The modern risk landscape is no longer defined by clear boundaries. A cyber threat is a compliance crisis, an AI deployment is an ethical dilemma, and a supply chain disruption is a financial event. In this new reality, a siloed approach to knowledge is a strategy for failure.
That is why the #RISK Europe agenda has been designed with one core principle: integration.
We have moved beyond traditional conference tracks to create a holistic, two-day learning experience. This agenda is your guide to understanding the macro forces shaping our world and the practical, industry-specific strategies needed to navigate them. It is built to foster the cross-functional conversations that turn risk into resilience and strategy into a competitive advantage.
View the Agenda
| GMT | Wednesday 12 November 2025 |
|---|---|
| 07:30 | 07:30 AM > Exhibitors Access |
| 09:00 | |
| 09:00 | 09:00 AM > Registration |
| 09:55 | |
| 10:00 | 10:00 AM > AI, Privacy and Power: Is the GDPR Fit for an AI Future? With AI systems processing vast amounts of personal data, is the current GDPR framework still sufficient, or does it need a reboot? Moderator
Panelist
|
| 10:40 | |
| 10:50 | 10:50 AM > The Perfect Storm: 2027 and the Global Polycrisis Risk The year 2027 is increasingly seen as a potential inflection point in global politics, security, and economics. This prospective shock could be the 'perfect storm' of geopolitical risk, driven by a convergence of great power rivalries, national-level political instability, economic fragility, and thematic risk accelerators. During this session, Sibylline's founder and CEO, Justin Crump will delve into the current trajectories and risk indicators, examine the drivers, possible scenarios, and discuss mitigation strategies business can consider. Speaker
|
| 11:20 | |
| 11:30 | 11:30 AM > The 'Product Launch' Approach to Governance: Why Business Skills are the New Superpower in Data and AI Compliance |
| 12:00 | |
| 12:05 | 12:05 PM > “BritCard or Big Brother? The UK’s Digital ID Dilemma” The UK Government’s plan to roll out a national digital ID — the so-called “BritCard” — by the end of this Parliament has reignited one of the country’s most polarising debates. Ministers argue it will streamline access to public services, cut fraud, and curb illegal migration. Supporters see it as the missing link for modern, tech-enabled governance and smarter digital services. Critics, however, warn of mass surveillance, privacy erosion, cybersecurity risks, and exclusion for vulnerable groups. With more than two million citizens signing a petition against the scheme, and even potential contractors like Palantir refusing to participate, the question remains: can digital ID be implemented in a way that builds trust rather than fear? This session brings together voices from government, technology, privacy advocacy, and digital innovation to debate whether BritCard represents progress or overreach — and what a truly trusted identity system should look like in the UK. Moderator
Panelist
|
| 12:55 | |
| 12:55 | 12:55 PM > KEYNOTE: From Risk Registers to Real Readiness: Building Crisis Leadership that Works Under Pressure What distinguishes organisations that respond well when a real crisis hits - the kind that’s fast, messy and deeply public? This year’s events have served as reminders of the fragility of established, highly trusted organisations – from international airports to national retailers – to major disruption. System failures and their handling can hinder the ability to continue operations and undermine trust of stakeholders including customers, employees, suppliers, governments and regulators, leading to financial losses, public scrutiny and a decline in brand reputation in a matter of days. Crisis doesn’t arrive neatly - it disrupts leadership, exposes assumptions, and accelerates organisational risk. The businesses that respond best are those that have trained for the real thing, and can respond in the moment, dynamically, not just written plans for if they may need to do so. Andy and Claire will show that real resilience is a capability that can be taught, drilled and deployed. They will present an approach that draws on decision-making models developed in high-risk environments (incl. military, emergency services, aviation), which are designed to force clarity, coordination and accountability under pressure, providing leaders with a logic for action when information is incomplete, time is limited, and consequences are long- term. This session will explore:
Keynote Speakers
|
| 13:35 | |
| 13:45 | 13:45 PM > Financial Crime Risk: From Crypto Laundering to AI-Driven Fraud The threats are faster and smarter. How can you build fraud detection and anti-money laundering frameworks that keep up? Moderator
Panelists
|
| 14:25 | |
| 14:35 | 14:35 PM > From Guardrails to Growth: How AI Governance and AI Technology Unlocks a Risk-Enabled Workforce As AI reshapes the financial and corporate landscape, senior risk professionals face a new frontier: harnessing its power responsibly while ensuring organisational readiness under the EU AI Act. The future of effective risk management won’t be defined by who adopts AI first, but by who governs it best — and who empowers their people to use it confidently. In this session, Gary, Managing Director EMEA at Protecht, explores how a governance-first approach, underpinned by AI technology, can transform every employee into an active participant in managing risk. Attendees will discover how combining robust AI guardrails with tools like Protecht’s Cognita enables safer, smarter, and faster decision-making across all levels of the organisation. Gary will share practical insights into operationalising the EU AI Act, embedding AI into GRC frameworks, and creating a culture where AI becomes a trusted virtual partner — not a compliance threat. This is the roadmap for turning governance into growth and automation into empowerment. By the end of the session, CROs and Heads of Operational Risk will:
Speaker
|
| 15:05 | |
| 15:15 | 15:15 PM > Risk in a Converging World: Where Cyber, Privacy, and FinCrime Collide How organisations can break down silos and manage intersecting risks across data, digital threats, and illicit finance. Moderator
Panelist
|
| 16:00 | |
| 16:10 | 16:10 PM > Preparing for Provision 29: From Policy to Proof By January 2026, UK-listed boards must make an explicit annual declaration on the effectiveness of their internal controls under Provision 29 of the revised Corporate Governance Code. More than a box-ticking exercise, this represents a governance tipping point—shifting the focus from whether controls exist to whether they actually work, are monitored effectively, and backed by credible evidence. This presentation explores how to move from policy to proof. Stefan will examine the “dress rehearsal year” of 2025, how to define and prioritise material controls, map them to enterprise risks, and build structured assurance plans. Stefan will also consider how boards can avoid information overload by distilling reporting into a clear “approach on a page” view. Speaker
|
| 16:55 | |
| 17:00 | 17:00 PM > Show Close |
View the Agenda
| GMT | Wednesday 12 November 2025 |
|---|---|
