#RISK 2022

 

AGENDA

The 2023 #RISK Series Presents…

→ #RISK MENA: Dubai — 10th & 11th May 2023
→ #RISK EU: Amsterdam — 27th & 28th September 2023
→ #RISK London — 18th & 19th October 2023

Interested in exhibiting? Get in touch to secure your spot!

Schedule a call today!

#RISK 2023 Agenda will be announced very soon!

What was covered at #RISK London

#RISK – Five content hubs with insightful sessions, case studies, networking, high level thought leadership presentations and panel discussions.

GRC Hub Agenda

Day 1: Wednesday 16th November 2022

Scroll left/right to view

GMT Wednesday 16th November 2022
09:00

Registration
09:00 - 10:00

09:15
09:30
09:45
10:00

Risk Appetite vs Risk Tolerance: Where Do We Draw The Line?
10:00 - 10:30

10:15
10:30

How Successful Security Teams Manage Risk to Build Trust and Drive Growth
10:35 - 11:05

Abundant data is now available to put numbers behind what we instinctively know: trusted organizations are more successful. InfoSec teams have a prominent role in helping their organization become trusted, and therefore more successful: first and foremost, by communicating changes in the IT & security risk posture.

In this session, Scott Bridgen, OneTrust’s Global GRC Lead will drill down into how IT & Security teams support risk reduction, build trust, and drive growth.

Key takeaways:

- Learn about recent research that quantifies the value of trust for businesses.

- Maturing IT & Security risk management responsibilities and activities to respond to the ever-changing security landscape.

- Discuss communication improvements and how to create transparency in your risk remediation process.

10:45
11:00
11:15

Third-Party Risk Management: Best Practices for Vetting and Monitoring Vendors
11:15 - 12:00

Failing to properly assess vendors leads to unacceptable risk exposure. But even once a vendor has been successfully vetted, it must be continuously monitored throughout its relationship with your organisation.

This session will look at how leading organsations are meeting the challenge of onboarding and continuously monitoring vendors.

11:30
11:45
12:00
12:10

Quantitative Risk vs. GRC: Truce and Reconciliation
12:10 - 12:40

Attitudes to the use of quantitative methods in Enterprise Risk Management are starkly polarized. Advocates of quantification are disparaging about heat maps and derogatory about risk registers; but many risk practitioners struggle to reconcile the machinery of quantitative methods with the scale and chaotic contingency of enterprise-wide risk management. In truth these apparent adversaries are simply arguing from incommensurable perspectives.

In this presentation we will discuss how to reconcile these perspectives and to weave quantitative methods into traditional GRC practices to create something far greater than the sum of its parts

  • Graeme Keith, Global Professional Services Lead for Risk Quantification, Archer IRM
12:15
12:30
12:45
13:00
13:25

Reaping the Benefits of Risk Management: A Business Enabler
13:25 - 14:10

Risk is everyone’s business. Organisations willing to take risks are more likely to succeed in the short term. But companies that can understand, manage and mitigate those risks will reap longer-term rewards.

Revolutions in work patterns, technology and society are changing business models, with regulation struggling to keep up.

Big bets can lead to big wins. This session will consider the up-to-date knowledge of the risk landscape, risk-conscious culture, and risk management tools you need to ensure your bets pay off.

13:30
13:45
14:10
14:15

Risk Resilience and Enterprise Agility: Two Sides of the Same Coin
14:15 - 15:00

To succeed in uncertain and unstable times, organisations need to be able to foresee and avoid disruption and also recover from setbacks once they occur.

This session will consider two closely-connected concepts. risk resilience and enterprise agility, and explore how your company can integrate them into its risk-management strategy.

  • Ayesha James, Group Third Party Risk Steward & Europe Head of Operational & Resilience Risk, HSBC
  • Bavan Nathan, Consultant; former Chief Audit and Risk Officer, Tesco and Head of IA, Risk and Compliance Services, KPMG
  • Tim Neill, Chief Risk Officer, Copper.co
  • Paul Butcher, CEO, LRQA
14:30
14:45
15:05

Bridging the Silos: The Importance of Holistic Risk Management
15:05 - 15:50

Remote work has created distributed workforces. Complex legal and technical challenges call for highly specialised teams. This can lead to isolation and poor communication between departments at a time when an integrated, holistic approach to risk management has never been more important.

This session will explore why holistic risk management is so vital in today's business environment, and consider the practical steps you can take to enable your whole workforce to work together.

15:15
15:30
15:45
15:55

Mitigating Key Risks in Artificial Intelligence: Bias, Discrimination and Other Harms
15:55 - 16:30

Recent months have seen a boom in the effectiveness and accessibility of AI technologies. Automation is helping companies work more efficiently in more and more fields.

But there is a significant risk in failing to recognise and address the potential downsides of AI, including bias, discrimination and functional limitations.

This session will explore how organisations can manage and mitigate AI risks.

16:00
16:15
16:30

Data Protection & Privacy Hub Agenda

Day 1: Wednesday 16th November 2022

Scroll left/right to view

GMT Wednesday 16th November 2022
09:00

Registration
09:00 - 10:00

09:15
09:30
09:45
10:00

The Data Protection and Privacy Risk Landscape
10:00 - 10:45

Change happens fast in data protection. With new threats to privacy and new regulatory risks arising every year, it's time to take stock and take an overview of the risk landscape.

