Optimizing Vendor & Third Party Risk Practices to Drive Resilience
20+
20+ 150+ Sessions Speakers Attendees
Key themes 2025:
Resilience
Integrating operational resilience as a key pillar in third party risk management
Fourth Parties
Building a third and fourth parties’ inventories: Fourth parties’ relationships to mitigate the risk
Cyber Risk
Establishing clear terms for incident transparency and vendor accountability
Scaling
Scaling third party risk management for growth
Systemic Third Parties
Industry-wide collaboration to identify and manage systemically important third parties
Inter-Affiliate Relationships
Managing internal dependencies
Who’s Participating:
Rajat Bhatnaga Head of Third-Party Risk CIB BBVA
Christina Hernandez Director, Sourcing and Procurement Management USAA
Sri Intan Head of Third-Party Risk Management Commerzbank
Natallia Aliakseyenka Managing Director, Head of Third Party Risk Management BNP Paribas
Melissa Mellen Head of Third-Party Risk Management Federal Reserve Bank of New York
Agenda | Day 1 | June 17, 2025
8:00 REGISTRATION & BREAKFAST
8:50 CHAIR’S OPENING REMARKS
RESILIENCE - PANEL DISCUSSION
9:00 Integrating operational resilience as a key pillar in third party risk management
Proactive measures to enhance vendor and supply chain resilience
Responding to and recovering from major vendor outages
The role of tabletop exercises in resilience planning
• Regulatory expectations for operational continuity in financial services
Olga Voytenko, Senior Vice President, Head of Operational Resilience, Forbright Bank
Karina Volvosky, Senior Vice President, Business Control Officer, City National Bank
Megan Speranza, Executive Director, Global Head of CCOR Resiliency Risk Oversight, J.P Morgan Chase & Co
Stefan Smith, Director of Continuity Operations, Bank of Canada
GOVERNING A FIRM’S THIRD AND FOURTH PARTY PORTFOLIOS
9:50 Governance models to manage rapidly evolving third- and fourth-party business relationships
Identifying and mapping critical ‘x’-party relationships
Understanding cascading and concentration risks / operational complexities
• What is an individual firm’s “span of control” in case of disruption?
• How can this knowledge be used to shape a firm’s crisis strategies?
• Transparency challenges as an issue
Rick Cech, SBE Operational Risk Governance, Federal Reserve Bank of New York
10:30 MORNING REFRESHMENT BREAK & NETWORKING
FOURTH PARTIES
11:00 Building a third and fourth parties’ inventories: Fourth parties relationships to mitigate the risk
• Identifying and mapping fourth-party relationships
• Challenges in obtaining transparency from subcontractors
• Monitoring cascading and concentration risks
• Strategies to align fourth-party oversight with organizational risk tolerance Melissa Mellen, Head of Third-Party Risk Management, Federal Reserve Bank of New York
TPRM By Exception
11:40 TPRM By Exception
Automation and AI for TPRM –
• Data-Driven TPRM by Exception
• Moving from Assessments to Real-Time Risk Management
Brian Shaw, VP, Head of North America, Certa
12:20 LUNCH BREAK AND NETWORKING
AI
1:20 Evaluating vendor AI models and ensuring transparency and explainability
Understanding vendor AI model inputs and methodologies
• Managing risks of proprietary and opaque AI models
• Strategies for outcome analysis and validation
Collaborating with vendors to enhance AI model transparency
Subramanian (Subbu) Annaswamy, Head of Technology Third Party Risk Management and Lines of Business, BNY
CYBER RISK
2:10 Identifying and managing cyber security risks across third parties and supply chains
• Common vulnerabilities in third-party cybersecurity frameworks
Steps to ensure data integrity and prevent breaches
Incident response planning and vendor transparency during breaches
Balancing cybersecurity investments with organizational risk exposure
Elnaz Kamalzadeh, Senior IT Security Assessment Specialist, Bank of Canada (tbc)
CYBER RISK – PANEL DISCUSSION
2:50 Establishing clear terms for incident transparency and vendor accountability
• Encouraging vendors to report incidents openly and accurately