| 07:30 | 07:30 AM > Exhibitors Access |
| 09:00 | |
| 09:00 | 09:00 AM > Registration |
| 9:55 | |
| 10:00 | 10:00 AM > Beyond Compliance: Building GRC into Business DNA How forward-thinking organisations are using GRC as a value driver, not a checkbox exercise. Moderator
Panelist
|
| 10:45 | |
| 10:55 | 10:55 AM > The Future of GRC in Europe: Adapting to a Fragmented Regulatory Landscape Navigating national vs EU-wide requirements across industries, especially in light of evolving digital and ESG rules. Moderator
Panelist
|
| 11:40 | |
| 11:50 | 11:50 AM > From Compliance to Confidence: How AI Is Redefining Resilience Across Modern Frameworks As new regulations and frameworks emerge—DORA, NIS2, and beyond—organizations across industries are under pressure to not only comply, but to continuously prove their resilience. Traditional approaches to risk and compliance are being outpaced by the velocity of digital threats and regulatory change. In this session, we’ll explore how AI is transforming the way organizations achieve resilience, from automating evidence collection and real-time control testing to enabling continuous assurance across cyber, risk, and compliance functions. You’ll gain practical insights into how to operationalize evolving regulatory requirements with confidence, agility, and reduced cost, while preparing your organization for what’s next. Attendees will walk away with: A clear understanding of key resilience expectations across emerging frameworks like DORA, NIS2, and others Real-world examples of how AI can improve testing, incident response, and resilience monitoring A vision for turning compliance into a competitive advantage through automation Speaker
|
| 12:25 | |
| 12:35 | 12:35 PM > The Hidden Risk: Building Psychological Safety and Managing the Workplace Wellbeing Time Bomb Why psychological safety is becoming a core business risk — and how leaders can respond to stress, burnout and disengagement are no longer “HR issues” — they are core organisational risks. This webinar brings together leaders in culture, safety, and wellbeing to explore how psychological safety and proactive wellbeing management can reduce incidents, improve performance, and protect organisations from reputational and financial harm. We’ll discuss:
If you lead people, influence culture, or are responsible for risk, safety, performance, or wellbeing, this session will help you rethink your approach — before the costs become visible. Moderator
Panelist
|
| 13:20 | |
| 13:30 | 13:30 PM > Risk Appetite Reset: Aligning Culture, Conduct, and Controls In an era defined by volatility — from economic uncertainty and geopolitical fragmentation to the accelerating pace of digital transformation — traditional approaches to risk appetite are being tested like never before. Organisations can no longer rely on static thresholds or outdated risk frameworks. Instead, they must continuously recalibrate how much risk they are prepared to take, where that risk is concentrated, and whether their culture and conduct truly reflect their stated appetite. This session explores how boards, CROs and compliance leaders can reframe risk appetite as a living, strategic tool — one that drives better decision-making, transparency, and resilience. Panellists will discuss practical strategies for translating risk appetite into measurable business behaviour, embedding it into governance frameworks, and using data and scenario planning to anticipate shifts in external and internal conditions. The conversation will also address how to communicate evolving risk appetite across the enterprise, ensuring alignment between leadership intent, regulatory expectations, and on-the-ground conduct. Moderator
Panelist
|
| 14:15 | |
| 14:25 | 14:25 PM > Fireside Chat: Risk Is Our Business – Emma Price & Michael Rasmussen Join Michael Rasmussen as he welcomes Emma Price, a UK Enterprise Risk Management Expert, for a dynamic fireside chat on the past, present, and future of enterprise risk management. Together they’ll trace the evolution of the field—from its early days focused on business continuity and disaster recovery, to today’s broader emphasis on resilience. Emma will share why reframing “risk” as “resilience” resonates more strongly with boards, and how that language shift helps unify disciplines that too often operate in silos. The conversation will tackle common pitfalls in risk programs, including fragmented operations, lack of interconnected thinking, and compliance posturing in place of true strategy. Looking outward, Emma and Michael will discuss the critical role of third-party risk management, the influence of geopolitical and regulatory turbulence, and the key drivers shaping UK risk agendas. They’ll also explore the future of ERM: from strategic alignment and enabling technology to the growing importance of managed services. This session is a chart for risk leaders seeking to navigate complexity with perspective and purpose—reminding us that effective risk management isn’t about orbiting checklists, but steering toward resilience, integration, and forward-looking strategy at speed. Speakers
|
| 15:05 | |
| 15:15 | 15:15 PM > Riding the Sustainability Tidal Wave Despite a fluctuating regulatory landscape, sustainability reporting is a strategic imperative as organisations contiinue to embed ambitious sustainability objectives into their core strategy. The recent limited assurance cycles on initial CSRD reports underscore a critical need for robust Governance, Risk, and Compliance (GRC) architecture to help deliver those objectives and to guarantee trusted disclosures. This session will explore the essential role of corporate governance in steering strategic direction and accountability, alongside the design and implementation of strong internal controls over sustainability data and the importance of integrating integrating technology to enhance internal and external assurance, manage risks effectively, and ensure the entire sustainability program delivers the desired business and societal outcome Speaker
|
| 15:50 | |
| 16:00 | 16:00 PM > Modern GRC: Your Secret Weapon to Drive Revenue The risk and compliance landscape is evolving faster than ever — new regulations, rising audit complexity, and data silos are pushing teams to their limits. Join Martin Davies and Jack Barrett as they unpack what’s really driving change across the GRC ecosystem and how leading organisations are embracing automation to transform compliance from a reactive burden into a strategic business and revenue advantage.In this power session, Drata reveals how automated platform delivers real-time visibility, simplifies audits, and builds lasting trust — backed by customer success stories that prove the impact. Walk away ready to modernise your GRC strategy and see automation in action. Speakers
|
| 16:45 | |
| 17:00 | 17:00 PM > Show Close |
View the Agenda
| GMT | Wednesday 12 November 2025 |
|---|---|
| 07:30 | 07:30 AM > Exhibitors Access |
| 09:00 | |
| 09:00 | 09:00 AM > Registration |
| 9:55 | |
| 10:00 | 10:00 AM > AI Governance Starts Here: Risk, Ethics and Accountability in Practice Moving beyond frameworks to operational AI governance, and avoiding reputational disaster. Moderator
