Managing vendor and third party risk and ensuring resilience in an increasingly complex environment

8:00 Registration and breakfast

8:50 Chair’s opening remarks

REGULATION – PANEL DISCUSSION

9:00 Reviewing the global regulatory environment and the future of regulation in financial services

Session details 

  • Finalization of OCC and Federal Reserve guidance
  • Reviewing changes on the horizon
  • Enhancements to guidance from regulators and what they mean
  • Cyber security and info sec regulations
  • Prescriptive nature of guidance
  • Reviewing the current regulatory environment
  • Changing expectations as a result of Covid
  • Implementing changes across a TPRM program

Olga VoytenkoMD, Head of Third Party Risk Management, State Street
Michelle Frasher, Sr. Director, Financial Crime Compliance Practice, Moody’s Analytics
Kristen SchneiderDirector of Risk Management, USAA
Alan DayPresident and CEO, State of Flux

RESILIENCE

Aligning third-party risk strategies across security, privacy, ethics,
and ESG

Session details 

  • Embedding risk domains into TPRM and procurement lifecycles
  • Collaboration across teams and disciplines to drive long term value
  • Increasing transparency and accountability
  • Developing a holistic approach to TPRM

Matthew Moog, General Manager, Third Party Risk Management, OneTrust

10:20 Morning refreshment break and networking

BUSINESS CONTINUITY & RESILIENCE

10:50 Delivering clarity - Building a business case for an Integrated
approach to third party risk management

Session details 

  • Communicate the value of an integrated third-party risk management program to senior management
  • Examine barriers to communication with senior leaders and why is this can be difficult
  • Review impactful conversations and data points that senior management care most about
  •  Determine the best way to frame value points with key stakeholders
  • Discuss takeaways to build your business case

Barbara-Ann Beohler, Regulatory Compliance Analyst, Aravo

11:25 Third Party Risk - Your responsibility, but not in your control

Session details 

This session will provide insight on how the TPRM practice has evolved, latest trends, challenges in standing up a program and how to overcome them without creating burdensome processes and large teams.

  • How to establish world class TPRM with limited resources
  • Challenges with setting up and maintaining a relevant program
  • Impact of the “Great Retirement”
  • Operating outside major metropolitan areas
  • Timely detection of risks
  • Reporting and Transparency of supplier risk

Peter Pernebo, Global Head of Third Party Risk Solutions, KY3P, S&P Global

COVID-19 –  PANEL DISCUSSION

12:00 Lessons learnt from Covid-19: Updating and testing controls with evolving working environments

Session details 

  • Changes to due diligence processes with work from home models
  • Evaluating vendor controls with different working environments
  • Information security assessments across vendors
  • Resilience considerations
  • Privacy concerns with work from home
  • Monitoring locations of employees and vendors
  • Replacements for on-site assessments and future technology opportunities
  • Reviewing changes that will be continued in a post Covid environment
  • Updating terms and code of conduct to mitigate risk

Alpa Inamdar, Transformation Leader, AIG
Roxane Romulus, AVP, Third Party Risk Management, Voya Financial  
Brian Shaw, Director of Financial Services Sales, Mirato

12:45 Lunch break and networking

1:45 Establishing TPRM function - Successes, challenges and lessons learned

Session details 

  • Session to come

Olivier Fleurence, Division Chief & Chief Procurement Officer (CPO), International Monetary Fund (IMF)
Suyog Peshkar, Section Chief, Third Party Risk Management (TPRM), International Monetary Fund (IMF)

ESG – PANEL DISCUSSION

2:20 Incorporating ESG into third party risk practices and developing metrics and scoring criteria to ensure compliance

Session details 

  • Ensuring sustainable energy practices across supply chain
  • Viewing as essential risk control areas: Documenting goals and policies to demonstrate action
  • Regulatory views and future of regulation
  • Developing a risk based approach for review and assessment
  • Managing carbon footprint an defining tolerance of carbon impact
  • Augmenting assessment process to include ESG concerns
  • Staffing requirements to implement change
  • Impact of limited data across the industry
    • Leveraging external data

Ken Wolckenhauer, VP, Vendor Management, Nordea Bank, New York Branch
Justin Boehm, Senior Manager, Consulting, EY
Keith FortsonVice President, ESG, Riskonnect, Inc.

Theodore ReynoldsOperational Risk Director, Third Party Risk Program
Oversight
, Wells Fargo

SOCIAL/ESG

3:05 Incorporating diversity and inclusion reviews across risk and onboarding processes

Session details 

  • Diversity and inclusion practice considerations across vendors
  • Protecting reputation working with certain companies and industries
  • How far to review third parties and outsourced services
  • Changes to decision making process and onboarding of new vendors
  • Monitoring supplier diversity
  • Managing in risk and procurement
  • MWBE – minority or women owned business/enterprise
  • Encouraging diversity in bid process

Marc Goldberg, Chief Customer Success Officer, Certa

3:40 Afternoon refreshment break and networking

TECHNOLOGY

4:10 IT supply chain management: Tactical approaches to secure SDLC
management across the supply chain

Session details 

  • Understand the current landscape with regards to external supply chain risks
    and software (SDLC) dependencies
  • Introduce the recent NIST guidance on software supply chain risk management
    for procurement and technology/security professionals
  •  Learn what organizations are doing about these types of Cyber and IT
    disruptions in terms of practical applications, e.g., relying on technology, data,
    cloud, and software development between organizations and their third-party
    vendors
  • Explore strategies for effective management and oversight in a remote/hybrid
    environment

Mike Pankey, Sr. Manager, Grant Thornton

STRATEGIC SOURCING

4:45 Moving strategic sourcing within a third party risk framework for a holistic view

