Vendor & Third Party Risk Dallas
November 4-5, 2025
Dallas
Adapting for a Volatile World: Regulation, Resilience, and Innovation
20+
20+
150+ Sessions Speakers Attendees
Key Themes 2025:
Regulatory Trends
Adapting TPRM teams to a shifting regulatory environment to maximize capabilities
Geopolitical Risk
Preparing TPRM systems for the unknown as geopolitical risks and volatility continue to evolve
AI
Reviewing how AI is transforming the industry and opportunities to upskill and enhance TPRM
Cyber Risk
Managing cyber risk across a fragmented and evolving threat landscape
Collaboration & Communication
Creating effective exit strategies with comprehensive timelines and clearly defined outcomes
Who’s Participating:
Michael Higdon Director TPRM USAA
Anna Frank Third Party Risk Management Director US Bank
Jennifer O’Dwyer Head of Contracts, TP Due Dilligence Capital One
Nick Kotakis Head of Third Party Risk Northern Trust
Ryan Langshaw Director of Third Party Risk Management & Vendor Onboarding
PayPal
Agenda | Day 1 | November 4, 2025
8:00 REGISTRATION & BREAKFAST
8:50 CHAIR’S OPENING REMARKS
REGULATORY TRENDS
9:00 Adapting TPRM teams to a shifting regulatory environment to maximize capabilities
• Predicting and adapting to future regulatory landscape during changes of government administrations
• Rethinking team structure and redeployment of staff to optimize staff capabilities during periods of relaxed regulatory scrutiny
• Forward-Looking strategy to ensure adaptable operating framework is in place to effectively resume regulatory capabilities in the wake of possible resource shifts and re-heightened regulatory oversight
Miguel Machado, Executive Director Third Party Risk Management, OCC
OPERATIONAL RESILIENCE - PANEL
9:35 The need for heightened operational resilience in anticipation of deregulation
• The importance of embedding resilience into third party eco systems
• Heightening the third line of defense and the self-auditing process in anticipation of deregulation
• Implementing a forward-looking framework to anticipate and test disruptions
• Understanding the difference between continuity and resilience and how to operationalize both Megan Speranza, Executive Director Global Head of CCOR Resilliency Oversight, JP Morgan
Malcolm Smith , SVP Global Lead Third Party Operational Risk & Resilience, Goldman Sachs
VENDOR CONCENTRATION
10:20 Mitigating the risks associated with the concentration of large vendors and aligning this with your company’s risk appetite
• Ensuring your firm is properly considering vendor concentration when onboarding large cloud vendors
• Identifying risks associated with using large cloud vendors for multiple core functions and aligning this to your firm’s risk appetite
• Discussing the cyber-security concerns associated with the current SaaS delivery model
• Preparing contingency plans for possible moves from one large cloud vendor to another
10:55 MORNING REFRESHMENT BREAK & NETWORKING
GOVERNING CRITICAL THIRD PARTIES
11:25 Defining critical third parties and the best practices for assigning risk ratings and ensuring effective continuous monitoring
• Creating an effective and automated tiering system to help prioritize your most critical third parties
• Establishing the key performance metrics and KPIs of critical third parties for effective ongoing monitoring
• Developing more ‘out of the box’ methodologies for risk rating which enable an outcome driven approach to align with risk appetite
• Ensuring there is a high level of board awareness around critical third parties and establishing regular summaries are sent for analysis including costs, risk acceptances and overall due diligence ratings
Michael Higdon, Director TPRM, USAA
NTH PARTY RISK
12:00 Understanding complex supply chains and developing effective approaches for oversight and ongoing management
• Identifying frameworks to map fourth and nth party relationships across critical services
• Understanding cascading concentration risks across your 4th parties
• Developing approaches to tiering and triaging extended party risks efficiently and ensuring effective continuous monitoring
• Developing effective contingency plans for critical 4th party outage
• How to protect your data from 4th parties by ensuring 3rd parties anonymize your information
Kelly Entas, Head of Third Party Risk Management, Truist
12:35 LUNCH BREAK AND NETWORKING
CONTRACTS
- PANEL
1:35 Approaches for improving contracts with third parties, from business continuity guarantees to integral cyber security clauses
• Exploring how financial institutions can ensure contract clauses combat a comprehensive range of risks including: capturing laws and regulation, rights to audit, defining accountability and incident reporting obligations
• Highlighting the need for considering business continuity plans when setting SLA criteria and spotting common weak spots in contract agreements
• Using contract clauses to ensure cyber-security and AI policies are future proof
• The importance of protecting data at contract level, implementing deletion and return of data clauses for contract ends
Jennifer O’Dwyer, Head of Contracts & TP Due Diligence, Capital One
2:20 Reviewing how AI is transforming the industry and opportunities to upskill and enhance TPRM
