
8:00 Registration and breakfast
8:50 Chair’s opening remarks
RESILIENCE – PANEL DISCUSSION
Session details
- Identifying important businesses and systems
- Determining tolerance levels
- Scenario testing to reflect emerging risks
- Proactive and continuous monitoring
- Regulatory approach to operational resilience
- Managing geopolitical repercussions
- Overlaps of third party risk and resilience requirements
Rosalyn Aryee, Head of Outsourcing & TPRM and Operational Resilience,
Santander Corporate & Investment Banking
Sonia Sordini, Head of Group Third Party Risk Management and Governance, QBE Insurance
Hasintha Gunawickrema, Chief Control Officer, Wealth & Personal Banking, HSBC
EXIT PLANNING
Session details
- Updating exit plans
- Prioritizing material and high risk third parties
- Frequency of tests and testing exit plans
- Practicality of running tests
- Testing exit plans for a stressed exit scenario
- Developing and testing enhanced exit plans
- Understanding contingencies and alternative providers
Maggie Ofori, VP TPRM and Outsourcing, Santander Corporate & Investment Bank
10:20 Morning refreshment break and networking
CONCENTRATION RISK
Session details
- Measurement strategies of concentration risk
- Application of methodologies
- Establishing an industry wide consensus
- Determining risk appetite
- Managing supply chain interlinkages
- Identifying measurable tolerances
- Inclusion of third party subcontractors
- Establishing limits and thresholds for concentration risk
- Reviewing EBA guidelines on concentration risk0
Mike Day, Head of Group IT Procurement Third Party Management Programme, RSA Insurance
CRITICAL SUPPLIERS – PANEL DISCUSSION
Session details
- Defining criteria for definition of critical
- Defining services and suppliers
- Industry approaches to identifying criticality
- Comparing industry and regulatory view of critical
- Effective oversight of critical third parties
- Managing concentration of critical suppliers
- Determining level of scrutiny over critical third parties
- Regulation of critical third parties
- Due diligence on an ongoing basis
Karen Robson, Chief Sourcing Officer, BNP Paribas
Anil Agarwal, Third Party Governance, BNY Mellon
Session details
- Process i
mprovementreduction - Realising human capital potential
- Maximising the value of data
- Reducing hidden risk
- Continuous
monitoringassessment - Transitioning from survival to innovation
Brian Shaw, Director of Financial Services, Mirato
12:45 Lunch break and networking
Session details
- Managing vendors in an ever-changing regulatory environment
- Mitigating tedious processes that are prone to error
- Assessing the impact of new technologies with their reliability and maturity
- Staying ahead of the curve by leveraging crucial data, automated procedures, validated assessments and managed services.
Simon Chard, Chief Executive Officer, KY3P® S&P Global
Rogier Binsbergen, Director, Commercial Lead EMEA, KY3P® S&P Global
Session details
- Highlighting the complications of cyber to navigate a clear landscape.
- What questions should I ask or be prepared to answer?
- What head start can we make in preparing the way to procure or deliver a service with cyber security in mind?
- What new risks are coming our way and how can we prepare ourselves?
Senior Executive, Thomas Murray
CYBER SECURITY
Session details
- Collecting real time intelligence
- Partnering with suppliers to manage cyber risks
- Enhancing cyber resilience
- Moving to a holistic resilience position
- Approaches to manage denial of service attacks
- Continuous monitoring and control to alert of risks
- Overlaps between data privacy and cyber requirements
- Supplier assurance controls
Ameet Jugnauth, Director, Cyber Governance, Risk and Compliance, Capital One
3:30 Afternoon refreshment break and networking
INFOSEC – PANEL DISCUSSION
Session details
- Ensuring security of smaller vendors
- Reviewing cybersecurity protection and maturity
- Gaining visibility of entire supply chain
- Moving ratings from declarative to evidence based
- Ensuring maturity of vendor cybersecurity practices
- Alignment of risk and procurement to gain visibility of supply chain
- Ensuring effective handling and treatment of data
- Understanding supply chain vulnerabilities beyond third parties
- Risk assessing third party cybersecurity
Aditi Lalithraj, Head of UK Third Party Assurance , Capital One
Matthew Browning, former Head of Cyber Oversight, Direct Line Group
CYBER SECURITY
Session details
- The network cyber challenge: Third parties – the weakest link
- A necessary cooperation: InfoSecurity, Procurement and Business collaboration on cyber risks mitigation
- Why is an evidence-based assessment the only reliable way to evaluate your cyber risks?
