• Insights from the first six months of DORA compliance across Europe
• Key challenges in aligning processes with the Digital Operational Resilience Act
• Strategies for embedding DORA into business-as-usual operations
• Perspectives from financial institutions and regulatory bodies on next steps
Gerard Doyle, EMEA Head of Third Party Management and Procurement, SMBC
Birgit Biondi, Head of Global Third Party Management Function, Munich Re
Charles Forde, former Chief Operating Officer, Wholesale Investment Banking & Global Markets, Nomura
RESILIENCE
9:50 Integrating operational resilience frameworks into business-as-usual practices
• The integration of operational resilience into third-party risk management
• Overcoming challenges in harmonizing frameworks across regions
• Best practices for identifying vulnerabilities within critical functions How operational resilience contributes to overall risk mitigation
Mihaela Breg, Head of Operational Resilience & Business Transformation, Europe Arab Bank
10:30 MORNING REFRESHMENT BREAK & NETWORKING
CRITICAL THIRD PARTIES (CTP)
11:00 Reviewing requirements for critical third parties and alignment with global regulation
Impact of SS 6/24 on critical third party management
• Comparisons with DORA’s prescriptive requirements for CTPs Addressing transparency and compliance challenges with major tech providers
The role of regulators in monitoring systemic risks posed by CTPs
Carlos Colino, Global Head of Third-Party Risk Management, Santander Corporate and Investment Bank
TPRM BY EXCEPTION
11:40 TPRM By Exception
• Automation and AI for TPRM –
• Data-Driven TPRM by Exception
• Moving from Assessments to Real-Time Risk Management
Natalie Druckmann, VP, Head of EMEA, Certa
12:20 LUNCH BREAK AND NETWORKING
EXIT PLANNING - PANEL DISCUSSION
1:20 Designing and implementing stress scenarios for critical vendor exits
• Practical approaches to testing exit strategies with suppliers
• Addressing the complexities of unplanned exits in financial services
• Regulatory expectations for stress testing and exit readiness
• Reviewing industry advances and approaches
Desmond Campbell, Regulatory Project Delivery Lead, AJ Gallagher
Anne McGowan, Head of Supplier Management, Group Sourcing & Supplier Management, Lloyds Banking Group
Ayesha James, former Group Third Party Risk Steward and Head of Operational & Resilience Risk, HSBC
CONCENTRATION RISK
2:10 Managing increased concentration risk with heightened dependencies in extended supply chains
• Identifying and mitigating risks associated with subcontractors and fourth parties
• Managing the challenge of visibility in extended supply chains
• Tools and techniques to address concentration risk effectively
Mike Day, Head of Third Party Risk Management, MUFG
INCIDENT REPORTING
2:50 Setting standards for timely incident reporting and processes for regulatory notification
• Best practices for incident reporting within vendor relationships
• Aligning internal processes with regulatory notification requirements
• Managing communication with regulators during third-party incidents
Gemma Stewart, Global Head of Vendor Risk Management, Zurich Insurance Company
3:30 AFTERNOON REFRESHMENT BREAK & NETWORKING
EMERGING RISK - PANEL DISCUSSION
4:00 Managing the usage of AI and Gen AI across the supply chain
• Understanding the use of generative AI by third parties and its implications
• Regulatory considerations, including the EU AI Act, for third-party AI usage
• Managing contractual obligations and oversight for AI-related risks
• Opportunities and challenges of AI integration into due diligence processes
Eva Penny, Global Vendor Management Specialist, Zurich Insurance Company
Mihaela Breg, Head of Operational Resilience & Business Transformation, Europe Arab Bank
Onur Can Koltukcu, Policy Advisor, De Nederlandsche Bank
Darren Craig, CEO, RiskXChange
ESG – PANEL DISCUSSION
4:50 Approaches for assessing and monitoring ESG risks and compliance with requirements
• Evaluating third-party compliance with environmental, social, and governance (ESG) standards
• The evolving role of climate risk assessments in vendor due diligence Industry best practices for embedding ESG factors into supplier selection
Balancing cost efficiency with ESG commitments in third-party relationships
Kurt Neilson, Resilience and Oversight Director, Aegon
