

08:00 Breakfast and registration
08:50 Chair’s opening remarks
COVID-19 – PANEL DISCUSSION
9:00 Reviewing the impact of COVID-19 on vendor and third party risk programs and future of working environments
- Future of working from home vs. hybrid models
- Identifying gaps in controls and changes to work environment post COVID
- Security controls of vendors with remote teams and use of mobile devices
- Redefining data security in a new working environment
- Criticality of intelligence and monitoring
- Managing expenses vs. risk of working remotely
- Protecting confidential data and sensitive information in a remote environment
- Understanding vendor plans for hybrid workforces
- Adapting contracts and controls and Impact to service, functionality and response time
- Ability to meet SLAs in a pandemic and remote environment
Roxane Romulus, Director, Third Party Risk Management, Voya Financial
Brian Shaw, Senior Account Director, Financial Services, Coupa
REGULATORY LANDSCAPE
9:40 Managing regulatory expectations across jurisdictions for a full end to end approach to risk
- Managing regulatory change across jurisdictions
- Risk mitigation approaches to demonstrate to regulators
- Managing a digital business as a result of COVID-19
- Connecting infrastructure and systems digitally
- Regulatory guidance on WFH and hybrid models
- Ingraining into culture of an institution
- Geopolitical environment: BSA and AML considerations
Ryan Spelman, Senior Manager, CyberClarity 360
RESILIENCE
10:15 Understanding and developing resilience plans and identifying critical service providers to monitor risk
- Understanding what it means to be resilient
- Incorporating testing exercises and adapting to changing environments
- Identifying key business functions and supply chain
- Tracing through affiliates and third parties
- Incorporating resilience programs with third party programs
- Aligning ability to deliver service with ability to manage resiliency
- Managing resilience in different structured work environments
Michael Casey, Americas Head of Outsourcing and Supplier Risk, UBS
10:50 Morning refreshment break and networking
BCM & DR – PANEL DISCUSSION
11:20 Maintaining resilience programs in a volatile environment and maintaining controls and oversight of outsourced services
- Managing vendors in business recovery mode
- Understanding which vendors are able to recover from stress events
- Approaches to analyze and assess recovery capabilities
- Reviewing changes in expectations as a result of the pandemic
- Regulatory drive for resiliency in critical third parties
- Adapting programs around security events in the industry
- Solar Winds and COVID-19 impacts
- Unwinding changes as a result of the pandemic without damaging resiliency
Preety Tulsian, Head of TPRM, Scotiabank
Justin K. Boehm, Senior Manager, Third Party Risk Banking and Capital Markets Leader, EY
Saqib Jamshed, MD, Model Risk Management, The OCC
CYBER SECURITY
12:00 Reviewing advances in the cyber threat landscape and lessons learnt from recent events
- Solar winds breach impact across the industry
- Reviewing maturity of hacks and capabilities of criminals
- Testing responses to cyber attacks
- Evolution of integrity attacks and defending against them
- Managing third party governance processes to mitigate the risk
- Contract terms to include notification of incidents
- Understanding exposure to breaches
- Increased attacks as a result of remote working and limited IT resources
Jeffrey Batt, Cyber Insurance Practice Leader, M&T Bank
12:35 Lunch break and luncheon roundtable discussions
1 – Diversity and inclusion across the supply chain
2 – Future outlook after COVID-19: Managing remote and hybrid environments
