8:00 Registration and breakfast | 8:50 Chair’s Opening Remarks

Chaired by: Kimberley AllanCMO, Aravo


9:00 Reviewing the global regulatory environment and the future of regulation in financial services

Session details 

  • Finalization of OCC and Federal Reserve guidance
  • Reviewing changes on the horizon
  • Enhancements to guidance from regulators and what they mean
  • Cyber security and info sec regulations
  • Prescriptive nature of guidance
  • Reviewing the current regulatory environment
  • Changing expectations as a result of Covid
  • Implementing changes across a TPRM program

Olga VoytenkoMD, Head of Third Party Risk Management, State Street
Dr. Michelle Frasher, Sr. Director, Financial Crime Compliance Practice, Moody’s Analytics
Kristen SchneiderDirector of Risk Management, USAA
Alan DayChairman and Founder, State of Flux


9:45 Aligning third-party risk strategies across security, privacy, ethics and ESG

Session details 

  • Embedding risk domains into TPRM and procurement lifecycles
  • Collaboration across teams and disciplines to drive long term value
  • Increasing transparency and accountability
  • Developing a holistic approach to TPRM

Matthew Moog, General Manager, Third Party Risk Management, OneTrust

10:20 Morning refreshment break and networking


10:50 Delivering clarity - Building a business case for an integrated approach to third party risk management

Session details 

  • Communicate  the value of an integrated third-party risk management program to senior management
  • Examine barriers to communication with senior leaders and why is this can be difficult
  • Review impactful conversations and data points that senior management care most about
  • Determine the best way to frame value points with key stakeholders
  • Discuss takeaways to build your business case

Barbara-Ann Beohler, Regulatory Compliance Analyst, Aravo

11:25 Third Party Risk - Your responsibility, but not in your control

Session details 

This session will provide insight on how the TPRM practice has evolved, latest trends, challenges in standing up a program and how to overcome them without creating burdensome processes and large teams.

  • How to establish world class TPRM with limited resources
  • Challenges with setting up and maintaining a relevant program
  • Impact of the “Great Retirement”
  • Operating outside major metropolitan areas
  • Timely detection of risks
  • Reporting and Transparency of supplier risk

Peter Pernebo, MD, Global Head of Third Party Risk Management Solutions, KY3P, S&P Global


12:00 Lessons learnt from Covid-19: Updating and testing controls with evolving working environments

Session details 

  • Changes to due diligence processes with work from home models
  • Evaluating vendor controls with different working environments
  • Information security assessments across vendors
  • Resilience considerations
  • Privacy concerns with work from home
  • Monitoring locations of employees and vendors
  • Replacements for on-site assessments and future technology opportunities
  • Reviewing changes that will be continued in a post Covid environment
  • Updating terms and code of conduct to mitigate risk

Alpa Inamdar, Transformation Leader, AIG
Roxane Romulus, AVP, Third Party Risk Management, Voya Financial
Brian Shaw, Director of Financial Services Sales, Mirato

12:45 Lunch break and networking

1:45 Establishing TPRM function - Successes, challenges and lessons learned

Session details 

  • Session to come

Olivier Fleurence, Division Chief & Chief Procurement Officer (CPO), International Monetary Fund (IMF)
Suyog Peshkar, Section Chief, Third Party Risk Management (TPRM), International Monetary Fund (IMF)


2:20 Incorporating ESG into third party risk practices and developing metrics and scoring criteria to ensure compliance

Session details 

  • Ensuring sustainable energy practices across supply chain
  • Viewing as essential risk control areas: Documenting goals and policies to demonstrate action
  • Regulatory views and future of regulation
  • Developing a risk based approach for review and assessment
  • Managing carbon footprint an defining tolerance of carbon impact
  • Augmenting assessment process to include ESG concerns
  • Staffing requirements to implement change
  • Impact of limited data across the industry
    • Leveraging external data

Ken Wolckenhauer, VP, Vendor Management, Nordea Bank, New York Branch
Justin Boehm, Senior Manager, Consulting, EY
Keith FortsonVice President, ESG, Riskonnect, Inc.
Theodore Reynolds, Operational Risk Director, Third Party Risk Program Oversight, Wells Fargo


3:05 Incorporating diversity and inclusion reviews across all risk and onboarding processes

Session details 

  • Diversity and inclusion practice considerations across vendors
  • Protecting reputation working with certain companies and industries
  • How far to review third parties and outsourced services
  • Changes to decision making process and onboarding of new vendors
  • Monitoring supplier diversity
  • Managing in risk and procurement
  • MWBE – minority or women owned business/enterprise
  • Encouraging diversity in bid process

Marc Goldberg, Chief Customer Success Officer, Certa

3:40 Afternoon refreshment break and networking


4:10 IT supply chain management: Tactical approaches to secure SDLC management across the supply chain

Session details 

  • Understand the current landscape with regards to external supply chain risks and software (SDLC) dependencies
  • Introduce the recent NIST guidance on software supply chain risk management for procurement and technology/security professionals
  • Learn what organizations are doing about these types of Cyber and IT disruptions in terms of practical applications, e.g., relying on technology, data, cloud, and software development between organizations and their third-party vendors
  • Explore strategies for effective management and oversight in a remote/hybrid environment

Mike Pankey, Sr. Manager, Grant Thornton


4:45 Moving strategic sourcing within a third party risk framework for a holistic view

