Managing vendor and third party risk and ensuring resilience in an increasingly complex environment

Vendor & Third Party Risk USA

7th Annual | June 1-2, 2022 | New York City

Developing holistic BCM plans and incorporating resilience

Lessons learnt from the pandemic and leveraging opportunities of change

Incorporating ESG into TPRM practices and developing metrics and scoring

Streamlining processes and leveraging machine learning and data science techniques

An overview of the threat landscape and mitigating risks of vulnerabilities across vendors

Reviewing risk beyond third and fourth parties and establishing due diligence best practices

Assessment and managing fintech as a third party service and establishing strategic partnerships

Managing increased prevalence and use of cloud services and mitigating concentration risks

Register here
Olga Voytenko

Olga Voytenko
MD, Head of Third Party Risk Management
State Street


Rob Haven
Director of Vendor Management
Renasant Bank

Kristen Schneider

Kristen Schneider
Director of Risk Management


Ken Wolckenhauer
VP, Vendor Management
Nordea Bank, New York Branch

Roxane Romulus

Roxane Romulus
Director, Third Party Risk Management
Voya Financial

Amanda Xu

Amanda Xu
SVP, Head of Third Party Risk Management
EastWest Bank


Madiha Fatima
Director, Third Party Risk Management
Angelo Gordon


Jeremy Resler
SVP, Director Third Party Risk Management Governance
U.S. Bank


Please contact the Center for Financial Professionals today to discuss how we can deliver your thought-leadership at the event, help you generate leads, and provide you with unique networking and branding opportunities. For more information on what we can offer, please contact [email protected] or call us on +1 888 677 7007 ext. 207 where a member of the team will be happy to tailor the right package for you.



8:00 Registration and breakfast

8:50 Chair’s opening remarks


9:00 Reviewing the global regulatory environment and the future of regulation in financial services

Session details 

  • Finalization of OCC and Federal Reserve guidance
  • Reviewing changes on the horizon
  • Enhancements to guidance from regulators and what they mean
  • Cyber security and info sec regulations
  • Prescriptive nature of guidance
  • Reviewing the current regulatory environment
  • Changing expectations as a result of Covid
  • Implementing changes across a TPRM program

Olga VoytenkoMD, Head of Third Party Risk Management, State Street
Kristen SchneiderDirector of Risk Management, USAA


9:45 Understanding resilience requirements and lessons learnt from PRA on material outsourcing implementation

Session details 

  • Understanding regulatory requirements
  • Practical application and experience
  • Guidance for global institutions
  • Feedback post implementation
  • Impact to TPRM teams
  • Management across supply chain
  • Developing resilience across departments and business lines

10:20 Morning refreshment break and networking


10:50 Developing holistic business continuity plans and resilience programs and adapting to changing environments

Session details 

  • Impact of work from home and hybrid environments
    • Internally and across vendors
  • Access control risks with work from home
  • Implementing continuity plans for disruption in service
  • Ensuring adherence to SLA regardless of external changes
  • Managing new trends and ways of working
    • Identifying new risks
  • Protecting data with emote work forces
  • Developing robust BCP and validating plans across the business
  • Regulatory expectations for internal exercises and planning

Barbara-Ann Beohler, Regulatory Compliance Analyst, Aravo


11:25 Aligning global privacy and data requirements for effective oversight across jurisdictions

Session details 

  • Understanding GDPR, DPIA and impact of Schrems II
  • Alignment of expectations and requirements
  • Managing global data privacy expectations
  • Practical application of regulations
  • Business impact of compliance


12:00 Lessons learnt from Covid-19: Updating and testing controls with evolving working environments

Session details 

  • Changes to due diligence processes with work from home models
  • Evaluating vendor controls with different working environments
  • Information security assessments across vendors
  • Resilience considerations
  • Privacy concerns with work from home
  • Monitoring locations of employees and vendors
  • Replacements for on-site assessments and future technology opportunities
  • Reviewing changes that will be continued in a post Covid environment
  • Updating terms and code of conduct to mitigate risk

Alpa Inamdar, Transformation Leader, AIG
Senior Executive, Ekran System
Roxane Romulus, Director, Third Party Risk Management, Voya Financial  
Brian Shaw, Director of Financial Services Sales, Mirato

12:45 Lunch break and networking

1:45 Reviewing risk across suppliers and outsourced services and assessing country risk when offshoring

Session details 

  • Developing systems to protect data
  • Enforcing contracts for protection of data
  • Managing privacy and data challenges
  • Analysis of jurisdictions to monitor risk
  • Determining level of risk from offshoring
  • Regulatory requirements for data and privacy
  • Moving systems to the cloud
    • Reviewing placement of data centers


2:20 Incorporating ESG into third party risk practices and developing metrics and scoring criteria to ensure compliance

Session details 

  • Ensuring sustainable energy practices across supply chain
  • Viewing as essential risk control areas: Documenting goals and policies to demonstrate action
  • Regulatory views and future of regulation
  • Developing a risk based approach for review and assessment
  • Managing carbon footprint an defining tolerance of carbon impact
  • Augmenting assessment process to include ESG concerns
  • Staffing requirements to implement change
  • Impact of limited data across the industry
    • Leveraging external data

Ken Wolckenhauer, VP, Vendor Management, Nordea Bank, New York Branch
Justin Boehm, Senior Manager, Consulting, EY
Senior Executive, Riskonnect


3:05 Incorporating diversity and inclusion reviews across risk and onboarding processes

Session details 

  • Diversity and inclusion practice considerations across vendors
  • Protecting reputation working with certain companies and industries
  • How far to review third parties and outsourced services
  • Changes to decision making process and onboarding of new vendors
  • Monitoring supplier diversity
  • Managing in risk and procurement
  • MWBE – minority or women owned business/enterprise
  • Encouraging diversity in bid process

