| GMT |
11 March 2026 |
| 8:45 |
Breaking the Silos: Creating a Shared Language Between Cyber, Risk and Compliance
8:45am - 9:30am
Despite facing overlapping threats, shared regulatory pressures, and interdependent responsibilities, many organisations still struggle with entrenched silos between cybersecurity, legal, risk, compliance, and operational teams. These divisions often stem from differing vocabulary, contrasting priorities, misaligned incentives, and organisational structures that inadvertently fragment accountability. Yet in an environment defined by AI-enabled attacks, expanding regulations, and complex supply chains, resilience depends on integration. This panel examines how organisations can build a shared language - and a shared mission - across functions that must increasingly operate as one.
Experts will explore the cultural, structural, and communication barriers that impede collaboration, from inconsistent risk taxonomies and incompatible reporting formats to competing interpretations of what “good” looks like. The discussion will highlight how organisations can develop converged metrics, harmonised controls, and unified dashboards that allow cyber, risk, and compliance teams to see the same picture at the same time. By shifting from output-driven reporting to outcome-oriented collaboration, panellists will show how to create alignment that both accelerates decision-making and reduces blind spots.
Attendees will also hear practical strategies for building resilience from the ground up: cross-functional tabletop exercises, joint incident simulations, integrated risk committees, and governance structures that eliminate ambiguity over responsibilities. The panel will cover how shared language improves regulatory posture, strengthens board engagement, and enables better prioritisation of resources - especially in complex environments where cyber events can quickly become legal, regulatory, operational, and reputational crises simultaneously.
Participants will walk away with actionable methods to dismantle silos, foster mutual understanding between technical and non-technical stakeholders, and embed a culture where cyber, risk, and compliance teams operate not as separate functions, but as a single, coherent defence.
Moderator
- Tim Buckley, Founder, Beyond the Lines™ | CEO, Integral Assurance
Panelist
|
| 9:00 |
| 9:30 |
Operational Resilience Beyond Compliance: Keeping Services Running When Systems Fail
9:30am - 10:15am
UK and EU financial institutions have spent years building operational resilience frameworks - mapping Important Business Services, setting impact tolerances and running increasingly sophisticated tests. Yet high-profile outages and cyber incidents continue to expose a hard truth: compliance with resilience regulation does not always translate into uninterrupted customer service. As digital complexity grows and dependency on shared technology providers deepens, traditional recovery and failover models are being stretched to breaking point.
This panel explores how BFSI firms are moving beyond regulatory checklists toward practical continuity-first resilience models. Panellists will examine emerging approaches such as service substitution, simplified stand-in platforms and customer-critical prioritisation, alongside UK operational resilience rules and the EU’s Digital Operational Resilience Act (DORA). Discussion will focus on how firms can reconcile regulatory expectations with customer intolerance for disruption - shifting resilience from a theoretical construct into a lived, testable operational reality.
Moderator
- Stephane Speich, Head of Business Continuity and Resilience Group Governance, UniCredit
Panelist
|
| 10:00 |
| 10:15 |
Security Convergence in 2026: Integrating Physical, Cyber & Operational Risk
10:15am - 11:00am
As hybrid work, cloud-first strategies and decentralised operations continue to reshape the threat landscape, organisations are rethinking how they identify and manage risk. Traditional silos between physical security, cybersecurity, operational technology and insider-threat teams are increasingly misaligned with the realities of modern threats, which often span digital and physical domains simultaneously. In response, security leaders are moving toward more unified, intelligence-led security models that provide a holistic view of organisational risk.
This panel will explore how organisations can practically converge physical, cyber, insider-threat and OT security functions to improve visibility, speed of response and overall resilience. Panellists will discuss governance models, shared data and tooling, cross-functional collaboration and the role of leadership in driving convergence. Attendees will gain insight into how integrated security strategies can better anticipate threats, reduce operational blind spots and support business continuity in an increasingly complex risk environment.