Merlin Linehan, Risk Manager, EBRD
Mikko Venermo, Senior Manager, Environmental & Social Policy, Standards & Knowledge Management, IFC
Samikendra Ghosh, former Group Third Party Risk Lead & Head of Resilience Oversight, HSBC
5:30 CHAIR’S CLOSING REMARKS
5:40 END OF DAY ONE AND NETWORKING DRINKS RECEPTION
Agenda | Day 2 | June 12, 2025
8:00 REGISTRATION & BREAKFAST
8:50 CHAIR’S OPENING REMARKS
Senior Executive, Aravo
FUTURE OUTLOOK – PANEL DISCUSSION
9:00 The future of third party risk: Reviewing the evolution of third party risk and inclusion of technology
• Emerging trends in vendor risk, including AI, ESG, and new regulatory frameworks
• Preparing for the next wave of regulatory requirements in Europe
• Shaping the future of collaboration between vendors and financial institutions
• Perspectives from industry leaders on the evolution of third-party risk management
• Lessons learnt from final regulatory implications
• Operational Resilience Act, DORA
James Ellery-Gower, Global Head of TPM Country Governance, Citi
Gary Lock, Director, Global Head of Third-Party Risk Management, Fidelity International
Shamial Afzal, Global Head of Strategic Supplier Oversight, Legal & General Investment Management
Claudia Roth, Lead Buyer Outsourcing, Helvetia Insurance Switzerland
Fraser Wikner, CEO, Myriad Group Technologies
AI USAGE IN TPRM
9:50 AI usage in TRPM
Session details to be confirmed
CEO, Mirato
10:30 MORNING REFRESHMENT BREAK & NETWORKING
NTH PARTY
11:00 Tracking and monitoring supply chains beyond third party relationships
• Defining and tracking risks beyond direct third-party relationships
• Tools and techniques for assessing fourth, fifth, and sixth-party dependencies
• Aligning sub-outsourcing practices with regulatory expectations
• Real-world challenges and solutions in managing nth-party risks
Anifat Atanda, Business Operational Manager, First Bank of Nigeria
CONTRACTS
11:40 Understanding and enforcing contractual updates required as a result of regulatory change
• Navigating contract renegotiations in light of new regulatory requirements
• Addressing legal complexities in updating agreements with critical vendors
• Ensuring transparency in contractual obligations related to resilience and reporting
• Negotiating changes with large-scale vendors
12:20 LUNCH BREAK AND NETWORKING
SCALING
1:20 Effectively scaling third party risk programs and enhancing cost efficiency
• Strategies to balance expanding risk requirements with limited resources
• Collaborative approaches to pooled audits and shared assessments
• Balancing budgetary constraints with meeting regulatory needs
RISK ASSESSMENT
2:00 Developing robust operational risk questionnaires and inclusion of resilience
• Key elements to include in third party operational risk and resilience questionnaires
• Overcoming challenges in maturing questionnaire processes
• Moving from manual to automated questionnaire workflows
• Streamlining questionnaires across the industry
• Managing conflicting terminology across multiple jurisdictions, business divisions and regulations
Donna Ellanti, Head of Enterprise Risk, National Treasury Management Agency (tbc)
2:40 AFTERNOON REFRESHMENT BREAK & NETWORKING
TALENT
3:10 Is there a skills gap in third party risk management? The evolution of expectations and skills
• Identifying the competencies needed for modern third-party risk management
• Strategies for upskilling teams to meet evolving regulatory demands
• Industry development and training
• Success factors for effective workforce transformations
Erik Vynckier, Board Member, Foresters Friendly Society
TECHNOLOGY - PANEL DISCUSSION
3:50 Leveraging technology for enhanced third party risk management
• The role of automation in improving efficiency and accuracy in vendor risk
• Exploring tooling solutions for supply chain visibility and data aggregation
• Addressing manual process inefficiencies with innovative technologies Case studies on successful technology adoption in vendor risk management
Mohammed Randeree, Head of Operational Resilience & Third Party Risk Management, Atom Bank
Samikendra Ghosh, former Group Third Party Risk Lead & Head of Resilience Oversight, HSBC
4:40 CHAIR’S CLOSING REMARKS
4:50 END OF VENDOR & THIRD PARTY RISK EUROPE 2025
Why should you be attending these sessions?
