8:00 Registration and breakfast | 8:50 Chair’s Opening Remarks
Chaired by: Kimberley Allan, CMO, Aravo
REGULATION – PANEL DISCUSSION
Session details
- Finalization of OCC and Federal Reserve guidance
- Reviewing changes on the horizon
- Enhancements to guidance from regulators and what they mean
- Cyber security and info sec regulations
- Prescriptive nature of guidance
- Reviewing the current regulatory environment
- Changing expectations as a result of Covid
- Implementing changes across a TPRM program
Olga Voytenko, MD, Head of Third Party Risk Management, State Street
Dr. Michelle Frasher, Sr. Director, Financial Crime Compliance Practice, Moody’s Analytics
Kristen Schneider, Director of Risk Management, USAA
Alan Day, Chairman and Founder, State of Flux
RESILIENCE
Session details
- Embedding risk domains into TPRM and procurement lifecycles
- Collaboration across teams and disciplines to drive long term value
- Increasing transparency and accountability
- Developing a holistic approach to TPRM
Matthew Moog, General Manager, Third Party Risk Management, OneTrust
10:20 Morning refreshment break and networking
BUSINESS CONTINUITY & RESILIENCE
Session details
- Communicate the value of an integrated third-party risk management program to senior management
- Examine barriers to communication with senior leaders and why is this can be difficult
- Review impactful conversations and data points that senior management care most about
- Determine the best way to frame value points with key stakeholders
- Discuss takeaways to build your business case
Barbara-Ann Beohler, Regulatory Compliance Analyst, Aravo
Session details
This session will provide insight on how the TPRM practice has evolved, latest trends, challenges in standing up a program and how to overcome them without creating burdensome processes and large teams.
- How to establish world class TPRM with limited resources
- Challenges with setting up and maintaining a relevant program
- Impact of the “Great Retirement”
- Operating outside major metropolitan areas
- Timely detection of risks
- Reporting and Transparency of supplier risk
Peter Pernebo, MD, Global Head of Third Party Risk Management Solutions, KY3P, S&P Global
COVID-19 – PANEL DISCUSSION
Session details
- Changes to due diligence processes with work from home models
- Evaluating vendor controls with different working environments
- Information security assessments across vendors
- Resilience considerations
- Privacy concerns with work from home
- Monitoring locations of employees and vendors
- Replacements for on-site assessments and future technology opportunities
- Reviewing changes that will be continued in a post Covid environment
- Updating terms and code of conduct to mitigate risk
Alpa Inamdar, Transformation Leader, AIG
Roxane Romulus, AVP, Third Party Risk Management, Voya Financial
Brian Shaw, Director of Financial Services Sales, Mirato
12:45 Lunch break and networking
Session details
- Session to come
Olivier Fleurence, Division Chief & Chief Procurement Officer (CPO), International Monetary Fund (IMF)
Suyog Peshkar, Section Chief, Third Party Risk Management (TPRM), International Monetary Fund (IMF)
ESG – PANEL DISCUSSION
Session details
- Ensuring sustainable energy practices across supply chain
- Viewing as essential risk control areas: Documenting goals and policies to demonstrate action
- Regulatory views and future of regulation
- Developing a risk based approach for review and assessment
- Managing carbon footprint an defining tolerance of carbon impact
- Augmenting assessment process to include ESG concerns
- Staffing requirements to implement change
- Impact of limited data across the industry
- Leveraging external data
Ken Wolckenhauer, VP, Vendor Management, Nordea Bank, New York Branch
Justin Boehm, Senior Manager, Consulting, EY
Keith Fortson, Vice President, ESG, Riskonnect, Inc.