Moderator
Panelist
|
| 10:45 |
| 11:00 |
Provision 29 Unlocked: From Framework to Assurance
11:00am - 11:45am
As the corporate landscape evolves, the need for robust board accountability and effective leadership has never been more critical. This session will explore how Provision 29 encourages boards to balance skills and independence whilst fostering transparency and stakeholder engagement. In particular, we will delve into the importance of implementing material controls that ensure effective risk management and compliance within organisations. Discover the implications of this provision for corporate governance practices and learn how organisations can adapt to enhance their long-term success.
Moderator
Panelist
|
| 11:15 |
| 11:45 |
NIS2, DORA & UK/EU Operational Resilience: What “Good” Looks Like in 2026
11:45am - 12:30pm
As regulators across the UK and EU intensify their focus on operational resilience, organisations are entering a new era where demonstrating cyber readiness, third-party assurance, and crisis management maturity is no longer optional - it’s expected. With NIS2 and DORA reshaping the regulatory landscape, and UK supervisory bodies tightening expectations around impact tolerances, service continuity, and board accountability, businesses must now prove - not just claim - that their resilience capabilities are robust, evidence-backed, and sustainably embedded.
This session unpacks what “good” truly looks like in 2026. Panellists will explore how NIS2’s expanded scope, stricter penalties, and governance mandates intersect with DORA’s detailed ICT risk and incident management requirements, creating a unified regulatory direction of travel: more transparency, more testing, more documentation, and more accountability at the top. The discussion will highlight how organisations can use GRC-led approaches to operationalise these obligations - bringing structure, consistency, and cross-functional coordination to what can otherwise feel like a sprawling compliance burden.
Experts will break down how to build a defensible evidence base for regulators: from harmonised risk registers and continuous monitoring to scenario testing, board reporting packs, and third-party resilience assessments. They will examine the practical mechanics of aligning cyber risk with operational continuity, ensuring that security, risk, legal, and business functions share a coherent understanding of critical services, dependencies, tolerances, and response pathways.
The panel will also explore common pitfalls - such as fragmented ownership, incomplete supplier visibility, and incident reporting processes that fail under pressure - and provide actionable strategies for stitching together governance, technology, and operational practices into a unified resilience model. Attendees will leave with clarity on how to meet NIS2, DORA, and UK/EU expectations in a way that is not only compliant but also strengthens trust, decision-making, and long-term organisational performance.
Moderator
Panelists
|
| 12:00 |
| 12:30 |
AI-Driven Compliance: Maturity, Models & New Operating Realities
12:30pm - 1:15pm
As artificial intelligence transitions from pilot projects to embedded, business-critical systems, compliance functions are facing a fundamental shift in how they operate. Traditional, rules-based approaches are being challenged by adaptive models, automated decision-making and continuously learning systems that can change risk profiles in real time. This evolution is forcing organisations to rethink how compliance frameworks are designed, how policies are interpreted, and how assurance is maintained across increasingly complex AI-enabled processes.
This panel will examine what AI-driven compliance maturity looks like in practice, from establishing robust AI governance and accountability models to implementing effective AI-in-the-loop oversight. Panellists will explore validation, explainability, ongoing monitoring and the cultural and skills transformation required within compliance teams. Attendees will leave with a clearer understanding of how compliance functions can remain effective, credible and strategically relevant as AI reshapes operating models across the enterprise.
Moderator
- Jill S. Heinze, AI Trust Strategist & Founder, Saddle-Stitch Consulting
Panelist
- Catia Zuidema, Associate General Counsel & Senior Director, Head of Product Compliance, AI & Employment, Harness
- Peter Blazsik, AI Lead, Group Compliance, ING
- Ben Bradley, GRC Product Manager - UK, Resolver
- Vida Ahmadi, Ph.D., Data & AI Governance Officer, Electrolux Group
- Reuven Aronashvili, Founder & CEO, CYE
|
| 1:00 |
| 1:15 |
Quantum Threats Today: Preparing for a Post-Quantum World
1:15pm - 2:00pm
While large-scale, fault-tolerant quantum computers may still be some way off, the risks they pose to today’s cryptography are already very real. “Harvest now, decrypt later” attacks mean that sensitive data intercepted today could be compromised in the future once quantum capabilities mature - creating long-tail risks for financial services, government, critical infrastructure and any organisation with long data-retention requirements. This panel will set the scene by separating hype from reality, outlining where quantum progress genuinely threatens existing public-key cryptography, and explaining why boards and security leaders can no longer treat post-quantum security as a future problem.