• Contractual clauses for mandatory incident reporting
• Steps to verify vendor claims during incident investigations
Frameworks for enhancing trust and reducing risk in crises
Rajat Bhatnaga, Head of Third-Party Risk CIB, BBVA
Sabeena Ahmed Liconte, Head of Legal and Chief Compliance Officer, ICBC Standard Securities (tbc)
Yogesh Mudgal, Head of Risk, Runtime Compute, J.P Morgan Chase
3:40 AFTERNOON REFRESHMENT BREAK & NETWORKING
TECHNOLOGY
4:10 Reviewing threats and opportunities adopting AI in third party risk management
Using AI to streamline vendor assessments and due diligence
Managing risks associated with vendor AI usage, including data concerns
Regulatory gaps and expected trends in AI governance
• Leveraging AI to enhance decision-making in procurement and risk evaluation
Sonia Jarvis, Senior Supervisory Financial Analyst, Federal Reserve Board of Governors
SCALING – PANEL DISCUSSION
4:40 Scaling third party risk management for growth
• Overcoming challenges in scaling third-party frameworks
Lessons from fast-growing financial services firms
Tools for automating and streamlining third-party processes
Balancing risk appetite with business growth priorities
Christina Hernandez, Director, Sourcing and Procurement Management, USAA
Hilda Andeliz, VP, Third Party Risk Management, Valley Bank
Justin Van Beek, Senior Vice President, Wintrust Financial Corporation
Tiffany Bray, VP, Third Party Risk Management, Seacoast Bank
5:30 CHAIR’S CLOSING REMARKS
5:40 END OF DAY ONE AND DRINKS RECEPTION
Agenda | Day 2 | June 18, 2025
8:00 REGISTRATION & BREAKFAST
8:50 CHAIR’S OPENING REMARKS
Senior Executive, Aravo
REPORTING – PANEL DISCUSSION
9:00 Quantifying risk: Developing effective metrics and reporting
Establishing KPIs for effective third-party risk management
Tools and dashboards for real-time risk monitoring
Creating actionable reports for stakeholders and regulators
• Challenges in aligning risk metrics across departments
Patricia Catharino, US Head of Risk Management and Internal Controls, Itau USA
Toby Haffner, Third Party Risk Management, Navy Federal Credit Union
Olga Baldwin, Lead of Third-Party Risk Management, StoneX
Kelly Gonzales, Director, IT Delivery, Infrastructure and Support Risk Management, Corebridge Financial
CONTRACT MANAGEMENT
9:50 Reviewing contract management practices to capture industry evolutions
• Drafting contracts to address AI, cybersecurity, and resilience
• Incorporating clear data use and privacy clauses
• Negotiation tips for achieving balanced vendor agreements
• Building flexibility for evolving risks and regulations
Charmi Patel, Head of Vendor Risk Management, IDB Bank
10:30 MORNING REFRESHMENT BREAK & NETWORKING
AI USAGE IN TPRM
11:00 AI USAGE IN TPRM Session details to be confirmed CEO, Mirato
SYSTEMIC THIRD PARTIES
11:40 Industry-wide collaboration to identify and manage systemically important third parties
• Identifying and managing systemically important vendors
• Collaborative approaches to address industry concentration risks
• Engaging regulators to enforce accountability for critical vendors
• Strategies for joint tabletop exercises with key third parties
Anifat Atanda, Enterprise Risk Manager, First Bank of Nigeria
12:20 LUNCH BREAK & NETWORKING
ASSESSMENTS
1:20 Scaling third party risk assessments to manage increasing ecosystem complexity
Simplifying risk assessments for large vendor portfolios
Integrating modular and dynamic assessment frameworks
• Leveraging digital tools for efficiency and accuracy
• Scaling processes without compromising on diligence
SUSTAINABILITY - PANEL DISCUSSION
2:10 Developing ethical and sustainable practices in third party risk management
• Aligning ESG goals with third-party risk strategies
• Addressing sustainability concerns in vendor operations
Ethical considerations in data and labor practices
ESG metrics for evaluating vendor partnerships
Ekaterina Grigoryeva, Environment and Social Development Specialist (Global Lead), World Bank
Markus Lammer, Head of Legacy CS Corporate Bank, UBS
• Understanding dependencies in global inter-affiliate relationships