This panel will look at the current state of play in data protection and privacy risk and consider what you can do to prepare for the future.

10:15
10:30
10:45
10:45

UK Data Protection Reforms: Preparing for Change In Uncertain Times
10:50 - 11:20

The UK has been in data protection limbo for several years, with the National Data Strategy, DCMS consultation and Data Protection and Digital Information Bill providing only hints at what the future might hold.

The government is clear that it plans to reform the GDPR to "cut red tape" and "help small businesses". But what will the involve? Will the planned legislation survive? And what could be the impact on EU adequacy?

This panel will consider how businesses can prepare for change in a turbulent and uncertain data protection landscape.

11:00
11:15
11:25

Accelerating Privacy Programs with Data Discovery - Sponsored by Exterro
11:25 - 11:55

Data inventory is at the heart of all privacy and data protection; most companies rely on surveys and recollection as opposed to actual knowledge. Is your record of processing wishful thinking – do you really have an inventory based on evidence? A combination approach is necessary; to overcome years of poor information governance/documentation and ad hoc changes, discovery and scanning is essential to finding out what is really going on in the organisation. Technology alone, however, is not sufficient, as it cannot explain business purposes or benefits. A strategic approach to data discovery not only surfaces those unknowns, but allows multiple organisational departments to leverage the knowledge gained from an effective data discovery within privacy.

This session will discuss how effective data discovery will accelerate privacy in your organisation and put data at the centre of your data privacy program.

11:45
12:00
12:15
12:30
12:45

Data Minimisation: A Key Element of Risk-Reduction
12:45 - 13:30

The best way to reduce the risk of a data breach is not to process any personal data. But in today's data-driven economy, organisations may have to make some hard choices about what data to retain.

This panel will explore best practices from implementing data minimisation in an automated and systematic manner.

13:00
13:15
13:30
13:35

Privacy Litigation: A Growing Risk for Data-Driven Businesses
13:35 - 14:20

Data protection-related class action cases often seek damages amounting to billions of dollars. And even if an action is unsuccessful, fighting it can be a resource-intensive, reputation-damaging process.

This panel will explore the dangers of class action lawsuits arising from data protection non-compliance and consider what you can do to avoid them.

13:45
14:00
14:15
14:25

A Risk-Based Approach to Data Protection Compliance
14:25 - 15:10

Data protection laws such as the GDPR allow for a "risk-based approach" to compliance in several areas. Weighing the risks and assessing appropriate mitigations is a major part of protecting personal data.

This session will explore the areas in which a "risk-based approach" is appropriate and lawful, look at the fundamental principles behind risk-based data protection, and offer advice on the tools and knowledge required to make the approach work.

14:30
14:45
15:00
15:15

Keynote: EU and US Businesses Continue to Break the Law — Max Schrems, Honorary Chairman, noyb
15:15 - 15:45

Max Schrems is an Austrian activist and author who became known for campaigns against Facebook for privacy violations, including its violations of European privacy laws and alleged transfer of personal data to the US National Security Agency (NSA) as part of the NSA’s PRISM program. Schrems is the founder of NOYB – European Center for Digital Rights.

15:30
15:45

Reducing the Risk of Data Breaches Through Physical and Privacy Enhancing Technologies (PETs)
15:50 - 16:30

A single data breach can be devastating for your company and its customers. But there are technical solutions that can substantially reduce the risk.

This panel will explore the power of privacy enhancing technologies (PETs) to protect data from unauthorised access and use.

  • Adrian Leung, Data Protection Officer, Equifax
  • Tahir Latif, Co-Team Lead, National Institute of Standards and Technology (NIST) - Privacy Workforce Public Working Group
  • Peter C Barker, EMEA Business Manager, 3M Privacy Solutions
  • Giulia Carnà, Data Protection Counsel, ACI Worldwide
16:00
16:15
16:30

ESG Hub Agenda

Day 1: Wednesday 16th November 2022

Scroll left/right to view

GMT Wednesday 16th November 2022
09:00

Registration
09:00 - 10:00

09:15
09:30
09:45
10:00

Keynote - Stop making shit up
10:00 - 10:30

Customers, employees, investors and policymakers all demand climate action. So we’ll just tell them what they want to hear, right? Wrong. Pinwheel founder and award-winning CMO Gavin Sheppard explains how making shit up leaves brands with their pants down and why doing nothing is even worse. So what’s the answer? We’ll find out in this session.

10:15
10:30
10:35

The Risks of Neglecting Workforce Diversity
10:35 - 11:05

Thriving movements like Black Lives Matter (BLM) and the flourishing environmental, social and governance (ESG) sector show that workforce diversity matters more than ever. Ensuring your company draws talent from under-represented groups and fully embraces gender and racial equity is vital for ethical reasons—but it also makes perfect sense from a business, culture and risk management perspective.

This session will bring together leading women working in governance, risk and compliance to discuss how to make diversity part of your organisation's culture and business strategy.

10:45
11:00
11:15

The ESG Opportunity: How ESG Can Give You an Edge
11:15 - 12:00

Implementing an ESG programme is an ethical endeavour. Reducing carbon emissions and improving social justice are good things in themselves.