DORA
Lessons learned postimplementation
• Insights from the first six months of DORA compliance across Europe
Key challenges in aligning processes with the Digital Operational Resilience Act
Strategies for embedding
DORA into business-as-usual operations
CONCENTRATION RISK
Managing increased concentration risk with heightened dependencies in extended supply chains
• Identifying and mitigating risks associated with subcontractors and fourth parties
• Managing the challenge of visibility in extended supply chains
Tools and techniques to address concentration risk effectively
EXIT PLANNING
Designing and implementing stress scenarios for critical vendor exits
Practical approaches to testing exit strategies with suppliers
Addressing the complexities of unplanned exits in financial services
Regulatory expectations for stress testing and exit readiness
Reviewing industry advances and approaches
EMERGING RISK
Managing risks of use of AI and generative technologies across the supply chain
• Understanding the use of generative AI by third parties and its implications
• Regulatory considerations, including the EU AI Act, for third-party AI usage
• Managing contractual obligations and oversight for AI-related risks
• Opportunities and challenges of AI integration into due diligence processes
TECHNOLOGY
ESG Approaches
for assessing and monitoring ESG risks and compliance with requirements
• Evaluating third-party compliance with environmental, social, and governance (ESG) standards
• The evolving role of climate risk assessments in vendor due diligence
• Industry best practices for embedding ESG factors into supplier selection
Leveraging technology for enhanced third party risk management
• The role of automation in improving efficiency and accuracy in vendor risk
• Addressing manual process inefficiencies with innovative technologies
• Case studies on successful technology adoption in vendor risk management
RISK ASSESSMENT
Developing robust operational risk questionnaires and inclusion of resilience
• Key elements to include in third party operational risk and resilience questionnaires
• Moving from manual to automated questionnaire workflows
• Managing conflicting terminology across multiple jurisdictions, business divisions and regulations
FUTURE OUTLOOK
Perspectives from industry leaders on the evolution of third-party risk management
• Emerging trends in vendor risk, including AI, ESG, and new regulatory frameworks
• Shaping the future of collaboration between vendors and financial institutions
• Lessons learnt from final regulatory implications
• Operational Resilience Act, DORA
Sponsorship & Partnerships
Thought leadership
Advance your expertise, knowledge, and experience with a presentation, a panelist, or a roundtable discussion. Why not enhance that with an article published in Connect Magazine and CeFPro® Connect?
Lead generation
Meet with key decision makers and senior professionals at CeFPro® events, roundtables, or at an invite-only dinner.
Branding and awareness
Want to advance your organization and/or your products or offerings? What better way than at a live in-person event where you will meet leading decision-makers, or online through CeFPro®’s market intelligence reports, Connect Magazine, or Connect member’s hub.
Networking
Whether over coffee, lunch, drinks reception, or dinner, expand your network connections in person.
Knowledge partner
Co-sponsors
Associate sponsors
Positioning in the industry
Whether you are the industry leader or a start-up, CeFPro® has opportunities to maintain, advance, or promote your standing among the risk community.
Targeted and one-on-one meetings
General promotion is no replacement for connecting with key decision-makers and C-suite professionals, whether at an event, a closed-door forum, a networking reception, or a VIP dinner.
Reach business buyers
Outside of marketing and promotion, CeFPro®’s extensive range of offerings can provide clients with opportunities to reach key decision-makers and buyers.
Would your organization like to partner with us on this event?