• Treating inter-affiliate services as third-party equivalents
Ensuring compliance with international regulatory expectations
Frameworks for assessing inter-affiliate resiliency and risk
Moderator - Sri Intan, Head of Third-Party Risk Management, Commerzbank
Ken Wolckenhauer, FVP, Operational Service, Nordea Bank
Susan Moy, US Head of Bank Regulatory Compliance, BBVA
Natallia Aliakseyenka, Managing Director, Head of Third Party Risk Management, BNP Paribas
FUTURE OUTLOOK
4:20 The future of third-party risk management: Upcoming trends and opportunities
• Predictions for 2030: Key risks and trends
• Emerging technologies shaping the vendor risk landscape
• Building agility to adapt to future challenges
Collaborating as an industry to drive innovation in risk management
5:00 CHAIR’S CLOSING REMARKS AND END OF VENDOR & THIRD PARTY RISK USA 2025
Why
should you be attending these sessions?
RESILIENCE
Learn how to effectively implement resilience as a key pillar in vendor and third party risk management frameworks
Proactive measures to enhance vendor and supply chain resilience
The role of tabletop exercises in resilience planning
Regulatory expectations for operational continuity in financial services
CYBER RISK
Identifying and managing cyber security risks across third parties and supply chains
• Common vulnerabilities in thirdparty cybersecurity frameworks
Incident response planning and vendor transparency during breaches
Balancing cybersecurity investments with organizational risk exposure
CLOUD
Approaches to ensure data security and compliance in a cloud environment
Key considerations for engaging with cloud-based third-party vendors
Preparing for audits and incidents in cloud settings
Effective oversight and data security practice
REPORTING
Developing effective metrics and reporting
• Establishing KPIs for effective third-party risk management
• Tools and dashboards for real-time risk monitoring
• Challenges in aligning risk metrics across departments
CONTRACT MANAGEMENT
Reviewing contract management practices to capture industry evolutions
• Drafting contracts to address AI, cybersecurity, and resilience
• Negotiation tips for achieving balanced vendor agreements
• Building flexibility for evolving risks and regulations
FUTURE OUTLOOK
Key trends and opportunities for Vendor & Third Party Risk Management beyond 2025
• Emerging technologies shaping the vendor risk landscape
• Building agility to adapt to future challenges
• Collaborating as an industry to drive innovation in risk management
AI
Evaluating vendor AI models and ensuring transparency and explainability
• Understanding vendor AI model inputs and methodologies
• Managing risks of proprietary and opaque AI models
• Collaborating with vendors to enhance AI model transparency
REGULATION
Come and review regulatory trends shaping third party risk management and impacts on programs
• Understanding the impact of DORA and emerging US regulations
• Harmonizing global regulatory requirements in cross-border relationships
• Integration of regulatory changes across TPRM programs
Sponsorship & Partnerships
Thought leadership
Advance your expertise, knowledge, and experience with a presentation, a panelist, or a roundtable discussion. Why not enhance that with an article published in Connect Magazine and CeFPro® Connect?
Lead generation
Meet with key decision makers and senior professionals at CeFPro® events, roundtables, or at an invite-only dinner.
Branding and awareness
Want to advance your organization and/or your products or offerings? What better way than at a live in-person event where you will meet leading decision-makers, or online through CeFPro®’s market intelligence reports, Connect Magazine, or Connect member’s hub.
Networking
Whether over coffee, lunch, drinks reception, or dinner, expand your network connections in person.
Knowledge partner
Co-sponsors
Associate sponsor
Positioning in the industry
Whether you are the industry leader or a start-up, CeFPro® has opportunities to maintain, advance, or promote your standing among the risk community.
