Pre-conference workshops: 11 June, 2018
  • Workshop 1: Vendor/ Third party risk management and intelligence
  • Workshop 2: Building and strengthening your conduct and risk culture

Post-conference workshops: 14 June, 2018
  • Workshop 3: Revamping your firms KRIs and risk appetite
  • Workshop 4: Cyber risk management and quantification for op risk and cyber risk practitioners

 

For updates or to discuss speaking opportunities please contact Genevieve Furtado:

 

Conference Program - 12 & 13 June, 2018

Conference Day 1, 12 June 2018

08:00am

Registration and refreshments

08:50am

WELCOME REMARKS

Tom Osborn, Editor, Risk Management, RISK.NET

*Interactive Audience Poll via Sli.do
Vote live to generate real time content #OpRiskNA

09:00am

KEYNOTE ADDRESS: What will ORM look like in 10 years from now?

*Audience Q&A
Submit your questions via sli.do

09:35am

THE LEADER'S DEBATE: Next generation operational risk management

  • Regulation and innovation in a new age firm
    • Where are the biggest regulatory demands coming from? How are firms adapting to growing regulatory burden and escalating costs?
    • Do regulatory sandboxes, bank-run pilots work for emerging fintech and regtech solutions? Understanding emerging risks in the technology space, e.g. regtech, fintech, roboadvisory, crypto-currencies, AI, blockchain and what does a 'good' technology risk management framework look like?
    • Increasing levels of innovation and agile/lean start approaches require greater risk taking - fail fast learn fast. How does this sit with Op risk oversight?
  • Adding value to the business:
    • What value is operational and cyber risk bringing to the business? 
    • What is your second line view of a great example of bringing something valuable to the business?
    • The value operational risk and cyber risk adds and the costing framework- how to assess whether putting a control in place will save or cost?
    • Compliance vs adding value to the business: What elements of your OpRisk framework truly add business value (vs are in place to comply with regulatory expectations)?
    • What should the op risk function be doing to turn themselves into revenue creators?

 

*Audience Q&A
Submit your questions via sli.do

10:25am

PLATFORM SHOWCASE MORNING

8 min idea showcase pitches from up and coming industry disruptors that will change the way you look at ORM


*Audience Q&A
Submit your questions via sli.do

11:00am

MORNING COFFEE AND NETWORKING

STREAM 1 : ORM

11:30am

CHAIR'S OPENING REMARKS

11:35am

PRESENTATION: Conduct and culture

  • How has the definition of conduct and culture changed over the years? Is conduct risk going to become a bigger focus for organisations in the year to come? 
  • Identifying metrics to measure how "op risk aware" a firms culture is
  • Weighing up insider threats vs outsiders threats

 

5 minute intermission allowing participants to change streams

12:15pm

PANEL DISCUSSION: Realigning risk appetite to adapt to current market environment

  • How to think about a good risk appetite?
  • Who should own the risk appetite- The 1LOD or 2LOD?
  • How you define risk appetite and limits for emerging risk like process risk?
  • Is the definition of your risk appetite done as part of RCSA and if so how do you link to ICAAP?
  • Beyond the risk taxonomy, is a control library essential in your framework (e.g. RCSA)?
  • Is risk appetite evolving into risk tolerance or are they effectively the same thing?

 

 

STREAM 2 : Vendor risk management

11:30am

CHAIR'S OPENING REMARKS

11:35am

PRESENTATION: Strengthening governance framework and reporting for vendor management

  • After on-boarding, how do you monitor 3rd party risks after on-boarding? Is that only through SLAs?
  • How can governance frameworks be strengthened to increase accountability?
  • Where does vendor risk sit in a 3LOD model? Does 1LOD understand vendor risk? And the interplay with cyber risk?
  • What does the regulator focus on when they review third party risk? 
  • How to effectively report on third party risk?