- Assessed? What’s next? An efficient remediation process and scale up
Thibault Lapedagne, Cybersecurity Research Director, CyberVadis
5:20 Chair’s closing remarks
5:30 End of day one and networking drinks reception

8:00 Registration and breakfast
8:50 Chair’s opening remarks
PROCUREMENT
Session details
- Information security considerations at procurement stage
- Ensuring cybersecurity checks at onboarding
- ESG considerations during tender process
- Managing onboarding within procurement framework
- Enhancing third party risk and due diligence
- Onboarding practices and due diligence
- Ensuring robustness of due diligence processes
Gemma Stewart, Global Head of Vendor Management, Zurich Insurance Company
GEOPOLITICAL RISK – PANEL DISCUSSION
Session details
- Repercussions and ripple effect of Russia invasion of Ukraine
- Identifying emerging risks
- Monitoring instabilities globally
- Energy crisis impact on supply chains
- Increased financial health risks
- Impact of European crises on supply chains
- Long term repercussions from Covid-19
10:20 Morning refreshment break and networking
Session details
- The primary goals of successful TPRM and TPDD programs
- The distinction between the two discipline areas
- Details about the unique risk domains for both programs
- How to align your TPRM and TPDD programs to achieve workflow efficiencies
Matthew Moog, General Manager, Third Party Risk Manager, OneTrust
TECHNOLOGY & DATA
Session details
- Data integration and visualization tools for a holistic view
- Gathering data beyond questionnaire responses
- Collecting monitoring information
- Leveraging data to represent true risks
- Integrating technology into systems
- Using third party tools to provide AI
Hannah Macdonald, Head of Procurement & Third Party Risk, Supplier Operations Lead, Monzo
HOLISTIC VIEW
Session details
- Developing tangible actions off of data
- Monitoring risks beyond cyber
- Reviewing capabilities to manage end to end risk lifecycle
- Providing board and senior management full visibility
- Developing a centralized oversight function
- Creation of oversight and ongoing monitoring
- Gaining a full view of outsourced activities
Joanne Emmerson, Director of Risk, Services & Functions, NatWest
12:35 Lunch break and networking
NTH PARTY
Session details
- Contractual requirements for fourth party oversight
- Mapping critical third parties and outsourcing
- Expectations to map extended supply chain
- Including contractual provisions for fourth parties
- Developing controls at fourth party level
- Reviewing cross sector best practice mapping supply chains
- Auditability and onsite review requirements of material subcontractors
Desmond Campbell, Vice President, Compliance Oversight and Operational Risk, Barclays
Session details
- How can standards and regulations align?
- The integrated acceptance of standard risk frameworks and diligence practices.
- Achieving common set of set of third-party diligence and management.
- Focus on cyber, ESG, and privacy standards
- Guidance to program managers and risk professionals – so does and don’t dos
Andrew Moyad, Chief Executive Officer, Shared Assessment
2:45 Afternoon refreshment break and networking
ESG – PANEL DISCUSSION
Session details
- Reducing carbon footprint across supply chain
- Measuring carbon footprint in an intangible supply chain
- Engaging third parties in ESG requirements
- Meeting regulatory and internal expectations
- Aligning supplier management process with ethical values
- Application of metrics to small organizations
- Applying leverage to large organizations
Anita Barber, Head of Third Party Management Services, HR, HSBC
Berber Journée, Chief Corporate Governance Officer, Personal & Business Customers, Danske Bank
Joe Bakowski, Director of Procurement, Supplier Risk & Commercial Management, Metro Bank
RELIANCE
Session details
- Increased use of vendors as a result of Covid-19
- Reliance on external services to enhance digitalization
- Tracking data across vendors
- Increased risk with increased reliance
- Monitoring and oversight of non-critical vendors
- Cybersecurity audit of all third parties
- Aligning third parties with company strategy
Daniel Crease, former Managing Director, Third Party Risk Management and Operational Resilience, Deutsche Bank
4:35 Chair’s closing remarks
4:45 End of Summit