Amanda Sang
Director, Risk Analysis and Policy, Financial Enterprise Risk Department, Bank of Canada
Amanda Sang is a seasoned leader in the Financial and Enterprise Risk Department at the Bank of Canada with extensive risk management experience. She is currently the Director of the Operational Risk and Analytics team, which includes the third party risk management program. She recently completed the renewal of the third-party risk management program to modernize and streamline the program.
Some of her earlier achievements include the establishment of a new operational risk teams in the Financial Markets Department, coordination of quantitative easing operations during the pandemic and led resilience strategies from planning to implementing an alternate hot site for market and banking operations.
Amanda is a Fellow Chartered Accountant from England and Wales and Certified Internal Auditor, with a degree in Mathematics. In her pastime, she enjoys travelling and spending time with her family outdoors.
OFFSHORING RISK AND RESILIENCE: COST SAVINGS VERSUS CONTROL – PANEL DISCUSSION
Evaluating offshore models through a risk and resilience lens.
- Clean room environments versus onshore operational realities
- Geopolitical, workforce, and continuity considerations
- Lessons learned from pandemic-era disruptions
- Designing offshore strategies that survive stress events
AI IN THE THIRD-PARTY ECOSYSTEM: CONTINUOUS MONITORING, AUTONOMOUS RISK & RESILIENCE IMPLICATIONS
A practitioner-led, closed-door discussion focused on how AI is reshaping third-party ecosystems, continuous monitoring, and resilience — not just adding complexity to existing frameworks. Expect open, peer-to-peer exchange on:
- Closing the gap between real-time monitoring data and decisive management action
- Designing escalation frameworks beyond static scores to enable defensible intervention
- Governing shadow AI and automation embedded within critical third-party platforms
- Validating AI-generated risk outputs and defining clear human accountability
- Building kill-switches, guardrails, and oversight models that hold under disruption
- Managing AI-driven concentration, model drift, and systemic resilience risk
CRITICAL THIRD PARTIES: POWER IMBALANCES WITH CRITICAL THIRD PARTIES– PANEL DISCUSSION
Operating TPRM programs when vendors dictate terms.
- Managing monopolize across the supply chain in financial institutions
- Navigating audit refusals, data access limitations, and “take-it-or-leave-it” contracts
- Managing risk exposure when exit is unrealistic
- Escalation strategies when critical vendors underperform or resist oversight
- Using collective pressure, contractual leverage, and governance forums effectively