Agenda

08:00 – 08:50

Registration and breakfast

08:50 – 09:00

Chair’s opening remarks

09:00 – 09:45

RESILIENCE – PANEL DISCUSSION
Reviewing regulatory expectations and driving resilience of supply chains

Identifying important businesses and systems
Determining tolerance levels
Scenario testing to reflect emerging risks
Proactive and continuous monitoring
Regulatory approach to operational resilience
Managing geopolitical repercussions
Overlaps of third party risk and resilience requirements

Speaker-HS-1

Rosalyn Aryee,  Head of Outsourcing & TPRM and Operational Resilience, Santander Corporate & Investment Banking

Speaker-HS-1

Sonia Sordini,   Head of Group Third Party Risk Management and Governance, QBE Insurance

Speaker-HS-1

Hasintha Gunawickrema,   Chief Control Officer, Wealth & Personal Banking,HSBC

Speaker-HS-1

Senior Executive,
PA Consulting

09:45 – 10:20

EXIT PLANNING
Reviewing current legislation for exit and stressed exit planning of third parties

Updating exit plans
Prioritizing material and high risk third parties
Frequency of tests and testing exit plans
Practicality of running tests
Testing exit plans for a stressed exit scenario
Developing and testing enhanced exit plans
Understanding contingencies and alternative providers

Speaker-HS-1

Michelle Adu-Darko, VP TPRM and Outsourcing, Santander Corporate & Investment Bank

10:20-10:50

Morning refreshment break and networking

10:50-11:25

CONCENTRATION RISK
Approaches to measure and quantify concentration risk and translating to decision making

Measurement strategies of concentration risk
Application of methodologies
Establishing an industry wide consensus
Determining risk appetite
Managing supply chain interlinkages
Identifying measurable tolerances
Inclusion of third party subcontractors
Establishing limits and thresholds for concentration risk
Reviewing EBA guidelines on concentration risk

Speaker-HS-1

Mike Day, Head of Third Party Management, RSA Insurance

11:25-12:10

CRITICAL SUPPLIERS – PANEL DISCUSSION
Developing a consistent and standardized approach to criticality and materiality

Defining criteria for definition of critical
Defining services and suppliers
Industry approaches to identifying criticality
Comparing industry and regulatory view of critical
Effective oversight of critical third parties
Managing concentration of critical suppliers
Determining level of scrutiny over critical third parties
Regulation of critical third parties
Due diligence on an ongoing basis

Speaker-HS-1

Karen Robson, Chief Sourcing Officer, BNP Paribas

Speaker-HS-1

Anil Agarwal, Third Party Governance, BNY Mellon

Speaker-HS-1

Shabbir Tahasildar, Operational Risk Lead for Technology, Information Security and Third-Party Risk, Handelsbanken plc. (UK)

12:10-12:45


The business impacts of TPRM technology in 2023

Process improvement reduction
Realising human capital potential
Maximising the value of data
Reducing hidden risk
Continuous monitoring assessment
Transitioning from survival to innovation

Speaker-HS-1

Brian Shaw,  Director of Financial Services, Mirato

12:45-01:45

Lunch break and networking

01:45-02:20

How automation fixes the broken vendor risk process

Managing vendors in an ever-changing regulatory environment
Mitigating tedious processes that are prone to error
Assessing the impact of new technologies with their reliability and maturity
Staying ahead of the curve by leveraging crucial data, automated procedures, validated assessments and managed services.

Speaker-HS-1

Rogier Binsbergen,  Director, Commercial Lead EMEA, KY3P® S&P Global

Speaker-HS-1

Eustathios Triantafellou, Commercial Director, KY3P® S&P Global

02:20-02:55

CYBER SECURITY
How the approach to cyber security has altered in recent years

Highlighting the complications of cyber to navigate a clear landscape
What questions should I ask or be prepared to answer?
What head start can we make in preparing the way to procure or deliver a service with cyber security in mind?
What new risks are coming our way and how can we prepare ourselves?