3:40 Afternoon refreshment break and networking


4:10 Streamlining processes and leveraging machine leaning and data science techniques

Session details 

  • Leveraging external data
  • Data science and AI technology uses and capabilities
  • Evolution of technology in TPRM
  • Enhancing efficiencies in programs
  • Automation of reviews and assessments
  • Streamlining onboarding processes
  • Managing workflows to move from excel
  • Efficiency gains with increased use of tools and technology
  • AI and machine learning use cases
  • Demonstrating value of technology implementation

Session reserved for Grant Thornton


4:45 Moving strategic sourcing within a third party risk framework for a holistic view

Session details 

  • Onboard processes for new vendors
  • Impact to strategy of the business
  • Identifying vendors that could benefit across the firm
  • Viewing the whole vendor population to drive strategy
    • Utilizing vendors for strategic benefit
  • Identifying vendor concentration
  • Getting senior management buy in

Patrick Potter, Risk Strategist, Archer

5:20 Chair’s closing remarks 

5:30 End of day one and networking drinks reception

Register here

8:00 Registration and breakfast

8:50 Chair’s opening remarks


9:00 Reviewing the cyber threat landscape and mitigation tactics to limit vulnerabilities across vendors

Session details 

  • Dependence on vendor transparency with risk assessment and controls
  • Verifying controls in place: Adopting a trust but verify model
  • Verification and testing of patches before onboarding
  • Regulatory expectations and requirements for notification and communication
  • Understanding potential risk exposure across vendors
    • Custody and access to data
  • Monitoring vendors cyber health

Ryan LougheedDirector of Product Management, Onspring


9:45 Reviewing regulatory expectations for oversight of fourth parties and due diligence best practices

Session details 

  • Due diligence for effective oversight
  • Identifying critical fourth parties
  • Assessment through third party program vs. direct to fourth parties
  • Determining appropriate oversight for the business
  • Tying to incident response management
  • Maintaining visibility into fourth party risk
  • Managing limitations in assessments process
  • Limitations in availability of information

10:20 Morning refreshment break and networking


10:50 Identifying critical third parties and determining effective oversight requirements

Session details 

  • Defining critical in a third party risk perspective
  • Aligning with resilience
  • Additional oversight once critical vendors are identified
  • High inherent risk vs. high residual risk vs. critical third parties
  • Outlining criteria of what makes a vendor critical
  • Implementing a sustainable solution
  • Aligning perspectives across the business
  • Developing exit strategies to minimize the impact
  • Execution and preparation for exit strategies

Amanda XuSVP, Head of Third Party Risk Management, EastWest Bank
Madiha Fatima, Director, Third Party Risk Management, Angelo Gordon


12:00 Understanding and managing risk for emerging technologies in vendor service offerings

Session details 

  • An overview of emerging technologies increasingly present in vendor service offerings – Artificial Intelligence, Distributed Ledger, Robotic Process Automation
  • Applying operational risk lense to determine in scope risks for emerging technologies
  • Risk assessment and mitigation strategies for new technology offerings

George KaniarasserilManager, Information Risk Management, CarMax

12:35 Lunch break and networking


1:35 Assessing risk and managing treatment of fintech as a third party service provider

Session details 

  • How to address emerging privacy and cybersecurity risks in fintech services and technologies
  • Best practices for limited use or pilot programs with fintech companies
  • Developing a program for hybrid vendors
  • Managing regulatory expectations for un-regulated institutions
  • Contractual considerations to mitigate risk
  • Identifying pitfalls in acquisitions

Erin Jane Illman, Partner and Fintech Practice Lead, Bradley Arant Boult Cummings LLP
Leah M. Campbell, Senior Attorney, Bradley Arant Boult Cummings LLP


2:10 Strategic Fintech partnerships: Finding the right fit

Session details 

  • Aligning fintech partnerships with strategic goals
  • Fintech due diligence & monitoring
  • Overcoming the fintech-banking language barrier
  • Managing relationships between fintech partners and internal and external stakeholders

Michael Berman, Founder & CEO, Ncontracts

2:45 Afternoon refreshment break and networking


3:15 Managing increased prevalence of cloud services and potential concentration risks

Session details 

  • Effective oversight of cloud providers
  • Managing reliance and concentration on certain providers
  • Diversification of providers
  • Downstream impact
  • Structuring cloud providers
  • Determining impact to risk profile
  • Increased reliance on providers
    • Business resilience considerations

Jeremy Resler, SVP, Director Third Party Risk Management Governance, U.S. Bank


4:00 Managing heightened M&A activity and alignment of programs and expertise

Session details 

  • Challenges merging two programs
  • Transitioning to one single platform
  • Drawing the best of both programs
  • Retraining people to new program

Rob Haven, Director of Vendor Management, Renasant Bank

4:45 Chair’s closing remarks

4:55 End of congress

Register here

Please check back soon as this agenda will be updated and new speakers will be added. Request more information here.

Barbara Ann Boehler

Barbara-Ann Beohler
Regulatory Compliance Analyst


Barbara is an attorney and adjunct lecturer with over twenty years of compliance experience. Barbara currently serves as a Product Marketing Director, at Aravo Solutions, Inc. and teaches “Compliance Practice Skills” at both Suffolk University Law School and Boston University Law School. Barbara formerly served as the Director of Programming and Education at Compliance Week, Securities SME at Wolters Kluwer Financial Services, Global Chief Compliance officer for Arete Research, a limited-purpose, FINRA-registered broker/dealer specializing in equity research. Barbara has also held compliance roles at Fidelity Investments, JP Morgan Invest, Standish Mellon Asset Management, and Babson Capital Management. Barbara holds a BA from Suffolk University, a JD from Suffolk University Law School, and an LL.M. from Boston University School of Law.


