REGISTRATION OPENS

08.40 Registration, Informal Networking & GIC Welcome

Co-Chairs’ Remarks

09.10 Morning Co-Chairs’ Opening Remarks

Emilia Bailey, Third Party Risk Manager, Shawbrook Bank Limited

Ritch Fry, Principal Security Governance Risk & Compliance, NewDay

PANEL | Q&A

Operational Resilience: Post-DORA, New Requirements, New Challenges

09.20 Contribute To Operational Resilience & Business Continuity In A Post-DORA Landscape With Watertight Third Party Risk Management

  • Reflecting on the January DORA deadline, what lessons have been learnt?
  • Benchmarking where we are with achieving DORA levels of compliance in the UK, cracking the risk register and coming in line with the critical vendor piece
  • Shine the spotlight on TPRM strategies as a route to business continuity and operational resilience to safeguard the business in the face of third party failure?
  • How can you improve third party risk management and operational resilience when working in an international business?
  • Ensure third party suppliers have stringent business continuity plans to protect their own business operations as well as your sensitive data

Sarah Garrington, Head of Operational Resilience, Royal London

Sam Reason, Head of Operational Resilience & Continuity, Zurich Insurance

Risk Assessments & Frameworks

09.50 New Third Party Monitoring, Risk Assessments & Frameworks To Increase Efficiency & Effectiveness Of TPRM

  • Different approaches to compliance structure programmes: what are the tools and tech to allow us to create strong risk assessment methodologies and robust frameworks which enable top-to-toe health checks and consistent monitoring– even when the goalposts move in terms of regulations and requirements
  • Can you achieve risk management in totality? Is it possible to review and monitor your full inventory of third-party partners and their full lifecycle?
  • Drawing lines and enhancing structures around who can onboard suppliers to ensure due diligence and complete overview across 1st and 2nd line risk
  • TPRM is a heavy load – how can we ensure that all due diligence is being done? Do we have adequate resourcing to achieve high standards?
  • How do you ensure you are reporting the right issues to governance and achieving the right oversight at a managerial and board level that the day-to-day processes are followed correctly?

Dave Pickering, Head of Risk & Compliance, Non-Financial Risk, Canada Life

Third Party Risk Monitoring Strategies

10.10 Creating Systematic Yet Scalable Third Party Partnership Strategies To Improve TPRM & Increase Security Which Evolve Alongside New Regulations & Risks

  • Develop systematic third party partner strategies and comprehensive management programmes across the organisation with room for ongoing optimisation and development as new risks and regulations emerge
  • What are the best steps to update risk assessments for third party suppliers based on changing regulations and requirements?
  • How can you tackle the complexity of third party risk management when factoring in many, many suppliers – how can you scale a constantly-evolving strategy?
  • From smooth supplier integration strategies to seamless and safe offboarding… how can you create a good third-party lifecycle?

Adele Heatlie, Procurement – Vendor Manager, Close Brothers Motor Finance

10.30 Morning Refreshment Break With Informal Networking

11.00 Bonus Session; Reserved For Exclusive Conference Partner

PANEL | Q&A

Strategic Third Party Risk Management

11.30 From Evolving Risks To Company Structure, Defend The Business With Strong TPRM Foundations & Stringent Checks & Controls

  • Lay solid foundations by reviewing your Contract obligations: what should we consider to ensure maximum coverage and collaboration? How do you go about contract re-issuing with existing partners?
  • Where to start with continuous monitoring? From manual processes to tools and automation, how can you monitor suppliers and the risks they pose on a day-to-day basis
  • Can we achieve a clear 360° view of the risks across the supplier ecosystem?
  • Preventative measures: explore the different controls available for stringent supplier screening and monitoring – what have we learnt from trial and error?
  • Digging into the increased complexity of managing contract remediation on a global playing field

Kurt Neilson, Supplier Oversight Director, AEGON UK

Rebecca Langdon, Head of Third Party Risk Management, Pay.UK

Zara Marchetti, Head of Front Office Third Party Relationship Management, M&G Investments

Samuele Erbi, Head of Third Party Management & Procurement, Wise

Rebecca McGeoch, Head of Third Party Risk Management, Zurich Insurance

Strategic Third Party Partnerships

12.00 From Transactional Suppliers To Trusted Partnerships: Build Strategic, Collaborative Partnerships With Critical Third Parties To Secure Long-Term Working Relationships, Increase Adaptability To Change & Drive Mutual Growth

  • Identify your business-critical third party partners and embark on the journey of aligning both businesses to drive towards the same goal
  • You know what you want, but do you know what you need? Achieve open, collaborative relationships with transparent information sharing to allow for smoother cooperation and increased innovation
  • Develop systematic third-party partnership strategies and comprehensive management programmes across the organisation with room for ongoing optimisation and development as new risks and regulations emerge
  • How can you tackle the complexity of third party risk management when factoring in many, many partners – and how can you scale a constantly-evolving strategy?