But adopting an ESG programme can also be a good business decision. This panel will explore how ESG can help businesses grow sustainably, build their reputation and—ultimately—increase profits.

11:30
11:45
12:05
12:10

LQRA sponsor session: Trust and Transparency in ESG
12:10 - 12:40

12:15
12:30
12:45
13:00
13:25

A Holistic Approach to ESG Scores: Considering Both Risk & Impact
13:25 - 14:10

Many businesses and investors have been approaching ESG scores as a matter of assessing risk. But there is more to assessing a company's environmental, social and governance contributions than risk alone.

This panel will explore a more holistic approach to ESG scores that considers both risk and impact and consider how you can improve your company's prospects from an ESG investment perspective.

13:30
13:45
14:10
14:15

Measuring DEI: The Data behind Workplace Diversity
14:15 - 15:00

Measuring and reporting diversity, equity and inclusion (DEI) metrics is increasingly crucial for practically every organisation. But the process can be complex and involves highly sensitive data.

This session will explore how to make your DEI programme meaningful and effective, exploring what to measure, how to measure it, and how to use the data to improve your business and the wellbeing of all stakeholders.

14:30
14:45
15:00

Making Data-Driven ESG Decisions: Do You Have the Right Tools?
15:05 - 15:50

Good quality data is crucial in ESG. Along with a commitment to a more sustainable business model, your company needs accurate, up-to-date data in order to drive its decision-making.

Collecting and analysing ESG data is a complex task. This session will explore what tools your company needs to make intentional, beneficial decisions based on high-quality ESG data.

15:10
15:15
15:30
15:50

Is Kindness profitable? And The Risk of Not Being Kind
15:55 - 16:30

16:00
16:15
16:30

Financial Risk Hub Agenda

Day 1: Wednesday 16th November 2022

Scroll left/right to view

GMT Wednesday 16th November 2022
09:00

Registration
09:00 - 10:00

09:15
09:30
09:45
10:00

FinCrime Update: The Complex Web of Financial Crime in Late 2022
10:00 - 10:45

This session will bring together financial crime experts to provide an overview of the FinCrime landscape in late 2022.

Panelists will discuss sanctions, money-laundering risks, and the latest regulatory developments in this fast-developing field.

Panellists

  • Jane Jee, Lead for Financial Crime Project at the Payments Association
  • Andrew Churchill, Cybersecurity Consultant and Researcher
  • Wm. Clay Roberts, Deputy Global Head of Financial Crimes Compliance, The Western Union Company
10:15
10:30
10:45

Keynote: How Britain Became the Servant of Tycoons, Tax Dodgers, Kleptocrats and Criminals — Oliver Bullough, Journalist and Author
10:50 - 11:20

Oliver Bullough is a journalist and author from Wales who moved in 1999 to Russia to work as a journalist. He worked first for local newspapers in St Petersburg and Bishkek (Kyrgyzstan), then for Reuters. He stayed in Moscow, mainly reporting on the war in Chechnya, until 2006.

Since leaving Reuters, he has written three books. The first - Let Our Fame be Great - is about the peoples of the North Caucasus, and his travels to find their scattered communities. The second -The Last Man in Russia - is a biography of a dissident Orthodox priest, whose life closely mirrors that of the Russian nation in the 20th century, and sheds light on the demographic tragedy of modern Russia.

The third is called Moneyland, and tells the story of how the world’s super-rich have broken free of democratic control, and formed their own nomadic global community.

11:00
11:15
11:25

Fraud, Financial Crime, Risk and Compliance Anomaly Detection for Investigation and Monitoring
11:25 - 11:55

Find out why forensic analysis of communications is critical to prevention and investigation of wholesale fraud and more…….

11:45
11:55
12:00
12:15
12:30
12:45

Why Open and Transparent Company Data Is Powerful for Risk Professionals
12:45 - 13:30

Information about companies and who owns or directs them is critical to assessing risk – whether that’s for anti-financial crime purposes or simply understanding who is in your end-to-end supply chain.

Learn about why company data is essential to risk management and why only when we have open and transparent data for all can we unlock the full potential of tech-enabled approaches – to drive more powerful insights and manage risk.

13:00
13:15
13:35

Gaining FinCrime Risk Insights Through Data
13:35 - 14:20

Data drives finance, and leveraging its power can help you identify risks and better protect your customers' money.

This panel will explore how finance and risk management teams are using the power of big data to gain insights into the risks of financial crime.

  • Nick Maxwell, Head of the Future of Financial Intelligence Sharing (FFIS) Research Programme
  • Ian Whiting, GLobal Head of Financial Crime Operations and Intelligence, DMLRO at Worldpay
13:45
14:00
14:15
14:25

Fighting FinCrime: Mastering the Risk-Based Approach
14:25 - 15:10

A risk-based approach to combatting financial crime means mapping and assessing all risks across your organisation then prioritising the highest areas of exposure.

This session will explore the fundamentals of the risk-based approach and consider how financial institiutions can best execute it.

14:30
14:45
15:00
15:15


15:30
15:45

AML Regulation: A Look Forward to 2023 and Beyond
15:50 - 16:30

With the EU's anti-money laundering reforms soon coming into effect and the UK forging its own regulatory path, significant changes are ahead for FinCrime professionals.