Michael Berman
Founder & CEO


Mr. Berman has been practicing law for almost 20 years. He was General Counsel for Goldleaf Financial Solutions, Inc., a publicly-traded information technology company on the NASDAQ. He has also worked as General Counsel for Tecniflex, Inc. and Imagic Corporation. During his legal career, he was involved in numerous financial institution regulatory matters and contract management issues and assisted in the development of many information management systems. He is a frequent speaker at financial institution conferences, regarding vendor and contract management. He graduated from Cornell University with a B.S. in Communications and holds a J.D. degree from the University of Tennessee.

Justin Boehm

Justin Boehm
Senior Manager, Consulting


Justin K. Boehm is a Senior Manager in the Consulting practice of Ernst & Young LLP. He is a high performing risk and markets leader with 10+ years of strategic governance, operational and project management experience; interfacing with senior leadership and regulators across multiple disciplines – Brand / Reputational, Enterprise / Operational and Third Party risk.
Relevant experience
Manages several global, on-shore and off-shore teams of ~40 resources executing against a pipeline of ~3,000+ third party risk assessments annually across multiple risk domains (e.g. Information Security, Cyber, Regulatory Compliance, Business Continuity / Resiliency, Financial Health, OFAC / AML, etc.) for key financial services, insurance, technology and payments clients.
Led multiple program development and transformation advisory projects across Third Party Risk Management (TPRM), Enterprise / Operational Risk, Internal Audit, Franchise / Brand, Procurement / Finance, Business Continuity / Resilience and Information / Cyber Security functions at multinational, financial services, asset management, insurance and technology / payment clients.
Developed and implemented risk-based process simplification.
Recommended robust policy / procedure development and oversight across multiple risk dimensions.
Advised front-to-back control-set development aligned with regulatory requirements – enabling effective Internal Audit and FRB reviews.
Guided strong change-control strategy development / implementation to prioritize system builds / updates to GRC tools – Hiperos 3PM and MetricStream – driving enhanced on-going risk management and governance / reporting.
Enabled the change management, communication and learning strategy implementations across multiple global financial and accounting / advisory institutions focused on risk and change management to sustain momentum in matrixed organizations
NE TPRM Market Leader and Consulting risk lead on two key EY accounts in financial services and payments, enabling our clients to meet their goals and deliver against strategies across functions through strong market presence, relationships and thought leadership.

Justin holds a BS in Finance and Marketing from The Martin J. Whitman School of Management at Syracuse University and is Certified in Risk and Information Systems Control (CRISC).


Madiha Fatima
Director, Third Party Risk Management 
Angelo Gordon


Madiha is speaking at Vendor & Third Party Risk USA


Rob Haven
Director of Vendor Management
Renasant Bank

Rob Haven is First Vice President & Vendor Management Director for Renasant Bank, a $17 billion regional bank in the southeastern US.  He is responsible for third party risk and vendor monitoring.
He has a M.A. in Business Administration, is married, with two grown children, and two sophisticated cats.  Highlights of his 40+ years of financial and community leadership include:
• Managing for Toyota and a Toyota/General Motors joint venture in Finance, HR and General Affairs
• Credit Union CEO serving sponsor companies, including Clorox, Gap, Oakland Athletics and Ghirardelli Chocolate Company
• Senior VP, Treasurer, and Trustee for a community bank
• Hospital Treasurer
• Rotary Club President
• Leading largest Toyota contingent to support National Public Lands Day

Erin Jane Illman
Partner and Fintech Practice Lead
Bradley Arant Boult Cummings LLP


Erin Illman is co-chair of Bradley’s privacy and cybersecurity practice and leader of the firm’s fintech team, who is an experienced thought leader in fintech, privacy, data security and the integration of technology into business practices. She works closely with clients in the growing fintech space in the areas of payment technology, digital banking and lending, personal finance and robo-advising, investing and venture capital, cryptocurrency, blockchain, and electronic products and services. In addition to providing proactive privacy and information security compliance and legal advice, Erin manages privacy-related enforcement actions and litigation. Her practice includes representing companies in reactive incident response situations, including insider cybersecurity threats, electronic and physical theft of trade secrets, and investigation, analysis and notification efforts with respect to security incidents and breaches.

Alpa Pic_1_101619[2] copy

Alpa Inamdar
Transformation Leader


Alpa is speaking at Vendor & Third Party Risk USA

George Kaniarasseril

George Kaniarasseril
Manager, Information Risk Management


Throughout his 24 years in the financial services sector, George has steadily evolved into a thought leader around technology risk and third party risk management for various financial institutions, Fortune 500 companies, and within Big 4 Consulting. With specific expertise in information security, business resilience and data privacy, George is incredibly passionate to help forward facing organizations analyse and control risks related to technology risk and outsourcing. Our landscape requires thought leaders who understand core business processes and goals and can strengthen partnerships throughout organizations to address risks around third parties. George welcomes the opportunity to partner with people-oriented organizations looking to build out their technology risk and third party risk management programs to collectively evolve these practices within the industry as a whole.


Ryan Lougheed
Director of Product Management


After spending a career working with the Fortune 1000 to implement new technology platforms, Ryan is now a lieutenant at Onspring leading product innovation. Much of his role is focused on working with individuals across businesses to understand their team’s pain points and how software can help them produce more efficient processes, communication, and better business intelligence.

Patrick Potter

Patrick Potter
Risk Strategist


Patrick has over 30 years’ experience leading risk management, operational resiliency, compliance, internal audit, third-party management, strategic planning and process improvement in both practitioner and consulting roles. He has developed a unique perspective working with analysts, partners and customers spanning many industries including financial services, healthcare, government, energy, education, and travel and hospitality.

He has been a speaker for the Institute of Internal Auditors, Disaster Recovery Journal, RSA Archer Summit, Financial Executives Networking Group, Association of Continuity Planners, Audit World and the Information Systems Audit and Control Association.  Patrick has also contributed thought leadership articles for such publications as Continuity Insights, Internal Auditor Magazine, SC Magazine and Disaster Recovery Journal.