Panelist
|
| 10:45 | |
| 10:55 | 10:55 AM > Right-Sized Risk: Building GRC for the Mid-Market SMEs face the same regulatory, cyber, and third-party risks as large enterprises, but often without the budgets or teams to match. This session explores practical, scalable governance and risk strategies for growing organisations. From choosing the right tools to building a risk-aware culture, we’ll unpack how mid-market firms can embed resilience without breaking the bank. Moderator
Panelist
|
| 11:40 | |
| 11:50 | 11:50 AM > End GRC Tech Debt: From Sprawl to Speed in 90 Days Most GRC programs are weighed down by tech debt: scattered tools, rigid suites, brittle customizations, and manual reporting. The result is slow change, rising costs, and weak resilience. In this session, CLDigital CEO Tejas Katwala presents a practical path to end GRC tech debt by replacing fragmented stacks with a connected operating model for risk, resilience, and compliance. We show how to measure tech debt, connect everything with one shared data model, and use automation with continuous assurance to cut complexity and deliver live board ready evidence. For leadership, this means faster decisions, lower costs, and greater confidence that resilience and compliance are real. The session closes with a 90-day consolidation blueprint that retires overlapping tools, reduces reporting effort, and accelerates change without creating another silo. Speaker
|
| 12:20 | |
| 12:30 | 12:30 PM > GRC and the Data Dilemma: Managing Quality, Lineage and Stewardship In an era of exploding data volumes and regulatory scrutiny, organisations must ensure their information is trustworthy, traceable and accountable. This session dives into how GRC professionals can safeguard data integrity through clear lineage, quality controls and well-defined stewardship — turning a pervasive risk into a competitive differentiator. Moderator
Panelist
|
| 13:15 | |
| 13:25 | 13:25 PM > Spreadsheets to Software: Advancing Risk Management with AI-Powered GRC Software Speakers
|
| 14:00 | |
| 14:10 | 14:10 PM > AI Agents: Revolutionising Risk Management Speaker
|
| 14:45 | |
| 14:55 | 14:55 PM > Ethics at the Edge: Tackling Bias in Automated Decision-Making From recruitment algorithms to credit scoring and legal tech, AI is making life-changing decisions, but who’s accountable when it gets it wrong? As regulators push back on controversial use cases like emotion recognition AI, this session explores emerging governance models to manage ethical risk, ensure fairness, and prevent reputational fallout as automation takes centre stage. Moderator
Panelist
|
| 15:40 | |
| 15:50 | 15:50 PM > Deepfakes, Data, and Damage Control: How to Survive an AI Crisis The next corporate crisis won’t come from a data breach — it’ll come from your own AI. Whether it’s a deepfake that goes viral, an algorithmic decision that discriminates, or a chatbot that misfires in public, AI-driven disruptions are no longer science fiction — they’re operational reality. The organisations that survive will be those that can combine crisis discipline, transparent communication, and ethical AI governance at speed. This session brings together leading voices in crisis communications, AI ethics, and risk management to explore what “AI crisis readiness” really looks like. Panellists will dissect recent examples of AI-related crises, from misinformation and model bias to synthetic media scandals, and offer practical frameworks for rapid response, stakeholder communication, and trust recovery. Moderator
Panelist
|
| 16:50 | |
| 16:50 | 16:50 PM > KEYNOTE: Why a Public Inquiry into NHS Cyber Security and Patient Safety is Overdue The Synnovis ransomware attack exposed something far deeper than a single point of failure — it revealed a system unprepared for the next wave of digital crisis. In a world where hospital networks are now frontlines, not back offices, cyberattacks on the NHS are no longer IT incidents — they’re public safety emergencies. Yet, despite the mounting evidence of risk, government has still not initiated a public inquiry. In this provocative keynote, our speaker will make the case for why that silence must end. Drawing on lessons from recent breaches, he will challenge political complacency and bureaucratic inertia, arguing that only a full public inquiry can expose the systemic weaknesses putting patient lives at risk. The session will ask hard questions: Why are we still unprepared after WannaCry and Synnovis? What would accountability look like in a digital health system built on fragile trust? And how do we prevent the first cyber-induced mass casualty event before it’s too late? This is not just a call for better cybersecurity — it’s a demand for national reckoning. Speaker
|
| 17:20 | |
| 17:20 | 17:15 PM > Show Close |
View the Agenda
| GMT | Wednesday 12 November 2025 |
|---|---|
| 07:30 | 07:30 AM > Exhibitors Access |
| 09:00 | |
| 09:00 | 09:00 AM > Registration |
| 9:55 | |
| 10:00 | 10:00 AM > Navigating NIS2: Turning Compliance into Cyber Resilience The EU’s NIS2 Directive represents a step change in Europe’s approach to cybersecurity governance - broadening sectoral scope, tightening reporting timelines, and introducing personal accountability for management. But as compliance deadlines approach, organisations are finding that tick-box exercises won’t cut it. The real opportunity lies in embedding NIS2 principles into a culture of proactive, risk-based resilience - one that integrates cyber governance into enterprise-wide decision-making, supply-chain risk management, and business continuity planning. This session examines how regulated entities across sectors are interpreting NIS2, from defining “essential and important” services to managing third-party dependencies and achieving alignment with ISO 27001, DORA, and other frameworks. Panellists will discuss how to translate obligations into operational strength, turning regulatory pressure into a catalyst for better oversight, faster incident response, and stronger collaboration between compliance, IT, and the boardroom. Moderator
Panelist
|
| 10:35 | |
| 10:35 | 10:35 AM > Cyber Risk is Business Risk: Embedding Cyber into Enterprise Risk Management Boards increasingly demand cyber fluency. Here’s how CISOs and risk leaders can align their priorities and language. Moderator
Panelist
|
| 11:10 | |
| 11:10 | 11:10 AM > When AI Ships Fast, Can GRC Keep Up? Reflections from Software Development on Aligning Governance, Risk Management and Compliance (GRC) with Agility and Pace AI has transformed the speed and scale of software development — models ship faster and automation accelerates delivery. But GRC haven’t evolved at the same pace. This session takes a bottom-up view from the world of software engineering to explore how governance can become as adaptive, iterative, and data-driven as the systems it seeks to control. Drawing on lessons from agile development, DevSecOps, and AI lifecycle management, we’ll discuss practical ways to embed governance and risk management in flow, not friction — enabling organizations to manage risks, while staying competitive in an AI-driven world. Speakers
|
| 11:40 | |