Targeted and one-on-one meetings
General promotion is no replacement for connecting with key decision-makers and C-suite professionals, whether at an event, a closed-door forum, a networking reception, or a VIP dinner.
Reach business buyers
Outside of marketing and promotion, CeFPro®’s extensive range of offerings can provide clients with opportunities to reach key decision-makers and buyers.
Would your organization like to partner with us on this event?
To discuss how we can deliver your thought-leadership at the event, help you generate leads, and provide you with unique networking and branding opportunities, please contact sales@cefpro.com or call us on (+1) 888 6777007 | +44 (0)207 164 6582 for more information.
Attend Vendor & Third Party Risk USA to earn CPE Credits!
2025 Speaker Line-up
Natallia Aliakseyenka Managing Director, Head of Third Party Risk Management BNP Paribas
Anifat Atanda Enterprise Risk Manager First Bank of Nigeria
Tiffany Bray VP, Third Party Risk Management Seacoast Bank
Ekaterina Grigoryeva Environment and Social Development Specialist (Global Lead) World Bank
Sonia Jarvis Senior Supervisory Financial Analyst Federal Reserve Board of Governors
Melissa Mellen Head of Third-Party Risk Management Federal Reserve Bank of New York
Brian Shaw VP, Head of North America Certa
Olga Voytenko Senior Vice President, Head of Operational Resilience Forbright Bank
Hilda Andeliz VP, Third Party Risk Management Valley Bank
Olga Baldwin Lead of Third-Party Risk Management StoneX
Patricia Catharino US Head of Risk Management and Internal Controls Itau USA
Subramanian (Subbu) Annaswamy, Head of Technology Third Party Risk Management and Lines of Business, BNY
Justin Van Beek Senior Vice President Wintrust Financial Corporation
Rick Cech SBE Operational Risk Governance Federal Reserve Bank of New York
Toby Haffner Third Party Risk Management Navy Federal Credit Union
Elnaz Kamalzadeh Senior IT Security Assessment Specialist Bank of Canada (tbc)
Susan Moy US Head of Bank Regulatory Compliance BBVA
Stefan Smith Director of Continuity Operations Bank of Canada
Ken Wolckenhauer FVP, Operational Service Nordea Bank
Christina Hernandez Director, Sourcing and Procurement Management USAA
Markus Lammer Head of Legacy CS Corporate Bank UBS
Yogesh Mudgal Head of Risk, Runtime Compute J.P Morgan Chase
Megan Speranza Executive Director, Global Head of CCOR Resiliency Risk Oversight J.P Morgan Chase & Co
To view the full Vendor & Third Party Risk USA 2025 speaker biographies scan the QR code or click here
Rajat Bhatnaga Head of Third-Party Risk CIB BBVA
Kelly Gonzales Director, IT Delivery, Infrastructure and Support Risk Management Corebridge Financial
Sri Intan Head of Third-Party Risk Management Commerzbank
Sabeena Ahmed Liconte Head of Legal and Chief Compliance Officer ICBC Standard Securities (tbc)
Charmi Patel Head of Vendor Risk Management IDB Bank
Karina Volvosky Senior Vice President, Business Control Officer City National Bank
Convince your Boss
#1 What Your Boss Will Say: “What’s included within the ticket price?”
“For the price of my ticket, I’ll have full access to both days of CeFPro’s Vendor & Third Party Risk Congress, with over 8 hours of networking opportunities alongside senior executives and industry leaders, including C-suite professionals. There will be structured breakfast and lunch breaks, as well as a dedicated drinks reception on day one to help foster connections.
Alongside the networking, I’ll gain valuable insights from exclusive sessions, and post-event materials and resources will be available. Plus, I’ll have access to a personalised CeFPro Connect portal, where I can continue to explore the latest trends and intelligence in risk management well beyond the event.”
#2 What Your Boss Will Say: “Will you learn anything of value that we can integrate into our strategy?”
“The agenda for this event has been carefully developed based on insights gathered from over 25 research calls with high-level TPRM experts across a wide range of financial institutions and insurance providers. This ensures the sessions are focused on the real-world challenges and opportunities that senior practitioners are addressing in their strategies right now.
