Programme

Programme

Day 1: 14 May, 2019 – Etc Venues St Paul’s, London

07:30

Breakfast Briefing 

07:30: Registration and Refreshments

08:00: Opening Remarks

08:05: Roundtable - Topic TBC 

08:00

Registration and refreshments

08:50

Welcome remarks

08:55

Chair's opening remarks

09:00

Keynote address

Nick Strange, Director, Supervisory Risk Specialists, BANK OF ENGLAND

09:30

Keynote address: Europe's top policy priorities

  • Will efficiency and resiliency ever be a happy marriage?
  • Why international cooperation is needed more than ever
  • How prepared are we for unknown risks?

 Patrick Pearson, Head of Unit, Financial Market Infrastructure and Derivatives, EUROPEAN COMMISSION 

10:00

The leader's debate: Operational risk management in a rapidly evolving regulatory and technological landscape

  • What are the top regulatory requirements and operational risk priorities in the current market environment?
  • How are firms adapting to growing regulatory burden and escalating cost? Considering cyber, AML and GDPR
  • What are the key areas of innovation in operational risk management techniques?
  • Moving operational risk into the next decade: What are the challenges in planning for the future?

Alan Leigh, Managing Director, International Head of Business Controls, BANK OF AMERICA MERRILL LYNCH

Giles Spungin,, PhD(Lon),Managing Director, Global Head of Regulatory Compliance and Operational Risk Analytics, HSBC

10:40

Morning coffee and networking break

Speed networking: Network and build quick connections with the most influential players in the operational risk community. Invite only.

Stream 1: 1LoD

11:25

Chair's opening remarks

11:30

Panel: The supervisory framework: building a stronger defence

  • Effectively defining the roles and responsibilities between 1LOD and 2LOD
  • How can organisations ensure that 1st line of defence own and feel accountable for operational risks in their day to day operations?
  • The emerging role of the Chief Control Officer (CCO)
  • How can organisations ensure that the 2nd line of defence adds value to the first line? 
  • What are the industry expectations of how the three lines operating model will evolve?

Moderator: Andrew Sheen, Head of Operational Risk Regulatory Advisory, CREDIT SUISSE

William Martyn, Head of Operational Risk Framework and Policy, HSBC

Andrew Brodie, Global head of Front Office Conduct Surveillance, BNP PARIBAS

Paul Neale, Head of Operational Risk, MIZUHO INTERNATIONAL

Christian Alibert, Head of Surveillance, NATWEST MARKETS

12:10

5 min intermission for stream changeover

12:15

Presentation: Managing conduct risk: Examining industry trends and challenges

  • Defining, measuring and managing conduct risk
  • Conduct risk across the first line of defence
  • What are the fundamental drivers of misconduct in the financial services industry?
  • What are the potential vulnerabilities in firm’s cultures that may lead to misconduct events?
  • Assessing the most effective strategies to improve conduct, culture and customer experience

Stream 2: Operational resilience

11:25

Chair's opening remarks

Hannah Chung, Senior VP Internal Audit – Operational Risk and Reputational Risk, CREDIT SUISSE

11:30

Panel: Developing operational resilience in financial services

  • Examining the current focus and regulatory scope
  • Is the 1LoD/2LoD leading changes in the operational resilience framework?
  • Do you currently set impact tolerances? How do these relate to scenarios and (reverse) stress-testing?
  • How do you ensure resilience of systems/applications/data access?
  • Do you intend to have a consistent and cohesive approach (inc. governance, reporting, communication) for all types of disruption?