Patrick is a subject matter expert for Archer where he provides strategic input into the development of the Archer Suite and works with customers on best practices.


Jeremy Resler
SVP, Director Third Party Risk Management Governance
U.S. Bank


Jeremy has over ten years of experience and expertise in the financial services and legal sectors, and is currently a Senior Vice President and the Director of Governance in the Corporate Third Party Risk Management group at U.S. Bank.

Jeremy is responsible for overseeing various functions and teams within the centralized, enterprise TPRM Program, including quality assurance, policy and audit/exam management, fourth party risk, joint venture/strategic alliance risk, merger and acquisition operational risk, enterprise RCSA third party risk and external risk request management. Jeremy graduated with an Economics degree from the University of Minnesota and a Juris Doctor from the William Mitchell College of Law in St. Paul, MN. Prior to U.S. Bank, Jeremy worked for a legal publishing company and subsequently clerked for a District Court Judge in Hennepin County, MN.


Roxane Romulus

Roxane Romulus
Director, Third Party Risk Management
Voya Financial


Ms. Romulus is currently Director, Third Party Risk Management for Voya Financial. In this role, she is responsible for vendor risk policy, third-party risk oversight and implementation of best practices in third-risk and controls.
Ms. Romulus strives to build strong partnerships and ensure joint accountability when it comes to protecting the company’s employees, clients, information and brand. Her expertise spans
a number of well-respected firms including, SunTrust Bank, MetLife, Deloitte & Touché, Putnam Investments and Bank of America.
Ms. Romulus is a graduate of Suffolk University and holds her MBA from Simmons University. A lover of new challenges, she’s completed the Atlanta 13.1 Half Marathon and Tough Mudder Competition, one of the toughest endurance races on the planet. However, her most rewarding role is the one of mother to her four year old daughter Layla Rose.

Kristen Schneider

Kristen Schneider
Director of Risk Management 

Kristen is speaking at Vendor & Third Party Risk USA

Brian Shaw
Director of Financial Services Sales


Brian has worked in business process automation targeting risking and compliance for over 25 years, supporting hundreds of Fortune 500 and mid-market firms across all industries. Since 2011 Brian has focused on Third-Party Risk, Compliance and Performance Management for the Financial Services Industry, as well as Master Data Management and Know Your Customer (KYC) challenges. At Mirato, Brian serves as Director of Financial Services Sales, responsive for sales to financial services firms in North America and Europe.


Olga Voytenko

Olga Voytenko
MD, Head of Third Party Risk Management 
State Street


Olga Voytenko is a Managing Director, Global Head of Third Party Risk Management. She is responsible for managing third party and outsourcing risk arising from State Street’s reliance on third parties performing services or activities on State Street’s behalf. This includes risks related to ineffective third party selection and failure to oversee and monitor our third parties. Ms. Voytenko is responsible for building, deploying and supporting the technology and processes to support business functions in mitigating Third Party Risks.
Prior to her current role, Ms. Voytenko served as Vice President within Global Treasury leading Global Liquidity Risk Management team across State Street, as well as, prior leadership roles within Recovery Resolution Planning, Valuation & Analytics, Corporate Audit, and Institutional Services.
Before joining State Street, Ms. Voytenko worked at Sun Life Financial, where she held various leadership positions in an Investment Finance and Security Valuation teams.
Ms. Voytenko holds a Master of Science in Business Administration from Suffolk University and a Bachelor of Science in Accounting and Finance from Boston University.


Ken Wolckenhauer
VP, Vendor Management
Nordea Bank, New York Branch

Ken Wolckenhauer is the Head of Vendor Management at Nordea Bank’s New York branch. Leading up to this position, Ken was as a subject matter expert, trainer, solutions provider, and consultant for FIS, the world’s largest global provider dedicated to banking and payments technologies. With FIS, Ken specialized in financial industry regulatory risk and compliance, mostly in the area of anti-money laundering and watchlist compliance. Nordea Bank leveraged Ken’s risk and compliance knowledge to build out the vendor management program for the New York branch, developing a program that would properly manage risk as well as gaining acceptance to the US regulators. The success of the US program is now being used to advise Nordea’s European branches on enhancements to its TPRM program. Ken is a graduate of Bucknell University and is a Certified Anti-Money Laundering Specialist.
Amanda Xu

Amanda Xu
SVP, Head of Third Party Risk Management
EastWest Bank


Amanda Xu is the Head of Third Party Risk Management (TPRM) at
East West Bank overseeing the TPRM lifecycle including planning, due
diligence, contract negotiation, ongoing monitoring, and termination
enterprise wide. Amanda has over 25 years of experience in banking
including 12 years at KPMG. Amanda is accountable for the development
and mentoring of a high performing team in support of the bank’s third
party risk program. She leads cross-functional teams and partners with
IT to build the TPRM dashboard to provide transparency and oversight
to executive management and the board. Amanda received a Master of
Science in Business Administration/Information Systems Auditing and a
Bachelor’s degree from Cal Poly Pomona.

In her spare time Amanda is teaching the “Advanced Information Technology Auditing” class. This is a required class to complete the Master of Science in Information Security (MSIS) program at Cal Poly Pomona. The MSIS is a STEM designated degree program and is for people who wish to pursue a career in IT Auditing, Information Security, Risk Management, and Computer Forensics.


Register here


Panel Discussions


Interactive panel discussions are designed to include attendees by running a live Q&A throughout the session



Hear industry experts provide detailed insights on a range of vendor risk issues, challenges and opportunities



Networking opportunities including breakfast, lunch and refreshment breaks on both days, access to all streams and sessions.

meet the speakers


Continue discussions beyond the auditorium and interact with speakers and attendees after their session.