Speaker-HS-1

 Senior Executive, Thomas Murray

02:55-03:30


Identifying vulnerabilities and managing risk beyond a tick box exercise

Collecting real time intelligence
Partnering with suppliers to manage cyber risks
Enhancing cyber resilience
Moving to a holistic resilience position
Approaches to manage denial of service attacks
Continuous monitoring and control to alert of risks
Overlaps between data privacy and cyber requirements
Supplier assurance controls

Speaker-HS-1

Ameet Jugnauth, Director, Cyber Governance, Risk and Compliance, Capital One

03:30-04:00

Afternoon refreshment break and networking

04:00-04:45

INFOSEC – PANEL DISCUSSION
Managing increased risk of data breaches through third parties with increased data sharing

Ensuring security of smaller vendors
Reviewing cybersecurity protection and maturity
Gaining visibility of entire supply chain
Moving ratings from declarative to evidence based
Ensuring maturity of vendor cybersecurity practices
Alignment of risk and procurement to gain visibility of supply chain
Ensuring effective handling and treatment of data
Understanding supply chain vulnerabilities beyond third parties
Risk assessing third party cybersecurity

Speaker-HS-1

Aditi Lalithraj, Head of UK Third Party Assurance, Capital One

Speaker-HS-1

Haydn Brooks, CEO, Risk Ledger

Speaker-HS-1

Matthew Browning,  former Head of Cyber Oversight, Direct Line Group

Speaker-HS-1

Kishan Majitha, Executive Director, Cyber and Technology Controls, JP Morgan Chase

04:45-05:20

CYBER SECURITY
How to manage the cybersecurity footprint of an expanding network?

The network cyber challenge: Third parties – the weakest link
A necessary cooperation: InfoSecurity, Procurement and Business collaboration on cyber risks mitigation
Why is an evidence-based assessment the only reliable way to evaluate your cyber risks?
Assessed? What’s next? An efficient remediation process and scale up

Speaker-HS-1

Thibault Lapedagne, Cybersecurity Research Director, CyberVadis

05:20-05:30

Chair’s closing remarks

05:30

End of day 1 and networking drinks reception

08:00 – 08:50

Registration and breakfast

08:50 – 09:00

Chair’s opening remarks

Speaker-HS-1

Day two moderator: Peter Pernebo, Managing Director, Global Head of Third-Party Risk Management, KY3P®, S&P Global

 

09:00 – 09:35

PROCUREMENT
Aligning procurement and risks to ensure effective due diligence across vendor lifecycle

Information security considerations at procurement stage
Ensuring cybersecurity checks at onboarding
ESG considerations during tender process
Managing onboarding within procurement framework
Enhancing third party risk and due diligence
Onboarding practices and due diligence
Ensuring robustness of due diligence processes

Speaker-HS-1

Gemma Stewart, Global Head of Vendor Management, Zurich Insurance Company

09:35-10:20

GEOPOLITICAL RISK – PANEL DISCUSSION
Pre-empting and managing the impact of geopolitical risks on vendors and supply chain

Repercussions and ripple effect of Russia invasion of Ukraine
Identifying emerging risks
Monitoring instabilities globally
Energy crisis impact on supply chains
Increased financial health risks
Impact of European crises on supply chains
Long term repercussions from Covid-19

Speaker-HS-1

Andrew Moyad, Chief Executive Officer, Shared Assessments

10:20-10:50

Morning refreshment break and networking

10:50-11:25

DUE DILIGENCE
Third-party management success secrets: mastering the art of due diligence and risk management

The primary goals of successful TPRM and TPDD programs
The distinction between the two discipline areas
Details about the unique risk domains for both programs
How to align your TPRM and TPDD programs to achieve workflow efficiencies

Speaker-HS-1

Nikki Stoy, GRC Cloud Specialist, OneTrust

11:25-12:00

CONTINUOUS RESILIENCE
Carve through the noise by prioritizing the most critical security threats