David Phan Dinh, Head of Operational Risk, ROTHESAY LIFE

Jenifer Moodie, Director of Operational Risk, SANTANDER UK

12:10

5 min intermission for stream changeover

12:15

Presentation: Achieving cyber resilience

  • Examining the nature of existing and emerging cyber threats
  • How to adapt data protection and recovery practices to better reflect today’s more targeted and malicious attacks
  • Application of stress testing and scenario analysis to cyber risk. How is BoE’s planned approached to stress testing set to impact firms?
  • Reputational protection during a cyber-attack: Developing effective crisis communications plan
  • Building a risk-aware cyber security culture and assessing innovative solutions for people related challenges 
  • Effective monitoring, including KRIs

Yiannis Pavlosoglou, PhD, CISSP, Head of UK Chief Information Security Office (CISO), UBS

Stream 3: Vendor and third party risk management

11:25

Chair's opening remarks

11:30

Panel: Building strong governance frameworks and reporting for vendor management

  • How can governance frameworks be strengthened to increase accountability?
  • Where does vendor risk sit in a 3LOD model?
  • What does the regulator focus on when they review third party risk?
  • How does the governance vary for regulated vs non regulated third parties?
  • How do you measure concentration risk relating to 3P service providers?
  • How to effectively report on third party risk

Amit Lakhani, Head of Ops Risk Controls for ICT and Third Party Management for Corporate and Institutional Banking, BNP PARIBAS

12:10

5 min intermission for stream changeover

12:15

Presentation: Vendor risk in the next generation firm

  • Fourth party risk management – How do you ‘manage’ fourth parties? What successful approaches have you witnesses and/or implemented?
  • Where can vendors help to define standards which would be supported by regulators?
  • What tools are evolving to help measure and monitor vendor risk and what are the different approaches to assessing it?
  • Can AI increase third party risk?
  • How do you quantify vendor exposure other than running individual scenarios?
  • How to evaluate country and economic risk for offshore vendors

12:45

Lunch and Networking break

Women in operational risk networking lunch: Promoting diversity in risk management. This networking lunch provides an excellent opportunity to share success stories of building a positive risk culture and obstacles in achieving diversity of thought in firms. Invite only.

Stream 1: 1LOD

13:55

Chair's opening remarks: Hannah Chung, Senior VP Internal Audit – Operational Risk and Reputational Risk, CREDIT SUISSE

14:00

Panel: Obtaining value from RCSAs

  • What is next for RCSAs? Examining the trends across the industry
  • Developing traditional RCSAs to increase benefit and efficiency and drive strategic business decisions
  • Reporting and quantifying RCSA results
  • Aligning risk appetite and RCSA processes
  • How are technology risks reflected in RCSAs and how do they interact with traditional IT risk monitoring?
  • What actions should be taken against emerging risks and how should they be covered in the RCSA?

Moderator: Sean Titley, Director, Business Development, THE INSTITUTE OF OPERATIONAL RISK (IOR)

Steven Portway, Group head of Operational Risk Framework, Policy and Conformance, BARCLAYS

Hannah Chung, Senior VP Internal Audit – Operational Risk and Reputational Risk, CREDIT SUISSE

Marilin Luna Butters, CEEMA Operational Risk Head, CITI

Stream 2: Operational resilience

13:55

Chair's opening remarks

14:00

Panel: External third and fourth party dependency for operational resilience

  • What are the risks from people, processes and technology from third parties? What sort of preventative monitoring controls could help address these risks?
  • How does cloud outsourcing fit in with the operational resilience regulatory requirements?
  • What metrics and other information is currently available in your third parties for monitoring operational resilience?
  • What’s the approach for the role of the first and second line in monitoring the risk from third parties within operational resilience? 

Charles Forde, Global Head of Outsourcing and Third Party Risk and Shared Services Risk for IB Global and UK Business, UBS

Sean Miles, Head of Risk Assurance, Technology and Operations, SANTANDER

5 min intermission for stream changeover

14:45

Panel: Embedding a strong risk culture to aid operational risk management

  • Defining, understanding and measuring risk culture
  • What are the key components of a strong risk culture which will support banks with operational resilience?
  • How does risk culture fit into the overall culture of an organisation?
  • Who should be primarily responsible for the implementation of risk culture? It is 1LOD, 2LOD, 3LOD? Or is it embedded divisionally?
  • Is the level of diversity and integration a measure of culture or conduct risk or both?
  • Is the concept of front, middle and back office impacting culture negatively?