This session will discuss changes to the regulatory landscape in 2023 and beyond and consider what financial institutions can do to prepare.

16:00
16:15
16:30

Cyber Security Hub Agenda

Day 1: Wednesday 16th November 2022

Scroll left/right to view

GMT Wednesday 16th November 2022
09:00

Registration
09:00 - 10:00

09:15
09:30
09:45
10:00

Building a Threat Intelligence Program
10:00 - 10:45

The foundation of good security is knowing and understanding which threats your organisation is likely to face. This requires a systematic and ongoing analysis of the threat landscape, and a comprehensive understanding of the defence measures most appropriate for your organisation.

This session will explore how to build and maintain a threat intelligence program to help your company predict and mitigate security risks.

10:15
10:30
10:45
11:00

Keynote: The Only Way is Ethics, with Dan Evans, former Mirror Group and News UK journalist turned phone-hacking whistle-blower
11:00 - 11:30

Investigative journalist Dan Evans is the ultimate tabloid gamekeeper-turned-poacher-turned-gamekeeper.

He tells us how failure to hard-bake ethical compliance into hyper-competitive workplaces can leave painful multi-billion-pound legal legacies.

Dan Evans is a former Mirror Group and News UK journalist turned phone-hacking whistle-blower. He was, according to the venerable Mr. Justice Saunders, “unique” as the sole Witness of Truth for the Crown in Regina vs Coulson, Brooks, & Ors - the so-called ‘Super-trial of the Century’ - and principal witness for the Claimants in two behemoth High Court litigations.

  • Dan Evans, former Mirror Group and News UK journalist turned phone-hacking whistle-blower
11:15
11:35

Outbound Zero Trust Data Control: Does What It Says on the Tin (Sponsored by Virtru)
11:35 - 12:05

Data is every organisations most valuable resource and what every attacker is after. It’s constantly on the move - being downloaded, shared, copied, and modified. You can’t afford to lock it down, and you can’t afford to lose control of it.

Join this conversation to explore simple and affordable strategies to expand zero trust security controls from traditional “outside-in workflows” to “inside-out workflows” -- empowering individuals to share sensitive data via email and files for purposes of accelerating innovation, without sacrificing security, privacy, or control.

11:45
12:00
12:15
12:30
12:45
12:50

Security Leadership: The Changing Role of the CISO
12:50 - 13:35

Remote work, COVID-19-related fraud, the escalation in cyberattacks—CISOs have overseen a turbulent few years, and good leadership in security is more important than ever.

This panel will explore how the role of the CISO is changing and what lies ahead for security leaders.

  • Neil Robinson, Managing Director, Chief Information Security & Cybersecurity Officer, CCIB, Standard Chartered Bank
13:00
13:15
13:35
13:40

Insider Threats: Safeguarding Your Organisation from the Inside Out
13:40 - 14:25

Much of the work of security professionals focuses on securing an organisation’s perimeter and keeping malicious actors out.

But whether through maliciousness or negligence, insider threats are a common cause of data breaches and security risk.

This session will take an in-depth look at how leading organisations manage the risk from insider threats—and how you can build an effective and systematic insider threat programme

13:45
14:00
14:15
14:25
14:30
14:40

Are You Prepared for the Cyber Resilience Act
14:40 - 15:25

On September 15, 2022, the European Commission presented a draft law—the Cyber Resilience Act—to bolster the cybersecurity of digital products in the European Union and address existing cybersecurity regulatory framework gaps.

The proposed regulation applies a broad horizontal regulatory framework to tangible and intangible products with digital elements—including connected devices and non-embedded software—to enforce cybersecurity standards on the entire digital supply chain.

This talk by Kir Nuthi, senior policy analyst at the Center for Data Innovation, will provide an overview of the Cyber Resilience Act and its scope, highlighting key compliance challenges and the regulation's effects on businesses and start-ups.

  • Kir Nuthi, Senior Policy Analyst, Center for Data Innovation
14:45
15:00
15:15
15:30

Raising the privacy bar with confidential computing through 5 high impact use cases.
15:30 - 16:00

Traditional data privacy controls to meet compliance require complex orchestration, analysis of data models and disruptive implementation and yet are often insufficient as regulations evolve and still leave exploitable risk gaps.

This session will introduce state of the art confidential computing methods as a way to rethink privacy challenges, and outline 5 ways it can be quickly applied as a low friction, least risk and high agility approach to protecting consumers data at scale in public clouds in data rich applications.

15:45
16:00
16:05

Cyber Threat Landscape: Reviewing 2022 and Looking Ahead to 2023
16:05 - 16:50

Despite the huge advancements being made in cyber security, attackers have continued to conduct novel and highly damaging cyberattacks throughout 2022.

This session will review the cyber threat landscape in 2022, and look ahead to see what cyber security professionals should prepare for in 2023.