| 11:50 | 11:50 AM > Navigating the RegTech Boom: What’s Working, What’s Just Buzz? The RegTech market has exploded in recent years, promising to transform how organisations manage compliance, risk, and reporting. Yet not every solution delivers on its hype. This session brings together financial institutions, regulators, and technology innovators to separate substance from spin. Where are RegTech tools truly improving oversight, efficiency, and resilience—and where are they adding complexity or cost? Panellists will explore adoption trends, integration challenges, and lessons from real-world deployments to identify what’s genuinely driving value in the next generation of regulatory technology. Where are RegTech tools truly improving oversight, efficiency, and resilience—and where are they adding complexity or cost? Panellists will explore adoption trends, integration challenges, and lessons from real-world deployments to identify what’s genuinely driving value in the next generation of regulatory technology. Moderator
Panelist
|
| 12:30 | |
| 12:40 | 12:40 PM > KEYNOTE: The Ethical Fork in the Road Facing Gen Z: How Can We Inspire Gen Z to Become Ethical Hackers in Modern Workplaces? With $10.5 trillion projected to be lost to cybercrime in 2025, and 69% of European teens having committed a cybercrime/cyber misdemeanor, we’re facing a generational crisis. The Hacking Games seeks to inspire, educate, and empower young people to become defenders rather than attackers. This session discusses the societal, technological, and law enforcement challenges surrounding youth cybercrime and what we can do to address them. Speaker
|
| 13:25 | |
| 13:30 | 13:30 PM > KEYNOTE: Ctrl+Alt+Chaos: How Teenage Hackers Hijack The Internet M&S, Co-op, JLR and many other hacks this year are being blamed not on foreign cyber crime gangs but English-speaking teenagers. Groups like Lapsus and Scattered Spider have rewritten the rules. The innocence is gone. Teenage hacking has rapidly evolved from youthful curiosity to a calculated, monetised threat. Whether it's the lure of easy money, the promise of digital celebrity, or targeted recruitment by organised crime, this generation of attackers is skipping the learning phase and going straight to serious criminal activity. Join Joe Tidy as he uncovers the social and economic drivers behind this dangerous escalation, mapping the common pipeline that converts a gaming enthusiast into a sophisticated, costly cybercriminal. Speaker
|
| 14:10 | |
| 14:15 | 14:15 PM > Incident Response Under Scrutiny: What Regulators Expect After a Breach What a compliant, well-governed breach response looks like in 2025, from playbooks to post-incident reviews. Moderator
Panelist
|
| 14:55 | |
| 15:05 | 15:05 PM > Aligning Business Strategy with Cyber Risk Management Effective cybersecurity isn’t just about IT—it’s about business. This panel examines approaches to integrate risk management into strategic planning, ensuring that cybersecurity efforts directly support organisational goals. Moderator
Panelist
|
| 15:45 | |
| 15:55 | 15:55 PM > The Importance of Threat-Led Penetration Testing (TLPT) in an Era of High-Stakes Breaches, AI, and Regulatory Convergence "Trust but verify" is no longer just a regulatory mantra, it’s fast becoming a baseline expectation. Compliance frameworks like ISO 27001 or NIST CSF lay the foundations for good security, but paper assurance is not proof. Only by testing your controls under realistic, threat-led conditions can you expose the weaknesses hiding in people, process, and technology. Frameworks such as CBEST, STAR-FS, TIBER (DORA), i-CRT, AASE, and iCAST are now shaping the way cyber resilience is measured – moving the focus from "protect at all costs" to testing an organisation’s ability to detect, respond, and recover. In a world where breaches move at machine speed and AI is weaponised, TLPT is not a luxury; it’s the proving ground for survival. Speakers
|
| 16:25 | |
| 16:35 | 16:35 PM > Keynote: Risks and Security in the Age of AI In Risks and Security in the Age of AI, this keynote takes a forward-looking view of cyber risk over the next 3–5 years, drawing lessons from the early days of cloud adoption to highlight how similar missteps are being repeated with AI. Using a creative Back to the Future theme, the talk explores emerging challenges across quantum computing, artificial intelligence, and shifting regulatory frameworks — offering a thought-provoking perspective on how organizations can better prepare for the next wave of technological change. Speaker
|
| 17:15 | |
| 17:15 | 17:00 PM > Show Close |
View the Agenda
| GMT | Wednesday 12 November 2025 |
|---|---|
| 07:30 | 07:30 AM > Exhibitors Access |
| 09:00 | |
| 09:00 | 09:00 AM > Registration |
| 10:45 | |
| 10:45 | 10:45 AM > Readinow: Meet Your GRC AI Agents Speaker
|
| 11:30 | |
| 11:30 | 11:30 AM > Operational Resilience in Action: Real-Time Visibility, Whatever the Disruption See how real-time visibility strengthens operational resilience. Join a live demo of Decision Focus’ Operational Resilience module and discover how to anticipate, adapt, and respond faster — maintaining delivery of critical services, whatever the disruption. Speaker
|
| 12:00 | |
| 12:00 | 12:00 PM > Beyond Spreadsheets: A Practical Guide to Modernising Risk Management A step-by-step look at how Protecht helps teams take that first step to systems maturity and easily move from fragmented spreadsheets to integrated, automated risk visibility Speaker
|
| 12:30 | |
| 12:30 | 12:30 PM > Workiva: The Brain-Tech Barrier - How to Discover the Known Unknown Speaker
|
| 13:30 | |
| 13:30 | 13:30 PM > 3rd Risk: Beyond the Buzz: Making AI Practical in Third‑Party Risk Management Risk teams are told AI will transform compliance and vendor risk, yet most are still buried in spreadsheets, document chases, and one-off questionnaires. In our work with procurement, compliance and risk teams across various sectors, we’ve seen how AI only delivers real value when it’s applied with context, data privacy, and operational clarity. In this session, we will go beyond buzzworthy AI and show what “practical AI” actually looks like in third-party risk and how it’s already helping teams reduce manual work, improve decision-making, and keep up with regulations like DORA, NIS2 and the AI Act. You’ll learn:
What we’ve built at 3rdRisk to make this practical, such as:
Speakers
|
| 14:00 | |
| 14:00 | 14:00 PM > Discover Hyperproof: An Overview of Hyperproof’s AI-Powered Platform Join Hyperproof’s demo session where we’ll explore how the platform empowers your team to streamline compliance operations, mitigate risks, and build trust with customers and stakeholders, with AI embedded across every workflow. This engaging session will dive into key product areas like Hyperproof’s controls module, risk module, and reporting, showcasing how Hyperproof AI provides a continuous, proactive assurance GRC engine built on intelligence and tailored to your business needs. Attendees will gain a comprehensive understanding of how the Hyperproof platform can increase compliance productivity, improve stakeholder visibility, and reduce time spent on manual processes like evidence collection and audit prep. Speaker
|
| 14:30 | |