The discussion will focus on the practical steps organisations should be taking now to build quantum resilience. Panellists will explore how to inventory cryptographic assets across complex estates, embed crypto-agility into systems and architectures, and plan phased migrations to post-quantum cryptography (PQC) without disrupting operations. Drawing on real-world examples, the session will also examine regulatory expectations, standards development and how to align quantum-readiness with wider resilience, cloud and zero-trust strategies - ensuring organisations are not just compliant, but genuinely prepared for a post-quantum world.
Moderator
- Slawomir Soszynski, CEO, Ailleron Group
Panelist
- Steven O'Sullivan, Chief Digital Officer and PQC Lead-Emerging Technology Quantum and AI Security, Various Companies
- Simon Robinson, Chief Strategy Officer, EarlyBirds
- Xenia Bogomolec, Founder & CEO at Quant-X Security & Coding GmbH
- Joe Ghalbouni, Founder and President at Ghalbouni Consulting & Head Of Risk at Quantum Strategy Institute
|
| 1:45 |
| 2:00 |
AML, Fraud & Financial Crime: Rebuilding Trust Through Technology and Traceability
2:00pm - 2:45pm
As regulators, customers and counterparties demand greater transparency and accountability, financial institutions are under increasing pressure to demonstrate that their AML and financial crime controls are not only effective, but provable. Supervisors now expect clear traceability across decision-making, robust audit trails, and explainable outcomes - particularly as automation and AI are embedded deeper into transaction monitoring and customer risk assessments. This panel will examine how expectations around explainability, data lineage and model governance are reshaping AML and fraud programmes, and why “black box” approaches are no longer acceptable in a highly scrutinised environment.
The discussion will focus on how technology can rebuild trust while improving detection and efficiency. Panellists will explore the use of synthetic data to safely test and train models, automated regulatory reporting to reduce manual burden and error, and real-time surveillance capabilities that enable earlier intervention and faster response. The session will also address how firms can integrate these tools into existing operating models, balance innovation with compliance, and demonstrate measurable outcomes to regulators - turning AML and financial crime functions into transparent, resilient and intelligence-led capabilities rather than cost centres.
Moderator
Panelist
- Pallavi P Kapale, Senior Financial Crime Officer (2LOD) - Financial Intelligence Unit (FIU), Bank of China
- Stefano Barone, Independent Consultant AML/CTF
- Markus E. Schulz, CTO, K2 Integrity & co-chair GCFFC Technology Group, Global Coalition to Fight Financial Crime
|
| 2:30 |
| 2:45 |
The Human Risk Majority: Why 85% of Breaches Start Inside the Organisation
2:45pm - 3:30pm
Across the UK and Europe, insider risk has emerged as one of the most persistent and complex challenges facing organisations, with the majority of security incidents now linked to human behaviour rather than pure technology failure. Hybrid and remote working models, increased workforce mobility, supply-chain interdependence and ongoing geopolitical and economic uncertainty have all expanded the insider threat landscape - from accidental data exposure and policy violations to credential misuse and malicious activity. At the same time, heightened regulatory scrutiny under UK and EU data protection, resilience and cyber frameworks means that human-driven failures can rapidly escalate into regulatory enforcement, financial penalties and lasting reputational damage.
This panel will explore how UK and EU organisations can address the “85% problem” by rethinking insider risk through the lens of people, culture and system design. Panellists will discuss how behaviour analytics, identity and access intelligence, and contextual monitoring can be deployed in a proportionate, privacy-aware way, aligned with European expectations around transparency and employee rights. The discussion will also examine the role of training, leadership accountability and secure-by-design processes in reducing reliance on perfect human behaviour. Attendees will gain practical insight into building insider risk programmes that balance security, compliance and workforce trust - shifting from reactive incident response to proactive risk reduction in the modern UK and European enterprise.