• Assessing the practical application of AI for efficiency and reorganizing the workforce:
- Uses in driving efficiency in the questionnaire process
- Contract analysis opportunities
- Continuous monitoring of sentiment and media analysis to protect reputation
- Taking over simple and laborious tasks to up-skill the workforce and free up time to focus on ‘big picture’ projects
• Discussing what factors should be considered when selecting an AI system to use in the TPRM process
• Mitigating the risks associated with AI use including hallucinations, data bias, and cyber risk
AI POLICY - PANEL
2:55 How different firms have created effective AI policies which ensure third parties remain compliant and responsible
• Exploring how different organizations have successfully implemented their own policies for use of AI across the supply chain
• Considering a third party’s AI usage during the due-diligence process and clearly communicating your own firm’s policy to align them and ensure compliance
• How to carry out effective continuous monitoring to ensure third parties remain compliant with your own internal AI policies
• Ensuring data sources for training AI models are reliable, accurate and unbiased
• Creating non-static AI policies which can evolve and advance with the developing landscape
3:40 AFTERNOON REFRESHMENT BREAK & NETWORKING
DATA GOVERNANCE
4:10 Data governance as a foundational priority for improving the effectiveness of TPRM programs
• Discussing ways to ensure data is accurate, complete and fit for use via strict data governance frameworks
• Building clean data foundations
• Remediating fragmented or duplicated third party data
• Traversing the difficulties surrounding data ownership and providing clear solutions
• Managing data to ensure compliance with privacy regulations
INTER-AFFILIATE RELATIONSHIPS
4:10 Managing the overlooked risk in TPRM: Reviewing how inter-affiliate relationships fit within a broader TPRM framework
• Defining the risk of inter-affiliate dependencies and understanding their hidden potential threats
• Structuring systems to ensure inter-affiliate relationships are meeting the same due-diligence standards as external vendors
• Managing inter-affiliate risk using centralized TPRM frameworks, shared risk assessment standards, and separate control testing Michael Steinhofel, Director of Operational Risk Management, Barclays
5:20 CHAIR’S CLOSING REMARKS
5:30 END OF DAY ONE AND DRINKS RECEPTION
Agenda | Day 2 | November 5, 2025
8:00 REGISTRATION & BREAKFAST
8:50 CHAIR’S OPENING REMARKS
GEOPOLITICAL RISK- PANEL
9:00 Preparing TPRM systems for the unknown as geopolitical risks and volatility continue to evolve
• Strategies for preparing TPRM systems to manage geopolitical instability and unforeseen disruptions
• Building resilient systems that can quickly adapt to changing global dynamics
• Ensuring continued compliance and risk mitigation in times of uncertainty
• Reviewing recent examples such as: US/China trade tension, the India/Pakistan conflict and continued unrest in The Middle East, and understanding impacts across supply chain and key considerations
Anna Frank, Third Party Risk Management Director, US Bank
OFFSHORING
9:35 Defining the best strategies when contemplating onboarding of an offshore vendor to ensure all risks are considered
• Understanding the blocking statutes within countries you are onboarding vendors from
• Clearly defining the key attributes needed to be considered when sourcing vendors from a specific location, including trade & tariff implications, political stability, economic outlook and possible climate risks
• Creating airtight contracts which mitigate these risks and provide robust exit plans in case of emergency
SCENARIO PLANNING
11:20 Developing more creative and innovative approaches to scenario planning and testing
• Looking at the pros and cons of tabletop exercises for effective scenario planning
• Exploring new approaches and the possible ‘gamification’ of scenario planning to engage participants more successfully and create a more impactful experience
• How AI and new technology can be used to enhance scenario planning
• The importance of including cascading scenarios in your planning
• Understanding how your firm should choose which scenarios are most integral to test and plan for
EXIT PLANNING - PANEL
11:55 Creating effective exit strategies with comprehensive timelines and clearly defined outcomes
• Understanding the heightened need for robust and precise exit strategies in a world of growing geopolitical risk & uncertainty, cyber-attacks and increased extreme climate events
• Enforcing that exit plans are strongly governed, with exact ideas of timelines to ensure services are not interrupted
• Ensuring exit strategies are part of scenario planning, enabling regular reviewing and updating
• Aligning exit strategies to regulatory expectations
Kathryn Hardman, Director of Third Party & Model Risk Governance, Veritex Community Bank
Jennifer Wilkinson, VP Third Party Risk Management, Cenlar FSB
Tiffany Bray, Former SVP Third Party Risk Management, Seacoast Bank
10:15 MORNING REFRESHMENT BREAK & NETWORKING
12:30 LUNCH BREAK AND NETWORKING
BUSINESS CONTINUITY
10:45 Enhancing business continuity plans for extreme disaster and global outages
