• Back to CeFPro
  • View all events
[email protected] | US: +1 888 677 7007 | UK: +44 (0)207 600 3543
Vendor & Third Party Risk Europe Cross Industry
  • Overview
  • Agenda
  • Speakers
  • Event Insights
  • TPRA & CeFPro Partnership
  • Sponsors
  • ATTEND
  • Search
  • Menu Menu
Day One | November 10 Day Two | November 11

Day One | November 10

Here is the latest edition of the agenda. As we approach the event, we will be adding speakers and sessions to enhance your experience. To stay informed, please register your interest

RECEIVE EVENT UPDATES
DOWNLOAD THE BROCHURE
8:00
Breakfast and Networking
8:00
Closed Door Briefing
(Private – Limited to the first 30 attendees)
8:50
Transition Between Rooms
8:50
8:50
Chair’s Opening Remarks

Andreas Simou,CEO,CeFPro

Julie Giaschi,CEO & Cofounder,Third Party Risk Association

9:00
Resilience in an Interconnected World – KEYNOTE
Interconnectedness is transforming the global risk landscape. As organisations become increasingly reliant on complex ecosystems of suppliers, technology, data, and critical services, resilience must evolve beyond organisational boundaries. This keynote explores how leaders can rethink resilience in a world where disruption is shared, dependencies are growing, and risk is increasingly systemic.

Terri Duhon,Board Member,Wise and Rathbones

9:55
Regulation Is Raising the Bar — What Does That Mean for Third-Party Risk – PANEL
As regulatory scrutiny intensifies across third-party ecosystems, organisations face growing pressure to demonstrate not only compliance, but genuine resilience, accountability and control
View session details...

Key topics

  • Where regulation is driving meaningful change versus creating additional complexity
  • Why many organisations continue to struggle between compliance and execution
  • Managing overlapping expectations across DORA, NIS2, AI regulation, operational resilience and outsourcing frameworks
  • What regulators are increasingly expecting to see beyond policies and documentation
  • Turning regulatory pressure into stronger risk management and resilience outcomes

Chris Knox,Director, Global FS Regulatory & Strategy Policy,Microsoft

Orlando Fernandez Ruiz,Senior Policy Specialist,Bank of England

10:40
Morning Refreshment Break and Networking
Operational Risk & Resilience
Tower Suite 3
Innovation & Automation
Tower Suite 1
Regulation & Standards
Tower Suite 2
Chair :
Chair :
Chair :

James Ellery-Gower,Global Head of Country Assessments Oversight, Third Party Oversight,Citi

11:10
From Spreadsheet to System: Building a Supplier Risk Programme That Actually Works in Operations
This session explores how Travelodge built a practical, operationalised supplier risk framework from the ground up, embedding ethical and environmental risk assessment into daily sourcing decisions without adding bureaucracy or slowing down commercial activity.
View session details...

Key topics

  • Moving from manual tracking to structured risk segmentation across a complex supplier base
  • Integrating third-party risk data into procurement workflows and supplier reviews
  • Managing real escalations: what happens when high-risk suppliers refuse to engage
  • Aligning sustainability, procurement, and operational resilience into a single framework.
  • Navigating fragmented global standards: managing suppliers across different countries, regulatory regimes, and accreditation frameworks where no single platform covers everything
  • What we got wrong, what we fixed, and what we would do differently

Martin Mirimo,Head of Supplier Management,Travelodge

11:10
Scaling TPRM with AI Through Balancing Automation and Oversight
Using AI to scale TPRM activities across onboarding, monitoring, and assessment without compromising control or visibility
View session details...

Key topics

  • Automating due diligence, monitoring, and risk assessment processes at scale
  • Integrating internal and external data sources for continuous risk insight
  • Improving efficiency and coverage across large, complex third-party ecosystems
  • Managing trade-offs between speed, scale, and control
  • Identifying where AI delivers value vs where human intervention remains critical

Joseph Harrison,Head of Procurement Operations and Third Party Risk,The AA

11:10
Regulatory Convergence: DORA, NIS2, EU AI, GDPR and Cross-Industry Implications
Understanding how overlapping regulatory frameworks are shaping third-party risk expectations across industries
View session details...