| 14:45 | 14:45 PM > Unifying your view of GRC – Managing Integrated Risk with SAI360 Speakers
|
| 15:00 | |
| 17:00 | 17:00 PM > Show Close |
View the Agenda
| GMT | Thursday 13 November 2025 |
|---|---|
| 07:30 | 07:30 AM > Exhibitors Access |
| 09:00 | |
| 09:00 | 09:00 AM > Registration |
| 9:55 | |
| 10:00 | 10:00 AM > Digital Trust and Information Governance in the NHS: Safeguarding Integrity in a Data-Driven Health System From workforce shortages to patient safety, this session examines the top risks healthcare providers face and how governance models are evolving to manage them effectively, particularly with increased digitalisation and AI in clinical settings. Moderator
Panelist
|
| 10:45 | |
| 10:55 | 10:55 AM > Beyond the Boundary of the Organisation: Strategies for a Resilient Supply Chain Global disruption, cyber threats, and geopolitical instability have pushed supply chain resilience to the top of every risk leader’s agenda. This panel explores how organisations can move beyond traditional, inward-looking risk management to build end-to-end visibility and agility across complex supplier ecosystems. From mapping critical dependencies and managing third-party cyber risk to fostering trust, transparency, and sustainability, our experts will discuss how to strengthen supply chain resilience in an era of constant uncertainty. Moderator
Panelists
|
| 11:40 | |
| 11:50 | 11:50 AM > Geopolitics - an Emerging Risk Frontier Growing geopolitical instability increasingly affects businesses in a widening range of ways, but risk governance and management approaches in many firms have not evolved to deal with this. In this session, Derek Leatherdale will explore the challenges risk teams face on this agenda, what better approaches entail and offer insights into how risk & resilience leaders in other firms are reinforcing their strategic influence by driving work on geopolitical issues Speaker
|
| 12:30 | |
| 12:40 | 12:40 PM > Shockwaves: The Many Faces of Risk from a Trump Presidency — From Deregulation to Disinformation Donald Trump’s return to power is not a single-issue shock - it’s a compound risk event touching trade, finance, public health, climate, human rights and the very institutions that enforce rules. Beyond headline tariffs, rapid deregulatory moves and weakened enforcement can leave markets, consumers and vulnerable populations exposed; rollbacks in environmental and public-health safeguards threaten cross-border cooperation and long-term resilience; and shifts in foreign policy and sanctions posture can destabilise alliances and supply chains. Recent trends - from falling regulatory enforcement to reported retrenchment in anti-trafficking efforts - show how policy choices cascade into economic, social and geopolitical harm. This session will trace those interconnected risks and ask the hard questions: how do businesses, regulators and civil society defend against rapid policy drift and political unpredictability? We’ll examine practical scenarios — market shocks from trade measures, regulatory vacuums in finance and healthcare, erosion of anti-trafficking programmes, and the spread of misinformation that undermines public trust - and surface tools for resilience, from contingency planning and cross-border cooperation to legal remedies and reputational risk management. Expect frank debate about what Europe must do now to hedge, respond and hold partners to account. Moderator
Panelist
|
| 13:25 | |
| 13:35 | 13:35 PM > KEYNOTE: App Store Origins: Anti-Fraud from Music Rights to Digital Identity In this keynote, Jesse Tayler — inventor of the App Store and founder of TruAnon — traces the evolution of digital trust, from protecting app and music rights in the early internet to today’s challenges in identity and fraud prevention. Drawing on decades at the intersection of technology, security, and innovation, Jesse connects the dots between consumer tech, anti-fraud principles, and the frameworks that now protect our data, users, and systems. Speaker
|
| 14:15 | |
| 14:25 | 14:25 PM > Reputation Risk and Governance in the Age of Transparency In an era of instant news, social media amplification, and rising stakeholder expectations, organisations face relentless scrutiny. From public data breaches to employee activism and customer backlash, reputation can be damaged overnight. This session explores how governance frameworks, transparent communication, and strong data controls can help leaders anticipate risks, navigate crises, and safeguard trust in the age of radical transparency. Moderator
Panelist
|
| 15:10 | |
| 15:20 | 15:20 PM > Behind Closed Doors: How Sex Trafficking and Money Laundering Hide in Europe’s Hospitality Industry The global hospitality sector prides itself on service and discretion - but those same traits can make hotels and franchised brands unwitting hubs for organised crime. Across Eastern Europe, trafficking networks are exploiting legitimate hotel and rental infrastructures to move victims and launder profits under the guise of ordinary business. From opaque ownership structures to minimal staff oversight, the intersection of human exploitation and financial crime is becoming harder to detect - and harder to deny. This panel brings together investigators, compliance experts, and industry insiders to expose how the business of comfort and convenience can mask coercion and corruption. We’ll examine recent cases linking franchised hotels to trafficking rings, the red flags of money laundering in hospitality, and the compliance blind spots that let abuse thrive in plain sight. What responsibilities do brands, regulators, and financial institutions share — and how can transparency and technology help shut the door on this hidden economy?" Moderator
Panelist
|
| 16:05 | |
| 16:15 | 16:15 PM > KEYNOTE: Enterprise-wide AI Risk Management (EW-AiRM) - A Practical Framework for Managing AI Risks Across Organisations This keynote introduces the Enterprise-wide AI Risk Management (EW-AiRM) framework — a groundbreaking evolution of traditional Enterprise Risk Management (ERM) principles for a world increasingly shaped by Artificial Intelligence (AI). Focusing on practical implementation, the session explores how EW-AiRM can be applied, adapted, and tailored to meet organisational needs in today’s rapidly evolving, AI-augmented business environment. Building on established ERM methodologies (COSO/ISO), EW-AiRM integrates the MIT AI Risk Taxonomy and its seven risk domains, providing a comprehensive structure for identifying and mitigating AI-related risks. Attendees will also gain insight into effective mitigants for each domain to help reduce residual AI risk to an acceptable level. Speaker
|
| 16:45 | |
| 17:00 | 17:00 PM > Show Close |
View the Agenda
| GMT | Thursday 13 November 2025 |
|---|---|
| 07:30 | 07:30 AM > Exhibitors Access |
| 09:00 | |
| 09:00 | 09:00 AM > Registration |
| 9:55 | |
| 10:00 | 10:00 AM > Predict, Prevent, Regulate: Modern Risk and Compliance Analytics How are financial institutions using real-time analytics and AI to spot and stop threats, meet evolving regulations, and manage third-party risk? Explore the tools helping risk managers stay ahead in a sector under constant scrutiny. ModeratorPanelist