• Ensuring effective business continuity plans are in place for extreme outages of your most critical third parties, particularly in regards to offshore vendors
• Clearly defining responsibilities withing continuity plans which make roles and decision making clear
• Exploring recent examples of severe outages and how large corporations successfully implemented their plans
Kenneth Brock, Director of Business Resiliency Management, Cenlar FSB
DE-SILOING RISK - PANEL
1:30 Discussing how the move from the traditional siloed approach to risk management to create an outcome driven approach
• Increasing intersectionality between departments for a more holistic approach to risk management
• Highlighting the potential benefits of enhanced collaboration between lines of defense to enable more pro-active results
• Combining risk management and business continuity for better contingency planning
• How firms can improve its flexibility and adaptability to enhance skill sets and improve outcomes
• Harmonizing operation resilience and the competing regulatory landscape to enable a more outcome-driven approach to risk management
Bryan Philips, Director ICFR and Third Party Risk Management, Federal Home Loan Bank of Indianapolis
TPRM SOLUTIONS
2:15 Methods for successfully selecting the right TPRM solution and best practices for migrating between them
• Accurately assessing the current state and future needs for your TPRM Solution
• Identifying problems with potential solutions
• Completing demonstrations and analysis to show exactly how you can select the right solution for your company
• Best practices for developing and executing implementation plans which ensure smooth transition and no down time
• Looking back at lessons learned from previous transition examples
Justin Van Beek, Head of Professional Practices, Community Bank NA
Paul Ward, SVP of Risk Management, Community Financial System Inc.
2:50 AFTERNOON BREAK AND NETWORKING
CYBER RISK - PANEL
3:20 Managing cyber risk across a fragmented and evolving threat landscape
• Insight into the evolving cyber challenges in TPRM and how the industry is adapting
• How institutions can better map their supply chains and prepare for cyber incidents
• Navigating regulatory guidance on cybersecurity measures for third and fourth parties
• Discussing the benefit of a more transparent approach to cyber, and how sharing incidents and solutions between firms can build a more robust wider industry
CYBER SECURITY
4:05 Developing and implementing efficient cyber security tools to manage risk across the supply chain
• Implementing cyber security protocols and building robust contingency plans to mitigate third-party breaches
• Highlighting common attack points in supply chains
• Building robust defenses to monitor and detect risk and potential breaches
• Reviewing emerging security systems and practices to secure third party relationships
4.40
4.50 END OF CONFERENCE
Why should you be attending these sessions?
Regulatory Trends
• Predict and adapt to future regulatory landscape during changes of government administrations
• Rethinking how to optimize staff capabilities during periods of relaxed regulatory scrutiny
• Ensure an adaptable operating framework is in place
Operational Resilience
• Learn the importance of embedding resilience into third party eco systems
• Heighten the third line of defense and the self-auditing process
• Implement a forward-looking framework to anticipate and test disruptions
Understand the difference between continuity and resilience and how to operationalize both
AI & AI Policy
Understand and learn about how AI is changing the world of risk management
Know how to create effective AI policies with third parties and vendors
• Become aware of the risks of AI and how to mitigate them
Geopolitical Risk
• Prepare your TPRM systems to manage geopolitical instability and unforeseen disruptions
• Learn how to build resilient systems that can quickly adapt to changing global dynamics
• Ensure continued compliance and risk mitigation in times of uncertainty
Business Continuity
• Ensure effective business continuity plans are in place for extreme outages of CTPs
• Clearly definine esponsibilities withing continuity plans which make roles and decision making clear
• Explore recent examples of severe outages and how large corporations successfully implemented their plans
Cyber Risk
• Understand the most common cyber risks associated with third parties
• Learn how to spot risks early and mitigate against them
• Navigate regulatory guidance around cyber risk
Exit Planning
• Understand cthe heightened need for robust and precise exit strategies
• Enforce that exit plans are strongly governed
• Ensure exit strategies are part of scenario planning
• Align exit strategies to regulatory expectations
De-Siloing Risk
• Increase intersectionality between departments for a more holistic approach to risk management
• Highlight the potential benefits of enhanced collaboration between lines of defense
• Combine risk management and business continuity for better contingency planning
• Improve flexibility and adaptability to enhance skill sets and improve outcomes
• Enable a more outcome-driven approach to risk management
