• Back to CeFPro
  • View all events
[email protected] | US: +1 888 677 7007 | UK: +44 (0)207 600 3543
Vendor & Third Party Risk USA: The Cross-Industry Conference
  • Overview
  • Agenda
  • Speakers
  • Event Insights
  • TPRA & CeFPro Partnership
  • Sponsors
  • ATTEND
  • Search
  • Menu Menu
Day One | October 14 Day Two | October 15

Day Two | October 15

Here is the latest edition of the agenda. As we approach the event, we will be adding speakers and sessions to enhance your experience. To stay informed, please register your interest

RECEIVE EVENT UPDATES
DOWNLOAD THE BROCHURE
7:30
Registration & Breakfast
7:45
Closed Door Briefing
(Open to first 30 attendees)
8:35
Transition for Closed Door Briefing Attendees
8:45
Chair’s Opening Remarks
Operational Risk & Resilience
Magnolia 1–2
Innovation & Automation
Magnolia 3–4
Regulation & Standards
Magnolia 5–6
8:55
Identifying What Matters: Critical Third-Party Risk in Practice
Vendor inventories are growing, but assessment and monitoring capacity remain limited. This session focuses on how practitioners are refining criticality and tiering so attention and depth reflect actual business and resilience impact. It covers practical methods for identifying the relationships that warrant greater scrutiny and how that translates into different expectations across the portfolio.
View session details...

Key topics

  • How to design or update a criticality and tiering model that matches current realities
  • Ways to connect criticality to assessment depth, monitoring, and testing requirements
  • Examples of how revising tiers shifted program focus toward higher-risk relationships

Fusako Menna,Director, Operational Risk and TPRM,Daiwa Capital Markets

8:55
Hyper TPRM: Rethinking Third-Party Risk for Scale, Speed, and Confidence
Third-party risk management is reaching a breaking point. Vendor ecosystems are expanding faster than risk teams can keep up, risk signals are fragmented, and traditional approaches struggle to deliver the speed, coverage, and defensibility organizations now require.
In this session, we introduce Hyper TPRM — a modern approach to third-party risk management built for scale. Hyper TPRM moves beyond questionnaire-driven processes by combining data-first intelligence, workflow, community-powered exchange models, and AI acceleration, with human confirmation where it matters most.
Join us to learn how organizations are evolving their TPRM programs to:
View session details...

Key topics

  • Prioritize vendors using dynamic, explainable risk insights
  • Leverage shared, validated assessment data to reduce friction for vendors and internal teams
  • Apply AI to accelerate assessments, validate evidence, and expand portfolio coverage
  • Shift from point-in-time reviews to continuous, risk-based monitoring

If you’re looking to modernize your TPRM program without compromising rigor, this session will show how Hyper TPRM enables faster decisions, broader coverage, and greater confidence across the entire third-party lifecycle.

Ed Thomas Jr,Senior Vice President,ProcessUnity

8:55
Critical Infrastructure & Third-Party Resilience
Third-party issues can have outsized impact when they touch critical infrastructure. This session examines how TPRM programs are managing vendors that support sectors such as energy, finance, health, and communications. It addresses expectations for resilience, oversight, and coordination in these environments and how they differ from other contexts and what changes in practice when the stakes are higher.
View session details...

Key topics

  • How to identify where third-party services intersect with critical infrastructure
  • Additional resilience testing, documentation, and oversight that are used in these contexts
  • Examples of coordination with regulators or sector bodies on critical third-party resilience
9:45
Transition Between Rooms
9:45
9:50
Fourth-Party Risk: The Exposure You Can’t Always See
Dependencies on sub-contractors and upstream providers can introduce risk that is not obvious from primary contracts. This session considers how organizations are identifying and managing fourth-party and Nth-party risk in a practical way. It focuses on methods that provide enough visibility to inform decisions without requiring exhaustive mapping of every connection.
View session details...

Key topics

  • Typical sources of downstream risk behind primary third-party services
  • Tactics for gaining useful visibility through contracts, questionnaires, and data sources
  • Ways to determine where deeper fourth-party analysis is warranted

Tracey Forney,Sr. Compliance Manager,Aerstone

9:50
Automating Risk Assessments Without Losing Control
Growing assessment volumes are prompting interest in automation, but many teams are concerned about maintaining governance and judgment.
This session looks at where automation has been effective in managing assessment workload and where human review remains essential. It provides examples of assessment designs that use automation for efficiency while preserving clear ownership of key risk decisions.
View session details...

Key topics

  • Parts of the assessment process that are well suited for automation
  • Guardrails and checkpoints that keep governance and accountability clear
  • Example workflows showing how automation changed both speed and overall quality
9:50
The Hidden Compliance Risks Lurking in Third-Party Relationships
Stakeholders are asking for clearer measures of how prepared organizations are to manage disruption. This session shares examples of operational resilience metrics that teams are using to describe readiness, response capability, and recovery performance. It looks at how these metrics were selected and refined to be both understandable and actionable.
View session details...