5 minute intermission allowing participants to change streams

12:15pm

PANEL DISCUSSION: Vendor risk in the next generation firm

  • Fourth party risk management- How do you "manage" fourth parties? What successful approaches have you witnessed and/or implemented?
  • Should vendors themselves be regulated to some degree to shift some of the burden around regulatory demands and ensure cooperation with financial institutions
  • Can AI increase third party risk?

 

 

STREAM 3 : Quantification of oprisk

11:30am

CHAIR'S OPENING REMARKS

11:35am

PRESENTATION: Adaptive scenario analysis

  • How do you build a scenario in a quantitative way and standardize it?
  • Material risk identification and running scenarios- How many scenario do firms need to run? How to determine coverage for those? Is historical data sufficient? If there are ten material risk do firms pick two? Do firms average them?
  • The benefits of using scenario analysis to analyse smaller operational loss events

5 minute intermission allowing participants to change streams

12:15pm

PANEL DISCUSSION: Stress testing for the future

  • Have you stressed for the current geopolitical shifts and included a possible forthcoming period of deregulation as a significant driver of increasing oprisk capital?
  • What is your biggest stress in stress testing?
  • How can you estimate legal losses with stress tests?
  • How to assess emerging risks from big data analytics, AI-Will we be able to assess exposures to include in capital modelling?
  • Reverse stress testing

 

 

STREAM 4 : Technology Innovation

11:30am

CHAIR'S OPENING REMARKS

11:35am

FINTECH HUB

At the event to shop and not just network? Then this is your time-saving opportunity to experience a live demonstration of ORM products that stand out for innovation. Compare the leading vendor risk management, GRC and ORM platforms in one dedicated hour

1:00pm

LUNCH AND NETWORK

Advice sharing and networking tables over lunch: Have a seat at a table to share your experiences with fellow peers and give advice on everything from the SMA to recruiting the millennials.

2:00pm

MASTERCLASS: Updates on the SMA

  • What is regarded as 'best practice' with regards to models and capital calculation under the SMA?
  • Does the SMA adequately capture a firm's risk profile?
  • Delving into the SMAs unified rules for op risk loss registration
  • What did firms make of the final proposals from Basel?
  • How will national regulators diverge in terms of their interpretation of the framework?
  • Will they allow firms pillar one requirements to fall by allowing firms to ignore past losses - but top up requirements via pillar two add-ons, scaling of buffers, etc.?
  • Will firms keep modelling pillar 2 capital requirements?
  • How will firms counteract the SMA's innate lack of forward-looking risk sensitivity? How will they account for hard to model risks, e.g. cyber and conduct risk? 

 

3:15pm

AFTERNOON COFFEE AND NETWORKING

1-2-1 Meetings: These bespoke meetings held in the dedicated meeting zone will provide you with the opportunity to address your specific concerns and challenges

3:45pm

THE EXECUTIVE BOARDROOM: Tone from the top- Building resilience in the financial sector top down

  • How can Boards work with ORM and cyber risk teams within firms to build resilient secure frameworks? What is the nature of the op risk and cyber risk reporting to the Board? 
  • Op risk and cyber risk now have a voice with the Board of Directors- What is needed to improve the Board's understanding of operational and cyber risks to strengthen controls? Does the Board have the necessary information regarding the pain points and weak points in the organisation? 
  • What are Board expectations? What is expected of them to dispense their duties properly and are they focused on the right things?

 

*Audience Q&A
Submit your questions via sli.do

4:30pm

WAR GAMES: Disaster recovery and business continuity in operational risk

PART I: SCENARIO DISSECTION AND STRATEGIZING
In each scenario, participants are introduced to an operational risk scenario which is still unfolding and asked to consider the immediate steps they would advise their firm to take based on the information available at each stage


PART II: HARVEST SESSION
Each host will summarise their POA of the discussion and present it back to the table participants with comments

Learning outcomes:

  • What immediate actions would you advise your firm to do in the scenario?
  • Hierarchy of response- who are the 1st and 2nd responders?
  • Incident management- how do you assess the impact on your firm?
  • What's your crisis management protocols? What do they look like? 
  • Business continuity planning from employees to infrastructure 
  • What's your loan exposure for customers impacted?