16th May 2022

Data collection and identification techniques to integrate into strategy

The views and opinions expressed in this article are those of the thought leaders as individuals, and are not attributed to CeFPro or any particular organization. […]
27th September 2021

Assessing and allocating risk in the contract for the new ‘normal’

The views and opinions expressed in this article are those of the thought leader as an individual, and are not attributed to CeFPro or any particular […]
31st August 2021

Identifying fourth parties and beyond to track dependencies and mitigate risk of service failure

The views and opinions expressed in this article are those of the thought leader as an individual, and are not attributed to CeFPro or any particular […]
20th August 2021

The future of on-site assessments: Balancing cost vs. effectiveness to satisfy on-site assessment requirements

The views and opinions expressed in this article are those of the thought leader as an individual, and are not attributed to CeFPro or any particular […]
17th August 2021

The future of on-site assessments: Balancing cost vs. effectiveness to satisfy on-site assessment requirements

The views and opinions expressed in this article are those of the thought leader as an individual, and are not attributed to CeFPro or any particular […]
10th June 2021
Paul Huggett, Head of Partner Management, Bank of Ireland

Assessing regulatory changes ahead and the impact on third party and vendor risk management

The views and opinions expressed in this article are those of the thought leader as an individual, and are not attributed to CeFPro or any particular […]
1st June 2021
Terri Duhon, Chair of the Board, Morgan Stanley Investment Management

Monitoring the threat landscape to better understand cyber threats

The views and opinions expressed in this article are those of the thought leader as an individual, and are not attributed to CeFPro or any particular […]
21st May 2021
Nasser Fattah, Executive Advisor, System Security Integration, Former Managing Director, MUFG

Managing cyber security risks in a remote working environment internally and across supply chain

The views and opinions expressed in this article are those of the thought leader as an individual, and are not attributed to CeFPro or any particular […]
13th May 2021
Jimi Hinchliffe, Partner, The JADEtc Partnership & NFR Leaders Advisory Board member, CeFPro

Demonstrating resilience and developing business continuity plans in light of recent volatility

The views and opinions expressed in this article are those of the thought leader as an individual, and are not attributed to CeFPro or any particular […]
4th May 2021
Victor Lessoff

Designing and implementing an effective internal fraud detection system

The views and opinions expressed in this article are those of the thought leader as an individual, and are not attributed to CeFPro or any particular […]
22nd April 2021
Jeremy Resler, SVP, Director, Third Party Risk Management and Governance, U.S. Bank

Assessing regulatory changes ahead and the impact on third party and vendor risk management

The views and opinions expressed in this article are those of the thought leader as an individual, and are not attributed to CeFPro or any particular […]
20th April 2021
Sean Miles, Head of Risk, Motor Insurers Bureau

Regulatory developments within data privacy and monitoring transfer across borders

The views and opinions expressed in this article are those of the thought leader as an individual, and are not attributed to CeFPro or any particular […]

Non-Financial Risk Leaders 2022

Non-Financial Risk Leaders strives to provide insights, support, and benchmarks for organizations as the traditional operational and non-financial risk arena continues to evolve, expand, and gain significance.

Take part in our survey and contribute your knowledge towards one of the most comprehensive business reports in the industry, recognized by experts as a go-to resource.

All respondents have an option to receive a complimentary copy of the final report.


Aravo are sponsoring Vendor & Third Party Risk USA 2022

Archer, an RSA company, is a leader in providing integrated risk management solutions that enable customers to improve strategic decision making and operational resiliency. As true pioneers in GRC software, Archer remains solely dedicated to helping customers understand risk holistically by engaging stakeholders, leveraging a modern platform that spans key domains of risk and supports analysis driven by both business and IT impacts. The Archer customer base represents one of the largest pure risk management communities globally, with over 1,500 deployments including more than 90 of the Fortune 100.


Bradley are sponsoring Vendor & Third Party Risk USA 2022

Certa are sponsoring Vendor & Third Party Risk USA 2022

Grant Thornton

Grant Thornton are sponsoring Vendor & Third Party Risk USA 2022

IHS Markit

IHS Markit is a global leader in information, analytics and solutions for the major industries and markets that drive economies worldwide. Our company partners with clients in business, finance and government to help them see the big picture with unrivaled insights that lead to well-informed, confident decisions. IHS Markit serves more than 50,000 key customers in over 140 countries, including 85 percent of the Fortune Global 500. Headquartered in London, IHS Markit (NYSE: INFO) is committed to sustainable, profitable growth.

NContracts The Upside of Risk

Ncontracts are sponsoring Vendor & Third Party Risk USA 2022

OneTrust Vendorpedia™ is the largest and most widely-used technology platform to operationalize third-party risk. The offering enables both enterprises and their vendors with technology solutions that include: the Third-Party Risk Exchange, a community of shared (and pre-completed) vendor risk assessments with 70,000+ participating vendors; Questionnaire Response Automation, a tool that helps organizations answer incoming security questionnaires; and Third-Party Risk Management software, a platform to streamline the entire vendor lifecycle, from onboarding to offboarding. More than 10,000 customers of all sizes use OneTrust, which is powered by 150 awarded patents, to offer the most depth and breadth of any third-party risk, security, and privacy solution in the market. OneTrust Vendorpedia offers purpose-built software designed to help organizations manage vendor relationships with confidence, including and integrates seamlessly with the entire OneTrust platform, including – OneTrust Privacy Management Software, OneTrust DataDiscovery™, OneTrust DataGovernance™, OneTrust GRC, OneTrust Ethics, OneTrust PreferenceChoice™, OneTrust ESG, and OneTrust DataGuidance™.

When you need to understand the companies in your ecosystem, you’ll benefit from a certain approach. With comprehensive global coverage, the richest source of beneficial ownership data available, plus information on PEPs and sanctions, we are the resource for compliance and onboarding checks. Our Orbis database has information on nearly 400 million companies worldwide and was named “Best Data Solutions for KYC” the past two years. Request a free trial at to see how we can help you mitigate risk.

