Pre-conference workshops: 11 June, 2018

These are invaluable opportunities to not only learn from proven leaders, but to also turn theory into practice by. All of this in one topic intensive, drill down day to help you delve deep and source solutions. Each workshop is open to up to 10-15 participants to form part of an enhanced learning experience.


Post-conference workshops: 14 June, 2018

These are invaluable opportunities to not only learn from proven leaders, but to also turn theory into practice by. All of this in one topic intensive, drill down day to help you delve deep and source solutions. Each workshop is open to up to 10-15 participants to form part of an enhanced learning experience.

 

For updates or to discuss speaking opportunities please contact Genevieve Furtado:

 

Conference Program - 12 & 13 June, 2018

Conference Day 1, 12 June 2018

08:00am

Registration and refreshments

08:50am

WELCOME REMARKS

Tom Osborn, Editor, Risk Management, RISK.NET

*Interactive Audience Poll via Sli.do
Vote live to generate real time content #OpRiskNA

09:00am

REGULATORY KEYNOTE ADDRESS

*Audience Q&A
Submit your questions via sli.do

09:35am

THE LEADER'S DEBATE: Next generation operational risk management

  • Regulation and innovation in a new age firm
    • Where are the biggest regulatory demands coming from? How are firms adapting to growing regulatory burden and escalating costs?
    • Do regulatory sandboxes, bank-run pilots work for emerging fintech and regtech solutions? Understanding emerging risks in the technology space, e.g. regtech, fintech, roboadvisory, crypto-currencies, AI, blockchain and what does a 'good' technology risk management framework look like?
    • Increasing levels of innovation and agile/lean start approaches require greater risk taking - fail fast learn fast. How does this sit with Op risk oversight?
  • Adding value to the business:
    • What value is operational and cyber risk bringing to the business? 
    • What is your second line view of a great example of bringing something valuable to the business?
    • The value operational risk and cyber risk adds and the costing framework- how to assess whether putting a control in place will save or cost?
    • Compliance vs adding value to the business: What elements of your OpRisk framework truly add business value (vs are in place to comply with regulatory expectations)?
    • What should the op risk function be doing to turn themselves into revenue creators?

Philip Umande, Head of Operational Risk Capital & Analytics, LLOYDS BANKING GROUP
Sean Miles, Head of Op Risk Unit- Service Delivery & Operations, T&O, SANTANDER
Jason Forrester, Managing Director, Head for Enterprise and Operational Risk Management, CREDIT SUISSE

*Audience Q&A
Submit your questions via sli.do

10:25am

KEYNOTE ADDRESS:

Jason Davey, Group COO Chief Control Officer, HSBC


*Audience Q&A
Submit your questions via sli.do

11:00am

MORNING COFFEE AND NETWORKING

STREAM 1 : ORM

11:30am

CHAIR'S OPENING REMARKS

11:35am

PRESENTATION: Defining roles across 3LOD

  • Who should lead operational resilience in the firm? 1LOD (IT) or 2LOD (ORM) who do you expect to have ownership of the framework?
  • Should the 1LOD or 2LOD test operational controls?
  • Who should oversee regulatory risk as it is an operational risk too?
  • Where does your threat intelligence gathering and analysis reside?
  • Have any 2LOD ops risk functions used outside vendors to challenge the 1LOD by conducting pen testing etc.?
  • Should there be both a 1.5 and a 2LOD? Has it worked effectively when both exist? Or should they really be merged into 1LOD and 2LOD?
  • Should transactional testing be part of the 2LOD operational risk management function?

 

5 minute intermission allowing participants to change streams

12:15pm

PANEL DISCUSSION: Realigning risk appetite to adapt to current market environment

  • How to think about a good risk appetite?
  • Who should own the risk appetite- The 1LOD or 2LOD?
  • How you define risk appetite and limits for emerging risk like process risk?
  • Is the definition of your risk appetite done as part of RCSA and if so how do you link to ICAAP?
  • Beyond the risk taxonomy, is a control library essential in your framework (e.g. RCSA)?
  • Is risk appetite evolving into risk tolerance or are they effectively the same thing?

Adrian Burbanks, Deputy CEO, AGRICULTURAL BANK OF CHINA (UK)
Will Martyn, Head of Operational Risk Framework & Policy, HSBC

STREAM 2 : Vendor risk management

11:30am

CHAIR'S OPENING REMARKS

11:35am

PRESENTATION: Strengthening governance framework and reporting for vendor management

  • After on-boarding, how do you monitor 3rd party risks after on-boarding? Is that only through SLAs?
  • How can governance frameworks be strengthened to increase accountability?
  • Where does vendor risk sit in a 3LOD model? Does 1LOD understand vendor risk? And the interplay with cyber risk?
  • What does the regulator focus on when they review third party risk? 
  • How to effectively report on third party risk?