 

5:25pm

CHAIR'S CLOSING REMARKS

Tom Osborn, Editor, Risk Management, RISK.NET

5:30pm

NETWORKING DRINKS RECEPTION

7:00pm

Private dinner- Invite only

Conference Day 2, 13 June 2018

 

9:00am

Registration and refreshments

9:20am

WELCOME REMARKS

Tom Osborn, Editor, Risk Management, RISK.NET

9:30am

REGULATORY KEYNOTE ADDRESS

*Audience Q&A
Submit your questions via sli.do

10:20am

CRO PANEL: Thriving in an era of change and upheaval

  • Do you think the CRO of the future is a technologist?
  • How do other risks (market risk, credit risk) fit in with op risk? How do you deploy resources and capital across the spectrum of risks?
  • Emerging risks:
    • Which of the current and emerging risks- regulatory risk, geopolitical risk, liquidity and systemic risk are of most concerns to CROs? How do you set operational risk appetite to these risk?
    • Managing the emerging customer risk: Protecting customer data and risk mitigation tactics for data breaches
    • How big a risk is social media and instant messaging?
    • Is digital risk a discrete risk type or is it a cause within other existing risk categories?

*Audience Q&A
Submit your questions via sli.do

11:05am

Morning Coffee and networking break

STREAM 1 : Regulation

11:35am

CHAIR'S OPENING REMARKS

11:40am

SPOTLIGHT ON: GDPR and oprisk

  • The risk-based approach to GDPR- interpretation 
  • What are the top 10 operational impacts of GDPR on financial firms?
  • How do you manage the competing priorities for minimising data for GDPR vs long term modelling for IFRS9 and biz opportunities?

 

5 minute intermission allowing participants to change streams

12:15pm

PANEL DISCUSSION: Strengthening accountability- Senior Managers Regime (SMR)

  • Expectations of the upcoming regulation- what are the conduct rules in place?
  • Evidencing procedures towards compliance
  • The shift to individual accountability and what does this mean for senior managers?

 

1:05pm

LIVE INTERVIEW: Tightening BSA and AML controls

  • Do you have quantitative KRIs for compliance (Sanction, AML & KYC)?
  • Addressing a bank's risk appetite for the level of Bank Secrecy Act (BSA) and AML compliance risk
  • How can banks with banking services across multiple jurisdictions comply?
  • What is included as part of governing payment processes with the objective of mitigating money laundering?
  • What kind of technology and data analytics do firms use for AML protection? 

 

STREAM 2 : AI and Machine Learning

11:35am

CHAIR'S OPENING REMARKS

11:40am

CASE STUDY: AI for effective ORM

  • How to reduce operational and compliance risks using AI
  • Using cognitive computing to convert data to management action
  • Governance, risk and compliance convergence across cyber risk, model risk, financial risk and IT through AI
  • Does this increase compliance testing methodologies as a result of FX consent order etc.?
  • The use of end user computer management on the road to operational efficiency

 

5 minute intermission allowing participants to change streams

12:15pm

PANEL DISCUSSION: AIs role in streamlining regulatory compliance

  • Keeping up with growing regulatory demands from GDPR and ICAAP to BCBS 239 and FRTB- where are the biggest demands coming from?
  • How compliance and risk organizations are dealing with increased regulation coupled with cost challenges with AI?
  • Are organizations converging regulation and compliance teams?
  • Will AI need to be regulated?

