Vendor & Third Party Risk USA 2024 Agenda

Day One | June 5


Registration and breakfast


Chairs opening remarks

Day 1 Keynote Moderator: Dennis Frio, Managing Director: TPRM Practice Lead, PwC

9:00 – 9:45

Understanding and effectively managing multiple regulatory agendas and managing third party risk

  • Overcoming and managing risk in a space with a heavy focus on compliance
  • Reviewing the current regulatory expansion on third party risk
  • Realigning procedures and policies to meet regulatory demands
  • Fed requirements for increased governance on risk reporting
  • Reviewing SEC proposal for conflict of interest in the third party risk space
  • Basel committee consultation on outsourcing principles
  • Managing the NYDFS cybersecurity regulation
  • Finalization of FSB’s third party risk management toolkit

Melissa Mellen, Head of Third Party Risk Management, Federal Reserve Bank of New York; Third Party Risk Management Advisory Board member, CeFPro

Stuart Hoffman, Governance and Operational Risk Policy Analyst / Bank Examiner, OCC


Leveraging interagency guidance as a framework to effectively set up and manage third party risk management programs

  • Alignment and clear understanding of guidelines
  • Increased continuous monitoring requirements
  • Understanding the broader definition of a third party
  • Increased board oversight on critical relationships
  • Impact of guidance on smaller-mid-sized firms
  • Preparing for implementation deadline of inter-agency guidance
  • Impacted of guidance on current third party risk programs

Tausif Khan, Director, Third Party Risk, DTCC; Third Party Risk Management Advisory Board member, CeFPro


Morning refreshment break and networking


Reviewing evolving third party risk management to effectively address strategic risks

  • Identifying the impact of emerging strategic risks for third party risk management
    • Geopolitical, cloud concentration, resilience, data protection
  • Understanding the disruption and delays of strategic risk on third party risk management
  • Importance of approaching strategic risks holistically
  • Establishing risk appetite for strategic risks taking
  • Overcoming a lack of clarity around outsourcing trade offs

Stefan Smith, Director, Enterprise Risk Office and Head of Third Party Risk, Bank of Canada


Reviewing the technology landscape and its impact on the resilience of third party risk

  • Managing enhanced technology requirements requiring more timely and transparent reporting
  • Exploring new technologies to improve efficiencies
  • Timeliness of notification of technology subcontractors in the supply chain
  • Increased concern of technology outsourcing longer chains and widely spread risks
  • Data challenges of using vendor technology
  • Pushback from technology suppliers on what data they are willing to share

Scot Lynch, Executive Director, Morgan Stanley


Chair’s closing remarks & networking drinks reception 

Day Two | June 6


Registration and breakfast


Chairs opening remarks

Day 2 Keynote Moderator: Etai Hochman, CTO & Co-founder, Mirato

9:00 – 9:45

Assessing the impact of global volatility on third parties and managing uncertainty

  • Understanding how geopolitical risks are impacting global and regional supply chains
  • Carrying out geopolitical analysis on where your third parties are centered
  • Assessing why geopolitical risk have been overlooked by firms
  • Impact of geopolitical conflicts on vendor services provided
  • Anticipating how future geopolitical crisis can impact your firm
  • Reviewing the impact of the 2024 US election result on vendor and TPRM programs
  • Mitigating the impact of increased geopolitical risks

Kristen Schneider, Director, Business Strategy and Planning, USAA

Nita Kohli, Board Advisor & former Global Head of Enterprise Resilience, Citi

Roger Parsley, Managing Director, First Line Risk and Control, State Street

9:45 – 10:20

Enhancing board reporting and defining information required to communicate risk

  • Regulatory influence on how firms report to the board
  • Leveraging due diligence to better report to the board
  • Assessing what risks are considered a board level concern
  • Reporting residual risk from vendors to the board
  • Efficiently reporting important information to ensure the board can make strategic decisions
  • Difficulty of creating processes around board approvals

Karina Volvovsky, Senior Vice President, Business Control Officer for Entertainment, City National Bank


Morning refreshment break and networking


Day 2 TPRM Moderator: Nicholas Kula, Global TPRM and Resilience Leader, Archer


Reviewing the evolving AI landscape and oversight of use of AI by third parties

  • Reviewing the evolving AI landscape and use of AI by third parties
  • Importance and difficulties with validating AI use by vendors
  • Data privacy concerns with the use of AI by third parties
  • Ensuring governance on AI use by third parties and vendors
  • Effectively integrating AI into the vendor risk management process
  • Monitoring the use of AI across the supply chain
  • Anticipating laws and legislation on the horizon
  • Ensuring solutions meet with policies and risk tolerances

Dolly Singh, MD, Global Head of Third Party Oversight, JPMorgan Chase

Sonia Jarvis, Director, Quantitative Modeling, Fannie Mae

Sri Intan, Head of Vendor Risk Management for North America, Commerzbank AG


Artificial Intelligence within TPRM

  • Why AI for TPRM?