|
| 10:45 | |
| 10:55 | 10:55 AM > Scaling Responsibly: Building Governance and Risk Culture from the Ground Up For small and growing businesses, governance and risk management can’t just be borrowed from the corporate playbook — they have to be built in from day one. As teams expand and operations become more complex, the absence of structure can quickly turn agility into exposure. This session explores how SMEs can create a culture of accountability and smart governance without losing their entrepreneurial edge. Panelists will discuss how to embed risk awareness into small teams, set up lean but effective governance frameworks, and know when it’s time to formalise controls. From defining “tone from the top” to introducing practical reporting and compliance habits, this conversation will show how governance can scale with growth — supporting trust, resilience, and long-term success rather than bureaucracy. Moderator
Panelist
|
| 11:30 | |
| 11:40 | 11:40 AM > The Risk Landscape for Universities and Schools Increased scrutiny on data privacy, safeguarding, AI misuse, and campus security means institutions must stay alert. What does good risk governance look like in the education sector today? Moderator
Panelist
|
| 12:25 | |
| 12:35 | 12:35 PM > Crypto at a Crossroads: Stability, Supervision, and Systemic Risk As Europe’s new Markets in Crypto-Assets (MiCA) regime takes effect, regulators warn that crypto-assets remain high-risk with limited consumer safeguards, while a surge in corporate “bitcoin treasuries” and leveraged holdings is fuelling fears of systemic contagion. Against a backdrop of fragmented AML/CTF regulation and geopolitical uncertainty, this panel unites experts from regulation, banking, and digital finance to debate whether the crypto market is maturing or destabilising. Can innovation survive tightening oversight—and how can institutions build trust and resilience in an increasingly volatile digital asset landscape? Moderator
Panelists
|
| 13:20 | |
| 13:30 | 13:30 PM > Insider Threats in the Hybrid Workplace: A New Risk Paradigm As hybrid work becomes the default for many organisations, the lines between external and internal threats are blurring - and insider risk has emerged as one of the most complex challenges in cybersecurity. With 83% of organisations reporting insider incidents in the past year, and the rise of AI accelerating both the subtlety and scale of such threats, the need to understand behavioural, cultural, and operational drivers has never been greater. Traditional defences focused solely on external attacks or technical controls are no longer enough; managing insider risk now requires a blend of human insight, digital forensics, and adaptive governance. This session brings together a diverse panel of experts spanning academia, law enforcement, and technology innovation. Together, they’ll unpack what a modern insider-threat strategy looks like in a hybrid, AI-enabled workplace - where safeguarding people, data, and culture must go hand in hand. Moderator
Panelist
|
| 14:15 | |
| 14:25 | 14:25 PM > KEYNOTE: The Future of GRC: Risk Is Our Business “Risk is our business.” Captain Kirk’s words ring true for organizations today: every decision carries uncertainty, every strategy requires resilience, and every enterprise must navigate risk with integrity. Yet too often, GRC is reduced to fragmented checklists, silos, and after-the-fact reporting. The future of GRC is GRC 7.0 – GRC Orchestrate: an integrated architecture that unifies governance, performance, risk, and compliance. Like the bridge of the Enterprise, it serves as a command center - powered by digital twins, agentic AI, orchestration layers, and real-time intelligence - to provide situational awareness and guide coordinated response. In this session, we will explore how organizations can boldly move beyond legacy frameworks and static heat maps, embracing an orchestrated approach to GRC that supports strategy, drives performance, and ensures resilience in a turbulent galaxy of risk. Attendees will:
Speaker
|
| 15:05 | |
| 15:15 | 15:15 PM > Keynote: Operationalising AI Governance: Frameworks and Tools for Managing Third-Party Risk After understanding the risks and regulatory challenges of AI in third-party ecosystems, the next step is putting governance into action. Translate theory into practice by equipping yourself with real-world frameworks, tools and strategies to effectively manage AI-driven risks across your vendor landscape.
Speaker
|
| 16:00 | |
| 16:00 | 16:00 PM > Equity in Action: Women Transforming the Culture of GRC The GRC industry is evolving, but progress toward true equity remains uneven. In this powerful session, winners of the Women in GRC Awards share how they are not only navigating bias but actively reshaping the culture of Governance, Risk, and Compliance. Through personal stories and professional insights, our panelists will reveal the tools, strategies, and leadership approaches that enable women to succeed — and to open doors for others. This conversation moves beyond acknowledging barriers to exploring how women are transforming workplaces, setting new standards of inclusion, and redefining what leadership looks like in GRC. Attendees will leave with practical takeaways and a renewed commitment to advancing equity across the industry. Moderator
Panelist
|
| 16:45 | |
| 17:00 | 17:00 PM > Show Close |
View the Agenda
| GMT | Thursday 13 November 2025 |
|---|---|
| 07:30 | 07:30 AM > Exhibitors Access |
| 09:00 | |
| 09:00 | 09:00 AM > Registration |
| 9:55 | |
| 10:00 | 10:00 AM > From Insight to Influence: Turning Risk Intelligence into Board-Level Action As organisations face more complex, interconnected risks - spanning cyber, AI, supply chain, regulatory, and geopolitical domains - the challenge isn’t just generating data. It’s translating that data into meaningful insight, and persuading executive/board leadership to act. This panel will explore how risk functions can evolve to become strategic enablers of business resilience and strategy rather than just operational controllers. Moderator
Panelist
|
| 10:45 | |
| 10:55 | 10:55 AM > Debt, Deficits and Dominoes: Are the Bond Markets Headed for a Reckoning? The debt market has enjoyed a remarkable rally — but how long can it last? With asset managers such as BlackRock, M&G and Fidelity International retreating from riskier corporate bonds in favour of safer government paper, the mood music is changing. Credit spreads are historically tight, optimism around global growth may be overstated, and any stumble in the world economy could trigger a sharp re-pricing across credit markets. This panel will examine whether the debt market is sitting on the edge of a sell-off and what a changed fiscal climate could mean for investors, corporates and governments alike. As major economies tighten budgets and interest rate cuts loom, we’ll explore questions of resilience, liquidity, and contagion: is the next credit correction a slow unwind or a sudden shock? And how should policymakers, lenders, and CFOs navigate a new era of fiscal constraint and geopolitical risk? Moderator
Panelist
|
| 11:30 | |
