Vendor & Third Party Risk Europe agenda
Day One | June 12
8:00-8:50
Registration and breakfast
8:50-9:00
Chairs opening remarks
Day one moderator: Wayne Scott, Regulatory Compliance Lead, Escode (Part of NCC Group)
9:00-9:35
REGULATION
Balancing compliance with risk management in an increasingly complex regulatory environment
- Reviewing the regulatory landscape over the next 2 years
- Aligning business processes with regulatory expectations
- Alignment with risk tolerance and appetite
- Future-proofing supplier relationships to meet regulation
- Understanding impact of regulation on the organization
- Aligning increasing regulatory requirements
- Operational resilience, cyber resilience, NIST, EU AI Act, GDPR etc.
- Minimum requirements to ensure alignment with all changes
- Managing variations in templates and reporting expectations
- Prioritizing changes and expectations
Gerard Doyle, EMEA Head of Third Party Management and Procurement, SMBC Bank
9:35-10:20
EXIT PLANS – PANEL DISCUSSION
Advancing exit plans aligned with current and future expected regulatory requirements
- Developing stressed and unstressed exit plans
- Determining what is proportionate
- Exit plans at service level for organizations providing multiple services
- Reviewing expectations for cloud service providers
- Identifying gaps on service and impact to customer
- Reviewing timelines for compliance and benchmarking progress
- Documenting all services and reliance of third party
- Leveraging expertise internally and within suppliers
- Updating contracts to include stressed exit plan provisions
- Managing the practical realities of supplier failure
- Monitoring financial stability of third parties
- Setting risk appetite for supplier or service outages
- Minimizing duplication of work for bank wide vs individual third party exit plans
Jean-Marc Boulo, Director, Head of Global Sourcing & Procurement UK, Credit Agricole
Anne McGowan, Head of Supplier Management, Governance & Risk,Lloyds Banking Group; Third Party Risk Management Advisory Board member, CeFPro
Rosalyn Aryee, Executive Director, TPRM and Operational Resilience, Santander Corporate & Investment Banking; Third Party Risk Management Advisory Board member, CeFPro
Wes Loeffler, Director of Third Party Risk Management, Fusion Risk Management
10:20-10:50
Morning refreshment break and networking
10:50-11:25
CONCENTRATION RISK
Gaining a full view of concentration risk: Minimizing and monitoring geographic and organization concentrations
- Varying nature of concentration risk
- Identifying company and jurisdictional concentrations
- Monitoring geopolitical risk and impact to supply base
- Approaches to map data to identify concentration risk
- Tools available to map data
- Increased concentration in areas with heightened geopolitical tension
- Collecting data to visualize concentration
- Leveraging data to inform sourcing decisions
Gemma Stewart, Global Head of Vendor Management, Zurich Insurance Company
11:25-12:00
Beyond the scoring: Managing the third and fourth party attack surface
- Best practices to measure security risk consistently
- Understanding the security posture of your entire supply chain
- Deploy an automated approach to mitigate security incidents
- Accelerate compliance to standards such as DORA
Will Gray, Area Director Europe North, SecurityScorecard; Third Party Risk Management Advisory Board member, CeFPro
12:00-12:35
AI
Explore the use of artificial intelligence within TPRM
- Consider how AI should and should not be used within TPRM
- Review the practical application through real-world use cases
- Assess the impacts and benefits for you and your third parties
- Identify the roles and functions that will be affected
- Evaluate the risks of implementing AI into TPRM
Aki Eldar, CEO & Co-Founder, Mirato
12:35-1:35
Lunch break and networking
1:35-2:20
DORA – PANEL DISCUSSION
Reviewing practical implementation approaches for EU DORA regulation and regional variations
- Working with suppliers in order to meet requirements
- Reviewing global operational resilience requirements
- Managing vast scale of change
- Undertaking gap analysis to define expectations
- Enhancing inventories and controls
- Managing additional governance and documentation requirements
- Centralizing teams and assessments at a group level
- Enhancing relationship management with single point of contact
- Reviewing impact to fintech companies: How are fintech’s adopting the new requirements
Alan Connelly, Head of Third Party Governance, Swiss Re
Mihaela Breg, Head of Operational Resilience & Third Party Oversight (Acting Head of Business Transformation), Europe Arab Bank
Saima Sabir, Group Head of Third-Party Risk Management & Outsourcing (2LOD), Bank of Ireland Group
2:20-2:55
GETTING SERIOUS ABOUT TPRM IN AN UNSTABLE WORLD
Assessing the results of Aravo’s third party risk maturity survey and report
- Review overall survey results and what they mean for the industry
- Determine the current maturity of TPRM programs in the marketplace and why it may be a concern
- Identifying critical elements for maturing and enhancing TPRM programs
- Understanding the strategic value of investing in a competent, adaptable, and resilient TPRM program
- Examining how leadership defines performance, priorities, and next steps
- Assessing the measurability and impact of mature TPRM programs on the business
Adelani Adesida, Senior Sales Director (EMEA), Aravo Solutions
2:55-3:30
Supplier financial instability: Successful stressed exit planning
- Effective and compliant stressed exit planning.