Key topics

  • Interpreting overlapping regulatory intent across frameworks
  • Identifying where requirements converge vs conflict
  • Understanding systemic risk expectations across supply chains
  • Anticipating regulatory expansion beyond financial services
12:00
Transition Between Rooms
12:00
12:05
Managing Concentration Risk in a Dependency-Driven Ecosystem – PANEL
Managing concentration risk where diversification is not realistic, focusing on control, resilience, and operating within dependency constraints
View session details...

Key topics

  • Assessing exposure to dominant, irreplaceable, and “too critical to exit” providers
  • Strengthening oversight, controls, and performance management for critical vendors
  • Building resilience through contingency planning, substitution options, and fallback strategies
  • Defining escalation and governance approaches when vendor risk cannot be reduced

Gary Lock,Director, Global Head of Third Party Supplier Assurance,Fidelity International

Carlos Sanchez-Ventura Carlos,Global Head of TPRM, Maket Data, Strategic Negotiations,Santander

12:05
AI Driven Risk Monitoring
Turning continuous monitoring into clear, actionable risk decisions that drive timely escalation and business response
View session details...

Key topics

  • Using AI and continuous monitoring tools to identify emerging supplier risks
  • Integrating internal and external data for real-time risk visibility
  • Reducing false positives through intelligent prioritisation and analytics
  • Automating escalation and response workflows for critical risk events
  • Linking monitoring insights directly to operational and business decisions

Basem Mahmoud,Information Security Manager/Third Party Risk Manager,PepsiCo

12:05
From Obligation to Execution: Making Regulatory Compliance Work in Practice
Regulatory expectations continue to expand, but the real challenge lies in operationalising them across the business. How are organisations embedding compliance into day-to-day decision-making without creating friction or duplication?
View session details...

Key topics

  • Designing a unified regulatory operating model across functions
  • Embedding compliance into business and procurement workflows
  • Streamlining controls, testing, and assurance across frameworks
  • Scaling compliance alongside business growth and change

Stefan Zima,Head of Regulatory Compliance,Raffeisen Bank

12:55-2:45
LUNCH NETWORKING & OPTIONAL ROUNDTABLE DISCUSSIONS
All attendees have access to:
  • Extended networking lunch
  • Meetings with peers, speakers and sponsors
  • Networking lounge and exhibition area
Roundtables are optional, limited to 20 attendees per table, and require advance registration. Attendees not participating in a roundtable may continue networking until sessions resume
1:40-2:45
Optional Roundtable Discussions
All attendees have access to:
  • Limited to 20 attendees per table
  • Advance sign-up required
  • Interactive peer-to-peer discussion format
Roundtables are optional, limited to 20 attendees per table, and require advance registration. Attendees not participating in a roundtable may continue networking until sessions resume
ROUNDTABLE
The Fourth-Party Visibility Problem:

Anne McGowan,Head of Supplier Management,Lloyds Banking Group

ROUNDTABLE
Vendor Performance Is Becoming a Risk Issue

Gemma Stewart,Global Head Third Party Risk Management,Zurich Insurance

ROUNDTABLE
Building a Third-Party Risk Culture Across the Business

Verity Billson,Global Head of Third Party Risk,Experian

ROUNDTABLE
Board Expectations Are Changing -Acquiring Cyber Investment From the Board

Jia Fu,Head of Cybersecurity (CISO),British Film Institute

ROUNDTABLE
What Happens When the Vendor Says No?
2:25
Transition Between Rooms
2:25
2:30
EXTENDING RESILIENCE BEYOND THE ORGANISATION: ALIGNING THIRD PARTIES WITH CRITICAL SERVICES
Extending resilience frameworks beyond internal operations to include third-party dependencies
View session details...

Key topics

  • Aligning critical services with supporting third-party providers
  • Embedding third-party scenarios into resilience planning
  • Defining criticality and impact across internal and external services
  • Integrating third-party risk into resilience frameworks
2:30
AI, Automation & the Future of Operational Resilience
Leveraging AI and Automation to transform due diligence process
View session details...

