolve incidents

Execute: Develop maturity in resilience practices

    • Translate impact tolerances into something measurable
    • Enhance industry collaboration

Andrew Moyad, CEO, Shared Assessments


Accelerate and optimise third-party onboarding due diligence

  • Improve onboarding efficiency and optimise resourcing
  • Mature program scope to evaluate additional risks
  • Align the underlying operating model
  • Improve the effectiveness of risk and control assessments

Chris Paterson, Director of Strategy Third-Party Risk Management, OneTrust

Craig Oliver, Business Transformation and Supply Chain Risk and Regulation expert, PA Consulting


Gaining a holistic view of supply chain and ensuring security of processes and services

  • Leveraging tools to monitor vulnerabilities across the supply chain
  • Understanding impact of security incidents across the supply chain
  • Gaining confidence from third parties
  • Identifying impacts of nth party breaches
  • Managing security with complex supply chains

Zuzana Rebrova, Head of Third Party Cyber Risk Management, Swiss Re


Lunch break and networking


Enhancing continuous monitoring processes for a holistic and real time view of risk

  • Tools for continuous and online monitoring
    • Managing and monitoring tools
  • Alerts to monitor all third parties
  • Monitoring SLAs and compliance
  • Building in operational resilience
  • Online monitoring for real time global updates
  • Developing a holistic view of supply chain
  • Reviewing tools and capabilities

Carlos Colino, MD, Global Head of Third-Party Risk Management, Santander Corporate and Investment Bank


Developing centralized and aggregated data processes to better use of available data

  • Leveraging compliance data from third party assessments and due diligence
  • Monitoring threat intelligence to identify vulnerabilities
  • Integrating other parts of the business into vendor management analysis
  • Collecting data on vendor performance
    • Approaches to collect the right data to satisfy regulatory requirements
  • Maintaining data in a centralized and structured platform
    • Accessibility for regulatory reviews
  • Developing a data consolidation and remediation program
    • Reviewing tooling available to manage data
  • Capturing information and connectivity between different sources
    • Structuring and cleansing data for a consolidated view of key attributes
  • Developing proactive and preemptive data metrics and insights

Mike Day, Head of Third Party Management, RSA Insurance


Chair’s closing remarks


Developing an integrated approach to business continuity and disaster recovery planning

  • Substitutability and business continuity
  • Identifying suppliers with a monopoly on certain markets
    • Reviewing alternative options
  • Enhancing SLAs for Monopoly Suppliers
    • Monitoring overall performance
  • Managing transition across suppliers in stressed and unstressed exit
    • Developing a seamless exit strategy
  • Enhancing business continuity plans
    • Developing immediate contingency plans to support exit plans
  • Practical steps for implementing contingency plans

Joanne Emmerson, Head of Third Party Risk Management Oversight, NatWest


Reviewing approaches and best practice for intragroup arrangements and management of sensitive data

  • Managing materiality trigger aligned with access to sensitive data
  • Reviewing regulatory treatment of inter group agreements
    • Developing exit and resilience plans
  • Treatment of personal data in internal agreements
  • Assessing and defining materiality for intragroup
  • Developing BAU programs to assess risk
  • Onboarding expertise to review deviation opportunities whilst remaining compliant.

Raghuveer Bhanoori, Director, Third-Party, Operational Risk, Pacific Life Re

Funke Uwaifo, Head of Outsourcing and Vendor Management, EFG Private Bank


Chair’s closing remarks


End of Summit