Vendor & Third Party Risk USA Agenda
Day Two | June 8
8:00-8:50
Registration and breakfast
8:50-9:00
Chairs opening remarks
Day two moderator: Peter Pernebo, Managing Director, Global Head of Third Party Risk Management Solutions, KY3P®, S&P Global Market Intelligence
9:00-9:45
CYBER SECURITY – PANEL DISCUSSION
Reviewing current cyber threats posed and mitigating these down the supply chain
- Handling potential data breaches
- Notifying employees
- Mitigating risk exposure that arises from data leaks
- Knowing when to cut off vendors after multiple cyber breaches
- Coordinating outreach to a vendor once an attack occurs
- Working with vendors to mitigate cyber risks
- Understanding how third and fourth parties are impacted by cyber breaches
- Getting responses from fourth parties to understand exposure in a timely manner
- Leveraging technology to keep up with the pace of change from attacks
- Creating automated responses once a breach occurs
- Understanding how vendors protect data from breaches
Nate Vanderheyden, Executive Director, US Banks Cyber & Information Security, Morgan Stanley
Andrew Egoroff, Senior Cybersecurity Specialist, ProcessUnity
Mike Jawetz, Director, Solution Architecture, CyberGRX
Madiha Fatima, Executive Director – Operational & Outsourcing Risk, JP Morgan
9:45-10:20
CYBER INSURANCE
Best practices for procuring and managing cyber insurance
- Understanding the value of cyber insurance
- Leveraging the value of your cyber coverage during data breaches
- Implementing continuous monitoring
- Knowing your options if cyber insurance is reduced or removed
- Evaluating supplier cyber insurance coverages and their limits
- Appreciating the contractual interplay between indemnification, insurance, and Limitation of Liability
Andrew Moyad, Chief Executive Officer, Shared Assessments
10:20-10:50
Morning refreshment break and networking
10:50-11:25
CYBER
Best practices for a world class third-party cyber risk program
- Rapidly identify vulnerabilities or concentration risk across third party vendors
- Learn which security issues are most correlated with breach likelihood so you can focus oversight in critical areas
- Understand how continuous monitoring techniques can help alert you to risks
- Identify strategies to engage with third party vendors that will lead to measurable risk reduction
Vanessa Jankowski, Senior Vice President & General Manager, TPRM & CNI, Bitsight
11:25-12:00
AI & TPRM
Implementing AI within third party programs to allow for automation of tasks and increase internal efficiency
- Collaborate with vendors to drive a trusted third-party risk management program
- Leverage trusted security data to make faster and smarter decisions about their vendors
- Proactively engage with third parties who have poor cybersecurity posture to prevent breach
Larry Slusser, Vice President Global Head Professional services Delivery, SecurityScorecard
12:00-1:00
Lunch break and networking
A series of informal roundtable discussions, chaired by industry professionals, which are optional and outside of the event structure. Engage with peers on a topical subject of your choice over lunch.
- Managing a TPRM program when going through M&A process
Hugo Ramirez, SVP BBVA US Internal Audit responsible for Governance, Transactional & Fraud Risks and TPRM, BBVA - The “contract checklist”: risk vs regulatory expectations
James Mcpherson, Director & Counsel, Credit Agricole - Affiliate reviews – when you vendor isn’t 3rd party
Carolyn Handley, Head of Vendor Due Diligence & Monitoring – NA Investments, Global Investment Center, Aon - Managing reputational risk of third parties
Thomas Brandt, Chief Risk Officer/Director, Office of Planning and Risk, Federal Retirement Thrift Investment Board - Integrating ESG into third party risk practices
Ken Wolckenhauer, VP, Vendor Management, Nordea Bank
1:00-1:45
GLOBAL REGULATIONS – PANEL DISCUSSION
Identifying regulatory expectations on a global level and integrating requirements under a unified framework
- Integrating all upcoming regulation into TPRM program
- Staying abreast of all changes
- Ensuring third parties have appropriate controls to comply with regulations
- Interpreting guidance from NY DFS
- Reviewing core requirements
- Demonstrating compliance
- Producing a TPRM program to align with all regulatory bodies
- Leveraging internal teams to identify and comply with regulations
- Responding to the upcoming inter-agency guidance
- Keeping pace and staying compliant with the evolving world of banking
- Utilizing fintechs & open banking
Donald Mones, VP Compliance, Head of Third Party Risk, Brown Brothers Harriman & Co.
Shamial Afzal, Head of Supplier Management Governance, Legal & General Investment Management
Stuart Hoffman, Governance & Operational Risk Policy Analyst, OCC
Cyril Korenbeusser, Chief Resilience Officer, BNP Paribas CIB
1:45-2:20
What are the prudential regulators saying about fintech partnerships
- Background: The historic role of banks as depositors, lenders, and transacting processors
- FinTechs as service providers
- FinTechs as bank “partners”
- Benefits to banks
- Controversy
- Money transmitter laws
- Reviewing where institutions stand now
- Comments from Fed, FDIC, OCC
- Types of products
- Reviewing recommendations for future
Leah Campbell, Counsel, Bradley Arant Boult Cummings LLP
Jera Bradshaw, Counsel, Bradley Arant Boult Cummings LLP
2:20-2:50
Afternoon refreshment break and networking
2:50-3:25
COLLABORATION
Increasing collaboration and visibility between internal teams and vendors and utilizing technology to mitigate risks
- Utilizing internal and external tools without being disjointed
- Collaboration internally and externally to operate on same platforms
- Ensuring communication from front to back office
- Managing risk between both sides
- Operationalizing internal teams effectively
- Tying together siloed activities
- Understanding what stakeholders are involved to decision make
- Allowing transparency and visibility when contracting
- Gaining buy in from stakeholders
- Aligning with TPRM and procurement teams
Olga Baldwin, VP, Vendor Management, Axiom Bank
3:25-4:00
M&A
Managing an increase with M&A activity and alignment of programs
- Reviewing challenges brought with M&A’s
- Managing TPRM programs when going through M&A process
- Building a plan for the transition
- Increased scalability of vendors and performing risk assessments
- Increased reliance on outsourcing post-covid
- Manage current vendors and incorporating new vendors from M&A
- Increase in concentration risk
Hugo Ramirez, SVP BBVA US Internal Audit responsible for Governance, Transactional & Fraud Risks and TPRM, BBVA
4:00-4:10
Chair’s closing remarks
4:10
End of Congress