Emilia Bailey, Third Party Risk Manager, Shawbrook Bank Limited
Ritch Fry, Principal Security Governance Risk & Compliance, NewDay
PANEL | Q&A
Operational Resilience: Post-DORA, New Requirements, New Challenges
09.20 Contribute To Operational Resilience & Business Continuity In A Post-DORA Landscape With Watertight Third Party Risk Management
Reflecting on the January DORA deadline, what lessons have been learnt?
Benchmarking where we are with achieving DORA levels of compliance in the UK, cracking the risk register and coming in line with the critical vendor piece
Shine the spotlight on TPRM strategies as a route to business continuity and operational resilience to safeguard the business in the face of third party failure?
How can you improve third party risk management and operational resilience when working in an international business?
Ensure third party suppliers have stringent business continuity plans to protect their own business operations as well as your sensitive data
Sarah Garrington, Head of Operational Resilience, Royal London
Sam Reason, Head of Operational Resilience & Continuity, Zurich Insurance
Risk Assessments & Frameworks
09.50 New Third Party Monitoring, Risk Assessments & Frameworks To Increase Efficiency & Effectiveness Of TPRM
Different approaches to compliance structure programmes: what are the tools and tech to allow us to create strong risk assessment methodologies and robust frameworks which enable top-to-toe health checks and consistent monitoring– even when the goalposts move in terms of regulations and requirements
Can you achieve risk management in totality? Is it possible to review and monitor your full inventory of third-party partners and their full lifecycle?
Drawing lines and enhancing structures around who can onboard suppliers to ensure due diligence and complete overview across 1st and 2nd line risk
TPRM is a heavy load – how can we ensure that all due diligence is being done? Do we have adequate resourcing to achieve high standards?
How do you ensure you are reporting the right issues to governance and achieving the right oversight at a managerial and board level that the day-to-day processes are followed correctly?
Dave Pickering, Head of Risk & Compliance, Non-Financial Risk, Canada Life
Third Party Risk Monitoring Strategies
10.10 Creating Systematic Yet Scalable Third Party Partnership Strategies To Improve TPRM & Increase Security Which Evolve Alongside New Regulations & Risks
Develop systematic third party partner strategies and comprehensive management programmes across the organisation with room for ongoing optimisation and development as new risks and regulations emerge
What are the best steps to update risk assessments for third party suppliers based on changing regulations and requirements?
How can you tackle the complexity of third party risk management when factoring in many, many suppliers – how can you scale a constantly-evolving strategy?
From smooth supplier integration strategies to seamless and safe offboarding… how can you create a good third-party lifecycle?
Adele Heatlie, Procurement – Vendor Manager, Close Brothers Motor Finance
10.30 Morning Refreshment Break With Informal Networking
11.00 Bonus Session; Reserved For Exclusive Conference Partner
PANEL | Q&A
Strategic Third Party Risk Management
11.30 From Evolving Risks To Company Structure, Defend The Business With Strong TPRM Foundations & Stringent Checks & Controls
Lay solid foundations by reviewing your Contract obligations: what should we consider to ensure maximum coverage and collaboration? How do you go about contract re-issuing with existing partners?
Where to start with continuous monitoring? From manual processes to tools and automation, how can you monitor suppliers and the risks they pose on a day-to-day basis
Can we achieve a clear 360° view of the risks across the supplier ecosystem?
Preventative measures: explore the different controls available for stringent supplier screening and monitoring – what have we learnt from trial and error?
Digging into the increased complexity of managing contract remediation on a global playing field
Kurt Neilson, Supplier Oversight Director, AEGON UK
Rebecca Langdon, Head of Third Party Risk Management, Pay.UK
Zara Marchetti, Head of Front Office Third Party Relationship Management, M&G Investments
Samuele Erbi, Head of Third Party Management & Procurement, Wise
Rebecca McGeoch, Head of Third Party Risk Management, Zurich Insurance
Strategic Third Party Partnerships
12.00 From Transactional Suppliers To Trusted Partnerships: Build Strategic, Collaborative Partnerships With Critical Third Parties To Secure Long-Term Working Relationships, Increase Adaptability To Change & Drive Mutual Growth
Identify your business-critical third party partners and embark on the journey of aligning both businesses to drive towards the same goal
You know what you want, but do you know what you need? Achieve open, collaborative relationships with transparent information sharing to allow for smoother cooperation and increased innovation
Develop systematic third-party partnership strategies and comprehensive management programmes across the organisation with room for ongoing optimisation and development as new risks and regulations emerge
How can you tackle the complexity of third party risk management when factoring in many, many partners – and how can you scale a constantly-evolving strategy?