To discuss how we can deliver your thought-leadership at the event, help you generate leads, and provide you with unique networking and branding opportunities, please contact sales@cefpro.com or call us on (+1) 888 6777007 | +44 (0)207 164 6582 for more information.
2025 Speaker Line-up
Shamial Afzal Global Head of Strategic Supplier Oversight Legal & General Investment Management
Mihaela Breg Head of Operational Resilience & Business Transformation Europe Arab Bank
Mike Day Head of Third Party Risk Management MUFG
James Ellery-Gower Global Head of TPM Country Governance Citi
Onur Can Koltukcu Policy Advisor De Nederlandsche Bank
Kurt Neilson Resilience and Oversight Director Aegon
Gemma Stewart Global Head of Vendor Risk Management Zurich Insurance Company
Anifat Atanda Business Operational Manager First Bank of Nigeria
Desmond Campbell Regulatory Project Delivery Lead AJ Gallagher
Gerard Doyle Head of Third Party Management and Procurement SMBC
Charles Forde former Chief Operating Officer, Wholesale Investment Banking & Global Markets Nomura
Merlin Linehan Risk Manager EBRD
Eva Penny Global Vendor Management Specialist Zurich Insurance Company
Mikko Venermo Senior Manager, Environmental & Social Policy, Standards & Knowledge Management IFC
Birgit Biondi Head of Global Third Party Management Function Munich Re
Carlos Colino Global Head of Third-Party Risk Management Santander Corporate and Investment Bank
Natalie Druckmann VP, Head of EMEA Certa
Samikendra Ghosh former Group Third Party Risk Lead & Head of Resilience Oversight HSBC
Gary Lock Director, Global Head of ThirdParty Risk Management Fidelity International
Mohammed Randeree Head of Operational Resilience & Third Party Risk Management Atom Bank
Erik Vynckier Board Member Foresters Friendly Society
To view the full Vendor & Third Party Risk Europe 2025 speaker biographies scan the QR code or click here
Darren Craig CEO RiskXChange
Donna Ellanti Head of Enterprise Risk National Treasury Management Agency (tbc)
Ayesha James former Group Third Party Risk Steward and Head of Operational & Resilience Risk, HSBC
Anne McGowan Head of Supplier Management, Group Sourcing & Supplier Management Lloyds Banking Group
Claudia Roth Lead Buyer Outsourcing Helvetia Insurance Switzerland
Fraser Wikner CEO Myriad Group Technologies
Convince your Boss
#1
What Your Boss Will Say: “What’s included within the ticket price?”
“For the price of my ticket, I’ll have full access to both days of CeFPro’s Vendor & Third Party Risk Europe, featuring expert-led discussions on regulatory developments including DORA, resilience, critical third parties, and the evolving risk landscape. The event offers extensive networking opportunities with senior risk, procurement, and compliance professionals, including structured breakfast and lunch breaks, as well as a dedicated drinks reception on day one allowing ample time for connections.
Beyond networking, I’ll gain exclusive insights from expert-led sessions, with post-event materials and resources available for continued learning. Additionally, I’ll have access to the CeFPro Connect platform, where I can explore further research and thought leadership on vendor and third-party risk management beyond the event.”
#2
What Your Boss Will Say: “Will you learn anything of value that we can integrate into our strategy?”
“The agenda has been developed based on extensive research with senior leaders in third-party risk, operational resilience, procurement, and regulatory compliance across Europe. This ensures that each session addresses the real-world challenges organizations are currently facing.
Sessions will provide practical insights into how organizations are adapting their third-party risk frameworks to comply with DORA and manage the increasing scrutiny around critical third parties. Discussions will explore the challenges of achieving full visibility into nth-party risks and mitigating potential disruptions across the supply chain. There will also be deep dives into strengthening operational resilience, ensuring compliance with evolving regulatory expectations, and implementing more effective data security and privacy controls when working with vendors.”
