Agenda
08:00 – 08:50
Registration and breakfast
08:50 – 09:00
Chair’s opening remarks
09:00 – 09:45
RESILIENCE – PANEL DISCUSSION
Reviewing regulatory expectations and driving resilience of supply chains
Identifying important businesses and systems
Determining tolerance levels
Scenario testing to reflect emerging risks
Proactive and continuous monitoring
Regulatory approach to operational resilience
Managing geopolitical repercussions
Overlaps of third party risk and resilience requirements
 |
Rosalyn Aryee, Head of Outsourcing & TPRM and Operational Resilience, Santander Corporate & Investment Banking |
|
|
Sonia Sordini, Head of Group Third Party Risk Management and Governance, QBE Insurance |
|
|
Hasintha Gunawickrema, Chief Control Officer, Wealth & Personal Banking,HSBC |
|
|
Senior Executive, |
09:45 – 10:20
EXIT PLANNING
Reviewing current legislation for exit and stressed exit planning of third parties
Updating exit plans
Prioritizing material and high risk third parties
Frequency of tests and testing exit plans
Practicality of running tests
Testing exit plans for a stressed exit scenario
Developing and testing enhanced exit plans
Understanding contingencies and alternative providers
|
|
Michelle Adu-Darko, VP TPRM and Outsourcing, Santander Corporate & Investment Bank |
10:20-10:50
Morning refreshment break and networking
10:50-11:25
CONCENTRATION RISK
Approaches to measure and quantify concentration risk and translating to decision making
Measurement strategies of concentration risk
Application of methodologies
Establishing an industry wide consensus
Determining risk appetite
Managing supply chain interlinkages
Identifying measurable tolerances
Inclusion of third party subcontractors
Establishing limits and thresholds for concentration risk
Reviewing EBA guidelines on concentration risk
|
|
Mike Day, Head of Third Party Management, RSA Insurance |
11:25-12:10
CRITICAL SUPPLIERS – PANEL DISCUSSION
Developing a consistent and standardized approach to criticality and materiality
Defining criteria for definition of critical
Defining services and suppliers
Industry approaches to identifying criticality
Comparing industry and regulatory view of critical
Effective oversight of critical third parties
Managing concentration of critical suppliers
Determining level of scrutiny over critical third parties
Regulation of critical third parties
Due diligence on an ongoing basis
|
|
Karen Robson, Chief Sourcing Officer, BNP Paribas |
|
|
Anil Agarwal, Third Party Governance, BNY Mellon |
|
|
Shabbir Tahasildar, Operational Risk Lead for Technology, Information Security and Third-Party Risk, Handelsbanken plc. (UK) |
12:10-12:45
The business impacts of TPRM technology in 2023
Process improvement reduction
Realising human capital potential
Maximising the value of data
Reducing hidden risk
Continuous monitoring assessment
Transitioning from survival to innovation
|
|
Brian Shaw, Director of Financial Services, Mirato |
12:45-01:45
Lunch break and networking
01:45-02:20
How automation fixes the broken vendor risk process
Managing vendors in an ever-changing regulatory environment
Mitigating tedious processes that are prone to error
Assessing the impact of new technologies with their reliability and maturity
Staying ahead of the curve by leveraging crucial data, automated procedures, validated assessments and managed services.
|
|
Rogier Binsbergen, Director, Commercial Lead EMEA, KY3P® S&P Global |
|
|
Eustathios Triantafellou, Commercial Director, KY3P® S&P Global |
02:20-02:55
CYBER SECURITY
How the approach to cyber security has altered in recent years
Highlighting the complications of cyber to navigate a clear landscape
What questions should I ask or be prepared to answer?
What head start can we make in preparing the way to procure or deliver a service with cyber security in mind?
What new risks are coming our way and how can we prepare ourselves?
|
|
Senior Executive, Thomas Murray |
02:55-03:30
Identifying vulnerabilities and managing risk beyond a tick box exercise
Collecting real time intelligence
Partnering with suppliers to manage cyber risks
Enhancing cyber resilience
Moving to a holistic resilience position
Approaches to manage denial of service attacks
Continuous monitoring and control to alert of risks
Overlaps between data privacy and cyber requirements
Supplier assurance controls
|
|
Ameet Jugnauth, Director, Cyber Governance, Risk and Compliance, Capital One |
03:30-04:00
Afternoon refreshment break and networking
04:00-04:45
INFOSEC – PANEL DISCUSSION
Managing increased risk of data breaches through third parties with increased data sharing
Ensuring security of smaller vendors
Reviewing cybersecurity protection and maturity
Gaining visibility of entire supply chain
Moving ratings from declarative to evidence based
Ensuring maturity of vendor cybersecurity practices
Alignment of risk and procurement to gain visibility of supply chain
Ensuring effective handling and treatment of data
Understanding supply chain vulnerabilities beyond third parties
Risk assessing third party cybersecurity
|
|
Aditi Lalithraj, Head of UK Third Party Assurance, Capital One |
|
|
Haydn Brooks, CEO, Risk Ledger |
|
|
Matthew Browning, former Head of Cyber Oversight, Direct Line Group |
|
|
Kishan Majitha, Executive Director, Cyber and Technology Controls, JP Morgan Chase |
04:45-05:20
CYBER SECURITY
How to manage the cybersecurity footprint of an expanding network?
The network cyber challenge: Third parties – the weakest link
A necessary cooperation: InfoSecurity, Procurement and Business collaboration on cyber risks mitigation
Why is an evidence-based assessment the only reliable way to evaluate your cyber risks?