These sessions will provide me with practical insights and the latest advancements in TPRM, which I can immediately apply to strengthen and innovate our operations. The knowledge gained will help our team refine our approach, uncover new opportunities, and effectively tackle emerging challenges in the field.”
Below is a breakdown of the seniority of the speakers who will be sharing their expertise at CeFPro’s Vendor & Third Party Risk Congress:
1 1 5 2
#3
What Your Boss Will Say: “What specific benefits will attending this event bring to our team?”
“This event offers an excellent opportunity for team development and collaboration, with sessions covering critical topics such as Resilience, Fourth Parties, Cyber Risk, Scaling, and more. With group discounts available, we can bring the entire team to delve into these subjects together and discuss how we can apply our learnings during structured breaks.
Even if I attend alone, I’ll have access to post-event materials and resources, which I can share with the team upon my return. Additionally, I can direct them to CeFPro Connect, where they can create free accounts to access even more resources and stay up to date with the latest trends.
Whether I attend with colleagues or by myself, there will be over 8 hours of networking with industry leaders, providing us with valuable insights that we can immediately apply to improve our work and strategy.”
#4
What Your Boss Will Say: “What will we do with you out of the office for 2 days?”
“The venue will have Wi-Fi, so I can bring my laptop if needed. There will also be plenty of breaks for lunch and refreshments, offering me the flexibility to step out and support the team if anything urgent arises.
Attending this event will provide valuable insights that will benefit our department and contribute directly to refining our strategy going forward. The knowledge gained will be a worthwhile investment of my time. Furthermore, the extended learning opportunities available after the event will ensure that the benefits continue well beyond my return.”
#5 What Your Boss Will Say: “How will you share the knowledge and insights gained with the rest of the team?”
“I’ll be able to take notes during the sessions to capture key takeaways and points for us to consider. If you’d like, I can prepare a presentation or report on my findings and recommendations to share everything I learn. Additionally, I’ll have access to post-event materials, including copies of the presentations, in-depth interviews with the speakers, and related articles and videos. I can share these resources with the team to reinforce our discussions and insights.”
For further help in convincing your boss to let you attend, Scan the QR code or click here for access.
Venue & Location
Wall Street
Just a short subway ride from Midtown, Wall Street is the heart of the financial district and home to the NYSE
SUMMIT One Vanderbilt
This observation deck offers breathtaking panoramic views of the city, including Midtown and Wall Street
Ease, 605 3rd Ave, New York, NY 10158
The Campbell
A historic cocktail bar tucked inside Grand Central, offering a sophisticated atmosphere to unwind with a classic drink
Nearby Hotels
The Museum of Modern Art
A premier art museum showcasing modern and contemporary masterpieces, making it an inspiring cultural stop near the Bar Association
Booking a hotel near Ease, 605 3rd Ave, ensures seamless access to the venue while keeping you close to the energy of Midtown Manhattan. Stay within walking distance to top dining spots, transport links, and key attractions, making it easy to balance business with the best of the city—all without the hassle of long commutes.
• The Renwick Hotel New York City, Curio Collection by Hilton
• Sonder
• Grand Hyatt New York
• Courtyard by Marriott New York Manhattan/Midtown East
Registration
Launch Rate April 11
Early Bird Rate
May 9
Standard Rate
After May 9
*For those representing a financial institution/government body
Group Rates
Seize the opportunity, bring the team to advance their professional development and knowledge with our group booking promotion.
50% OFF:
Purchase two tickets and receive the third registrant at 50% off the prevailing rate
Free Pass:
Don’t stop there, as the more people you register, the better the savings. With every four tickets bought, the fifth is on us, completely free!
Bringing your team not only enhances the overall experience, but also fosters significant team building among colleagues while allowing you to save on your registration.
What’s Included
Access to 20+ sessions
Networking: 7+ hours
Lunch + Refreshments
Networking cocktail reception
PPT slides/decks
Podcasts with industry experts
Videos and interviews from the event
Connect Magazine complimentary
CeFPro Connect membership
Community network and engagement
Market intelligence reports access
To register your place at the best rate possible, click here, or scan the QR code.