Speaker to be announced soon, please check back for updates.
New Tech & AI: Friend Or Foe?
12.20 New Tech Brings Opportunities & Risks… Explore The Available New Tech & AI Solutions To Support TPRM & The Best Strategies To Align With These New Partners For Maximum Security From Day 1
Exploit opportunities to leverage digital, AI and new tech in your TPRM approaches: what are the benefits of digitising controls and what role could AI play in managing third party risk from a second line perspective?
Risk management: explore available tech solutions to quantify the risk against existing suppliers
Align the drive towards digital transformation and embracing new tech with your third-party risk management strategies for watertight digital adoption at pace
As we work with new technologies and AI tools, how can we exert control over these new types of companies and minimise the risk to our business
From onboarding to offboarding, how can we use digital tools to ensure watertight partnership management processes and increase effectiveness and efficiencies?
12.40 Lunch & Informal Networking For Speakers, Delegates & Partners
13.10 Informal Breakout Discussions
A) Resourcing TPRM
Lisa Burke, Group Head of Business Services & Third Party Contingency, OSB Group
B) Monitoring
Mark Papworth, Head of Third Party Management, PremFina
C) Cloud Providers
Ritch Fry, Principal Security Governance Risk & Compliance, NewDay
D) Critical Subparties
Samikendra Ghosh. Group Third Party Risk Lead & Head Resilience Risk Oversight – Group Procurement. HSBC
E) Contract Risk
E) Supplier Engagement
G) Stressed Exits
13.40 Afternoon Chair’s Opening Remarks
Saima Sabir, Former Group Head of Third Party Risk Management & Outsourcing (2LOD), Bank of Ireland Group
PANEL | Q&A
Third Party - Regulatory Updates & Horizon Scanning
13.50 Complex, Conflicting, Convoluted: With An Influx Of Different Regulations Across The UK & Europe, How Can We Keep Up With Evolving Risks & Regulations To Remain Compliant
How can we keep up with complex and evolving regulatory landscape – in the UK, Europe and globally – and make sure our third-party ecosystem is resilient to the latest risks?
We’ve had DORA, we’ve got Critical Supplier guidelines… what is next? And what does that mean for our operational resilience and third-party strategies
How do Outsourcing frameworks look from a regulatory point of view, especially now in a post-Brexit environment?
How can you handle multiple regulatory requirements? Are there practical solutions for complex problems?
Samikendra Ghosh, Group Third Party Risk Lead & Head Resilience Risk Oversight -Group Procurement, HSBC
Steve Hyndman, Director of Transformation Risk, Aviva Investors
Karl Poulsen, Chief Procurement Officer, Hiscox plc
Practical Problem Solving!
14.20
Live Scenario: Walking through the first 24 hours of a third party breach
Cybersecurity
14.40 In An Online & Cloud-Based World, Keep Pace With Evolving Cyber Threats To Increase Cybersecurity Across Your Business & Supplier Ecosystem
With cyber tech comes cyber risk? Lay strong digital foundations to minimise the risk of cyber attack
Focus in on the potential risks to business continuity of Cloud suppliers and cyber-attack vulnerability, what can be done to mitigate risks and minimise potential impact?
Pass on your own cybersecurity intel to your suppliers to ensure that they are holding their firewalls and IT security to your ever-increasing standards
Not just third party… how well is cyber security handled throughout your entire ecosystem?
15.00 Bonus Session; Reserved For Exclusive Conference Partner
15.30 Afternoon Refreshment Break With Informal Networking
Concentration Risk
16.10 Minimise Concentration Risk With Pre-Emptive Risk Assessments & Ensure Operational Continuity With Strong Relationships With Critical Third Parties With High Concentration Risk
How can you get an accurate picture of your true concentration risk? And what can financial services organisations do to combat it?
Develop third party relationships to partner status to ensure your business operations is prioritised over other clients should any events or issues arise
In today’s world, how can you prepare for and combat location or geographic concentration risk?
3rd, 4th, 5th... Nth?
16.30 You’re Only As Strong As Your Weakest Link: What Are The Expectations & Necessary Precautions When Testing The Third Party Supply Chain To The Nth Degree?
When you’re only as strong as your weakest link, how can you have adequate monitoring and red flag systems in place to know when that has failed?
Steps, processes, resolution…how to proceed when there are 3rd, 4th and 5th party events and breaches?
Where there is no relationship with 4th parties, how can you be reassured that third party suppliers are doing their own due diligence on the supply chain as you can only fall back on contract terms?
As companies struggle to keep up with the shift from annual checks to constant due diligence, how can we create strong risk and operational resilience controls throughout the entire value chain?