Moderator
Panelist
- Kam Karaji, Director Cybersecurity & Risk Management, National Football League (NFL)
- Oluwasolape Akinde, Global Cybersecurity & Digital Trust Leader | AI, Privacy, Resilience & IT GRC
|
| 3:00 |
| 3:30 |
The Dark Corners of the Supply Chain: Managing Risk Beyond Direct Vendors
3:30pm - 4:15pm
As organisations become increasingly dependent on complex, interconnected supply chains, risk is no longer confined to direct vendors alone. Fourth- and fifth-party dependencies - often invisible to procurement, risk and security teams - can introduce significant operational, cyber and regulatory exposure, with failures in one corner of the ecosystem capable of triggering widespread disruption. High-profile outages, cyber incidents and geopolitical shocks have pushed sub-tier risk firmly onto the board agenda, forcing leaders to confront how little visibility they often have beyond their immediate suppliers and how quickly “inherited risk” can propagate across the enterprise.
This panel will explore how leading organisations are lifting the lid on these dark corners of the supply chain. Panellists will discuss practical approaches to mapping sub-tier dependencies, prioritising critical suppliers and services, and integrating third-, fourth- and fifth-party risk into existing governance frameworks. The session will also examine how to build effective cross-functional escalation and response models - bringing together procurement, technology, risk, legal and business teams - to identify early warning signals and prevent cascading failure. Attendees will leave with actionable insight into moving from static supplier assessments to continuous, intelligence-led supply chain risk management.
Moderator
Panelist
|
| 4:00 |
| 4:15 |
Whose AI Is It Anyway? Sovereignty, Culture and Compliance in AI Governance
4:15pm - 5:00pm
AI sovereignty is not just about infrastructure and data location - it is about alignment with local laws, societal expectations and organisational values. As governments across the UK and EU articulate clearer expectations around trustworthy AI, organisations are under pressure to ensure their AI systems reflect domestic legal frameworks, ethical standards and cultural norms. This panel will explore how sovereignty intersects with governance, accountability and public trust.
The conversation will focus on how organisations can embed these expectations into AI governance frameworks, from procurement and development through to deployment and oversight. Panellists will discuss the role of GRC teams in translating national policy into operational controls, managing cross-border AI risk, and ensuring that sovereign AI strategies remain aligned with corporate ethics and regulatory commitments. Attendees will leave with a clearer view of how AI sovereignty supports long-term legitimacy, not just compliance.
Moderator
Panelist
- Anupama Hatti, Head of Programme Delivery (Digital, Data and Technology Services) at NHS Blood and Transplant
- Nicola Cain, CEO & Principal Consultant, Handley Gill Limited
- Marc Pharoah, Doctor of Business Administration (DBA) — Risk Culture, AI Governance & Org. Resilience at Swiss School of Business and Management
- Renato Leite, VP - Privacy and Data Protection @ e&. Former Global Head of Privacy @ X / Twitter
|
| 4:45 |
| 5:00 |
The Return of Power Politics: What Global Flashpoints Mean for Enterprise Risk
5:00 - 5:45pm
Geopolitical risk has entered a new and more volatile phase, where great-power competition, contested sovereignty and domestic politics increasingly spill across borders and into global markets. From intervention and instability in Venezuela, to ongoing war in Ukraine, rising tensions around Taiwan, and renewed debates over influence and control in Greenland and Canada, the assumptions that once underpinned global stability are being challenged. International law, alliances and economic interdependence are no longer reliable shock absorbers, creating a more unpredictable operating environment for businesses worldwide.
This panel will examine how these geopolitical shifts translate into concrete risks for organisations, including energy price volatility, supply chain disruption, sanctions exposure, regulatory fragmentation, cyber escalation and reputational risk. Panellists will explore how companies can move beyond reactive scenario planning toward more strategic geopolitical risk management - integrating political intelligence into enterprise risk frameworks, investment decisions and long-term strategy. Attendees will gain insight into how to build resilience in a world where geopolitics is no longer a background concern, but a defining force shaping business outcomes.
Moderator
Panelist
- Sacha Deshmukh, Former CEO, Amnesty International UK, Expert Consultant and N.E.D., Mantri Advisory Limited
- Audun Kolstad Wiig, Subject Matter Expert Geopolitical Risk, DNB
- Andrew Morkot, Principal Managed Services Consultant, Professional Services, Riskonnect
|
| 5:15 |