Below is a breakdown of the seniority of the speakers you’ll gain insights from:
6
5
3 2
7 1
#3 What Your Boss Will Say: “What specific benefits will attending this event bring to our team?”
“This event provides a unique opportunity for professional development, with sessions covering key topics such as third-party resilience, regulatory frameworks, data risks, and operational continuity.
Group discounts are available, so we could attend as a team and align our strategies across departments. If I attend alone, I’ll still have access to post-event materials, which I can share with the team to ensure we all benefit from the insights gained. Additionally, I can direct colleagues to CeFPro Connect, where they can access free resources and stay informed on the latest trends in vendor and third-party risk management.”
#4 What Your Boss Will Say: “What will we do with you out of the office for 2 days?”
“The venue has Wi-Fi, so I’ll be able to stay connected if anything urgent arises. There will also be regular breaks for networking and refreshments, giving me time to check in as needed.
Attending this event will provide insights that will directly enhance our third-party risk strategy, regulatory preparedness, and operational resilience. The knowledge gained will be a worthwhile investment and will contribute to long-term improvements in our risk management processes.”
#5 What Your Boss Will Say: “How will you share the knowledge and insights gained with the rest of the team?”
“I’ll take notes during the sessions to capture key takeaways and actionable insights. If you’d like, I can prepare a summary report or presentation to share my findings and recommendations with the team. Additionally, I’ll have access to postevent materials, including speaker presentations, in-depth interviews, and related articles. These resources will reinforce our discussions and help us integrate the learnings into our third-party risk management strategy moving forward.”
For further help in convincing your boss to let you attend, Scan the QR code or click here for access.
Venue & Location
Old Spitalfields Market
Explore a vibrant historic market featuring unique boutiques, gourmet food vendors, and lively events, just minutes away.
Whitechapel Gallery
Immerse yourself in contemporary art and culture at this iconic gallery offering thought-provoking exhibitions and creative programs.
etc.venues
133 Houndsditch, 3rd Floor, London, EC3A 7BX
Leadenhall Market
Discover Victorian charm at this historic covered market, home to upscale shops, cozy restaurants, and timeless architecture.
Nearby Hotels
Sky Garden
Relax with panoramic views of London’s skyline from this lush indoor garden, offering a serene escape above the city.
Booking a hotel near 133 Houndsditch for the Vendor & Third Party Risk Europe ensures you’re perfectly positioned to enjoy every session while exploring the heart of London’s vibrant financial district.
• Andaz London Liverpool Street
• Pan Pacific London
• Clayton Hotel City of London
• The Montcalm Royal London House
Registration
Launch Rate April 11
Early Bird Rate
May 9
Standard Rate
After May 9
*For those representing a financial institution/government body
Group Rates
Seize the opportunity, bring the team to advance their professional development and knowledge with our group booking promotion.
50% OFF:
Purchase two tickets and receive the third registrant at 50% off the prevailing rate
Free Pass:
Don’t stop there, as the more people you register, the better the savings. With every four tickets bought, the fifth is on us, completely free!
Bringing your team not only enhances the overall experience, but also fosters significant team building among colleagues while allowing you to save on your registration.
What’s Included
Access to 20+ sessions
Networking: 7+ hours
Lunch + Refreshments
Networking cocktail reception
PPT slides/decks
Podcasts with industry experts
Videos and interviews from the event
Connect Magazine complimentary
CeFPro Connect membership
Community network and engagement
Market intelligence reports access
To register your place at the best rate possible, click here, or scan the QR code.
Topic Related Insights
What Impact Does the Changing Trajectory of TPRM Have on the Financial Services Sector?
Anne McGowan, Head of Supplier Management, Governance & Risk, Lloyds Banking Group & Hilda AndelizGomez, VP. Enterprise Third Party Performance Analyst, Valley National Bank
Third-Party Risk Management (TPRM) is no longer a static compliance exercise.
Instead, it has evolved into a dynamic and multifaceted discipline requiring constant adaptation in order to keep pace with rapid change. And as we all recognize, in the highly regulated world of corporate finance, fast-moving targets always present unique challenges.