Session details 

  • Onboard processes for new vendors
  • Impact to strategy of the business
  • Identifying vendors that could benefit across the firm
  • Viewing the whole vendor population to drive strategy
    • Utilizing vendors for strategic benefit
  • Identifying vendor concentration
  • Getting senior management buy in

Patrick Potter, Risk Strategist, Archer

5:20 Chair’s closing remarks 

5:30 End of day one and networking drinks reception

8:00 Registration and breakfast

8:50 Chair’s opening remarks

Mike Pankey, Senior Manager, Grant Thornton

PANEL DISCUSSION – CYBER RISK

9:00 Reviewing the cyber threat landscape and mitigation tactics to
limit vulnerabilities across vendors

Session details 

  • Dependence on vendor transparency with risk assessment and controls
  • Verifying controls in place: Adopting a trust but verify model
  • Verification and testing of patches before onboarding
  •  Regulatory expectations and requirements for notification and communication
  • Understanding potential risk exposure across vendors
    • Custody and access to data
  • Monitoring vendors cyber health
  • Proactive risk mitigation and reactive recovery tools

Ryan Lougheed, Director of Product Management, Onspring
Olivia Knight, Director, Vendor Risk Management, Natixis  
Ondrej Krehel, Chief Scientist & Fellow, Cyber Risk & Resilience Services, SecurityScorecard

John Franchi, Former Senior Officer, Former CIA

FOURTH PARTY

9:45 Reviewing regulatory expectations for oversight of fourth parties and due diligence best practices

Session details 

  • Due diligence for effective oversight
  • Identifying critical fourth parties
  • Assessment through third party program vs. direct to fourth parties
  • Determining appropriate oversight for the business
  • Tying to incident response management
  • Maintaining visibility into fourth party risk
  • Managing limitations in assessments process
  • Limitations in availability of information

Preety Tulsian, Head of Third Party Risk US, Enterprise Risk, Scotiabank
Gregory Vinton, Director, US, Third Party Risk, Scotiabank  

10:20 Morning refreshment break and networking

FOURTH PARTY RISK – PANEL DISCUSSION

10:50 Managing expectations for management of fourth party risks

Gregory Goldstein, Principal, Enterprise Third Party Management, BNY Mellon
Tausif Khan, Associate Director, Third Party Risk Governance and
Reporting, Depository Trust and Clearing Corporation (DTCC)
Olga Baldwin, VP, Vendor Management, Axiom Bank

CRITICAL THIRD PARTIES


11:35 Identifying critical third parties and determining effective
oversight requirements

Session details 

  • Defining critical in a third party risk perspective
  •  Aligning with resilience
  • Additional oversight once critical vendors are identified
  • High inherent risk vs. high residual risk vs. critical third parties
  • Outlining criteria of what makes a vendor critical
  • Implementing a sustainable solution
  • Aligning perspectives across the business
  • Developing exit strategies to minimize the impact
  • Execution and preparation for exit strategies

Madiha Fatima, Director, Third Party Risk Management, Angelo Gordon

12:10 Lunch break and networking

Discussion on third party risk gaps highlighted by the BIS

Led by Michael Ciaccerelli, Head of Third Party Risk Management,
Markets Group,
Federal Reserve Bank of New York

Lessons learnt when overcoming challenges and creating efficient
processes

Led by Olga Baldwin, VP, Vendor Management, Axiom Bank

Efficient board and management reporting

Led by Rob Haven, Director of Vendor Management, Renasant Bank

Biggest challenges in scaling and automating your TPRM program

Led by Mike Yaffe, CMO, Prevalent

How technology can enable your TRPM program; practical approaches

Led by Ryan Fox, GRC Sales Manager, US, Mitratech

FINTECH

1:35 Assessing risk and managing treatment of fintech as a third party service provider

Session details 

  • How to address emerging privacy and cybersecurity risks in fintech services and technologies
  • Best practices for limited use or pilot programs with fintech companies
  • Developing a program for hybrid vendors
  • Managing regulatory expectations for un-regulated institutions
  • Contractual considerations to mitigate risk
  • Identifying pitfalls in acquisitions

Erin Jane Illman, Partner and Fintech Practice Lead, Bradley Arant Boult Cummings LLP
Leah M. Campbell, Senior Attorney, Bradley Arant Boult Cummings LLP

FINTECH CONTINUED

2:10 Strategic Fintech partnerships: Finding the right fit

Session details 

  • Aligning fintech partnerships with strategic goals
  • Fintech due diligence & monitoring
  • Overcoming the fintech-banking language barrier
  • Managing relationships between fintech partners and internal and external stakeholders

Michael Berman, Founder & CEO, Ncontracts

2:45 Afternoon refreshment break and networking

3:15 Creating a successful long term partnership with a Fintech
organization

Session details 

  • Fintech/Regtech third-party vendors: the benefits and risks involved
  •  Setting the appropriate level of oversight
  •  Creating a valuable partnership
  • Due diligence and evaluating the relationship 

Ashley Ambrose, Senior Manager, Third Party & Merchant Oversight, Snap Finance

Shane Lieber, Director, Third Party & Merchant Oversight, Snap Finance

Frank Morisano, Former CRO, ICBC & Non-Executive Director, iSoftware4Banks, Inc

MERGERS & ACQUISITIONS

4:00 Managing heightened M&A activity and alignment of programs and expertise

Session details 

  • Challenges merging two programs
  • Transitioning to one single platform
  • Drawing the best of both programs
  • Retraining people to new program

Rob Haven, Director of Vendor Management, Renasant Bank

4:25 Chair’s closing remarks

4:35 End of Congress