| 11:40 | 11:40 AM > AI Agents: Revolutionising Risk Management Speaker
|
| 12:15 | |
| 12:25 | 12:25 PM > Keynote: Untangling the Supply Chain Problem In a world where digital ecosystems are deeply interconnected, traditional third-party risk management (TPRM) is no longer enough. Justin Kuruvilla, Chief Cyber Security Strategist at Risk Ledger, explores how supply chain risk has evolved into a systemic, human challenge - one that demands collaboration rather than isolation. Drawing parallels from history and modern cyber warfare, Justin unpacks the three core supply chain challenges - corporate, software, and logistical - and illustrates how concentration risks can cripple entire sectors. Using real-world insights industry communities, he shows how visibility, shared assurance, and collective defence can transform the way organisations secure their supply chains. This session offers a fresh, actionable perspective on how to move from fragmented risk management to a unified, network-based model - to truly Defend-as-One Speaker
|
| 13:00 | |
| 13:10 | 13:10 PM > Risk Management in the Age of Intelligent Automation: Balancing Human Judgement and Machine Precision As automation and AI redefine the boundaries of risk management, risk leaders are being challenged to rethink how their teams detect, assess, and respond to risk. The shift isn’t just technological — it’s cultural and operational. This panel brings together industry and technology experts to explore how intelligent automation is transforming the risk function from a reactive control layer into a proactive, insight-driven partner to the business. Panellists will unpack what true “risk intelligence” looks like in an AI-powered world — where data, algorithms, and human expertise converge to deliver faster, smarter, and more transparent decisions. The discussion will address how automation reduces manual effort and human error, while introducing new governance challenges such as explainability, bias, and oversight. Real-world case studies will highlight how leading organisations are embedding AI into GRC frameworks to elevate performance, improve assurance, and free risk professionals to focus on strategic value. ModeratorPanelist
|
| 13:45 | |
| 13:55 | 13:55 PM > Building Resilient Security Functions: Leveraging AI and Fostering Culture In today's rapidly evolving cyber landscape, the introduction of new standards like ISO/IEC42001:2023 require security functions to adapt faster than ever before. Staying ahead of the curve with new controls and evolving behaviours is increasingly challenging. A security-first culture is essential for engaging the entire business in security practices. In this presentation we will address the urgent need for security functions to evolve, and the importance of cultivating a security-first culture. This presentation provides a comprehensive guide to promoting secure AI behaviour and evolving an established security function by integrating AI into existing processes. This will include practical tips and real-life case studies to showcase both successful and failed attempts at automating security function processes through AI. A significant focus will be placed on how integrating AI into security processes can foster a security-first culture throughout the business. By making security practices more efficient and engaging, AI can help create a culture where security is a shared responsibility and so we will look at examples of real-life initiatives which specifically address AI security behaviour. Speaker
|
| 14:40 | |
| 14:50 | 14:50 PM > Quantifying Risk: The Rise of Data-Driven GRC in Investment and Banking As financial institutions navigate volatile markets, evolving regulation, and technological disruption, traditional “red–amber–green” risk assessments are no longer enough. This session explores how banks and investment firms are moving beyond qualitative heat maps toward data-driven, quantifiable models of risk and compliance. By leveraging analytics, automation, and AI, GRC leaders are transforming risk management into a forward-looking discipline that drives smarter capital allocation and strategic resilience. Our expert panel will discuss how to translate complex risk data into actionable insights for executives and boards. From integrating ESG and operational metrics to embedding risk analytics into decision-making, we’ll examine how data is reshaping GRC’s role — from reactive oversight to proactive business enabler. Attendees will gain practical perspectives on building transparency, confidence, and competitive advantage through measurable, data-backed governance. ModeratorPanelist
|
| 15:35 | |
| 15:45 | 15:45 PM > Clinical Cyber Risk: Securing Data in AI-Driven Healthcare Healthcare remains one of the most targeted sectors for cyberattacks, with sensitive patient data and interconnected clinical systems offering high-value entry points for malicious actors. As hospitals, research centres, and digital health providers increasingly rely on AI for diagnostics, treatment planning, and risk identification, the stakes for maintaining robust cyber governance have never been higher. This session explores how healthcare leaders can strengthen oversight across data access, third-party vendors, and clinical platforms while ensuring regulatory compliance and patient trust. Our expert panel will discuss the intersection of cybersecurity, governance, and emerging technology in healthcare — from managing AI-driven data pipelines to enforcing accountability across complex supplier networks. Attendees will gain practical strategies to mitigate clinical cyber risk, improve resilience, and align innovation with the highest standards of data protection and ethical responsibility. ModeratorPanelist
|
| 16:30 | |
| 17:00 | 17:00 PM > Show Close |
View the Agenda
| GMT | Thursday 13 November 2025 |
|---|---|
| 07:30 | 07:30 AM > Exhibitors Access |
| 09:00 | |
| 09:00 | 09:00 AM > Registration |
| 9:55 | |
| 10:00 | 10:00 AM > Quantifying AI Cyber Risk In this session, we’ll explore how AI is reshaping the cyber threat landscape, from AI-generated phishing and deepfakes to sophisticated supply chain attacks. We’ll examine why it’s critical to quantify AI-related cyber risks in financial terms, as many organisations still lack effective AI access controls and governance frameworks. Finally, we’ll discuss how assessing resilience now requires detecting AI-driven phishing campaigns and internal misuse of AI tools. Speaker
|
| 10:45 | |
| 10:55 | 10:55 AM > A Single Source of Truth: Automating IT Compliance & Scaling Cyber Risk Management Regulatory pressure in Europe has never been greater, with evolving requirements like NIS2, DORA, and the EU AI Act demanding greater accountability and faster compliance. At the same time, organisations must also keep pace with global regulatory change and increasing cyber threats. Join Diligent as we discuss IT Risk Management maturity and how GRC software can help build a mature, scalable IT risk and compliance program while reducing complexity and manual effort. Speakers
|
| 11:30 | |
