8:00 Registration and breakfast

8:50 Chair’s opening remarks


9:00 Identifying regulatory expectations on a global level and integrating requirements under a unified framework

Session details 

  • Integrating all upcoming regulation into TPRM program
    • Staying abreast of all changes
  • Ensuring third parties have appropriate controls to comply with regulations
  • Interpreting guidance from NY DFS
    • Reviewing core requirements
    • Demonstrating compliance
  • Producing a TPRM program to align with all regulatory bodies
  • Leveraging internal teams to identify and comply with regulations
  • Responding to the upcoming inter-agency guidance
  • Keeping pace and staying compliant with the evolving world of banking
    • Utilizing fintechs & open banking

Donald Mones, Director Third Party Risk Management, MUFG

Shamial Afzal, Head of Supplier Management Governance, Legal & General Investment Management

Stuart Hoffman, Governance & Operational Risk Policy Analyst, OCC


9:45 Identifying critical third parties and ensuring compliance with contract set

Session details 

  • Reviewing critical third parties to comply with contract set
  • Monitoring and auditing terms and conditions from contract owner
  • Testing critical third parties to be in compliance with contract
  • Prioritizing compliance with the terms and conditions of critical third parties
  • Preparing an exit plan when a critical third party is in financial distress
    • Substituting a third party for minimal disruption
  • Prioritizing critical third parties
  • Understanding what contingency plans look like for critical vendors
  • Defining criticality for vendors

Tausif Khan, Associate Director, Third Party Risk, DTCC

Michael Rivas, Head of Third Party Risk, DTCC

10:20 Morning refreshment break and networking


10:50 Developing and testing exit plans in the event of a planned exit

Session details 

  • Application of exit planning
  • Testing exit plans
  • Allowing testing for stressed exit plans
  • Designing the exit plan
    • Including the right components when drafting the exit plan
  • Testing the value of exit plan with teams
  • Analyzing the weakest point of the exit plan

Olga Voytenko, Managing Director of Operational Resilience, Silicon Valley Bank


11:25 Mapping the supply chain to gain transparency and understand controls in place beyond fourth parties

Session details 

  • Creating a fourth party inventory
  • Understanding controls with fourth parties
  • Performing continuous monitoring on fourth parties
  • Managing and mitigating risks brought from fourth parties
  • Defining risk tolerance with fourth parties
  • Understanding when subcontractors controls have changed
    • Ensuring third parties have control on their subcontractors
  • Reviewing the expectation from regulators
  • Managing and tracking access to data

Michael Steinhoefel, Director Operational Risk Management, Barclays

Courtnee Smith, Vice President, Enterprise Supplier Management, Capital One 

Gregory Goldstein, Vice President, Strategic Global Partner Management, Prudential Financial tbc


12:10 Measuring concentration risks brought throughout the supply chain and how to address this

Session details 

  • Defining and limiting concentration risk for vendors
  • Understanding the level of risk appetite
  • Prioritizing concentration risks
  • Assessing benefits of technological advances for concentration risk
  • Assessing concentration risk of high impacts process with particular third parties
  • Understanding how to obtain subcontractor information to expand concentration risk

12:45 Lunch break and networking


1:45 Integrating ESG into third party risk practices and developing metrics to ensure compliance for both environmental & social risks

Session details 

  • Setting risk appetite for ESG when onboarding third parties
  • Integrating ESG processes without disrupting TPRM programs
  • Monitoring climate risk impact by third parties
  • Reviewing ESG compliance down the supply chain
  • Capturing and reporting metrics for diverse suppliers
  • Balancing approach to all proposed regulations
  • Expanding TPRM program to cover elements of sustainability
  • Getting value from the invest in ESG reporting and management
  • Incorporating ESG into vendor risk assessments

Ken Wolckenhauer, VP Vendor Management, Nordea Bank

Luis Grisales, SVP – Head of Vendor Risk Management & Vendor Onboarding, Blackstone


2:30 Reviewing the continued risks brought with high turnover throughout the supply chain

Session details 

  • Impacts brought to significant operations within TPRM
  • Finding a balance of hybrid work environment
  • Retaining and gaining talent that have technology capabilities
  • Attracting new talent to maintain a talented TPRM team
  • Gaining transparency with vendors about attrition risk
  • Observing vendors attrition and the response
  • Balancing working from home needs alongside data protection
  • Creating working from home policies for vendors 


3:05 Setting and governing appropriate risk appetite within third party risk program

Session details 

  • Governing risk appetite
  • Setting risk appetite
  • Reviewing business responses to setting limits
  • Working through business relationships and reviewing potential pushbacks
  • Embracing the meaning of appetite

3:40 Afternoon refreshment break and networking


4:10 Maturing the third party risk management program to bring efficiency and value to the business

Session details 

  • Designing a third party risk management program
  • Engaging the correct teams
  • Performing due diligence
  • Creating an efficient cost effective program
  • Utilizing technology to ensure an effective TPRM program
  • Having effective processes in place
  • Measuring cost savings brought through efficiency
  • Shifting from traditional due diligence questionnaires into real time monitoring
  • Ability to keep up with business and client demand
  • Having strategic relationships to help advance goals

Shamial Afzal, Head of Supplier Management Governance, Legal & General Investment Management


4:45 Relaying the correct information to the board to make informed decisions

Session details 

  • Understanding the ROI of a TPRM program
  • Participation of board meetings
  • Communicating TPRM program to enterprise and relationship managers
  • Efficient ways to report to the board and meet regulatory requirements

