8:00 Registration and breakfast

8:50 Chair’s opening remarks


9:00 Reviewing regulatory expectations and driving resilience of supply chains

Session details 

  • Identifying important businesses and systems
  • Determining tolerance levels
  • Scenario testing to reflect emerging risks
  • Proactive and continuous monitoring
  • Regulatory approach to operational resilience
  • Managing geopolitical repercussions
  • Overlaps of third party risk and resilience requirements

Rosalyn Aryee, Head of Outsourcing & TPRM and Operational Resilience,

Santander Corporate & Investment Banking

Sonia Sordini,  Head of Group Third Party Risk Management and Governance, QBE Insurance

Hasintha Gunawickrema, Chief Control Officer, Wealth & Personal Banking, HSBC


9:45 Reviewing current legislation for exit and stressed exit planning of third parties

Session details 

  • Updating exit plans
    • Prioritizing material and high risk third parties
  • Frequency of tests and testing exit plans
  • Practicality of running tests
  • Testing exit plans for a stressed exit scenario
  • Developing and testing enhanced exit plans
  • Understanding contingencies and alternative providers

Maggie Ofori, VP TPRM and Outsourcing, Santander Corporate & Investment Bank

10:20 Morning refreshment break and networking


10:50 Approaches to measure and quantify concentration risk and translating to decision making

Session details 

  • Measurement strategies of concentration risk
  • Application of methodologies
  • Establishing an industry wide consensus
  • Determining risk appetite
  • Managing supply chain interlinkages
  • Identifying measurable tolerances
  • Inclusion of third party subcontractors
  • Establishing limits and thresholds for concentration risk
  • Reviewing EBA guidelines on concentration risk0

Mike Day, Head of Group IT Procurement Third Party Management Programme, RSA Insurance


11:25 Developing a consistent and standardized approach to criticality and materiality

Session details 

  • Defining criteria for definition of critical
    • Defining services and suppliers
  • Industry approaches to identifying criticality
  • Comparing industry and regulatory view of critical
  • Effective oversight of critical third parties
  • Managing concentration of critical suppliers
  • Determining level of scrutiny over critical third parties
  • Regulation of critical third parties
  • Due diligence on an ongoing basis

Karen Robson, Chief Sourcing OfficerBNP Paribas 

Anil Agarwal, Third Party Governance, BNY Mellon 

12:10 The business impacts of TPRM technology in 2023

Session details 

  • Process improvement reduction
  • Realising human capital potential
  • Maximising the value of data
  • Reducing hidden risk
  • Continuous monitoring assessment
  • Transitioning from survival to innovation

Brian Shaw, Director of Financial Services, Mirato

12:45 Lunch break and networking

1:45 How automation fixes the broken vendor risk process

Session details 

  • Managing vendors in an ever-changing regulatory environment
  • Mitigating tedious processes that are prone to error
  • Assessing the impact of new technologies with their reliability and maturity
  • Staying ahead of the curve by leveraging crucial data, automated procedures, validated assessments and managed services.

Simon Chard, Chief Executive Officer, KY3P® S&P Global

Rogier Binsbergen, Director, Commercial Lead EMEA KY3P® S&P Global

2:20 How the approach to cyber security has altered in recent years

Session details 

  • Highlighting the complications of cyber to navigate a clear landscape.
  • What questions should I ask or be prepared to answer?
  • What head start can we make in preparing the way to procure or deliver a service with cyber security in mind?
  • What new risks are coming our way and how can we prepare ourselves?

Senior Executive, Thomas Murray


2:55 Identifying vulnerabilities and managing risk beyond a tick box exercise

Session details 

  • Collecting real time intelligence
  • Partnering with suppliers to manage cyber risks
  • Enhancing cyber resilience
  • Moving to a holistic resilience position
  • Approaches to manage denial of service attacks
  • Continuous monitoring and control to alert of risks
  • Overlaps between data privacy and cyber requirements
  • Supplier assurance controls

Ameet Jugnauth, Director, Cyber Governance, Risk and ComplianceCapital One

3:30 Afternoon refreshment break and networking


4:00 Managing increased risk of data breaches through third parties with increased data sharing

Session details 

  • Ensuring security of smaller vendors
  • Reviewing cybersecurity protection and maturity
  • Gaining visibility of entire supply chain
  • Moving ratings from declarative to evidence based
  • Ensuring maturity of vendor cybersecurity practices
  • Alignment of risk and procurement to gain visibility of supply chain
  • Ensuring effective handling and treatment of data
  • Understanding supply chain vulnerabilities beyond third parties
  • Risk assessing third party cybersecurity

Aditi Lalithraj, Head of UK Third Party Assurance Capital One

Matthew Browning, former Head of Cyber Oversight, Direct Line Group


4:45 How to manage the cybersecurity footprint of an expanding network?