Ekran System is a full-cycle insider risk management platform that helps companies to detect, deter, and disrupt any security threats from the inside.

Our customers simplify, automate, and streamline their third-party risk management activities with Ekran System. Our software is featured by Gartner in their 2020 Market Guide for Insider Risk Management Solutions and recommended in NIST Special Publication. We are also the only Microsoft Azure value-add partner that provides all-round insider threat management on their platform.

Ekran System delivers robust access management, continuous third-party user activity monitoring, and real-time incident detection and response. Thanks to the rich capabilities provided by of Ekran System, Deloitte, Samsung, Panasonic, UPS, and many other companies across the world trust us with their security.


EY are sponsoring CeFPro’s Vendor & Third Party Risk USA 2022

Mirato are sponsoring CeFPro’s Vendor & Third Party Risk USA 2022

Mitratech is a proven global technology partner for corporate legal, risk & compliance, and HR professionals seeking to maximize productivity, control expense, and mitigate risk by deepening operational alignment, increasing visibility, and spurring collaboration across their organization.

With Mitratech’s proven portfolio of end-to-end solutions, organizations worldwide are able to implement best practices and standardize processes across all lines of business to manage risk and ensure business continuity.

Mitratech serves over 1,500 organizations worldwide, including 30% of the Fortune 500 and over 500,000 users in 160 countries.

For more info, visit:

Onspring’s intelligent automation and real-time reporting software provides risk management teams with flexibility and efficiency in managing enterprise risk. Our solution captures and relates financial, operational, reputational, cyber and compliance risks across your business—so you can plot risk ownership, calculate dependencies and categorize mitigation plans.Our goal is to give you more control over risk. This happens when you’re able to generate risk evaluations, calculate impacts on your business, estimate the likelihood of occurrences and potential costs in Onspring. Plus, our no-code cloud-based platform means you can update your processes on your own without the help of IT, all while measuring the impact and results of your team.


Prevalent takes the pain out of third-party risk management (TPRM). Companies use our software and services to eliminate the security and compliance exposures that come from working with vendors, suppliers and other third parties. Our customers benefit from a flexible, hybrid approach to TPRM, where they not only gain solutions tailored to their needs, but also realize a rapid return on investment. Regardless of where they start, we help our customers


Riskonnect are sponsoring CeFPro’s Vendor & Third Party Risk USA 2022

State of Flux are sponsoring CeFPro’s Vendor & Third Party Risk USA 2022

Reasons to sponsor
Level of Sponosr Text


Share Your Expertise


get your brand seen...


Connect with senior leaders



Please contact the Center for Financial Professionals today to discuss how we can deliver your thought-leadership at the event, help you generate leads, and provide you with unique networking and branding opportunities. For more information on what we can offer, please contact [email protected] or call us on +1 888 677 7007 ext. 207 where a member of the team will be happy to tailor the right package for you.

Can I present at the Vendor & Third Party Risk USA Congress?

Yes, the Center for Financial Professionals are happy to discuss speaking opportunities at the Vendor & Third Party Risk USA Congress. For further information on this please contact [email protected] or call us on +1 888 677 7007.

Are there any rules on the dress code?

Business attire is requested. The Congress is a formal opportunity to network with like-minded professionals and to gain knowledge from the industry’s finest risk management experts.

What is the cost and what is included in the registration fee?

We offer incentives for ‘early bird’ registrants of the Congress, as outlined on our pricing structure. Registration includes breakfast, refreshment breaks, lunches, the cocktail reception at the end of the day, full access to the sessions and exhibition area. Presentations from the sessions are also available, subject to speaker approval.

Where can I find the Congress documentation and speaker presentations?

All registered attendees will receive an email with access to documentation and speaker presentations after the Congress*. We will work with our presenters to include as many presentations as possible on our App during the Congress.

* Please note that our speakers often have to gain permission from their relevant compliance departments to release their presentations. On rare occasions compliance may not allow presentations to be distributed.

Will breakfast, lunch and refreshment be provided?

Yes. As with all of our events, the Center for Financial Professionals will be providing brilliant coffee, breakfast, lunch, refreshments, and smaller bites during the networking breaks.

Will there be opportunities to network with other attendees?

There are ample opportunities for networking and interaction throughout the Congress, such as:

  • Breakfast, lunch and refreshment breaks
  • Cocktail reception at the end of the day (subject to confirmation)
  • Q&A, panel discussions and audience participation technology
Are there opportunities to share my thought-leadership at the Vendor & Third Party Risk USA Congress?

Yes there are plenty of opportunities for the Center for Financial Professionals to share thought-leadership to the attendees of Vendor & Third Party Risk USA Congress and our wider risk professionals community. At the event we can distribute your material to the attendees, offer you an exhibition booth, and provide speaking opportunities so that you may enjoy a more prominent presence at the Congress. Visit the Sponsor tab for further information or contact [email protected] / +1 888 677 7007

Are media partnerships available for the Vendor & Third Party Risk USA Congress?

Yes. As part of a media partnership we can offer a variety of options to increase the branding and awareness of your association, company, certificate, publication or media. We are flexible with what we can offer however we usually:

  • Provide a discounted rate to attend
  • Place your logo and profile on the Congress website
  • Place your logo on promotional content where applicable
  • Distribute your media/marketing at the Congress
  • Promote through social media channels

To discuss this further please contact [email protected] or call +1 888 677 7007.

What can I do if I can't attend the event due to Covid-19?

If you are unable to attend the Congress due to national/Covid restrictions, CeFPro would be more than happy to offer you a refund, credit note or the option to transfer the ticket to a colleague who is able to attend.