Speaker to be announced soon, please check back for updates.

New Tech & AI: Friend Or Foe?

12.20 New Tech Brings Opportunities & Risks… Explore The Available New Tech & AI Solutions To Support TPRM & The Best Strategies To Align With These New Partners For Maximum Security From Day 1

  • Exploit opportunities to leverage digital, AI and new tech in your TPRM approaches: what are the benefits of digitising controls and what role could AI play in managing third party risk from a second line perspective?
  • Risk management: explore available tech solutions to quantify the risk against existing suppliers
  • Align the drive towards digital transformation and embracing new tech with your third-party risk management strategies for watertight digital adoption at pace
  • As we work with new technologies and AI tools, how can we exert control over these new types of companies and minimise the risk to our business
  • From onboarding to offboarding, how can we use digital tools to ensure watertight partnership management processes and increase effectiveness and efficiencies?

12.40 Lunch & Informal Networking For Speakers, Delegates & Partners

13.10 Informal Breakout Discussions

A) Resourcing TPRM

Lisa Burke, Group Head of Business Services & Third Party Contingency, OSB Group

B) Monitoring

Mark Papworth, Head of Third Party Management, PremFina

C) Cloud Providers

Ritch Fry, Principal Security Governance Risk & Compliance, NewDay

D) Critical Subparties

Samikendra Ghosh. Group Third Party Risk Lead & Head Resilience Risk Oversight – Group Procurement. HSBC

E) Contract Risk

E) Supplier Engagement

G) Stressed Exits

13.40 Afternoon Chair’s Opening Remarks

Saima Sabir, Former Group Head of Third Party Risk Management & Outsourcing (2LOD), Bank of Ireland Group

PANEL | Q&A

Third Party - Regulatory Updates & Horizon Scanning

13.50 Complex, Conflicting, Convoluted: With An Influx Of Different Regulations Across The UK & Europe, How Can We Keep Up With Evolving Risks & Regulations To Remain Compliant

  • How can we keep up with complex and evolving regulatory landscape – in the UK, Europe and globally – and make sure our third-party ecosystem is resilient to the latest risks?
  • We’ve had DORA, we’ve got Critical Supplier guidelines… what is next? And what does that mean for our operational resilience and third-party strategies
  • How do Outsourcing frameworks look from a regulatory point of view, especially now in a post-Brexit environment?
  • How can you handle multiple regulatory requirements? Are there practical solutions for complex problems?

Samikendra Ghosh, Group Third Party Risk Lead & Head Resilience Risk Oversight -Group Procurement, HSBC

Steve Hyndman, Director of Transformation Risk, Aviva Investors

Karl Poulsen, Chief Procurement Officer, Hiscox plc

Practical Problem Solving!

14.20

Live Scenario: Walking through the first 24 hours of a third party breach

Cybersecurity

14.40 In An Online & Cloud-Based World, Keep Pace With Evolving Cyber Threats To Increase Cybersecurity Across Your Business & Supplier Ecosystem

  • With cyber tech comes cyber risk? Lay strong digital foundations to minimise the risk of cyber attack
  • Focus in on the potential risks to business continuity of Cloud suppliers and cyber-attack vulnerability, what can be done to mitigate risks and minimise potential impact?
  • Pass on your own cybersecurity intel to your suppliers to ensure that they are holding their firewalls and IT security to your ever-increasing standards
  • Not just third party… how well is cyber security handled throughout your entire ecosystem?

15.00 Bonus Session; Reserved For Exclusive Conference Partner

15.30 Afternoon Refreshment Break With Informal Networking

Concentration Risk

16.10 Minimise Concentration Risk With Pre-Emptive Risk Assessments & Ensure Operational Continuity With Strong Relationships With Critical Third Parties With High Concentration Risk

  • How can you get an accurate picture of your true concentration risk? And what can financial services organisations do to combat it?
  • Develop third party relationships to partner status to ensure your business operations is prioritised over other clients should any events or issues arise
  • In today’s world, how can you prepare for and combat location or geographic concentration risk?

3rd, 4th, 5th... Nth?

16.30 You’re Only As Strong As Your Weakest Link: What Are The Expectations & Necessary Precautions When Testing The Third Party Supply Chain To The Nth Degree?

  • When you’re only as strong as your weakest link, how can you have adequate monitoring and red flag systems in place to know when that has failed?
  • Steps, processes, resolution…how to proceed when there are 3rd, 4th and 5th party events and breaches?
  • Where there is no relationship with 4th parties, how can you be reassured that third party suppliers are doing their own due diligence on the supply chain as you can only fall back on contract terms?
  • As companies struggle to keep up with the shift from annual checks to constant due diligence, how can we create strong risk and operational resilience controls throughout the entire value chain?

16.50 Afternoon Chair’s Closing Remarks

17.00 Official Close Of Conference