- Preventive, detective, and corrective control: Escrow, a case study.
- Global Regulatory updates and insight.
- Exclusive insight from our new TPRM survey & report.
- Supplier failure, service deterioration and concentration risk
Wayne Scott, Regulatory Compliance Solutions Lead, Escode
3:30-4:00
Afternoon refreshment break and networking
4:00-4:35
DUE DILIGENCE
Enhancing due diligence and assessment practices to obtain and develop actionable insights
- Protecting reputation through effective due diligence
- Conducting due diligence down the supply chain
- Assurance requirements for 4th to Nth parties
- Monitoring for conflict of interest breaches
- Validating due diligence questionnaires
- Determining the right level of risk assessment and due diligence for third party arrangements
- Reviewing due diligence processes and action on risk and issues identified
- Demonstrating effective monitoring and remediation of risks
- Due diligence for organizations needed for immediate strategic benefit
- Minimizing process time for faster turnaround
- Managing vendor overload
- Industry collaboration opportunities to streamline processes
- Reducing manual collection of data and information
Codee Woo, Third Party Risk Management Lead,Legal & General; Third Party Risk Management Advisory Board member, CeFPro
Sophie Bishop, Head of Supplier Relationship Management,Legal & General
4:35-5:20
RISK CONVERGENCE – PANEL DISCUSSION
Increasing collaboration across teams to monitor risk across the lifecycle
- Distinguishing primary risk from cascading or downstream risk
- Increasing collaboration and communication across risk teams
- Ensuring an integrated approach
- Identifying, tracking and managing risks
- Moving from activity to risk based metrics
- Enhancing governance by focusing on risk over activity
- Gaining support from the business and effective tone from the top
- Developing a holistic third party risk management reporting program
- Integrating dashboards across third party risk
- Bringing all data into one place for third party risk management
Samikendra Gosh, Global Third-Party Risk Lead, Operational and Resilience Risk, HSBC
Gary Lock, Global Head of TPRM, Fidelity International
Alex Dorlandt, Head of Supply Chain Risk Management,Lloyds Banking Group; Third Party Risk Management Advisory Board member, CeFPro
Simon Shepherd, Managing Director, MYRIAD Group Technologies
Natalie Druckmann, VP Sales, EMEA, Certa
5:20-5:30
Chair’s closing remarks
5:30
End of day one
Day Two | June 13
8:00-8:50
Registration and breakfast
8:50-9:00
Chairs opening remarks
Day two moderator: Adelani Adesida, Senior Sales Director (EMEA), Aravo Solutions
9:00-9:45
GEOPOLITICAL RISK – PANEL DISCUSSION
Reviewing implications of geopolitical tensions to supply chains and future proofing business strategies
- Maintaining oversight of restrictions and impact to third parties
- Considering geopolitical risk when working with new suppliers
- Approaches to assess the geopolitical risks for proactive management of risk
- Developing and testing business continuity arrangements
- Interconnected nature of risk and compliance
- Reviewing sanctions regimes in jurisdictions and data privacy
- Uses of AI in monitoring geopolitical risks
- Developing a forward looking strategic view of TPRM
- Reviewing supply chain dependencies as a result of long term horizon risks
- Scenario planning for geopolitical changes
- Exploring impacts across the supply chain and resilience
Maya Goethals, Director, Compliance and Risk Management,Bank of America Merrill Lynch; Fintech Advisory Board member, CeFPro
Saima Sabir, Group Head of Third-Party Risk Management & Outsourcing (2LOD), Bank of Ireland Group
Eddie Dovzhik, Co-Founder and CEO, Lema
9:45-10:20
TPRM TRANSFORMATION – CLIENT CASE STUDY
Practical insights from MUFG and KPMG tackling the Japanese Bank’s TPRM transformation journey
- Key challenges facing MUFG pre transformation
- How KPMG helped MUFG through the transformation
- Benefits and future maturity for MUFG
Rohit Nag, Director, Third Party Risk Management Lead, KPMG
John O’Neill, Head of TPRM, MUFG
10:20-10:50
Morning refreshment break and networking
10:50-11:15
RESILIENCE
Driving resilience in third party and supply chain risk management