Theodore Reynolds, Operational Risk Director, Third Party Risk Program Oversight, Wells Fargo
SOCIAL/ESG
Session details
- Diversity and inclusion practice considerations across vendors
- Protecting reputation working with certain companies and industries
- How far to review third parties and outsourced services
- Changes to decision making process and onboarding of new vendors
- Monitoring supplier diversity
- Managing in risk and procurement
- MWBE – minority or women owned business/enterprise
- Encouraging diversity in bid process
Marc Goldberg, Chief Customer Success Officer, Certa
3:40 Afternoon refreshment break and networking
TECHNOLOGY
Session details
- Understand the current landscape with regards to external supply chain risks and software (SDLC) dependencies
- Introduce the recent NIST guidance on software supply chain risk management for procurement and technology/security professionals
- Learn what organizations are doing about these types of Cyber and IT disruptions in terms of practical applications, e.g., relying on technology, data, cloud, and software development between organizations and their third-party vendors
- Explore strategies for effective management and oversight in a remote/hybrid environment
Mike Pankey, Sr. Manager, Grant Thornton
STRATEGIC SOURCING
Session details
- Onboard processes for new vendors
- Impact to strategy of the business
- Identifying vendors that could benefit across the firm
- Viewing the whole vendor population to drive strategy
- Utilizing vendors for strategic benefit
- Identifying vendor concentration
- Getting senior management buy in
Patrick Potter, Risk Strategist, Archer
5:20 Chair’s closing remarks | 5:30 End of day one, followed by networking drinks reception
8:00 Registration and breakfast | 8:50 Chair’s Opening Remarks
Chaired by: Mike Pankey, Senior Manager, Grant Thornton
CYBER RISK – PANEL DISCUSSION
Session details
- Dependence on vendor transparency with risk assessment and controls
- Verifying controls in place: Adopting a trust but verify model
- Verification and testing of patches before onboarding
- Regulatory expectations and requirements for notification and communication
- Understanding potential risk exposure across vendors
- Custody and access to data
- Monitoring vendors cyber health
Ryan Lougheed, Director of Product Management, Onspring
Olivia Knight, Director, Vendor Risk Management, Natixis
Ondrej Krehel, Chief Scientist & Fellow, Cyber Risk & Resilience Services, SecurityScorecard
John Franchi, Former Senior Officer, Former CIA
FOURTH PARTY
Session details
- Due diligence for effective oversight
- Identifying critical fourth parties
- Assessment through third party program vs. direct to fourth parties
- Determining appropriate oversight for the business
- Tying to incident response management
- Maintaining visibility into fourth party risk
- Managing limitations in assessments process
- Limitations in availability of information
Preety Tulsian, Head of Third Party Risk US, Enterprise Risk, Scotiabank
Gregory Vinton, Director, US, Third Party Risk, Scotiabank
10:20 Morning refreshment break and networking
FOURTH PARTY RISK – PANEL DISCUSSION
Session details
- Session to come
Gregory Goldstein, Principal, Enterprise Third Party Management, BNY Mellon
Tausif Khan, Associate Director, Third Party Risk Governance and Reporting, DTCC
Olga Baldwin, VP, Vendor Management, Axiom Bank
CRITICAL THIRD PARTIES
Session details
- Defining critical in a third party risk perspective
- Aligning with resilience
- Additional oversight once critical vendors are identified
- High inherent risk vs. high residual risk vs. critical third parties
- Outlining criteria of what makes a vendor critical
- Implementing a sustainable solution
- Aligning perspectives across the business
- Developing exit strategies to minimize the impact
- Execution and preparation for exit strategies
Madiha Fatima, Director, Third Party Risk Management, Angelo Gordon
12:10 Lunch break and networking
Discussion on third party risk gaps highlighted by the BIS
Led by Michael Ciaccerelli, Head of Third Party Risk Management, Markets Group, Federal Reserve Bank of New York
Lessons learnt when overcoming challenges and creating efficient processes
Led by Olga Baldwin, VP, Vendor Management, Axiom Bank
Efficient board and management reporting
Led by Rob Haven, Director of Vendor Management, Renasant Bank
Biggest challenges in scaling and automating your TPRM program
Led by Mike Yaffe, CMO, Prevalent
How technology can enable your TRPM program; practical approaches
Led by Ryan Fox, GRC Sales Manager, US, Mitratech
FINTECH
Session details
- How to address emerging privacy and cybersecurity risks in fintech services and technologies
- Best practices for limited use or pilot programs with fintech companies
- Developing a program for hybrid vendors
- Managing regulatory expectations for un-regulated institutions
- Contractual considerations to mitigate risk
- Identifying pitfalls in acquisitions
Erin Jane Illman, Partner and Fintech Practice Lead, Bradley Arant Boult Cummings LLP
Leah M. Campbell, Senior Attorney, Bradley Arant Boult Cummings LLP
FINTECH CONTINUED
Session details
- Aligning fintech partnerships with strategic goals
- Fintech due diligence & monitoring
- Overcoming the fintech-banking language barrier
- Managing relationships between fintech partners and internal and external stakeholders
Michael Berman, Founder & CEO, Ncontracts
2:45 Afternoon refreshment break and networking
Session details
- Fintech/Regtech third-party vendors: the benefits and risks involved
- Setting the appropriate level of oversight
- Creating a valuable partnership
- Due diligence and evaluating the relationship
Frank Morisano, Former CRO, ICBC & Non-Executive Director, iSoftware4Banks, Inc
Ashley Ambrose, Senior Manager, Third Party & Merchant Oversight, Snap Finance
Shane Lieber, Director, Third Party & Merchant Oversight, Snap Finance
MERGERS & ACQUISITIONS
Session details
- Challenges merging two programs
- Transitioning to one single platform
- Drawing the best of both programs
- Retraining people to new program
Rob Haven, Director of Vendor Management, Renasant Bank
4:25 Chair’s closing remarks | 4:35 End of Vendor & Third Party Risk USA
