A presentation at Evolve Resilience by Simon Whittaker


In response to recent global developments, as well as from a basic best practice point of view, financial sector firms need to continuously refine their crisis and incident management, business continuity and disaster recovery plans, improving and adapting them as needed. EVOLVE 2020: Rethinking Operational Resilience for Financial Services has been put together to help the industry to attain these objectives whilst at the same time offering a platform for key practitioners to share ideas and concerns. This virtual event series comprises a set of topical operational resilience related webinars taking place over the summer, culminating in a unique, 3-day comprehensively researched virtual event on October 5th, 6th & 7th.

The series will enable C-suite executives and senior managers to benefit from real life case studies which will help them understand how operational resilience is, now more than ever, an evolutionary process hinging on industry cooperation, inter-jurisdictional and international dialogue and mutual support. This will allow industry leaders to embed resilience thinking into their strategies and change management frameworks, so as to protect and sustain their core business services as we adjust and adapt to the “new normal”.

The Schedule

  • Moderator’s introduction
  • Supply chain and concentration risk: a growing concern for regulators
  • Understanding the increased risk of major disrupting events spreading quickly in a highly interconnected and technology driven ecosystem
  • Increasing collaboration amongst players to support and deliver essential services
  • Managing risks related to 3rd (and 4th) party outsourcing, including cloud-based services
  • Supply chain risk: measuring the Right KPIs and KRIs for 3rd party risk

Panel discussion

  • Outsourcing and 3rd party service provider risk management as part of a multi-dimensional operational resilience strategy to deliver essential business services
  • Understanding the threat landscape impacting outsourced service providers and vendors
  • Supply chain risk: practical examples of technology risk associated with technology providers (MSP, Cloud, AI) and non-technology providers (Marketing, Operations)
  • Managing outsourcing of both a ‘critical’ and ‘regulated’ activity
  • Understanding technology risk oversight associated with cyber security, data, Cloud and AI in light of recent events
  • The challenges of identifying and managing technology risk in a multi-perimeter outsourcing and vendor environment
  • Supply chain security: assessing the effectiveness of 3rd party providers, increase scenario-planning and clearly communicate what is expected of them in the short-term
  • Lessons learnt in times of crisis: shining light on the industry’s weaknesses as collective

Presentation from panel members

  • Monica Sah, Regulatory Partner, Clifford Chance
  • Oliver Fairbank, Head of Analysis, Orpheus-Cyber
  • Jim Seaman, Head of InfoSec, Virgin Money and Author of Digital Security Standards
  • Simon Whittaker, Director

Q&A from the audience

Moderator’s closing remarks


The following resources were mentioned during the presentation or are useful additional information.

Buzz and feedback

Here’s what was said about this presentation on social media.