 

1:05pm

LIVE INTERVIEW: Modelling made easy

  • How can you ensure sufficiency and quality of data being used for modelling?
  • Given the increased regulations and regulatory scrutiny, how can AI help modellers?
  • Crossing silos and combining models for effective reporting through AI
  • How to embed "systemic operational risk" within the ORM-framework using modelling

 

STREAM 3 : ORM

11:35am

CHAIR'S OPENING REMARKS

11:40am

PRESENTATION: GRC for the new age firm

  • Step 1: How to implement and embed GRC effectively in an organisation
  • Step 2: How do we make sure a firms GRC framework is actually working?
  • Integrating your firms GRC platform with the other risks including financial risks (credit and market) and IT risks (cyber, data protection)

 

5 minute intermission allowing participants to change streams

12:15pm

PANEL DISCUSSION: Defining roles across 3LOD

  • Who should lead operational resilience in the firm? 1LOD (IT) or 2LOD (ORM) who do you expect to have ownership of the framework?
  • Should the 1LOD or 2LOD test operational controls?
  • Who should oversee regulatory risk as it is an operational risk too?
  • Where does your threat intelligence gathering and analysis reside?
  • Have any 2LOD ops risk functions used outside vendors to challenge the 1LOD by conducting pen testing etc.?
  • Should there be both a 1.5 and a 2LOD? Has it worked effectively when both exist? Or should they really be merged into 1LOD and 2LOD?
  • Should transactional testing be part of the 2LOD operational risk management function?

 

1:05pm

LIVE INTERVIEW: RCSAs

  • Do firms use a database / system to record RCSAs? Or is it done "offline"/ user tools?
  • How to view RCSA and granular risk assessment? 
  • What industry tools are used most often to perform RCSAs by most companies?
  • Do you find the 3LOD utilising weak control environments as per RCSAs to focus their testing efforts on?

 

 

STREAM 4 : Preparing for the future

11:35am

CHAIR'S OPENING REMARKS

 11:40am

CASE STUDY: Managing and mitigating future operational risk losses

  • Lessons learnt from internal and external events
  • Importance of boundary events and how to identify them
  • Can you correlate losses with macro-economic factors?

 

5 minute intermission allowing participants to change streams

12:15pm

VIP MASTERCLASS: How to rob a bank in 2018

Back in the 1900's a traditional bank heist, required meticulous preparation and planning- arranging the right tools, insider information, timing, target, plan-B and get-away-car was of essence. Not much has changed in that sense, a cyber-heist in the 21st century requires similar preparation. This session will allow all conference attendees to jointly prepare a cyber-heist; the results of which will likely be surprising to all involved.

1:40pm

LUNCH AND NETWORK

Advice sharing and networking tables over lunch: Have a seat at a table to share your experiences with fellow peers and give advice on everything from the SMA to recruiting the millennials.

2:40pm

OUT-OF-INDUSTRY KEYNOTE ADDRESS

*Audience Q&A
Submit your questions via sli.do

3:10pm

FIRESIDE CHAT: The insidious effects of geopolitical risk on operational risk

  • What will Brexit mean for op risk teams across the EU and the U.K? Understanding HQ relocation plans and their knock on effects
  • How to prepare for potential repercussions within your own firms - The increasing necessity for Boards and Chief Risk Officers to monitor the political and business environment 
  • How to reflect the increased economic and political uncertainty caused by political events in your risk - based capital models? I.e. are you holding more capital?

 

3:40pm

AFTERNOON COFFEE AND NETWORKING

1-2-1 Meetings: These bespoke meetings held in the dedicated meeting zone will provide you with the opportunity to address your specific concerns and challenges

4:00pm

WRAP UP PANEL: OpRisk Europe 2018- what are the key takeaways and industry view on the most critical op risk events over the past year

Featuring members of the 2018 Advisory Board

4:45pm

CHAMPAGNE ROUNDTABLES: Bring your questions, leave with your answers!

From session to roundtable- Take the day's most contentious issues and fully engage with your peers in small interactive roundtable discussions to drill down, share best practice and take away diverse approaches to the same challenge from your fellow industry peers.

5:30pm

CHAIR'S CLOSING REMARKS

Tom Osborn, Editor, Risk Management, RISK.NET

5:35pm

END OF CONFERENCE