5 minute intermission allowing participants to change streams

12:15pm

PANEL DISCUSSION: Vendor risk in the next generation firm

  • Fourth party risk management- How do you "manage" fourth parties? What successful approaches have you witnessed and/or implemented?
  • Should vendors themselves be regulated to some degree to shift some of the burden around regulatory demands and ensure cooperation with financial institutions
  • Can AI increase third party risk?

Charles Forde, Executive Director - Operational Risk - Head of Outsourcing & Vendor Risk, UBS


 

STREAM 3 : Quantification of oprisk

11:30am

CHAIR'S OPENING REMARKS

11:35am

PRESENTATION: Adaptive scenario analysis

  • How do you build a scenario in a quantitative way and standardize it?
  • Material risk identification and running scenarios- How many scenario do firms need to run? How to determine coverage for those? Is historical data sufficient? If there are ten material risk do firms pick two? Do firms average them?
  • The benefits of using scenario analysis to analyse smaller operational loss events
Speaker TBC, ELSEWARE

5 minute intermission allowing participants to change streams

12:15pm

PANEL DISCUSSION: Stress testing for the future

  • Have you stressed for the current geopolitical shifts and included a possible forthcoming period of deregulation as a significant driver of increasing oprisk capital?
  • What is your biggest stress in stress testing?
  • How can you estimate legal losses with stress tests?
  • How to assess emerging risks from big data analytics, AI-Will we be able to assess exposures to include in capital modelling?
  • Reverse stress testing

Dimitris Bartzilas, Head of ORM Capital, CREDIT SUISSE

 

 

STREAM 4 : Technology Innovation

11:35am

FINTECH HUB

At the event to shop and not just network? Then this is your time-saving opportunity to experience a live demonstration of ORM products that stand out for innovation. Compare the leading vendor risk management, GRC and ORM platforms in one dedicated hour

1:00pm

LUNCH AND NETWORK

Advice sharing and networking tables over lunch: Have a seat at a table to share your experiences with fellow peers and give advice on everything from the SMA to recruiting millennials.

2:00pm

MASTERCLASS: Updates on the SMA

Through this hour long dedicated session, subject leading presenters will delve into the topical world of Basel's SMA.

  • What is regarded as 'best practice' with regards to models and capital calculation under the SMA?
  • Does the SMA adequately capture a firm's risk profile?
  • Delving into the SMAs unified rules for op risk loss registration
  • What did firms make of the final proposals from Basel?
  • How will national regulators diverge in terms of their interpretation of the framework?
  • Will they allow firms pillar one requirements to fall by allowing firms to ignore past losses - but top up requirements via pillar two add-ons, scaling of buffers, etc.?
  • Will firms keep modelling pillar 2 capital requirements?
  • How will firms counteract the SMA's innate lack of forward-looking risk sensitivity? How will they account for hard to model risks, e.g. cyber and conduct risk? 

Michael Grimwade, International Head of Op Risk, MUFG SECURITIES
Andrew Sheen, Head of Operational Risk Regulatory Advisory, CREDIT SUISSE

MASTERCLASS: Extrapolating causes and treatments for cyber risk in 2018


Through this hour long dedicated session, subject leading presenters will delve into the topical world of the cyber risk management.

 

  • Delving into the foreseen and unforeseen cyber risks that keep you up at night
  • Do banks share information effectively with regard to cyber threats? 
  • What are the main tasks of 2nd line of defence in cyber risk management?
  • To what extent is it possible to outsource the management of cyber risk?
  • What role does insurance have as a risk treatment for cyber risk?
  • The U.K. government is introducing a cyber controls certification standard for suppliers, should banks adopt an industry standard?

 

Steve Hill, Global Head of Technology Operational Risk Management, CREDIT SUISSE

3:15pm

AFTERNOON COFFEE AND NETWORKING

1-2-1 Meetings: These bespoke meetings held in the dedicated meeting zone will provide you with the opportunity to address your specific concerns and challenges

3:45pm

THE EXECUTIVE BOARDROOM: Tone from the top- Building resilience in the financial sector top down

  • How can Boards work with ORM and cyber risk teams within firms to build resilient secure frameworks? What is the nature of the op risk and cyber risk reporting to the Board? 
  • Op risk and cyber risk now have a voice with the Board of Directors- What is needed to improve the Board's understanding of operational and cyber risks to strengthen controls? Does the Board have the necessary information regarding the pain points and weak points in the organisation? 
  • What are Board expectations? What is expected of them to dispense their duties properly and are they focused on the right things?