16:15
16:30

Conversations that Matter - VIP Networking Agenda

Day 1: Wednesday 16th November 2022

Scroll left/right to view

GMT Wednesday 16th November 2022
09:00

Registration
09:00 - 10:00

09:15
09:30
09:45
10:00

Start-ups: Risks You Should be Aware of in the First Year of Business
10:00 - 11:00

10:15
10:30
10:45
11:00

CCO Hour - Using Compliance Data to Manage Risk
11:00 - 12:00

11:15
11:30
11:45
12:00

Women in GRC Hour
12:00 - 13:00

12:15
12:30
12:45
13:00
13:15
13:30
13:45
14:00


14:00 - 15:00

14:15
14:30
14:45
15:00


15:00 - 16:00

15:15
15:30
15:45
16:00


16:00 - 17:00

16:15
16:30
16:45
17:00

Day 2 at #RISK 2022

GRC Hub Agenda

Day 2: Thursday 17th November 2022

Scroll left/right to view

GMT Thursday 17th November 2022
09:00

Registration
09:00 - 10:00

09:15
09:30
09:45
10:00

Keynote: Aligning the ‘Scattered Silos of Risk’ — Michael Rasmussen, GRC Analyst, Pundit and the “Father of GRC”
09:45 - 10:30

Michael Rasmussen is an internationally recognized pundit on governance, risk management, and compliance (GRC) – with specific expertise on the topics of enterprise GRC, GRC technology, corporate compliance, and policy management. With 27+ years of experience, Michael helps organizations improve GRC processes, design and implement GRC architecture, and select technologies that are effective, efficient, and agile. He is a sought-after keynote speaker, author, and advisor and is noted as the “Father of GRC” — being the first to define and model the GRC market in February 2002 while at Forrester.

10:15
10:30

GPRC - The future of effective enterprise management for businesses and governmental organisations.
10:35 - 11:05

In a world that is changing faster than ever, digital transformation and strategy execution are critical factors for the success of businesses and governmental organisations. In the recent years, organisations that have successfully transformed their business models with GPRC – GRC integrated with Performance and Strategy – enabled their business to holistically manage governance, performance, strategy, risk, compliance, and operate efficiently as a connected enterprise – an organisation that is connected and aligned across its business channels and functions.

This presentation will provide expert insights on the future of effective enterprise management, solutions that drive outcomes, and best practices on how to future-proof your organisation.

10:45
11:00
11:05
11:15

Building a Risk-Conscious Culture Among Your Team
11:15 - 12:00

Mistakes happen. And, less often, intentional violations among employees happen, too. So much of risk-reduction is about building a risk-consicous culture among your team.

This session will consider best practices for bringing your whole organisation onto the same page when it comes to managing risk.

11:30
11:45
12:05
12:10


12:15
12:30
12:55

Digital Transformation and the Future of Internal Audit
12:55 - 13:40

The field of internal audit has been transformed by the adoption of digital technology. Practitioners must now have a clear and comprehensive understanding of the software employed by their organisation, and they must have the tools necessary to conduct internal audits in this new environment.

This session will explore the impact of digital transformation on internal audit and consider what lies ahead for this evolving discipline.

13:00
13:25
13:30
13:45

Avoiding and Learning From Ethics and Compliance Failures
13:45 - 14:30

An ethical approach to business should be at the heart of organisations' compliance efforts. Without underlying ethical considerations, compliance becomes a "tick-box" exercise putting individuals—and businesses—at greater risk.

This session will explore how ethical failings can lead to compliance issues and create risk and harms—and consider what you can do to avoid them.

14:10
14:15
14:30

Managing Regulatory Risk Across Jurisdictions
14:35 - 15:20

Almost every major economy is moving towards a more tightly regulated business environment. This means international businesses have to manage a complex matrix of overlapping—and sometimes contradictory—compliance regimes.

This session will explore how leading organisations are managing the risk of regulatory violations across multiple jurisdictions.

14:45
15:00
15:05
15:15

Developing a Culture of Transparency to Improve Stakeholder Trust
15:25 - 16:00

People—whether consumers, employees, investors or business partners—want organistions to be up-front about their policies and practices. But conveying the right information in the right way can be a challenge.

This session will explore how organisations create a culture in which they are up-front about their business and compliance practices in a way that fulfills regulatory requirements and improves stakeholder trust.

15:30
15:55
16:00
16:15
16:30

Data Protection & Privacy Hub Agenda

Day 2: Thursday 17th November 2022

Scroll left/right to view

GMT Thursday 17th November 2022
09:00

Registration
09:00 - 10:00

09:15
09:30
09:45
10:00

Artificial Intelligence: The Data Protection Risks
10:00 - 10:45

AI is an increasingly important aspect of data protection professionals' work. The GDPR sets tight restrictions on certain automated decisions—and data protection principles apply when any organisations uses personal data in ts training sets.

Regulators, including the ICO, are increasingly focused on the risks associated with AI, and mitigating those risks often falls to data protection teams. New EU legislation is also set to create a swathe of new compliance concerns for companies developing or using AI systems.

This session will explore AI through a data protection lens and consider how to minimise the risk of AI-related harms.

10:15
10:30
10:45

Keynote: The Only Way is Ethics, with Dan Evans, former Mirror Group and News UK journalist turned phone-hacking whistle-blower
10:50 - 11:20

Investigative journalist Dan Evans is the ultimate tabloid gamekeeper-turned-poacher-turned-gamekeeper.