Representing a financial institution or government body – (E.g. Bank, Insurance company, Asset Manager, Regulator)

Vendor & Third Party Risk USA
June 1-2, 2022


SAVE $300

Registrations before April 8


SAVE $200

Registrations before May 13




Registrations after May 13

Representing an information/service provider (E.g. Consultant, Vendor, Executive Search Firm, Law Firm)

Vendor & Third Party Risk USA
June 1-2, 2022


SAVE $600

Registrations before April 8


SAVE $400

Registrations before May 13




Registrations after May 13

PLEASE NOTE: To qualify for the preferential ‘early bird’ rates, registration must be received by the close of the ‘early bird’ working day, and payment can be made at the time of registering, or up to a week after registration is made an invoice sent. CeFPro reserves the right to increase rates should payment be delayed significantly. For Group Rates to be valid, the whole group must register at the same time, though names can be changed at any time up to the event at no additional cost. Should a delegate register at a rate that is inaccurate, CeFPro reserves the right to issue an additional invoice for the outstanding amount.

Register by Email
Contact us Directly
Download PDF registration page




Simply email us with your
Full name
Job title
Company & address
Contact number

Email: Lauren.carter{@}

Call us on +1 888 677 7007

Click here to complete the form and submit by email


Grant Thornton
IHS Markit
NContracts The Upside of Risk
Jeremy is NatWest Markets’ Chief Risk Officer, having joined the bank in 2018. He has an extensive experience as a trader and risk manager. His roles in risk management include running regional and global market risk teams at a variety of firms including Commerzbank, UBS, Investec and Nomura, and the role of Chief Risk Officer, EMEA at Nomura since 2015. Jeremy holds a Masters in Economics Cambridge University.
Jeremy is NatWest Markets’ Chief Risk Officer, having joined the bank in 2018. He has an extensive experience as a trader and risk manager. His roles in risk management include running regional and global market risk teams at a variety of firms including Commerzbank, UBS, Investec and Nomura, and the role of Chief Risk Officer, EMEA at Nomura since 2015. Jeremy holds a Masters in Economics Cambridge University.
Søren Agergaard Andersen is the Chief Risk Officer for Nordea Asset Management, the biggest asset manager in the Nordics with more than € 250bn AuM. Søren is responsible for the overall enterprise risk function, managing an international team of risk professionals in Denmark, Sweden and Luxembourg. Before joining the asset management industry, Søren held leading positions within risk in banking and pension/life insurance. One of his main priorities is to define and uphold a strong and yet flexible governance and risk framework, which can support a sound overall risk culture. Søren holds a M.A. in Mathematics and Economics and a PRM certification.
Kimberley brings more than a decade of executive leadership experience in the Governance, Risk and Compliance space, building brand recognition, thought-leadership and revenue-accelerating marketing programs at companies including Thomson Reuters, SAI Global, the Global Association of Risk Professionals, Practical Law Company and Compliant. As part of her role at Aravo, Kimberley develops thought leadership content designed to help third party risk professionals benchmark their programs, share best practice, elevate their conversations to the Board, and build the business case for investment in the development of their programs. Kimberley is originally from New Zealand, and has also lived and worked in London and New York. She now lives in San Francisco, and in her spare time enjoys exploring and al fresco dining with her husband and bulldog.
Louise Waite is the Supply Chain Management & Assurance Director at Lloyds Banking Group. She leads a team of 50, delivering a group-wide approach to supplier risk assessment, supplier assurance and supplier management. Louise and her team maintain an effective Supply Chain Management framework, run a Centre of Excellence for Supplier Management and conduct hundreds of assurance reviews every year. Having spent several years in the IT and Pharmaceutical industries, Louise is enjoying her return to Financial Services where she started her Procurement career.
Jean-Francois Valette is leading Global Third Party Compliance & Risk management at eBay. Jean-Francois is responsible for enhancing eBay’s legal, risk and compliance program around all third parties impacting eBay’s operations and business activities directly or indirectly. He oversees the development and management of a third-party risk management program across the business units; engaging and supporting the management of the controls functions for the company, including Business Ethics Office, Information Security, Resiliency, Compliance investigations and reporting amongst others. Prior to joining eBay, Jean-Francois worked as the Head of Operations for Volkswagen Payments and held the roles of Head of Outsourcing and Global Third Party Compliance and Risk management for PayPal. He also held different positions in the Banking & Asset Management industry, and holds his Law and Investment Management certifications, specializing in regulatory compliance and outsourcing.
Martin Townsend will be speaking at Vendor & Third Party Risk Europe 2021
Sean Titley will be speaking at Vendor & Third Party Risk Europe 2021
Alex is Head of Supply Chain Risk for Lloyds Banking Group (LBG), responsible for ensuring that the supplier onboarding & management frameworks drive effective risk management and regulatory compliance. Alex has worked with LBG for 10 years, and has over 20 year experience in Sourcing and Supply Chain Risk.
An Alumni of De Monfort University & London Metropolitan University, Desmond is a seasoned Third-Party Risk Management Lead as well as a specialist in Supplier Relationship Management. He has worked both in the Public and Private sectors gaining foundational experience at London Underground over a 17 year career. He has also worked for Deutsche Bank, HSBC and now with Vodafone leading on Third Party Risk programme activities. Desmond is married with two children and enjoys travelling.
Daniel Cameron will be speaking at Vendor & Third Party Risk Europe 2021
Dilbagh is a Partner at Fintegral and leads the firm’s UK practice. He specialises in the areas of traded risk and climate risk, helping banks to enhance their analytics capabilities to better identify, quantify and manage current and emerging risks. He has over 20 years of experience in trading, risk management and quantitative modelling at banks and hedge funds, including Credit Suisse, Man AHL and Nomura. Dilbagh holds a degree in Natural Sciences (Physics) from the University of Cambridge.
