Barbara Hugo Dilworth

Barbara Hugo Dilworth

Head of Third Party Risk Management & IAM, IKB Deutsche Industriebank AG

Barbara Hugo-Dilworth is a seasoned banking executive and a recognized authority in third party risk management and digital operational resilience. As Head of Third Party Risk Management at IKB Deutsche Industriebank, she drives governance maturity by designing and embedding effective, scalable processes across the organization.

 

Beyond her executive responsibilities, Barbara is an active contributor to the professional community. She lectures, publishes and supports the development of industry certification programmes. She has represented the private banking sector in roundtables with BaFin, Deutsche Bundesbank and the EBA, operating at the intersection of industry impact assessments, oversight expectations and evolving risk-management standards.

3:15 pm - 4:00 pm

COMPLIANCE VS COST – PANEL DISCUSSION

Balancing regulatory pressure with commercial reality through defensible, risk-based decision-making

  • Understanding how enforcement severity and penalties influence compliance priorities
  • Evaluating trade-offs between risk mitigation, cost efficiency, and operational performance
  • Developing frameworks to prioritise TPRM investment based on risk exposure and business impact
  • Communicating trade-offs and decision rationale to boards, regulators, and senior stakeholders
  • Building defensible, outcome-driven risk management strategies under financial and operational constraints

9:35 am - 10:25 am

DORA IN PRACTICE: WHAT’S STILL NOT WORKING IN ICT RISK AND THIRD‑PARTY OVERSIGHT? – PANEL DISCUSSION

Translating regulatory intent into implementation

  • Moving from static lists to dynamic, risk‑based inventories of third‑ and Nth‑party providers
  • Designing and executing meaningful operational resilience tests across complex, multi‑vendor and chain‑outsourcing scenarios
  • Consistently meeting DORA’s tight incident reporting timelines when information sits across multiple providers and jurisdictions
  • Retrofitting DORA requirements into legacy contracts, SLAs and governance structures without disrupting critical services

3:55 pm - 4:45 pm

COMPLIANCE VS COST – PANEL DISCUSSION

Balancing regulatory expectations with business reality

  • Understanding how enforcement severity and penalties influence compliance priorities
  • Evaluating trade-offs between risk mitigation, revenue and operational efficiency
  • Developing frameworks to allocate TPRM resources based on risk and cost impact
  • Communicating rationale and decisions to management, regulators, and stakeholders

11:45 am - 12:35 pm

CONCENTRATION RISK THROUGH THE NTH PARTY LANDSCAPE – PANEL DISCUSSION

Managing risk propagation beyond direct contracts

  • Mapping fourth, fifth and Nth-party dependencies to identify where a single supplier creates a critical concentration point
  • Understanding risk propagation across multi-tier supply chains
  • Identifying concentration risks within shared cloud infrastructure and service hubs
  • Managing accountability and implementing mitigation strategies for risks beyond direct contracts

9:00 am - 9:45 am

DORA IN PRACTICE: FROM REGULATORY INTENT TO OPERATIONAL REALITY – PANEL DISCUSSION

Where DORA implementation is breaking down in practice and how firms are translating regulatory expectation into scalable, defensible operating models

  • Moving from static lists to dynamic, risk‑based inventories of third‑ and Nth‑party providers
  • Designing and executing meaningful operational resilience tests across complex, multi‑vendor and chain‑outsourcing scenarios
  • Consistently meeting DORA’s tight incident reporting timelines when information sits across multiple providers and jurisdictions
  • Retrofitting DORA requirements into legacy contracts, SLAs and governance structures without disrupting critical services