Session details 

  • The network cyber challenge: Third parties – the weakest link
  • A necessary cooperation: InfoSecurity, Procurement and Business collaboration on cyber risks mitigation
  • Why is an evidence-based assessment the only reliable way to evaluate your cyber risks?
  • Assessed? What’s next? An efficient remediation process and scale up

Thibault Lapedagne, Cybersecurity Research DirectorCyberVadis

5:20 Chair’s closing remarks

5:30 End of day one and networking drinks reception

8:00 Registration and breakfast 

8:50 Chair’s opening remarks


9:00 Aligning procurement and risks to ensure effective due diligence across vendor lifecycle

Session details 

  • Information security considerations at procurement stage
  • Ensuring cybersecurity checks at onboarding
  • ESG considerations during tender process
  • Managing onboarding within procurement framework
  • Enhancing third party risk and due diligence
  • Onboarding practices and due diligence
  • Ensuring robustness of due diligence processes

Gemma Stewart, Global Head of Vendor Management, Zurich Insurance Company 


9:35 Pre-empting and managing the impact of geopolitical risks on vendors and supply chain

Session details 

  • Repercussions and ripple effect of Russia invasion of Ukraine
  • Identifying emerging risks
  • Monitoring instabilities globally
  • Energy crisis impact on supply chains
    • Increased financial health risks
  • Impact of European crises on supply chains
  • Long term repercussions from Covid-19

10:20 Morning refreshment break and networking

10:50 Third-party management success secrets: mastering the art of due diligence and risk management

Session details 

  • The primary goals of successful TPRM and TPDD programs
  • The distinction between the two discipline areas
  • Details about the unique risk domains for both programs
  • How to align your TPRM and TPDD programs to achieve workflow efficiencies

Matthew Moog, General Manager, Third Party Risk Manager, OneTrust


11:25 Leveraging data insights and technology capabilities to better understand supply chain risks

Session details 

  • Data integration and visualization tools for a holistic view
  • Gathering data beyond questionnaire responses
  • Collecting monitoring information
  • Leveraging data to represent true risks
  • Integrating technology into systems
  • Using third party tools to provide AI

Hannah Macdonald, Head of Procurement & Third Party Risk, Supplier Operations Lead, Monzo


12:00 Viewing suppliers on aggregate across portfolio for a holistic view of risk

Session details 

  • Developing tangible actions off of data
  • Monitoring risks beyond cyber
  • Reviewing capabilities to manage end to end risk lifecycle
  • Providing board and senior management full visibility
  • Developing a centralized oversight function
  • Creation of oversight and ongoing monitoring
  • Gaining a full view of outsourced activities

Joanne Emmerson, Director of Risk, Services & Functions, NatWest

12:35 Lunch break and networking


1:35 Reviewing potential risks within supply chain ecosystem

Session details 

  • Contractual requirements for fourth party oversight
  • Mapping critical third parties and outsourcing
  • Expectations to map extended supply chain
  • Including contractual provisions for fourth parties
  • Developing controls at fourth party level
  • Reviewing cross sector best practice mapping supply chains
  • Auditability and onsite review requirements of material subcontractors

Desmond Campbell, Vice President, Compliance Oversight and Operational Risk, Barclays

2:10 Journey to standardisation - optimising efficiency and maturation of strategic supplier management programs

Session details 

  • How can standards and regulations align?
  • The integrated acceptance of standard risk frameworks and diligence practices.
  • Achieving common set of set of third-party diligence and management.
  • Focus on cyber, ESG, and privacy standards
  • Guidance to program managers and risk professionals – so does and don’t dos

Andrew Moyad, Chief Executive Officer, Shared Assessment

2:45 Afternoon refreshment break and networking


3:15 Reviewing footprint of third parties and including ESG considerations across lifecycle

Session details 

  • Reducing carbon footprint across supply chain
  • Measuring carbon footprint in an intangible supply chain
  • Engaging third parties in ESG requirements
    • Meeting regulatory and internal expectations
  • Aligning supplier management process with ethical values
  • Application of metrics to small organizations
  • Applying leverage to large organizations

Anita Barber, Head of Third Party Management Services, HR, HSBC

Berber Journée, Chief Corporate Governance Officer, Personal & Business Customers, Danske Bank

Joe Bakowski, Director of Procurement, Supplier Risk & Commercial Management, Metro Bank


4:00 Managing the increased use and reliance on external service providers

Session details 

  • Increased use of vendors as a result of Covid-19
  • Reliance on external services to enhance digitalization
  • Tracking data across vendors
  • Increased risk with increased reliance
  • Monitoring and oversight of non-critical vendors
  • Cybersecurity audit of all third parties
  • Aligning third parties with company strategy

Daniel Crease, former Managing Director, Third Party Risk Management and Operational Resilience, Deutsche Bank 

4:35 Chair’s closing remarks

4:45 End of Summit