Evaluate: Review links between resilience and third party risk
- Understand downstream and upstream impacts
- Inventory IT assets and linking to service
- Review resilience regulations
Plan: Create strong vendor relationships
- Communicate risk appetite and monitoring activities
- Outreach plan to resolve incidents
Execute: Develop maturity in resilience practices
-
- Translate impact tolerances into something measurable
- Enhance industry collaboration
Andrew Moyad, CEO, Shared Assessments
11:25-12:00
Accelerate and optimise third-party onboarding due diligence
- Improve onboarding efficiency and optimise resourcing
- Mature program scope to evaluate additional risks
- Align the underlying operating model
- Improve the effectiveness of risk and control assessments
Chris Paterson, Director of Strategy Third-Party Risk Management, OneTrust
Craig Oliver, Business Transformation and Supply Chain Risk and Regulation expert, PA Consulting
12:00-12:35
4TH PARTIES
Gaining a holistic view of supply chain and ensuring security of processes and services
- Leveraging tools to monitor vulnerabilities across the supply chain
- Understanding impact of security incidents across the supply chain
- Gaining confidence from third parties
- Identifying impacts of nth party breaches
- Managing security with complex supply chains
Zuzana Rebrova, Head of Third Party Cyber Risk Management, Swiss Re
12:35-1:35
Lunch break and networking
1:35-2:10
CONTINUOUS MONITORING
Enhancing continuous monitoring processes for a holistic and real time view of risk
- Tools for continuous and online monitoring
- Managing and monitoring tools
- Alerts to monitor all third parties
- Monitoring SLAs and compliance
- Building in operational resilience
- Online monitoring for real time global updates
- Developing a holistic view of supply chain
- Reviewing tools and capabilities
Carlos Colino, MD, Global Head of Third-Party Risk Management, Santander Corporate and Investment Bank
2:10-2:45
DATA
Developing centralized and aggregated data processes to better use of available data
- Leveraging compliance data from third party assessments and due diligence
- Monitoring threat intelligence to identify vulnerabilities
- Integrating other parts of the business into vendor management analysis
- Collecting data on vendor performance
- Approaches to collect the right data to satisfy regulatory requirements
- Maintaining data in a centralized and structured platform
- Accessibility for regulatory reviews
- Developing a data consolidation and remediation program
- Reviewing tooling available to manage data
- Capturing information and connectivity between different sources
- Structuring and cleansing data for a consolidated view of key attributes
- Developing proactive and preemptive data metrics and insights
Mike Day, Head of Third Party Management, RSA Insurance
2:45-3:15
Chair’s closing remarks
3:15-3:50
BUSINESS CONTINUITY
Developing an integrated approach to business continuity and disaster recovery planning
- Substitutability and business continuity
- Identifying suppliers with a monopoly on certain markets
- Reviewing alternative options
- Enhancing SLAs for Monopoly Suppliers
- Monitoring overall performance
- Managing transition across suppliers in stressed and unstressed exit
- Developing a seamless exit strategy
- Enhancing business continuity plans
- Developing immediate contingency plans to support exit plans
- Practical steps for implementing contingency plans
Joanne Emmerson, Head of Third Party Risk Management Oversight, NatWest
3:50-4:35
INTRAGROUP ARRANGEMENTS – PANEL DISCUSSION
Reviewing approaches and best practice for intragroup arrangements and management of sensitive data
- Managing materiality trigger aligned with access to sensitive data
- Reviewing regulatory treatment of inter group agreements
- Developing exit and resilience plans
- Treatment of personal data in internal agreements
- Assessing and defining materiality for intragroup
- Developing BAU programs to assess risk
- Onboarding expertise to review deviation opportunities whilst remaining compliant.
Raghuveer Bhanoori, Director, Third-Party, Operational Risk, Pacific Life Re
Funke Uwaifo, Head of Outsourcing and Vendor Management, EFG Private Bank
4:35-4:45
Chair’s closing remarks
4:45
End of Summit