He tells us how failure to hard-bake ethical compliance into hyper-competitive workplaces can leave painful multi-billion-pound legal legacies.

Dan Evans is a former Mirror Group and News UK journalist turned phone-hacking whistle-blower. He was, according to the venerable Mr. Justice Saunders, “unique” as the sole Witness of Truth for the Crown in Regina vs Coulson, Brooks, & Ors - the so-called ‘Super-trial of the Century’ - and principal witness for the Claimants in two behemoth High Court litigations.

  • Dan Evans, former Mirror Group and News UK journalist turned phone-hacking whistle-blower
11:00
11:15
11:25

Marketing Compliance: Transform Digital Experiences in the Age of Privacy - Sponsored by OneTrust
11:25 - 11:55

Privacy laws are gradually being introduced and enforced all over the world. Not only that, but the privacy ecosystem and digital world are changing rapidly… and merging closer together.
The combination of customer demands, privacy laws, and technology changes is challenging teams to rethink leading-edge strategies. Instead of separating data, privacy, and marketing strategies, business leaders must treat these pillars as an interconnected ecosystem, synchronized from the ground up to reverse the fragmentation that exists in organizations today. Join this session to gain best practices to follow regulatory guidelines paired with enhanced CX strategies to build brand trust.After this session, you’ll be able to:

  • Explain the trends and developments in the privacy landscape
  • Understand the power of providing transparent experiences that build trust
  • Deliver a streamlined privacy-first CX across browsers and devices

Kenta Barrett serves as a Solutions Engineer at OneTrust, the Trust Intelligence Platform, unlocking every company’s value and potential to thrive by doing what’s good for people and the planet. OneTrust connects privacy, GRC, ethics, and ESG teams, data, and processes, so all companies can collaborate seamlessly and put trust at the centre of their operations and culture. In his role, Kenta supports the OneTrust Consent and Preference Management where he advises companies on how to drive engaging user experiences while building trust and demonstrate regulatory compliance.

11:45
12:00

Data Rights Management: Creating a Seamless, Efficient and Compliant Process
12:00 - 12:30

Sponsored by Global Logic

Data subjects are becoming increasingly aware of their data rights (Article 15) through to automated individual decision-making (Article 22). The challenge is, how do data controllers continue to meet the increasing demand for such requests.

This session will explore how our fully automated ‘rights request management module’, improves efficiency, significantly reduce costs, enhances existing processes with the ability to deliver a self-serving secure portal.

12:15
12:30
12:45

Regulatory Risks in the UK: A Review of Recent ICO Enforcement Action
12:45 - 13:30

The ICO's record of bringing GDPR fines may not be as extensive as some of its EU-based counterparts (the UK is still in single digits for the number of GDPR fines issued, whereas Spain has issued close to 450).

However, those penalties that have been levied against UK companies have been large—and there have been comparatively many more fines under the UK's ePrivacy law, PECR.

The UK ICO is under new leadership, with John Edwards promising a fresh approach to working with businesses and public sector bodies. We'll review the implications of the ICO's record on data protection and privacy fines, and consider how you can stay on the right side of the regulator.

13:00
13:15
13:35

Managing a Privacy Program Across Multiple Jurisdictions
13:35 - 14:20

The majority of major economies now have comprehensive data protection laws that apply with extraterritorial effect. Most of the remainder will have one soon. And within individual countries, organisations often face a complex mix of sectoral privacy laws. This makes managing a privacy program challenging.

This session will explore best practice for managing an effective and effective privacy program across multiple jurisdictions.

13:45
14:00
14:15
14:25

Privacy Supply Chain Risks: Best Practices for Working With Subprocessors
14:25 - 15:10

As controllers accumulate more and more data processors, those processors are often doing the same. And the further away personal data gets from your organisation, the more opportunities for GDPR violations and data breaches arise.

With supply chains growing increasingly long and complex, this panel will consider how organisations maintain visibility and control over personal data handled by subprocessors.

14:30
14:45
15:00
15:15

Data Discovery: Revealing Data Skeletons In Your Closet
15:15 - 15:55

The principles of data minimisation and storage limitation aren't just legal requirements: They're crucial means of preventing data breaches and GDPR violations. But the first step in maintaining a healthy and compliant data inventory is to understand what data you control, where it came from, and why you're processing it.

This session will look at best practices for data discovery.

15:30
15:45
16:00
16:15
16:30

ESG Hub Agenda

Day 2: Thursday 17th November 2022

Scroll left/right to view

GMT Thursday 17th November 2022
09:00

Registration
09:00 - 10:00

09:15
09:30
09:45
10:00

What is B Corp, and Why Do B Corps Matter?
10:00 - 10:30

The B Corp movement represents an important shift in the business world, and seeks to "transform the global economy" through a network of certified businesses putting people and planet at the heart of their organisations.

This session will explore the aims and objectives of the B Corp movement and consider why the scheme is so important in today's world.

10:15
10:30
10:35

How Does a Business Become a B Corp?
10:35 - 11:05

Becoming a B Corp can bring huge benefits to an organisation, both through improved reputation and through helping establish a more sustainable way of doing business. But becoming a B Corp requires meaningful changes and the certification process can be challenging.

This session will explain and explore the process of becoming a B Corp, with testimonies from business owners who have been through the process.