Key topics

  • Reducing manual effort in supplier onboarding and assessments
  • Using automation to validate responses and identify inconsistencies
  • Using automation to validate responses and identify inconsistencies
  • Balancing automation with human review and accountability
  • Ensuring consistency across large supplier populations

Michel Tueghels,Process Operations Product Manager,ExxonMobil

2:30
Compliance in Highly Regulated Industries: Case studies (Pharma & Health Science) CASE STUDY
Deep dive into how highly regulated industries manage third-party risk and what can be learned across sectors
View session details...

Key topics

  • Applying stringent compliance frameworks to supplier oversight
  • Managing sensitive data and operational dependencies
  • Balancing regulatory requirements with operational efficiency
  • Translating sector-specific practices into cross-industry insights

Rohit Nag,Group Head of TPRM,Bupa

3:20
Transition Between Rooms
3:20
3:25
Building Resilient Supply Chains for Critical Services: Lessons from Healthcare and Humanitarian Operations
Building enterprise-wide approaches to resilience testing across increasingly interconnected supplier ecosystems.
View session details...

Key topics

  • Aligning testing programmes with regulatory expectations and impact tolerances
  • Prioritising systemic and concentration risk exposure
  • Using outputs to drive investment and board-level decision-making
  • Expanding testing maturity across business functions and supplier tiers

Kehinde (Kenny) Otto,Head of Supply Chain Management,Royal Papworth Hospital, NHS

3:25
Managing the Unknown of AI in TPRM – PRESENTATION
AI and the Unknown: the good, the bad and the ugly. Managing unknown new AI risks across third-party environments and how organisations can respond
View session details...

Key topics

  • Understanding AI-driven vulnerabilities and attack vectors
  • Assessing exposure from AI-enabled suppliers
  • Embedding AI risk into existing frameworks
  • Developing mitigation strategies
3:25
Strengthening Due Diligence and Ongoing Compliance – PRESENTATION
Examining how organisations can enhance due diligence processes to meet regulatory expectations
View session details...

Key topics

  • Moving beyond static questionnaires to dynamic assessment models
  • Ensuring consistency and completeness in supplier evaluations
  • Integrating due diligence with ongoing monitoring processes
  • Demonstrating compliance through robust documentation and evidence

Paul McLaughlin,Head of Controls Transformation,Costain

4:15
Transition Between Rooms
4:15
4:20
Cyber Resilience Across Third Parties: Designing Defences Beyond the Perimeter (CASE STUDY) – FIRESIDE CHAT
Embedding cyber resilience into the design of third-party ecosystems rather than reacting to disruption
View session details...

Key topics

  • Integrating cyber resilience into enterprise and third-party risk frameworks
  • Aligning cyber and operational resilience into a unified strategy
  • Moving from control-based models to resilience-based approaches
  • Strengthening collaboration with critical suppliers to manage systemic cyber risk

Sean Wright,Head of Oversight Group Operational Risk – Third Party Risk & Operational Resilience,Nationwide Building Society

Heath Drew,Global Third Party Risk Manager,Philip Morris International

Jia Fu,Head of Cybersecurity (CISO),British Film Institute

4:20
Building a Digital TPRM Ecosystem – PRESENTATION
Examining how organisations are automating onboarding, assessment, and workflow processes to improve operational efficiency across the third-party lifecycle
View session details...

Key topics

  • Reducing manual effort across onboarding and due diligence workflows
  • Streamlining approvals, assessments, and escalation processes
  • Improving consistency across large supplier populations
  • Embedding governance and accountability into automated workflows
  • Enhancing operational efficiency across cross-functional teams

Shamial Afzal,Global TPRM Lead,Beazley

4:20
TPRM Operations – Winning Hearts & Minds
Leading Change in TPRM from the Ground Up
View session details...

Details coming soon…

Verity Billson,Global Head of Third Party Risk,Experian

5:10
Transition to Reception
5:15
Chair’s Closing Remarks
Networking Drinks Reception
Day One | November 10 Day Two | November 11

About

  • CeFPro Home
  • Privacy Policy
  • Terms and Conditions
  • Disclaimer

Upcoming events

  • Our Flagship Event: Risk Evolve
  • View the full events calendar

Contact Us

Contact Us
[email protected]
+1 888 677 7007
+44 (0)207 600 3543

Scroll to top