Reserved for Prevalent
3 – Resilience: Regulatory expectations and objective
Michael Casey, Americas Head of Outsourcing and Supplier Risk, UBS
4 – Managing increase in ransomware and response strategies
5 – External data providers: Integrating into program methodologies
Preety Tulsian, Head of TPRM, Scotiabank
NTH PARTY – SECURITY AND DATA
1:45 Managing and tracking data access across supply chain to maintain security and identify vulnerabilities
- Concentration risks of third parties outsourcing
- Privacy and confidentiality considerations across supply chain
- Increased incidents and breaches as a result of the pandemic
- Ensuring vendors and subcontractors are protecting data and aligning with cybersecurity standards
- Reviewing access to data requirements to fulfill contract provisions
NTH PARTY – REGULATION AND CONTROLS
2:20 Identifying fourth parties and beyond to track dependencies and mitigate risk of service failure
- Regulatory guidance on outsourcing and global variations
- Tracking incidents like Solar Winds to understand impact on supply chain
- Understanding supply chain and impact to services
- Changing contract language to incorporate critical outsourcing
- Contractual limitations to assess 4th parties
- Identifying fourth parties and determining location domestically or internationally
- Protecting data in the cloud or overseas to the same level as locally
- Treatment of too big to fail vendors
- Identifying those with systemic risks
CONCENTRATION RISK
2:55 Monitoring risks of concentration of vendors both across the industry and internal reliance across functions
- Reviewing types of concentration risk
- 4th parties, geographic, internal etc…
- Aggregating data to identify critical vendors and uses across different business groups
- Balancing concentration risk with quality of vendor and controls
- Systemic impact of some vendor failures
- Limited number of core vendors providing key services
- Risk of stress events to the industry
Olga Voytenko, MD, Third Party Risk Management, State Street
3:30 Afternoon refreshment break and networking
RISK ASSESSMENTS & DUE DILIGENCE
4:00 Developing real time insight for continuous monitoring of third parties
- Accuracy of data received from assessments
- Validating questionnaires with objective evidence
- Continuous monitoring between questionnaires
- Developing real time risk management and control processes
- Documentation for effective collaboration with third parties
- Obtaining due diligence documentation
- Enhancing questionnaires to capture risks of remote working
Alpa Inamdar, Head of Third Party Governance Advisory, BNY Mellon
FINANCIAL HEALTH
4:35 Approaches to monitor financial health of critical suppliers to mitigate risks of business disruption
- Approaches to accurately and effectively monitor the financial health
- Impact of COVID-19 on suppliers business model
- Ensuring critical suppliers are financially viable to survive pandemic and future events
- Contractual rights to current suppliers financials
- Trend analysis to understand financial viability
- Impact of mergers and acquisitions
BUSINESS APPETITE
5:10 Balancing increased appetite to outsource services whilst maintaining security and due diligence processes
- Appetite for faster approvals when onboarding
- Business accepting risk as business value is justified
- Streamlining processes to onboard critical service vendors faster
- Categorizing vendors based on risk
- Aligning processes with business objectives and appetite
- Increased demand as a result of COVID-19
Gregory Goldstein, VP, Head of Third Party Risk Management, Prudential Financial
5:45 Chair’s closing remarks
5:55 End of Congress

