8:00 Registration and breakfast | 8:50 Chair’s Opening Remarks

 Chair: Adelani Adesida, Account Executive, Aravo Solutions


9:00 Reviewing best practice for managing heightened cyber risks in an increasingly digital environment

Session details 

  • Enhancing supply chain resilience
  • Emerging practices and tools to manage evolving risk
  • Incident response and managing vulnerabilities
  • Identifying and managing risk across third parties
  • Managing regulatory requirements across jurisdictions
  • Monitoring access to data systems and infrastructure
  • Identifying compromise in supply chain

Jon LeatherHead of Third Party Risk Oversight, Standard Chartered Bank
Dr. Jon O’Brien, Managing Director, Consulting, Crossword Cybersecurity
Will Gray, Field Sales Director – EMEA, SecurityScorecard

9:45 How to manage and mitigate cybersecurity risk in an expanding supplier network

Session details 

  • Third parties – are they really the weakest link in cyber defenses?
  • The challenge of scaling up to achieve full visibility across all your suppliers
  • Why evidence-based assessments are the only reliable way to evaluate your cyber risks
  • The importance of cooperation between Information Security, Procurement and Business teams
  • How to shift focus toward continuous improvement in supply chain cybersecurity posture

Thibault Lapédagne, Cybersecurity Research Director, CyberVadis
Andy Mutton, Enterprise Account Executive, CyberVadis

10:20 Morning refreshment break and networking

10:50 The Supplier Assurance Game Changer – S&P Global KY3P® and UK Finance Supplier Assurance Framework (SAF)

Session details 

  • The context from the PRA, CMORG and ORCG
  • The launch of the UK Supplier Assurance Framework (SAF)
  • The value and benefits to the UK banking sector
  • How to participate

Simon Chard, Managing Director in Platforms, Regulatory and Compliance, Global Business Development, KY3P, S&P Global
Ian Burgess
, Director – Cyber and Third Party Risk, UK Finance

11:25 The value of adopting full spectrum continuous risk intelligence

Session details 

  • Cascading risks and business disruptions
  • The need for continuous risk intelligence for early warning
  • Taking a full-spectrum approach to risk monitoring
  • Preventing disruptions with your TPRM program

Atul Vashistha, Chairman and CEO, Supply Wisdom
Victor Meyer, COO, Supply Wisdom
Steve Marwood, Head of TPRM, LSEG

12:00 Rethinking TPRM as third party risk complexity grows

Session details 

  • The challenges for TPRM teams today
  • Balancing talent shortages with expanding third party risk
  • Identifying and segmenting your third parties
  • The broadening TPRM risk landscape:
    • ESG – are you tracking if your third parties are operating ethically and lawfully?
    • Cyber security – are your third parties managing data responsibly and operating securely?
    • Privacy – what data are your third parties handling?
    • Resilience – are the third parties able to cope with the failure of service?
  •  Why a blended approach is needed to bring the TPRM parts together
  •  What does a “good” integrated TPRM look like and how can you achieve it?

Ian Trinder, Director, PwC UK Financial Services
Rizwan Nazir, Director, PwC UK Financial Services

12:35 Lunch break and networking


1:35 Reviewing future on on-site assessments and lessons learnt from remote working and reviews

Session details 

  • Reviewing assurance requirements and alternative options
  • Challenges reviewing physical security
  • Fulfilling security assessment remotely
  • Requirements for high risk factors

Louise WaiteSupply Chain Management and Assurance Director, Lloyds Banking Group


2:10 Developing standards to measure concentration risks with use of certain companies or geographies within supply chain

Session details 

  • Identification and risk mitigation practices within an ecosystem
    • Understanding ecosystem and interdependencies of third parties
  • Monitoring transfer and access of data
  • Increased use of ‘Centers of Excellence’ in certain countries
  • Defining metrics and tolerance levels
  • Reviewing regulatory expectations on concentration
  • Defining an understanding of concentration risk

Samikendra Ghosh, Global Third Party Risk Lead, HSBC
Abhishek Khare, Director, UK Third Party Management, Societe Generale
Alex Dorlandt, Head of Supply Chain Risk, Lloyds Banking Group

2:55 Afternoon refreshment break and networking


3:30 Reviewing heightened complexity of global regulations and divergence in expectations

Session details 

  • Post PRA SS2/21 outsourcing & third party risk management
  • How do firms ensure a sustainable global operating model continuing to meet SS2/21
  • Moving towards global consolidation of regulation
  • Identifying critical suppliers with systemic risk
    • Mitigating potential systemic risk from providers
  • Bridging and defining operating standards in global organizations
  • Developing a highest standard and identifying global deviations

Shamial Afzal, Head of Strategic Supplier Oversight, Legal & General Investment Management (LGIM)


4:05 Identifying critical third parties and determining effective oversight requirements

Session details 

  • Defining critical in a third party risk perspective
  • Aligning with resilience
  • Additional oversight once critical vendors are identified
  • High inherent risk vs. high residual risk vs. critical third parties
  • Outlining criteria of what makes a vendor critical
  • Implementing a sustainable solution
  • Aligning perspectives across the business
  • Developing exit strategies to minimize the impact
  • Execution and preparation for exit strategies

Sean MilesAssociate Director, Risk, comparethemarket.com

4:40 Chair’s closing remarks | 4:50 End of Summit