Vishwas has deep international FS consulting and risk management experience across Europe, US, Middle East and SE Asia. Vishwas has led complex risk transformations for G-SIBS, challenger banks and fintechs in the UK and EMEA, focusing on prudential regulation, capital and stress testing. Vishwas has also led a number of banking authorisations, fintech and Brexit applications and has experience of helping clients deliver to regulatory expectations and their internal performance targets. Vishwas also has experience in thought leadership and eminence, having led a number of conferences, speaker sessions and panel discussions with regulators and industry participants
Charis is a Risk Management generalist with 13+ years of experience in investment and retail banking. He is currently the Chief Risk Officer of SIB (Cyprus) Ltd, Sberbank Group, where he is responsible for developing the Risk Management framework, overseeing regulatory initiatives and driving strategic projects related to risk. His interests include Fintech and innovation in Risk Management. He holds an MBA and a Master’s in Financial Mathematics. He is also a CFA charterholder and a certified Financial Risk Manager.
Stuart Burns currently has the role of Senior Technical Specialist at the PRA, working in the team reviewing and approving IRB models. He has responsibility for aspiring IRB firms. He previously ran the IRB risk weight analysis in the Annual Cyclical Scenario (ACS) stress test, challenging firms’ stressed projections and recommending capital responses. Stuart has over 20 years experience delivering credit risk, stress testing and economic capital models. This includes roles as: Head of Model Validation for S&P Europe. Head of Models for the Rainbow Business at Royal Bank of Scotland. Head of Credit Risk Methodology at Barclays Capital, where he rebuilt the team following the departure of the previous head, and managed all IRB related regulatory issues. Head of Corporate Analytics at HSBC, where he was responsible for Credit Risk Modelling and saw the bank achieve Advanced IRB status. He also introduced credit risk stress testing and economic capital. Head of Economic Capital and Model Risk Management at Standard Chartered Bank, where his responsibilities included building an offshore validation team, and coordination of stress testing across portfolios and risk types. Advanced IRB status was delivered on the strength of these areas.
Over the last 3 years, I have provided trusted advice and guidance to a variety of organisations looking to change their approach to GRC. The organisations I have worked with have often been looking to advance their approach to GRC through the use of modern, intuitive, and insightful technology. My job is to help these businesses and people with this often daunting task, and make it as seamless as possible.
Rob is responsible for New Business Sales and Account Management in EMEA. Based out of our London office, Rob helps guide organisations through the vendor evaluation process, remaining a key point of contact through the implementation process and throughout the ongoing relationship. Rob joined Riskonnect in September 2017 and has over 7 years experience in Governance, Risk and Compliance solutions helping a range or organisations from different industries including Telecommunications, Financial Services, Maritime and Infrastructure Projects, and more, evaluate, select and implement highly successful solutions.
David Cassonnet is Director of Business Development at ActiveViam, leading the creation of new solutons and use cases for the company. In his role, David ensures that the new product features developed by the company's R&D team translate into innovative and actionable use cases that deliver tangible value to the clients' business. With over twenty years of experience in financial markets, David has a double expertise in business development and solutions implementation. Previously he was Managing Director of ActiveViam in APAC where he and his consulting team were involved in several front-office and risk management projects with large local and international banks. David also held several roles at Mysis and Summit Systems.
Benjamin Westwood will be presenting at the 10th Annual Risk EMEA Summit.
Suresh Sankaran will be presenting at the 10th Annual Risk EMEA Summit.
Nigel Milbank is a Cambridge University graduate and Chartered Accountant having trained with Arthur Andersen and Deloitte. Nigel has held audit positions in Schroders and Credit Suisse as an Audit Director, following which he helped set up the Operational risk function and Product Control global assurance at Credit Suisse. Nigel was Director of Enterprise and Operational Risk at Santander UK from 2006 to 2011 and joined RBS in 2012 to run the Group ICAAP function. He has held various stress testing delivery and improvement roles at RBS/ Natwest Group and since 2020 has been Programme Manager on the Climate Programme building climate stress capability and embedding climate financial risk management.
Alistair McLeod will be presenting at the 10th Annual Risk EMEA Summit.
Melissa Longmore will be presenting at the 10th Annual Risk EMEA Summit.
Libor Krkoska will be presenting at the 10th Annual Risk EMEA Summit.
Pradyumna specializes in Market Risk and Counterparty Risk with experience spanning both the Front Office and Risk Management functions at two of the largest global investment banks. In his current multi-dimensional role he is the market risk manager for JPM’s differential discounting desk, the banking book loan portfolio and also is the head of CVA stress testing. He is also involved in developing a climate risk management framework for JPM’s trading book. Outside of work, he is a bit of a musician and is working on his first album.
Jérôme Henry is Principal Adviser at the ECB, in the financial stability area. He led Quality Assurance for SSM stress tests and was a BIS fellow. Originally from the Banque de France, Mr Henry started at the ECB leading its modelling team and thereafter its projection exercise. Mr Henry has a number of research publications, eg the ECB STAMP€ e-book. An ENSAE graduate, he holds an Economics PhD and a History BA from Paris Sorbonne.
Per Hansson is a Director and Head of CCR Exposure Management within Credit Risk Management at Deutsche Bank, responsible for the bank’s IMM and pre-deal exposure models for counterparty credit risk. Per is additionally responsible for capital planning and the bank’s Pillar 2 capital model for credit risk. Previously, Per worked in Market Risk Management for Credit Trading and CVA at Deutsche Bank and JP Morgan and was also a risk manager in JP Morgan’s prime finance business. Per has an MSc in Engineering Physics from Lund University, Sweden.
Atanas Dimov will be presenting at the 10th Annual Risk EMEA Summit.
Ashish Bansal, a certified Chartered Accountant from India, is the Head of Finance & Regulatory Reporting in Union Bank of India (UK) Limited. In his 8 years of industry know-how, his range of experiences span from application of operational aspect of conventions at grassroot, to administering and formulating policy blueprints at the executive stratum. His in-depth technical understanding of banking products and demonstrated cognizance of RBI’s as well as Bank of England’s regulatory governance, adds to his industry’s proficiency.