Session details 

  • Onboard processes for new vendors
  • Impact to strategy of the business
  • Identifying vendors that could benefit across the firm
  • Viewing the whole vendor population to drive strategy
    • Utilizing vendors for strategic benefit
  • Identifying vendor concentration
  • Getting senior management buy in

Patrick Potter, Risk Strategist, Archer

5:20 Chair’s closing remarks | 5:30 End of day one, followed by networking drinks reception

8:00 Registration and breakfast | 8:50 Chair’s Opening Remarks

Chaired by: Mike PankeySenior Manager, Grant Thornton


9:00 Reviewing the cyber threat landscape and mitigation tactics to limit vulnerabilities across vendors

Session details 

  • Dependence on vendor transparency with risk assessment and controls
  • Verifying controls in place: Adopting a trust but verify model
  • Verification and testing of patches before onboarding
  • Regulatory expectations and requirements for notification and communication
  • Understanding potential risk exposure across vendors
    • Custody and access to data
  • Monitoring vendors cyber health

Ryan LougheedDirector of Product Management, Onspring
Olivia KnightDirector, Vendor Risk Management, Natixis
Ondrej Krehel, Chief Scientist & Fellow, Cyber Risk & Resilience Services, SecurityScorecard
John Franchi, Former Senior Officer, Former CIA


9:45 Reviewing regulatory expectations for oversight of fourth parties and due diligence best practices

Session details 

  • Due diligence for effective oversight
  • Identifying critical fourth parties
  • Assessment through third party program vs. direct to fourth parties
  • Determining appropriate oversight for the business
  • Tying to incident response management
  • Maintaining visibility into fourth party risk
  • Managing limitations in assessments process
  • Limitations in availability of information

Preety Tulsian, Head of Third Party Risk US, Enterprise Risk, Scotiabank
Gregory Vinton, Director, US, Third Party Risk, Scotiabank

10:20 Morning refreshment break and networking


10:50 Managing expectations for management of fourth party risks

Session details 

  • Session to come

Gregory GoldsteinPrincipal, Enterprise Third Party Management, BNY Mellon
Tausif Khan, Associate Director, Third Party Risk Governance and Reporting, DTCC
Olga Baldwin, VP, Vendor Management, Axiom Bank


11:35 Identifying critical third parties and determining effective oversight requirements

Session details 

  • Defining critical in a third party risk perspective
  • Aligning with resilience
  • Additional oversight once critical vendors are identified
  • High inherent risk vs. high residual risk vs. critical third parties
  • Outlining criteria of what makes a vendor critical
  • Implementing a sustainable solution
  • Aligning perspectives across the business
  • Developing exit strategies to minimize the impact
  • Execution and preparation for exit strategies

Madiha Fatima, Director, Third Party Risk Management, Angelo Gordon

12:10 Lunch break and networking

Discussion on third party risk gaps highlighted by the BIS
Led by Michael Ciaccerelli, Head of Third Party Risk Management, Markets Group, Federal Reserve Bank of New York

Lessons learnt when overcoming challenges and creating efficient processes
Led by Olga Baldwin, VP, Vendor Management, Axiom Bank

Efficient board and management reporting
Led by Rob Haven, Director of Vendor Management, Renasant Bank

Biggest challenges in scaling and automating your TPRM program
Led by Mike Yaffe, CMO, Prevalent

How technology can enable your TRPM program; practical approaches
Led by Ryan Fox, GRC Sales Manager, US, Mitratech


1:35 Assessing risk and managing treatment of fintech as a third party service provider

Session details 

  • How to address emerging privacy and cybersecurity risks in fintech services and technologies
  • Best practices for limited use or pilot programs with fintech companies
  • Developing a program for hybrid vendors
  • Managing regulatory expectations for un-regulated institutions
  • Contractual considerations to mitigate risk
  • Identifying pitfalls in acquisitions

Erin Jane Illman, Partner and Fintech Practice Lead, Bradley Arant Boult Cummings LLP
Leah M. Campbell, Senior Attorney, Bradley Arant Boult Cummings LLP


2:10 Strategic Fintech partnerships: Finding the right fit

Session details 

  • Aligning fintech partnerships with strategic goals
  • Fintech due diligence & monitoring
  • Overcoming the fintech-banking language barrier
  • Managing relationships between fintech partners and internal and external stakeholders

Michael Berman, Founder & CEO, Ncontracts

2:45 Afternoon refreshment break and networking

3:15 Creating a successful long term partnership with a Fintech organization

Session details 

  • Fintech/Regtech third-party vendors: the benefits and risks involved
  • Setting the appropriate level of oversight
  • Creating a valuable partnership
  • Due diligence and evaluating the relationship

Frank Morisano, Former CRO, ICBC & Non-Executive Director, iSoftware4Banks, Inc
Ashley Ambrose, Senior Manager, Third Party & Merchant Oversight, Snap Finance
Shane Lieber, Director, Third Party & Merchant Oversight, Snap Finance


3:50 Managing heightened M&A activity and alignment of programs and expertise

Session details 

  • Challenges merging two programs
  • Transitioning to one single platform
  • Drawing the best of both programs
  • Retraining people to new program

Rob Haven, Director of Vendor Management, Renasant Bank

4:25 Chair’s closing remarks | 4:35 End of Vendor & Third Party Risk USA