08:00 Breakfast and registration
08:50 Chair’s opening remarks
SYSTEM EFFICIENCY – PANEL DISCUSSION
9:00 Developing efficiencies to better manage the vendor life cycle from end to end
- Building a holistic view of data and risk
- Aligning business planning with risk and due diligence processes
- Collecting good data to drive decision making
- Feeding back into risk management processes
- Leveraging data to identify level of risk each vendor exposes the business to
- Identifying inherent risk in the relationship and residual risk after controls are in place
- Developing a centralized process to track inventory
- Identifying subsidiaries and multiple uses of one company
Melissa Mellen, Officer & Department Head of Policy, Analytics & Vendor Strategy, Federal Reserve Bank of New York
David Brown, Senior Product Manager, Riskonnect, Inc.
ESG – ENVIRONMENTAL
9:40 Developing sustainability agendas and monitoring third parties to align strategic objectives
- Developing sustainable environmental practices
- Practical application across relationships
- Reviewing third party environmental sustainability and carbon footprint
- Managing reputation risks as a result of third parties
- Incorporating climate change into strategy and current resilience programs
- Demonstrating environmental friendliness across supply chain
- Developing a climate financial risk road map
ESG – SOCIAL
10:15 Implementing transparency in supply chains to monitor social inclusion and regulations
- Social justice and inclusion agendas
- Managing chains from an operational, governance and compliance perspective
- Developing controls to identify a deterioration
- Measuring ESG data, metrics and scorecard
- Developing an industry scorecard to measure and compare
- Demonstrating transparency and reporting
- Monitoring for compliance with modern slavery and child labor forces
- Identifying diversity in supply chain – availability of information
Kenneth Wolckenhauer, VP, Vendor Management, Nordea Bank New York Branch
10:50 Morning refreshment break and networking
FINTECH
11:20 Assessing risk and managing treatment of fintech’s as a third party service provider
- Evaluating fintech third parties
- Fintech’s supplying technology with bank to committing transaction
- Developing a program for hybrid vendors
- Monitoring fintech relationships
- Exiting relationships with fintech’s if they are acquired
- Managing regulatory expectations for un-regulated institutions
George Kaniarasseril, VP, Third Party Risk Management, BNY Mellon
FINTECH CONTINUED
11:55 Assessing risk and managing treatment of fintech as a third party service provider
- How to address emerging privacy and cybersecurity risks in fintech services and technologies
- Best practices for limited use or pilot programs with fintech companies
- Developing a program for hybrid vendors
- Managing regulatory expectations for un-regulated institutions
- Contractual considerations to mitigate risk
- Identifying pitfalls in acquisitions
Erin Jane Illman, Partner and Fintech Practice Lead, Bradley Arant Boult Cummings LLP (Bradley)
Leah M. Campbell, Senior Attorney, Bradley Arant Boult Cummings LLP (Bradley)
12:30 Lunch break and luncheon roundtable discussions
1 – Alternative ways to manage TPRM programs and increasing efficiency
2 – Technology advances in TPRM
3 – Steps to build a TPRM program and third party inventory
Madiha Fatima, Director, Third Party Risk Management, Angelo Gordon
4 – Reporting to the Board – Granularity and language
5 – Managing inter entity and affiliate relationships
INNOVATION
1:45 Leveraging innovative solutions to increased risk through technology and automation
- Increased risk with IoT home devices and remote working
- Onboarding technology related engagements
- Adapting mindsets to incorporate new technologies
- Leveraging AI to drive efficiency and effectiveness
- Developing agility to keep up with advances
- Balancing risk with opportunity
- Assessing vendors use of technology including blockchain
- Assessing vendors that manage cryptocurrency
Bassel Korkor, MD, Head of Third Party Risk, Charles Schwab
INTER-ENTITY & AFFILIATE RELATIONSHIPS
2:20 Implementing effective due diligence and risk ranking processes for inter-entity and affiliates
- Segmentation and application of controls based on criticality of service
- Implementing effective oversight and monitoring processes
- Regulatory approach across regions
- Identifying risk and implementing controls to manage risk
2:55 Afternoon refreshment break and networking
PRIVACY & CLOUD
3:25 Assessing and allocating risk in the contract for the new ‘normal’
- Hybrid arrangements
- Privacy laws
- The cloud
- Force majeure
- Regulatory expectations
James McPherson, Director & Counsel, Credit Agricole Corporate & Investment Bank
ON-SITE ASSESSMENTS – PANEL DISCUSSION
4:15 The future of on-site assessments: Balancing cost vs. effectiveness to satisfy on-site assessment requirements
- Measuring risk and satisfying due diligence
- Investment vs. benefit of onsite assessments
- Consortium models for onsite due diligence
- Reliability of on-site assessment when events can change very quickly
- Regulatory expectations for on-site reviews and assessments after COVID-19
- Reviewing effectiveness of remote assessments
Olga Baldwin, Director, Vendor Risk Management, Sterling National Bank
Madiha Fatima, Director, Third Party Risk Management, Angelo Gordon
5:00 Chair’s closing remarks and end of Congress


Olga Baldwin
Director, Vendor Risk Management
Sterling National Bank

Michael Casey
Americas Head of Outsourcing and Supplier Risk
UBS

Gregory Goldstein
VP, Head of Third Party Risk Management
Prudential Financial

Alpa Inamdar
Head of Third Party Governance Advisory
BNY Mellon

Madiha Fatima
Director, Third Party Risk Management
Angelo Gordon

Melissa Mellen
Officer & Department Head of Policy, Analytics & Vendor Strategy
Federal Reserve Bank of New York

Roxane Romulus
Director, Third Party Risk Management
Voya Financial

Preety Tulsian
Head of TPRM
Scotiabank