Vendor & Third Party Risk USA Agenda

Day Two | June 8


Registration and breakfast


Chairs opening remarks

Day two moderator: Peter PerneboManaging Director, Global Head of Third Party Risk Management Solutions, KY3P®, S&P Global Market Intelligence


Reviewing current cyber threats posed and mitigating these down the supply chain

  • Handling potential data breaches
  • Notifying employees
  • Mitigating risk exposure that arises from data leaks
  • Knowing when to cut off vendors after multiple cyber breaches
  • Coordinating outreach to a vendor once an attack occurs
  • Working with vendors to mitigate cyber risks
  • Understanding how third and fourth parties are impacted by cyber breaches
  • Getting responses from fourth parties to understand exposure in a timely manner
  • Leveraging technology to keep up with the pace of change from attacks
  • Creating automated responses once a breach occurs
  • Understanding how vendors protect data from breaches

Nate Vanderheyden, Executive Director, US Banks Cyber & Information Security, Morgan Stanley

Andrew Egoroff,  Senior Cybersecurity Specialist, ProcessUnity

Mike Jawetz, Director, Solution Architecture, CyberGRX

Madiha Fatima, Executive Director – Operational & Outsourcing Risk, JP Morgan


Best practices for procuring and managing cyber insurance

  • Understanding the value of cyber insurance
  • Leveraging the value of your cyber coverage during data breaches
  • Implementing continuous monitoring
  • Knowing your options if cyber insurance is reduced or removed
  • Evaluating supplier cyber insurance coverages and their limits
  • Appreciating the contractual interplay between indemnification, insurance, and Limitation of Liability

Andrew MoyadChief Executive Officer, Shared Assessments


Morning refreshment break and networking


Best practices for a world class third-party cyber risk program

  • Rapidly identify vulnerabilities or concentration risk across third party vendors
  • Learn which security issues are most correlated with breach likelihood so you can focus oversight in critical areas
  • Understand how continuous monitoring techniques can help alert you to risks
  • Identify strategies to engage with third party vendors that will lead to measurable risk reduction

Vanessa JankowskiSenior Vice President & General Manager, TPRM & CNI, Bitsight


Implementing AI within third party programs to allow for automation of tasks and increase internal efficiency

  • Collaborate with vendors to drive a trusted third-party risk management program
  • Leverage trusted security data to make faster and smarter decisions about their vendors
  • Proactively engage with third parties who have poor cybersecurity posture to prevent breach

Larry SlusserVice President Global Head Professional services Delivery, SecurityScorecard


Lunch break and networking

A series of informal roundtable discussions, chaired by industry professionals, which are optional and outside of the event structure. Engage with peers on a topical subject of your choice over lunch.

  • Managing a TPRM program when going through M&A process
    Hugo RamirezSVP BBVA US Internal Audit responsible for Governance, Transactional & Fraud Risks and TPRMBBVA
  • The “contract checklist”: risk vs regulatory expectations
    James Mcpherson, Director & Counsel, Credit Agricole
  • Affiliate reviews – when you vendor isn’t 3rd party
    Carolyn Handley, Head of Vendor Due Diligence & Monitoring – NA Investments, Global Investment Center, Aon
  • Managing reputational risk of third parties
    Thomas BrandtChief Risk Officer/Director, Office of Planning and Risk, Federal Retirement Thrift Investment Board
  • Integrating ESG into third party risk practices
    Ken WolckenhauerVP, Vendor Management, Nordea Bank


Identifying regulatory expectations on a global level and integrating requirements under a unified framework

  • Integrating all upcoming regulation into TPRM program
  • Staying abreast of all changes
  • Ensuring third parties have appropriate controls to comply with regulations
  • Interpreting guidance from NY DFS
  • Reviewing core requirements
  • Demonstrating compliance
  • Producing a TPRM program to align with all regulatory bodies
  • Leveraging internal teams to identify and comply with regulations
  • Responding to the upcoming inter-agency guidance
  • Keeping pace and staying compliant with the evolving world of banking
  • Utilizing fintechs & open banking

Donald Mones, VP Compliance, Head of Third Party Risk, Brown Brothers Harriman & Co.

Shamial Afzal, Head of Supplier Management Governance, Legal & General Investment Management

Stuart Hoffman, Governance & Operational Risk Policy Analyst, OCC

Cyril Korenbeusser, Chief Resilience Officer, BNP Paribas CIB


What are the prudential regulators saying about fintech partnerships

  • Background: The historic role of banks as depositors, lenders, and transacting processors
  • FinTechs as service providers
  • FinTechs as bank “partners”
    • Benefits to banks
    • Controversy
    • Money transmitter laws
  • Reviewing where institutions stand now
    • Comments from Fed, FDIC, OCC
    • Types of products
  • Reviewing recommendations for future

Leah CampbellCounsel, Bradley Arant Boult Cummings LLP

Jera BradshawCounsel, Bradley Arant Boult Cummings LLP


Afternoon refreshment break and networking


Increasing collaboration and visibility between internal teams and vendors and utilizing technology to mitigate risks

  • Utilizing internal and external tools without being disjointed
  • Collaboration internally and externally to operate on same platforms
  • Ensuring communication from front to back office
  • Managing risk between both sides
  • Operationalizing internal teams effectively
  • Tying together siloed activities
  • Understanding what stakeholders are involved to decision make
  • Allowing transparency and visibility when contracting
  • Gaining buy in from stakeholders
  • Aligning with TPRM and procurement teams

Olga BaldwinVP, Vendor Management, Axiom Bank


Managing an increase with M&A activity and alignment of programs

  • Reviewing challenges brought with M&A’s
  • Managing TPRM programs when going through M&A process
  • Building a plan for the transition
  • Increased scalability of vendors and performing risk assessments
  • Increased reliance on outsourcing post-covid
  • Manage current vendors and incorporating new vendors from M&A
  • Increase in concentration risk

Hugo Ramirez, SVP BBVA US Internal Audit responsible for Governance, Transactional & Fraud Risks and TPRM, BBVA


Chair’s closing remarks


End of Congress