5:20 Chair’s closing remarks  

5:30 End of day one and drinks reception

8:00 Registration and breakfast

8:50 Chair’s opening remarks


9:00 Reviewing current cyber threats posed and mitigating these down the supply chain

Session details 

  • Handling potential data breaches
    • Notifying employees
  • Mitigating risk exposure that arises from data leaks
  • Knowing when to cut off vendors after multiple cyber breaches
  • Coordinating outreach to a vendor once an attack occurs
  • Working with vendors to mitigate cyber risks
  • Understanding how third and fourth parties are impacted by cyber breaches
  • Getting responses from fourth parties to understand exposure in a timely manner
  • Leveraging technology to keep up with the pace of change from attacks
    • Creating automated responses once a breach occurs
  • Understanding how vendors protect data from breaches

Nate Vanderheyden, Director, US Banks Cyber & Information Security, Morgan Stanley

Sandeep Bhide, VP of Product Management, ProcessUnity


9:45 Best practices for procuring and managing cyber insurance

Session details 

  • Understanding the value of cyber insurance
  • Leveraging the value of your cyber coverage during data breaches
  • Implementing continuous monitoring
  • Knowing your options if cyber insurance is reduced or removed
  • Evaluating supplier cyber insurance coverages and their limits
  • Appreciating the contractual interplay between indemnification, insurance, and Limitation of Liability

Andrew Moyad, Chief Executive Officer, Shared Assessments 

10:20 Morning refreshment break and networking


10:50 Mitigating potential exposures are third parties increase the move to using cloud

Session details 

  • Managing cloud security risks by third parties
  • Educating third parties to ensure the cloud is secure
  • Increasing awareness of leveraging the cloud securely to third parties
  • Risk rating cloud security
  • Performing continuous monitoring on cloud security
  • Reviewing vendor movement to cloud
  • Performing infosec and techarch when vendors move to the cloud


11:25 Ensuring visibility of data privacy with an increase of global regulations

Session details 

  • Understanding regulators priorities
  • Understanding where data is and who has it
  • Reviewing the jurisdiction that the data sits in
  • Offshoring data appropriately
  • Managing increased data exposures with people working globally
  • Systematically managing data privacy laws and ensuring vendors comply
  • Balancing resources working from home and complying with global data regulations
  • Complying with regulations when dealing with cross-border transactions
  • Advances with the data privacy act

12:00 Lunch break and networking


1:00 Reviewing contracts are being governed and adhered to by third parties after onboarding

Session details 

  • Ensuring contractual leverage when security events arise
  • Conducting annual due diligence
  • Reviewing the vendors once the contract is signed
  • Leveraging technology to assess vendors
    • Investing prior to a breach occurring
  • Implementing appropriate follow ups when identifying risk
    • Incorporating an audit clause into the contract when onboarding
  • Incorporating non-compliance triggers
  • Obtaining evidence that vendors have remediated

Rodney Campbell, Head of Third Party Risk Management, Valley Bank

Krystelle Bilodeau, Senior Director, Banking Operations & Risk, Bank of Canada

Melissa Mellen, Head of Third Party Risk Management, Federal Reserve Bank of New York

James Mcpherson, Director & Counsel, Credit Agricole


1:45 Implementing AI within third party programs to allow for automation of tasks and increase internal efficiency

Session details 

  • Investing in AI to automate more processes within TPRM
  • Increasing efficiency and time saving
  • Leveraging AI to perform due diligence and risk assessments
  • Tailoring reports to align with different regulators
  • Leveraging AI to produce standardized reports
  • Understanding potential updates with GRC
  • Leveraging technology to gain supplemental solutions
  • Understanding new technologies that are available
  • Automating processes with an increase of lay offs

2:20 Afternoon refreshment break and networking


2:50 Increasing collaboration with fintechs to advance third party programs whilst staying compliant with regulations

Session details 

  • Dealing with fintechs without compromising banks security risk
    • Regulated banks Vs unregulated fintechs
  • Implementing US regulations when onboarding global fintechs
  • Approaches to onboarding and managing fintechs
  • Understanding the balance between onboarding fintechs and risk appetite
  • Enforcing regulations to fintechs
  • Conducting appropriate due diligence on fintechs
  • Mitigating potential risks by educating fintechs
  • Staying mindful of services fintechs provide

Eli Enav, Director – Third Party Risk, Internal Audit, American Express


3:25 increasing collaboration and visibility between internal teams and vendors and utilizing technology to mitigate risks

Session details 

  • Utilizing internal and external tools without being disjointed
  • Collaboration internally and externally to operate on same platforms
  • Ensuring communication from front to back office
  • Managing risk between both sides
  • Operationalizing internal teams effectively
  • Tying together siloed activities
  • Understanding what stakeholders are involved to decision make
  • Allowing transparency and visibility when contracting
  • Gaining buy in from stakeholders
    • Aligning with TPRM and procurement teams

Olga Baldwin, VP, Vendor Management, Axoim Bank


4:00 Managing an increase with M&A activity and alignment of programs

Session details 

  • Reviewing challenges brought with M&A’s
  • Managing TPRM programs when going through M&A process
    • Building a plan for the transition
  • Increased scalability of vendors and performing risk assessments
  • Increased reliance on outsourcing post-covid
  • Manage current vendors and incorporating new vendors from M&A
  • Increase in concentration risk

Hugo Ramirez, SVP Director of Corporate Assurance – Internal Audit,  BBVA

4:35 Chair’s closing remarks

4:45 End of Congress