| 11:40 | 11:40 AM > Small Business, Big Targets: Managing Cyber, Data, and Supply Chain Risk on a Budget SMEs are the backbone of the UK economy — and increasingly, the front line of digital risk. From ransomware and phishing to third-party breaches and GDPR obligations, smaller businesses face the same threats as global corporations but without their resources or dedicated security teams. This session brings together cyber, legal, and operational experts to explore how SMEs can build resilience without breaking the bank. What are the practical steps for managing data responsibly, training staff, and assessing suppliers when you don’t have an in-house CISO? How can you turn data protection from a compliance burden into a competitive advantage that wins customer trust? And when the worst happens — a breach, a ransomware demand, or a vendor failure — how do you respond swiftly and recover stronger? Packed with actionable insights, affordable tools, and real-world examples, this panel will help smaller organisations move from reactive defence to proactive resilience — securing not just their data, but their reputation and continuity. Moderator
Panelist
|
| 12:25 | |
| 12:35 | 12:35 PM > Third-Party Resilience Under DORA: Moving from Questionnaires to Continuous Assurance DORA places huge emphasis on ICT third-party risk. This session would focus on practical strategies for moving beyond static assessments to a model of continuous monitoring and assurance of key vendors. Moderator
Panelists
|
| 13:15 | |
| 13:25 | 13:25 PM > When AI Meets GDPR: Healthcare’s Tightrope Act AI promises to revolutionise diagnostics, treatment, and patient care — but in healthcare, every algorithm runs on highly sensitive personal data. Striking the balance between innovation and compliance has never been more complex. As hospitals and life sciences organisations integrate machine learning into everything from patient triage to drug discovery, they face an increasingly fine line between legitimate data use and regulatory overreach. This session brings together compliance officers, CIOs, clinicians, and data protection experts to unpack what GDPR really means in the age of AI-driven medicine. How can organisations ensure lawful processing while maintaining the agility needed to innovate? What are the red lines when it comes to consent, data minimisation, and secondary use of health data? And how can leaders maintain patient trust while deploying technologies that even regulators are still learning to interpret? Expect practical insights, real-world case studies, and a clear view of how to embed compliance into clinical innovation — not slow it down. Moderator
Panelist
|
| 14:05 | |
| 14:15 | 14:15 PM > Stop Buying Insurance. Start Building Risk Partnerships. A candid conversation between insurer, broker, lawyer and risk manager on what ‘best practice’ really looks like for 2026. Insurance is changing. Risk is changing. Expectations are changing. So how should organisations adapt? Join a rare, open discussion bringing together every part of the insurance ecosystem - we’ll explore how organisations can move beyond transactional insurance buying and instead build genuine risk partnerships — the kind that lead to better outcomes, more stable premiums, and stronger resilience. If you're involved in insurance placement, claims, safety, risk, or operations leadership, this will give you a clearer view of what good will look like in 2026. Moderator
Panelist
|
| 15:00 | |
| 15:10 | 15:10 PM > Flashpoints & Fallout: How Trump’s Tariff Regime Threatens Europe’s Economic Backbone Under Donald Trump’s revived tariff playbook, Europe’s exporters face not just a squeeze - but a full-scale assault on sectors that have powered jobs, growth and technological leadership. From Germany’s beloved auto hubs to Ireland’s booming pharma pipelines, no trade-heavy economy is immune. This session will cut past the headlines to expose how unpredictable protectionism and escalating trade wars are reshaping supply chains, destabilising investment, and forcing governments to choose between retaliation and resilience. We’ll bring together economists, industry leaders, and legal experts to map the economic and geopolitical risks: which industries are on the edge? What tools does the UK and EU truly have to respond without sparking runaway escalation? And how much of Europe’s future depends on getting ahead of Trump’s next tariff wave, rather than reacting to the last one? Moderator
Panelist
|
| 15:55 | |
| 16:05 | 16:05 PM > When Trust Breaks Down: The Governance Lessons of the Capita Breach When one of the UK’s largest outsourcing firms suffers a breach affecting over six million people, it sends a shockwave far beyond its own systems. The £14m fine handed to Capita is more than a headline — it’s a case study in what happens when governance, accountability, and third-party oversight collapse at scale. From pension data to public records, the incident exposed deep cracks in how organisations manage their data processors and assess security assurance across sprawling vendor networks. This panel dissects the Capita breach as a cautionary tale for boards, regulators, and risk leaders alike. We’ll explore how systemic vendor dependencies amplify exposure, how governance frameworks failed to translate into operational reality, and what the ICO’s decision signals for corporate accountability going forward. Panellists will also debate whether public-sector outsourcing is now a structural cyber risk — and how regulators, procurement teams, and suppliers can rebuild trust through transparency, continuous monitoring, and shared responsibility. ModeratorPanelist
|
| 15:55 | |
| 17:00 | 17:00 PM > Show Close |
View the Agenda
| GMT | Wednesday 12 November 2025 |
|---|---|
| 07:30 | 07:30 AM > Exhibitors Access |
| 09:00 | |
| 09:00 | 09:00 AM > Registration |
| 09:55 | |
| 10:45 | 10:45 AM > Readinow: Meet Your GRC AI Agents Speaker
|
| 11:30 | |
| 11:30 | 11:30 AM > Governance in Action: How Protecht Connects Governance, Risk and Resilience in a Changing Regulatory Landscape In this live demo, we’ll showcase how Protecht empowers organisations to move beyond reactive compliance toward proactive governance, resilience, and reporting clarity. See how our technology streamlines alignment with the UK Corporate Governance Code, ensures AI accountability under the EU AI Act, and strengthens operational resilience under DORA. Discover how connected GRC and integrated reporting deliver the transparency, traceability, and agility needed to navigate Europe’s most dynamic regulatory environment. Speakers
|
| 12:00 | |
| 14:00 | 14:00 PM > The GenAI Framework that Tackles Enterprise Risk This session explores how organizations can address the growing risks linked to the rapid adoption of generative AI. Many companies face challenges such as fragmented use cases, lack of data governance, and limited traceability or evaluation frameworks. These issues increase exposure to cybersecurity and compliance risks, especially with the upcoming EU AI Act. Seeing this happen within global companies we work with, has motivated us to come up with a framework that brings governance, safety, and efficiency under one structure, enabling responsible innovation without adding unnecessary cost or complexity. Speaker
|
| 14:30 | |
| 17:00 | 17:00 PM > Show Close |