So, as regulatory landscapes shift and risks proliferate, just what will it take for financial institutions to refine their strategies and ensure the maturity of their TPRM programs measure up to those challenges?
In a recent CeFPro webinar, industry leaders Anne McGowan, Head of Supplier Management, Governance & Risk with Lloyds Banking Group, and Hilda Andeliz, Vice President & Enterprise Vendor Performance Analyst at Valley Bank in the US, shared their expertise on navigating the regulatory pressures of TPRM.
In today’s interconnected financial ecosystem, third-party risk management (TPRM) has become a cornerstone of operational resilience. Industry leaders like McGowan and Andeliz see both threat
and opportunity in the requirement to oversee extensive and critical supplier networks.
“We’ve been on a journey developing our TPRM,” McGowan explains. “But the real focus is building more strategic relationships with our most important suppliers.”
Striking a balance between confidence and preparedness
A recurring theme in TPRM is the gap between confidence in existing systems and the reality of regulatory scrutiny. “Sometimes overconfidence comes from having a structured system in place without understanding if it’s robust enough to withstand regulatory examination,” admits Andeliz, candidly.
To continue reading click here, or scan the QR code.
She points out that many programs rely on static assessments rather than dynamic monitoring to adapt to evolving risks. “Defending a TPRM program requires ongoing oversight, up-todate data, and senior leadership engagement. It’s more than having a nice framework; it’s about showing evidence of risk prevention and management,” she adds.
Topic Related Insights
Strengthening Third-Party Risk Management: Navigating Governance, Resilience, and Regulatory Hurdles
Birgit Biondi, Head of Global Third Party Management Function, Munich Re
Why is a clear governance structure essential for managing third-party risks?
A clear governance structure is key for managing all sorts of risks, not only third- party risks. A strong corporate and organizational governance will have a significant impact and drive efficiency and a company’s success. If you’ve got your organizational governance right, you will enable swift decisions which are fully aligned with the risk appetite of your company. You will empower staff and ensure that the objectives and strategies of your company will be met in an efficient and effective way.
In the area of managing third party risks, a clear governance structure is particularly relevant for three main reasons:
• Outsourcing is subject to high regulatory requirements, and this applies on a global level.
• The use of Third parties can provide significant advantages in terms of cost reduction but also higher quality standards. Management, steering and oversight of third parties is fundamental to achieving these goals.
• The deployment of third parties takes place in a dynamic environment. Speed and quality
of third parties are vital to fulfilling company standards and achieving strategic goals. A clear governance structure will enable swift decision-making on which suppliers we want to work with.
What challenges have you faced in defining responsibility for resilience in third-party risk management?
Challenges are manyfold, from a governance perspective I would like to focus on two main topics:
Firstly there is a myriad of stakeholders involved in successfully managing third party risk. Defining responsibility for resilience is a multi- discipline task. Risk domains that need to be assessed are broad and have touchpoints with many neighboring internal processes, in particular IT processes. We take IT Governance very seriously at Munich Re, but it is not always easy to translate IT requirements to general functions. Sometimes we face contradicting priorities or people simply are not speaking the “same language”. Existing processes that have been in place for years might need adjustment and roles and responsibilities can change. To overcome silo mentality and collaborate in a solution-minde
To continue reading click here, or scan the QR code.
Great minds think alike, but brilliant minds think differently.
Your New Personalized Gateway to the Latest Risk Intelligence has Arrived.
Join a community of industry leaders and the new generation of talent shaping the future of risk management.
For our global audience, Connect means access to exclusive, collaborative, high quality risk management insights and discussions, no matter where you are:
• Watch, listen, and read your way through our extensive library of resources
• Access exclusive interviews, presentations, thought-pieces, industry intelligence, and more
• Discuss the most talked about trending topics and share your perspective
• Collaborate with like-minded professionals and build new relationships
Embark on an exciting journey of discovery. Start exploring Connect today.