Terri Duhon¸ Non-Executive Director and Risk Chair, MORGAN STANLEY INTERNATIONAL

Libby Denchfield, Managing Director, Global Head of Strategy and Change, Cyber and Information Security Risk, STANDARD CHARTERED BANK

Gus Ortega, Head of Technology, Innovation and Operations Risk, VOYA FINANCIAL

15:30

Afternoon coffee and networking break

16:00

Out of industry address

16:35

War Games: How resilient is your environment? Disaster recovery and business continuity in operational and cyber risk

PART I: SCENARIO DISSECTION AND STRATEGIZING

In each disaster and recovery scenario, participants are introduced to an operational risk scenario which is still unfolding and asked to consider the immediate steps they would advise their firm to take based on the information available at each stage

PART II: HARVEST SESSION

Each Leader will summarise their POA of the discussion and present it back to the table participants with comments

Learning outcomes:

  • What immediate actions would you advise your firm to do in the scenario?
  • Hierarchy of response- who are the 1st and 2nd responders?
  • Incident management- how do you assess the impact on your firm?
  • What’s your crisis management protocols? What do they look like?
  • How equipped is your organisation to respond to high stress situations?
  • Business continuity planning from employees to infrastructure

Leader 1: Steven Portway, Group Head of Operational Risk Framework, Policy and Conformance, BARCLAYS

Leader 2: Moderator: Sean Titley, Director, Business Development, THE INSTITUTE OF OPERATIONAL RISK (IOR)

Leader 3:

Leader 4:

Leader 5:

17:40

Chair's closing remarks

17:45

Networking drinks reception 

Day 2: 15 May, 2019 – Etc Venues St Paul’s, London

08:30

Registration and Refreshments

08:50

Chair's Opening Remarks

09:00

Keynote address

Tim Parkes, Chair of the Regulatory Decisions Committee, THE FINANCIAL CONDUCT AUTHORITY  (FCA)

09:30

CRO panel: Thriving in an era of change and upheaval

  • What keeps the CRO awake at night: What are the emerging risks for the year to come and how do you quantify them?
  • Do you think the CRO of the future if a technologist?
  • How do other risks (market risk, credit risk) fit in with op risk? How do you deploy resources and capital across the spectrum of risks?
  • Emerging risks:
  • Which of the current and emerging risks are of most concerns to the CROs? How do you set operational risk appetite to these risk?
  • Managing the emerging customer risk: Protecting customer data and risk mitigation tactics for data breaches
  • How big a risk is social media and instant messaging?
  • Is digital risk a discrete risk type or is it a cause within other existing categories?

Veronica Lazenby, UK Chief Risk Officer, BNY MELLON

Søren Agergaard Andersen, Chief Risk Officer, NORDEA ASSET MANAGEMENT

Paul Berry, Chief Risk Officer, MIZUHO  

Jeff Simmons, Chief Risk Officer, MUFG SECURITIES

10:15

Morning coffee and networking break

Knowledge cafes: Grab a coffee and join a table of your choice to share ideas and network with fellow industry professionals

Roundtable 1: AI and Machine Learning

Roundtable 2: Impact of Brexit on operational risk

Roundtable 3: Obstacles and opportunities in adopting cloud computing

Roundtable 4: Operational resilience

 

11:00

Panel: Managing operational risk and enabling growth in the age of innovation

  • Which risk drivers are easier to automate? Where have there been challenges in automation?
  • How does the current risk technology that you use support your risk management innovation?
  • Understanding how to adapt oversight, processes and tools to support real time digital innovation
  • What gives better results: automated data, model driven analyses or rather qualitative assessments? Where does the future lie?
  • Digital disruption in financial markets: impact of fintech, blockchain and faster payments on operational risk
  • How do you set up your risk appetite and risk governance to response to new emerging risks from digital disruption?