  • Who cares and why?

  • Concerns with AI, how to address them.

  • Practical applications, use cases, benefits.

  • How and where to get started?

Brian Shaw, SVP Strategic Accounts, Certa

Day 2 Resilience Stream Moderator: Etai Hochman, CTO & Co-Founder, Mirato


Enhancing exit strategies in the event of planned and unplanned exits

  • Ensuring effective design of an exit strategy
  • Understanding the importance of developing exit strategies
  • Incorporating geopolitical conflicts into exit strategies
  • Assessing business continuity of third parties when exit planning
  • Effectively aligning risk appetite when exit planning
  • Determining stress points of an exit plan

Rick Cech, Senior Bank Manager, Federal Reserve Bank of New York

David LaFalce, Managing Director, Strategy, Planning and Transformation, Wells Fargo

Shamial Afzal, Global Head of Strategic Supplier Oversight, Legal & General Investment Management  (LGIM)


Are you covered for eDLP risks: Strategies for managing compliance and data security with hybrid and remote third parties

  • Introducing enhanced data loss prevention.
  • Assessing the risks associated with third-party vendors.
  • Balancing benefits and risks of remote third-party teams.
  • Effective strategies for managing compliance and data security

Rajnish Kumar, CEO, RemoteDesk


Lunch break and networking

Day 2 Afternoon Moderator: Nicholas Kula, Global TPRM and Resilience Leader, Archer

1:10 – 1:55

Effectively monitoring cyber threats across the supply chain to drive resilience

  • Assessing if providers are effectively protecting confidential information against cyber attacks
  • Obtaining timely and accurate security information from third party vendors
  • Importance of continuous monitoring of cyber risks
  • Managing cyber security stresses across third parties
  • Importance of data use to combat cyber attacks
  • Ensuring cybersecurity resilience
  • Benefits on partnering with vendors and sharing technologies
  • Impact of SEC guidance on CISO’s

Tomer Roizman, CTO, Lema

Tom Kartanowicz, CISO, Europe and Americas, Standard Chartered Bank

Grace Gair, Director, Technology Risk Management, Capital One

1:55 – 2:20

Utilizing due diligence assessments as a tool to better understand and manage risk

  • Defining a standard of effective due diligence on firms
  • Moving away from a ‘one size fits all’ approach
  • Wider regulatory expectation when carrying out due diligence
  • Importance of timely information when conducting due diligence
  • Leveraging AI to better carry out due diligence
  • Overcoming lack of cooperation to obtain data
  • Raised due diligence concern with increased technology outsourcing
  • Focusing on inherent risks of vendors when carrying out due diligence

Brennan Lodge, Former Head of Analytics Engines, Cybersecurity, HSBC


Afternoon refreshment break

2:50 – 3:35

Assessing the current ESG landscape and understanding what it means for vendors and third party risk programs

  • Addressing a lack of legislation and guidance on ESG
  • Restriction ESG is putting on outsourcing activities
  • Impact of ESG in the context of responsible supply chain
  • Balancing level of protection and service whilst ensuring supplier diversity
  • Identifying verifiable data points

Ken Wolckenhauer, Head of Vendor Risk, Nordea Bank

Donovan Tanner, Director, Third Party Relationship Management, USAA

Andrew Moyad, CEO, Shared Assessments

3:35 – 4:10

Importance of continuous monitoring to move beyond point in time assessments

  • Assessing best practice within the industry
  • Ensuring data quality and availability for continuous monitoring tools
  • Leveraging to better identify vulnerabilities in vendor data
  • Extracting value from continuous monitoring
  • Comparing effectiveness of continuous monitoring with due diligence
  • Use of continuous monitoring to identify threat intelligence

Patricia Catharino, Head of Risk Management & Internal Controls, U.S. and Caribbean, SVP,Banco Itau International;NFR Leaders Advisory Board member, CeFPro


Chairs closing remarks and end of Convention