  • Andy Hawkins, Chief of People, Planet, and Purpose Officer at Business On Purpose and B Leader for B Corp
  • Narda Shirley, Co-Founder, Wilful Group and B Corp Ambassador
10:45
11:00
11:15

Paved with good intentions?
11:15 - 12:00

11:30
11:45
12:00
12:10

An interview with Elizabeth Peyton-Jones: Unethical predators in advertising & fashion
12:10 - 12:40

Elizabeth Peyton-Jones will question what we really know about the talent behind a glossy brochure or an Ad campaign. The risk to brand reputation is real, the risk to talent of unethical predators managing the casting process is real. But do you really know what happens on set? Do you have a reporting mechanism, an intimacy coordinator?

12:30
12:40
13:00
13:25

ESG and the Supply Chain
13:25 - 14:10

Ensuring your organisation acts resonsibly requires comprehensive oversight of its supply chain. In today's complex global landscape, this is more important than ever.

This session will explore supply chain management from an ESG perspective, exploring how to maintain visibility and control over the third parties your business works with.

13:30
13:45
14:10
14:15

Keynote - War in Europe, rise of populism and geopolitical risk
14:15 - 15:00

In a remarkable career, Rory Stewart has been an academic, writer, adventurer, politician and diplomat. After time in the Army and the diplomatic service, he trekked across Afghanistan, was appointed a fellow at Harvard, and wrote a number of books before entering Parliament.

Stewart was a cabinet minister before his bid for the Conservative Party leadership, an often heated contest to which he introduced a more moderate, progressive tone. He is now a Senior Fellow at Yale teaching politics and international relations.

  • Rt Hon Rory Stewart OBE, Academic, Politician & Diplomat, Former Secretary of State for International Development
14:30
14:45
15:00

"The Social Responsibility of Business Is to Increase Its Profits": Was Milton Friedman Right?
15:05 - 15:50

The "Friedman doctrine" states that businesses only need to be concerned about generating a return for shareholders. The principle of shareholder value has been highly influential in economics, business, and society at large for decades.

But was Friedman right? Does a narrow focus on profit damage for society—and even individual businesses? And can other considerations, such as people and the planet, exist alongside shareholder value?

15:15
15:30
15:45
16:00

Financial Risk Hub Agenda

Day 2: Thursday 17th November 2022

Scroll left/right to view

GMT Thursday 17th November 2022
09:00

Registration
09:00 - 10:00

09:15
09:30
09:45
10:00

Know-Your-Customer (KYC): The Latest Developments
10:00 - 10:45

This session will explore the state-of-play in KYC in the UK and abroad, looking at the latest regulatory developments and technical solutions to ensure effectiveness and efficiency in know-your-customer processes.

10:15
10:30
10:45

Keynote -Data: Its Role in Critical Risk Management
10:50 - 11:20

  • Andrew Fleming, VP MI Reporting Demand & Programme Manager, Deutsche Bank
11:00
11:15
11:25

KYC Portal Sponsor Session - Achieving peace of mind with RISK Orchestration
11:25 - 11:55

Showcasing how centralisation of data can help in increasing efficiencies, whilst reducing cost and risk.

11:45
12:00
12:15
12:30
12:45

To exchange or not to exchange? That is the question
12:45 - 13:30

A critical analysis of the use of financial intelligence and the exchange of information in the United Kingdom

13:00
13:15
13:35

Are We Winning the Fight Against Money Laundering? A Review of the Basel AML Index 2022
13:35 - 14:20

The Basel Institute on Governance's annual AML Index tracks progress on tackling money laundering and terrorist financing. This year's report analysed 128 jurisdictions worldwide, finding stalled or deteriorating progress in most areas.

But there are some (limited) grounds for optimism as governments continue to develop tighter AML regulation and financial institutions improve their money laundering detection methods.

Join Katernyna Boguslavka, Project Manager, Basel AML Index at the Basel Institute on Governance, for a presentation of the 11th Basel AML Index, providing valuable insight into the global picture of money laundering.

13:45
14:00
14:15
14:25

Crypto Regulation: The Path Forward
14:25 - 15:10

Regulators are playing catch-up with the crypto industry, where banks, exchanges and software providers protection billions of dollars' worth of digital assets.

This session will explore the emerging attempts to regulate crypto and consider how organisations should be planning for a more tightly-regulated field.

14:30
14:45
15:00
15:15

The True Value of Effective Fraud Risk Management
15:15 - 15:45

  • Davina Teeluck, Senior Fraud Prevention Officer, NHS Counter Fraud Authority (NHSCFA)
  • Oliver Stopnitzky, Senior Fraud Prevention Officer, NHS Counter Fraud Authority (NHSCFA)
15:30
15:50
16:00
16:15
16:30

Cyber Security Hub Agenda

Day 2: Thursday 17th November 2022

Scroll left/right to view

GMT Thursday 17th November 2022
09:00

Registration
09:00 - 10:00

09:15
09:30
09:45
10:00

Can We Finally Solve the Ransomware Problem?
10:00 - 10:45

The costs associated with ransomware continue to climb, with businesses worldwide paying out billions to attackers—and billions more in mitigating and recovering from attacks.