Key topics

  • Examples of resilience metrics linked to readiness and performance
  • Ways to keep resilience reporting focused while providing sufficient detail
  • Approaches for tailoring resilience metrics for senior leaders and operational teams

Laura Arnott,Director,Vigilant LLC

10:40
Coffee Break
10:40
11:00
Preserving Value by Managing Operational Risk in Third Party-dependent environments.
The launching pad for managing third party risk is rooted in building value and managing criticality to sustain that value. This session will examine the root or derivative of risk management which lies in the value, dependency and options within the third party relationship; especially as it pertains to sole or single sourcing, the best current example being Cloud-based Information Technology Services.
View session details...

Key topics

  • How to identify and map cloud related dependencies across a vendor portfolio
  • Questions and evidence to request around resilience, failover, and incident management
  • Ways to frame cloud concentration risk and potential mitigations for internal stakeholders

Mark Carroll,Founder – Graduate ERM Program,Boston University

11:00
The Hidden Risks of Automated Decision-Making
Automated decision functions in vendor solutions can introduce risk at scale if they are not well understood or governed. This session examines where automated decision-making appears in third-party products and services, and how it has created issues in practice. It then considers simple steps TPRM teams can take to evaluate these capabilities and request appropriate safeguards.
View session details...

Key topics

  • Where automated decision-making commonly appears in vendor offerings
  • Types of risk that arise when automated decisions are not transparent or well controlled
  • Practical evaluation and oversight steps for automated decision engines

Jude Ejiobi,Cybersecurity GRC Manager,J.B Poindexter & CO

11:00
The Real-World Challenges of Global Third-Party Compliance
Managing third-party risk under multiple legal and regulatory regimes is rarely easy. This session uses real examples to show how teams handle overlapping and sometimes conflicting requirements across jurisdictions. It focuses on how they reach a decision on which requirement becomes the anchor and how they keep that decision explainable.
View session details...

Key topics

  • How to recognize when different regimes create conflicting expectations for a vendor or service
  • Factors used to decide which requirement effectively takes precedence in practice
  • Ways to document and communicate these choices so they are defensible and repeatable
11:50
Speaker Transition
11:50
11:55
Turning Operational Risk Data Into Executive Decisions
Many TPRM teams produce solid analysis but still struggle to get clear decisions from senior leaders. This session looks at techniques for turning complex operational and vendor risk information into a small number of concrete options. This session explores methods for translating operational and third-party risk data into clear choices for senior leaders. It uses examples to illustrate how changes in structure and language can help leadership move from information to action.
View session details...

Key topics

  • Techniques for summarizing complex risk information in a clear and concise way
  • Ways to frame options and recommendations so leadership can decide more quickly
  • Examples of how improved framing led to different decisions on vendors, controls, or investments

Franceso De Lucia Dattolo,Cybersecurity Program Manager, Governance & Risk | Third Party Cyber Security,Schlumberger

Narahari (Hari) Roa,Global Supply Risk and Resilience Director,Schlumberger (SLB)

11:55
Can AI Really Improve Third-Party Risk Management?
AI is starting to show real promise in TPRM, but the results depend heavily on choosing the right use cases, having solid data, and working from clean, well-understood processes. This session takes a practitioner’s view of where AI is actually helping TPRM work today, where simpler automation is still the better answer, and why human-in-the-loop oversight remains essential. The focus is on grounded examples, not hype, so teams can decide where AI fits in their own programs.
View session details...

Key topics

  • Concrete AI use cases already in play in TPRM, what they delivered, and where automation alone was sufficient
  • Common pitfalls tied to data quality, messy processes, and unclear ownership, and how human-in-the-loop controls help keep outcomes reliable
  • Simple criteria practitioners can use to decide which AI ideas are worth piloting or scaling, and how to set realistic expectations with stakeholders

Jonathan Bald,SVP Global Sales Lead,Black Kite

Ragav Ramesh,Executive Director,J.P Morgan Chase

Matthew Ridenhour,Senior Manager, Compliance Operations,UKG

Kaci Johnson,Director, Risk Managemet,Nelnet

11:55
The Cost of Weak Third-Party Governance
Regulators increasingly expect TPRM programs to have clear governance, defined accountability, and evidence that decisions are being made and escalated in a consistent way. Weak or informal governance can lead to compliance findings, inconsistent oversight, and gaps between policy and actual practice. This session looks at what “good” third-party governance really means in the context of regulations and standards, and how organizations are strengthening structures, roles, and routines before issues surface in exams or audits.
View session details...