Topic Related Insights
AI Revolutionizes Third-Party Risk Management: Enhancing Resilience and Compliance
Charles Forde, Chief Operating Officer, NFPE Investment Banking and Global Markets, Nomura
What specific productivity and quality control improvements have you observed from implementing AI in third-party risk management, and how has it enhanced your overall risk management processes?
The productivity and quality control improvements have been significant from the implementation of AI tools, and it has transformed the process, moving it from being largely manual, reactive and backward-looking to being predictive, focused and real-time.
These enhancements to TPRM have also made a significant contribution to the Operational Resilience profile.
Specific improvements to TPRM which have been noted include:
Enhanced risk assessment and due diligence, (both initially and ongoing), across multiple risk domains and taxonomies. Risk assessment output is based on actual observable data, not on stale questionnaire responses.
Automated continuous monitoring of risks and deviations from compliance requirements
Enhanced classification of risks and potential threats. These are aligned to the tiering and criticality of business services and to the third party suppliers. Therefore this has enabled significantly improved focus on the highest priority risks and highest priority suppliers of services.
Enhanced Cybersecurity and Threat detection. The AI tools have enabled me to identify anomalies in network traffic, system behavior, or user activity that could indicate potential cyber threats. They have also enabled improved Vulnerability Assessment, by identifying system vulnerabilities by analyzing patterns in historical data and proactively suggesting security measures.
Improved Incident Response and Recovery due to real-time monitoring across multiple risk domains. This has enabled a swift response to incidents, implementation of mitigating actions and the minimisation of operational disruptions. To continue reading click here, or scan the QR code.
Topic Related Insights
How Evolving Cyber Threats and AI are Reshaping Bank Security
Tom Kartanowicz, CISO, Europe and Americas, Standard Chatered Bank
Can you talk about how third party risk has evolved over the last few years? What have been the steps of evolution, and – critically - what new management trends are emerging in response to the way third party risk has changed?
Well if I were to go back 10 years to 2014 and think of third party risk management through a cyber lens, I see incidents like Home Depot, Target, and those types of data breaches where there was a certain level of sophistication at the time that adversaries had. They were able to compromise a HVAC system, for example, and get access that way.
Fast forward 10 years, and I think we’re living through the results of our digital revolution and digital transformation. Everything is online at the speed of yesterday. So our exposure as a bank, as a firm, has just increased so much versus 10 years ago.
If I’m an adversary, if I’m a hacker, nation state, whoever, I don’t have to go after 20 individual banks. I go after one vendor. I could go after a managed service provider.
So I think what has changed from my lens is just the sophistication of the attacker, the complexity of how they operate. They are very smooth and sophisticated. They almost have their own third party program, they have affiliates, they have folks who specialize in initial access and lots of other things, like division of labor. And they do that the same way we do.
So seeing that has really been the game changer for me. The benefits of digital transformation used by adversaries have made my days very interesting as a CISO.
You referred there to the rapidity of change – the fact that compared to 10 years ago, change is happening at a thousand miles an hour.
To continue reading click here, or scan the QR code.
So with the increasing reliance on cloud services and FinTech partnerships and all of the technology that makes life ‘better’ and ‘easier’, what are the key challenges that banks face in managing third party risks – and how are you addressing those?
Great minds think alike, but brilliant minds think differently.
Your New Personalized Gateway to the Latest Risk Intelligence has Arrived.
Join a community of industry leaders and the new generation of talent shaping the future of risk management.
For our global audience, Connect means access to exclusive, collaborative, high quality risk management insights and discussions, no matter where you are:
• Watch, listen, and read your way through our extensive library of resources
• Access exclusive interviews, presentations, thought-pieces, industry intelligence, and more
• Discuss the most talked about trending topics and share your perspective
• Collaborate with like-minded professionals and build new relationships
Embark on an exciting journey of discovery. Start exploring Connect today.