But what would it take to eliminate ransomware once and for all? Is this ambition even technically feasible? And in the meantime, what are the leading ransomware detection, prevention, mitigation and recovery techniques every organisation should be employing?

  • Olivia C. Li, Head of Risk and Regulatory Compliance, CredibAI
  • Jamie MacColl, Research Fellow in Cyber Threats and Cyber Security, Royal United Services Institute
  • Luke O'Brien, Cyber Security Operations Manager, easyjet
10:15
10:30
10:45

Keynote: Spies, Lies and Whistleblowers — Annie Machon, Former MI5 intelligence officer and whistleblower. Author of Spies, Lies and Whistleblowers: MI5 and the David Shayler Affair (Sponsored by DataGuard)
10:50 - 11:20

As a Former MI5 intelligence officer and famed whistleblower, Annie Machon is an internationally-renowned speaker and perfectly positioned to educate audiences on the need to protect digital freedoms, privacy and surveillance, civil liberties, whistleblower policies and the key security issues of the day.

In her role now as a writer, media pundit, political campaigner, and PR consultant on a variety of intelligence-related and civil liberties issues, she has a rare perspective both on the inner workings of governments, intelligence agencies and the media, as well as a passion for need to protect digital freedoms. She is an international leader in advocating the wider implications for the need for increased openness and accountability in both public and private sectors.

  • Annie Machon, Former MI5 intelligence officer and whistleblower. Author of Spies, Lies and Whistleblowers: MI5 and the David Shayler Affair.
11:00
11:15
11:35

Trending Cybersecurity Threats – Are Your Third Parties at Risk?
11:25 - 11:55

How vulnerable are your third parties when it comes to the most common and emerging cybersecurity threats? Do you know if those third parties have the right cybersecurity controls in place? Do you know how to identify which third parties put your organisations at risk—and how to mitigate those risks before they impact your bottom line?

InfoSec teams are facing larger and more sophisticated cybersecurity threats than ever before. In the last year, there has been a 62% global attack spike (158% increase in North American attacks alone) in ransomware, and an increased focus on attacks by regulatory bodies. Teams not only have to track vulnerabilities within their internal security posture but also ensure that their prospective third parties are vetted before engaging in business. In addition, these threats are leading to new regulatory requirements as well as critical changes to common industry standards and frameworks.

The most common and emerging cybersecurity threats against your third parties, The metrics to track in relation to third parties and their cybersecurity risks, How to protect your business from cybersecurity threats associated with your vendors, How to future-proof your TPRM program to defend against future cybersecurity threats

11:45
12:00
12:15
12:30
12:45

Making Zero-Trust Work For Your Employees
12:45 - 13:30

A properly-deployed zero trust architecture can ensure continued and seamless authentication of all users. But done poorly, adopting zero trust can mean disrupting workflows, inconveniencing employees and shutting off access to important data and programs.

This session will explain how leading organisations are employing the a "zero trust" approach to improve security—without causing unnecessary disruption.

13:00
13:15
13:30
13:35

Managing Data Breach Disclosure and Reporting Requirements
13:35 - 14:20

As countries world-wide seek to improve data protection and security standards, a common theme is imposing mandatory data breach notification requirements.

But these requirements vary significanly in their scope and strictness. What consitutes a "data breach" in one jurisdiction might not be reportable in another. And where one country might require breaches to be reported within a strictly designated period, another might require disclosure simply within a "reasonable" timeframe.

This session will explore the different approaches to creating a data breach reporting policy that helps minimise the risk of legal violations and protect individuals' data.

13:45
14:00
14:15
14:30

Beating Social Engineering: Successfully Securing the "Human Layer"
14:25 - 15:10

The "human layer" is a key vulnerability in every organisation's cyber security defences. Whether accidently or intentionally, a huge proportion of sucessful cyber attacks start begin with the actions of an insider.

This session will explore the best practices for securing the human layer and mitigating the risk of human error.

14:45
15:00
15:15

Towards a Cookie-Free Future
15:15 - 16:00

Third-party cookies are not dead yet, but Google has signed their death warrant.

How will advertisers and publishers adapt to the cookie-free future? We'll speak to the people seeking first-mover advantage in a new, more privacy-respecting advertising ecosystem.

15:30
15:45
16:00
16:15
16:30

Conversations that Matter - VIP Networking Agenda

Day 2: Thursday 17th November 2022

Scroll left/right to view

GMT Thursday 17th November 2022
09:00

Registration
09:00 - 10:00

09:15
09:30
09:45
10:00

Small Business - Juggling the Current Risks that Small Businesses are Facing
10:00 - 11:00

10:15
10:30
10:45
11:00

CRO Hour - How Chief Risk Officers can Prepare for the Unknown
11:00 - 12:00

11:15
11:30
11:45
12:00

Workplace Wellbeing - The Current Risk of the Cost of Living on Mental Health
12:00 - 13:00

12:15
12:30
12:45
13:00
13:15
13:30
13:45
14:00

ESG Hour -
14:00 - 15:00

14:15
14:30
14:45
15:00

DPO and CPOs - The Tension Between Security and Privacy
15:00 - 16:00

15:15
15:30
15:45
16:00


16:00 - 17:00

16:15
16:30
16:45
17:00