Identify threats to your security posture to make proactive, informed decisions
Stay one step ahead of threat actors with actionable insights
Prioritize remediation of critical threats using limited resources
Achieve continuous, outside-in visibility to reduce your cyber risk exposure
Optimize and automate third-party risk management
Consolidate and integrate vendor risk data into your existing security stack
Set KPIs, track ROI, and communicate clearly to stakeholders
Ruthlessly prioritize to keep your organization secure
Use your security posture to help make your organization the vendor of choice

Speaker-HS-1

Will Gray, Field Sales Director EMEA, SecurityScorecard

12:40-12:35

TECHNOLOGY & DATA
Leveraging data insights and technology capabilities to better understand supply chain risks

Data integration and visualization tools for a holistic view
Gathering data beyond questionnaire responses
Collecting monitoring information
Leveraging data to represent true risks
Integrating technology into systems
Using third party tools to provide AI

Speaker-HS-1

Hannah Macdonald, Head of Procurement & Third Party Risk, Supplier Operations Lead, Monzo

12:00-01:35

Lunch break and networking

01:25-02:00

HOLISTIC VIEW
Viewing suppliers on aggregate across portfolio for a holistic view of risk

Developing tangible actions off of data
Monitoring risks beyond cyber
Reviewing capabilities to manage end to end risk lifecycle
Providing board and senior management full visibility
Developing a centralized oversight function
Creation of oversight and ongoing monitoring
Gaining a full view of outsourced activities

Speaker-HS-1

Joanne Emmerson, Head of Third-Party Risk Management, NatWest

02:00-02:25

GEOPOLITICAL RISK – PANEL DISCUSSION
Pre-empting and managing the impact of geopolitical risks on vendors and supply chain

Repercussions and ripple effect of Russia invasion of Ukraine
Identifying emerging risks
Monitoring instabilities globally
Energy crisis impact on supply chains
Increased financial health risks
Impact of European crises on supply chains
Long term repercussions from Covid-19

Speaker-HS-1

Alex Dorlandt, Head of Risk and Policy, Lloyds Banking Group

Speaker-HS-1

Merlin Linehan, Risk Manager, EBRD

02:45-03:15

Afternoon refreshment break and networking

03:15-03:50

NTH PARTY
Reviewing potential risks within supply chain ecosystem

Contractual requirements for fourth party oversight
Mapping critical third parties and outsourcing
Expectations to map extended supply chain
Including contractual provisions for fourth parties
Developing controls at fourth party level
Reviewing cross sector best practice mapping supply chains
Auditability and onsite review requirements of material subcontractors

Speaker-HS-1

Desmond Campbell, Vice President, Compliance Oversight and Operational Risk, Barclays

03:50-04:35

ESG – PANEL DISCUSSION
Reviewing footprint of third parties and including ESG considerations across lifecycle

Reducing carbon footprint across supply chain
Measuring carbon footprint in an intangible supply chain
Engaging third parties in ESG requirements
Meeting regulatory and internal expectations
Aligning supplier management process with ethical values
Application of metrics to small organizations
Applying leverage to large organizations

Speaker-HS-1

Anita Barber, Head of Third Party Management Services, HR, HSBC

Speaker-HS-1

Berber Journée, Chief Corporate Governance Officer, Personal & Business Customers, Danske Bank

Speaker-HS-1

Joe Bakowski, Director of Procurement, Supplier Risk & Commercial Management, Metro Bank

04:35-05:10

RELIANCE
Managing the increased use and reliance on external service providers

Increased use of vendors as a result of Covid-19
Reliance on external services to enhance digitalization
Tracking data across vendors
Increased risk with increased reliance
Monitoring and oversight of non-critical vendors
Cybersecurity audit of all third parties
Aligning third parties with company strategy

Speaker-HS-1

Daniel Crease, former Managing Director, Third Party Risk Management and Operational Resilience, Deutsche Bank

05:10-05:20

Chair’s closing remarks

05:20

End of Summit