Key topics

  • Key governance elements regulators and standards bodies expect to see in mature TPRM programs
  • How to define and document roles, decision rights, and escalation paths so governance works in day-to-day operations
  • Practical steps for shoring up TPRM governance, even in developing programs, to reduce compliance risk and close gaps between policy and practice

Tamara Culler,Independent,formerly of OCC

12:45-1:30
LUNCH NETWORKING & OPTIONAL ROUNDTABLE DISCUSSIONS
All attendees have access to:
  • Extended networking lunch
  • Meetings with peers, speakers and sponsors
  • Networking lounge and exhibition area
Roundtables are optional, limited to 30 attendees per table, and require advance registration. Attendees not participating in a roundtable may continue networking until sessions resume
1:30-2:15
Optional Roundtable Discussions
All attendees have access to:
  • Limited to 30 attendees per table
  • Advance sign-up required
  • Interactive peer-to-peer discussion format
Roundtables are optional, limited to 30 attendees per table, and require advance registration. Attendees not participating in a roundtable may continue networking until sessions resume

ROUNDTABLE
Managing the Risks of AI-Enabled Vendors

Ryan Patrick,EVP, TPRM Customer Solutions,HITRUST

ROUNDTABLE
ROUNDTABLE
Lessons Learned From TPRM Failures

Ryan Hesser, VP TPRM & Legal Counsel,VyStar Credit Union

2:15
Speaker Transition
2:15

2:20
Governing Agentic AI Ecosystems: The Rapidly Evolving Role of Third-Party Risk Management
Agentic AI systems are introducing new operational risks as organizations become increasingly dependent on interconnected networks of third-party, fourth-party, and nth-party providers. Traditional TPRM practices may not fully address the hidden dependencies, concentration risks, and resilience challenges created by AI ecosystems. This session explores how TPRM, operational resilience, and AI governance can work together to identify emerging risks, strengthen oversight, and improve preparedness for AI-related disruptions.
View session details...

Key topics

  • Identify hidden third-, fourth-, and nth-party dependencies within agentic AI ecosystems.
  • Recognize emerging operational and concentration risks that traditional TPRM processes may overlook.
  • Explore practical approaches to strengthen resilience and governance across AI-enabled third-party environments.
  • Understand how evolving regulatory expectations are shaping oversight of AI-supported services.

Naresh Raheja,Former OCC, Senior Risk Specialist,Independent

2:20
Modernising TPRM: Building the Digital Risk Function
Many TPRM teams are being asked to move beyond manual, case-by-case work and operate more like a modern, technology-enabled risk function.
View session details...

Key topics

  • Using automation and workflow tools to reduce manual effort
  • Integrating TPRM with cybersecurity, privacy, procurement and resilience platforms
  • Moving from spreadsheets and email toward digital, data-driven processes

Ryan Langshaw,Risk Program Lead,Lead

2:20
Building Strategic Supplier Relationships That Drive Business Value and Reduce Risk
Details tbc…
View session details...

Details coming soon…

Mariano Rivera,Technology and Business Transformation Leader,Enterprise initiatives across large retail and financial service organization

3:10
Coffee Break & Wall Transition
3:10

3:40
Contracting for Risk: How Third-Party Agreements Are Evolving in the Age of Cyber, AI, and Regulatory Pressure – PANEL DISCUSSION
Third party contracts have become one of the most important, and scrutinized, components of modern risk management. As organizations face growing cybersecurity threats, operational disruptions, AI governance concerns, and increasing regulatory expectations, contracts are no longer viewed as simple legal documents. They are now critical risk management tools that define accountability, transparency, resilience expectations, and organizational protection.

Elizabeth Blosh-Myers,VP/Director Third Party Risk Management,Thread Bank

Ryan Hesser, VP TPRM & Legal Counsel,VyStar Credit Union

Kristen Thomas,Director,ComplyIQ, Former JP Morgan Chase

Tim Harvey,Procurement Director,CompSource Mutual Insurance Company

4:25
Speaker Transition

4:30
What Comes Next: The Future of Third Party Risk in a Hyper-Connected World
Emerging risks across AI, cyber, geopolitics, and regulation are reshaping how organisations must approach third-party risk.
View session details...

Key topics

  • How AI and automation will redefine third-party ecosystems
  • The rise of systemic and cross-industry risk exposure
  • Preparing for risks that cannot yet be fully quantified
  • What organisations need to build now to remain resilient in the future
5:15
Closing Remark’s and End of Vendor and Third Party Risk Cross Industry
Day One | October 14 Day Two | October 15

About

  • CeFPro Home
  • Full events calendar
  • Privacy Policy
  • Terms and Conditions
  • Disclaimer

Upcoming events

  • Our Flagship Event: Risk Americas
  • View the full events calendar

Contact Us

Contact Us
[email protected]
+1 888 677 7007
+44 (0)207 600 3543

Scroll to top