Lewis Cox, Head of Fintech Risk, DEUTSCHE BANK

Stream 1: ORM

11:45

Chair's opening remarks

11:50

Presentation: Identifying predictive KRIs

  • Introduction:
  • KRIs vs KCIs
  • Ownership and thresholds
  • Genuine predictions vs lags
  • Case studies:
  • KCIs mitigating persistent external threats e.g. cyber-crime
  • Macro-economic metrics for cyclical Op Risks
  • KRIs linked to causal factors
  •  
  • Harnessing big data and digitisation:
  • Trends and tipping points
  • Dashboards and patterns

12:20

5 min intermission for stream changeover

12:25

Panel: Building an effective Risk Appetite Framework (RAF) - Key components and challenges

  • Who should own the risk appetite – the 1LOD or 2LOD?
  • How often should risk appetite be revisited and reconsidered?
  • How do you achieve an appropriate balance between the quantitative and qualitative aspects?
  • ‘Risk appetite’ vs ‘risk tolerance’: Is risk appetite evolving into risk tolerance of are they effectively the same thing?

Simon Cory, Director of Enterprise Risk Strategy and Interim Director Of Operational Risk, NATIONWIDE

Simon Cartlidge, Head of Risk, LEGAL & GENERAL

Ricardo Soto, Head of Risk and Controls for Wealth Management, BARCLAYS

Stream 2: Preparing for the future

11:45

Chair's opening remarks

11:50

Presentation: Harnessing AI and machine learning to aid operational risk management

  • How to reduce operational and compliance risks using AI
  • What are the most critical machine learning techniques for the future of operational risk?
  • Leveraging these techniques to improve efficiency and effectiveness in ORM
  • Using AI to identify emerging risks
  • AIs role in streamlining regulatory compliance: Will AI need to be regulated?

12:20

5 min intermission for stream changeover

12:25

Panel: Big data – Effective data management and analytics in the new age

  • How to keep up with the growing demands for quicker and more detailed risk intelligence based on the process of ever-growing volumes of data
  • How can data be controlled, efficiently delivered and kept transparent and audible?
  • How do you see the role of the Chief Data Officer (CDO) evolving or further collaborating with operational risk?
  • Why is big data considered a threat to the industry?

 

Stream 3: Quantification of risks

11:45

Chair's opening remarks

11:50

Presentation: Quantifying emerging operational risks

  • Approaches for identifying emerging risks, feedback loops and domino effects
  • Alternative scenario techniques for quantification and validation
  • Application of these techniques to specific emerging risks
  • Conclusions and the 3rd era of operational risk

Michael Grimwade, Head of Operational Risk, ICBC STANDARD BANK

12:20

5 min intermission for stream changeover

12:25

Panel: Operational stress testing and scenario analysis

  • Defining and creating effective stress test scenarios
  • Aligning scenario analysis and operational stress testing to meet changing regulatory expectations
  • Internal stress testing vs regulatory stress testing
  • Reverse stress testing
  • Review of CCAR requirements
  • Have you stressed for the current geopolitical shifts and included a possible forthcoming period of deregulation as a significant driver of increasing op risk capital?

Paul Doran, Head of Operational Risk Reporting and Analytics, MORGAN STANLEY

13:05

Lunch and networking break

START-UP SHOWCASE:

Hear from 5 start-ups, which are creating waves in the FinTech space pitch live against the clock, demonstrating ORM products that stand out for innovation! Vote for the start-up that interests you most via our interactive event technology, Sli.do – the winner will be announced later in the day and will receive a booth space to exhibition at one of our 2020 events!

14:10

Out of industry address

14:40

In conversation with: Financial stability after Brexit - An operational risk perspective

  • Lessons learned: were financial institutions well prepared for the operational risks posed by Brexit?
  • Impacts of Brexit on:
  • Data privacy and cyber security
  • Recruitment
  • Supply chain
  • Capital markets
  • Vendor management and control of outsourcing in the wake of Brexit
  • Challenges in transferring existing trade agreements and derivatives trades to EU entities
  • What additional operational risks has Brexit created?
  • What are the alternatives to ‘passporting’ and what are the consequences of likely models?
  • Will FMIs bolster London’s role as a financial centre post-Brexit?
  • Looking forward: what opportunities exist for financial institutions in a shifting political and regulatory environment and how to stay ahead

15:20

Afternoon coffee and networking break

15:50

Champagne keynote address

16:25

Chair's closing remarks

16:30

End of Conference