Assessed? What’s next? An efficient remediation process and scale up
|
|
Thibault Lapedagne, Cybersecurity Research Director, CyberVadis |
05:20-05:30
Chair’s closing remarks
05:30
End of day 1 and networking drinks reception
08:00 – 08:50
Registration and breakfast
08:50 – 09:00
Chair’s opening remarks
|
|
Day two moderator: Peter Pernebo, Managing Director, Global Head of Third-Party Risk Management, KY3P®, S&P Global
|
09:00 – 09:35
PROCUREMENT
Aligning procurement and risks to ensure effective due diligence across vendor lifecycle
Information security considerations at procurement stage
Ensuring cybersecurity checks at onboarding
ESG considerations during tender process
Managing onboarding within procurement framework
Enhancing third party risk and due diligence
Onboarding practices and due diligence
Ensuring robustness of due diligence processes
|
|
Gemma Stewart, Global Head of Vendor Management, Zurich Insurance Company |
09:35-10:20
GEOPOLITICAL RISK – PANEL DISCUSSION
Pre-empting and managing the impact of geopolitical risks on vendors and supply chain
Repercussions and ripple effect of Russia invasion of Ukraine
Identifying emerging risks
Monitoring instabilities globally
Energy crisis impact on supply chains
Increased financial health risks
Impact of European crises on supply chains
Long term repercussions from Covid-19
|
|
Andrew Moyad, Chief Executive Officer, Shared Assessments |
10:20-10:50
Morning refreshment break and networking
10:50-11:25
DUE DILIGENCE
Third-party management success secrets: mastering the art of due diligence and risk management
The primary goals of successful TPRM and TPDD programs
The distinction between the two discipline areas
Details about the unique risk domains for both programs
How to align your TPRM and TPDD programs to achieve workflow efficiencies
|
|
Nikki Stoy, GRC Cloud Specialist, OneTrust |
11:25-12:00
CONTINUOUS RESILIENCE
Carve through the noise by prioritizing the most critical security threats
Identify threats to your security posture to make proactive, informed decisions
Stay one step ahead of threat actors with actionable insights
Prioritize remediation of critical threats using limited resources
Achieve continuous, outside-in visibility to reduce your cyber risk exposure
Optimize and automate third-party risk management
Consolidate and integrate vendor risk data into your existing security stack
Set KPIs, track ROI, and communicate clearly to stakeholders
Ruthlessly prioritize to keep your organization secure
Use your security posture to help make your organization the vendor of choice
|
|
Will Gray, Field Sales Director EMEA, SecurityScorecard |
12:40-12:35
TECHNOLOGY & DATA
Leveraging data insights and technology capabilities to better understand supply chain risks
Data integration and visualization tools for a holistic view
Gathering data beyond questionnaire responses
Collecting monitoring information
Leveraging data to represent true risks
Integrating technology into systems
Using third party tools to provide AI
|
|
Hannah Macdonald, Head of Procurement & Third Party Risk, Supplier Operations Lead, Monzo |
12:00-01:35
Lunch break and networking
01:25-02:00
HOLISTIC VIEW
Viewing suppliers on aggregate across portfolio for a holistic view of risk
Developing tangible actions off of data
Monitoring risks beyond cyber
Reviewing capabilities to manage end to end risk lifecycle
Providing board and senior management full visibility
Developing a centralized oversight function
Creation of oversight and ongoing monitoring
Gaining a full view of outsourced activities
|
|
Joanne Emmerson, Head of Third-Party Risk Management, NatWest |
02:00-02:25
GEOPOLITICAL RISK – PANEL DISCUSSION
Pre-empting and managing the impact of geopolitical risks on vendors and supply chain
Repercussions and ripple effect of Russia invasion of Ukraine
Identifying emerging risks
Monitoring instabilities globally
Energy crisis impact on supply chains
Increased financial health risks
Impact of European crises on supply chains
Long term repercussions from Covid-19
|
|
Alex Dorlandt, Head of Risk and Policy, Lloyds Banking Group |
|
|
Merlin Linehan, Risk Manager, EBRD |
02:45-03:15
Afternoon refreshment break and networking
03:15-03:50
NTH PARTY
Reviewing potential risks within supply chain ecosystem
Contractual requirements for fourth party oversight
Mapping critical third parties and outsourcing
Expectations to map extended supply chain
Including contractual provisions for fourth parties
Developing controls at fourth party level
Reviewing cross sector best practice mapping supply chains
Auditability and onsite review requirements of material subcontractors
|
|
Desmond Campbell, Vice President, Compliance Oversight and Operational Risk, Barclays |
03:50-04:35
ESG – PANEL DISCUSSION
Reviewing footprint of third parties and including ESG considerations across lifecycle
Reducing carbon footprint across supply chain
Measuring carbon footprint in an intangible supply chain
Engaging third parties in ESG requirements
Meeting regulatory and internal expectations
Aligning supplier management process with ethical values
Application of metrics to small organizations
Applying leverage to large organizations
|
|
Anita Barber, Head of Third Party Management Services, HR, HSBC |
|
|
Berber Journée, Chief Corporate Governance Officer, Personal & Business Customers, Danske Bank |
|
|
Joe Bakowski, Director of Procurement, Supplier Risk & Commercial Management, Metro Bank |
04:35-05:10
RELIANCE
Managing the increased use and reliance on external service providers
Increased use of vendors as a result of Covid-19
Reliance on external services to enhance digitalization
Tracking data across vendors
Increased risk with increased reliance
Monitoring and oversight of non-critical vendors
Cybersecurity audit of all third parties
Aligning third parties with company strategy
|
|
Daniel Crease, former Managing Director, Third Party Risk Management and Operational Resilience, Deutsche Bank |
05:10-05:20
Chair’s closing remarks
05:20
End of Summit