Moderator: Speaker TBC, METRICSTREAM
Stephen Creese, Regional Head, Operational Risk Management, CITI
Richard T. Flood, Managing Director, EMEA Head of Operational Risk Management, STATE STREET

*Audience Q&A
Submit your questions via sli.do

4:30pm

WAR GAMES: Disaster recovery and business continuity in operational and cyber risk

PART I: SCENARIO DISSECTION AND STRATEGIZING
In each scenario, participants are introduced to an operational risk scenario which is still unfolding and asked to consider the immediate steps they would advise their firm to take based on the information available at each stage


PART II: HARVEST SESSION
Each host will summarise their POA of the discussion and present it back to the table participants with comments

Learning outcomes:

  • What immediate actions would you advise your firm to do in the scenario?
  • Hierarchy of response- who are the 1st and 2nd responders?
  • Incident management- how do you assess the impact on your firm?
  • What's your crisis management protocols? What do they look like? 
  • Business continuity planning from employees to infrastructure 
  • What's your loan exposure for customers impacted?

Leader 1: Rae Johnstone, Head of Operational Risk Reporting, BANCO SANTANDER
Leader 2: Chris Lovett, Director, RQA - Technology Risk Management (EMEA & APAC), BLACKROCK

5:25pm

CHAIR'S CLOSING REMARKS

Tom Osborn, Editor, Risk Management, RISK.NET

5:30pm

NETWORKING DRINKS RECEPTION

7:00pm

Private dinner- Invite only

Conference Day 2, 13 June 2018

 

9:00am

Registration and refreshments

9:20am

WELCOME REMARKS

Tom Osborn, Editor, Risk Management, RISK.NET

9:30am

OUT OF INDUSTRY FIRESIDE CHAT: Operational risk in the defence sector

Moderator: Alexander Campbell, Divisional Content Editor, RISK.NET
Amarjit Atkar, Retired Chief Risk Officer, UK MINISTRY OF DEFENCE
Group Captain SA Paterson OBE, Assistant Director (Warfare), UK MINISTRY OF DEFENCE

*Audience Q&A
Submit your questions via sli.do

10:20am

CRO PANEL: Thriving in an era of change and upheaval

  • Do you think the CRO of the future is a technologist?
  • How do other risks (market risk, credit risk) fit in with op risk? How do you deploy resources and capital across the spectrum of risks?
  • Emerging risks:
    • Which of the current and emerging risks- regulatory risk, geopolitical risk, liquidity and systemic risk are of most concerns to CROs? How do you set operational risk appetite to these risk?
    • Managing the emerging customer risk: Protecting customer data and risk mitigation tactics for data breaches
    • How big a risk is social media and instant messaging?
    • Is digital risk a discrete risk type or is it a cause within other existing risk categories?

Cosimo Pacciani, Chief Risk Officer, EUROPEAN STABILITY MECHANISM (ESM)
Struan Fairbairn, Chief Risk Officer (Legal, Risk and Compliance), LOTHIAN PENSION FUND

*Audience Q&A
Submit your questions via sli.do

11:05am

Morning Coffee and networking break

STREAM 1 : Regulation and compliance

11:35am

CHAIR'S OPENING REMARKS

11:40am

SPOTLIGHT ON: GDPR and oprisk

  • The risk-based approach to GDPR- interpretation 
  • What are the top 10 operational impacts of GDPR on financial firms?
  • How do you manage the competing priorities for minimising data for GDPR vs long term modelling for IFRS9 and biz opportunities?

 

5 minute intermission allowing participants to change streams

12:15pm

PANEL DISCUSSION: Strengthening accountability- Senior Managers Regime (SMR)

  • Expectations of the upcoming regulation- what are the conduct rules in place?
  • Evidencing procedures towards compliance
  • The shift to individual accountability and what does this mean for senior managers?

 

STREAM 2 : Preparing for the future

11:35am

CHAIR'S OPENING REMARKS

11:40am

CASE STUDY: Managing and mitigating future operational risk losses

  • Lessons learnt from internal and external events
  • Importance of boundary events and how to identify them
  • Can you correlate losses with macro-economic factors?

 

5 minute intermission allowing participants to change streams

12:15pm

PANEL DISCUSSION: AI for effective ORM

  • How to reduce operational and compliance risks using AI
  • Using cognitive computing to convert data to management action
  • Governance, risk and compliance convergence across cyber risk, model risk, financial risk and IT through AI
  • Does this increase compliance testing methodologies as a result of FX consent order etc.?
  • The use of end user computer management on the road to operational efficiency

Giles Spungin, PhD(Lon), Global Head of Operational Risk and Regulatory Compliance Analytics, HSBC

 

 

STREAM 3 : ORM

11:35am

CHAIR'S OPENING REMARKS

11:40am

PRESENTATION: GRC for the new age firm

  • Step 1: How to implement and embed GRC effectively in an organisation
  • Step 2: How do we make sure a firms GRC framework is actually working?
  • Integrating your firms GRC platform with the other risks including financial risks (credit and market) and IT risks (cyber, data protection)

 

5 minute intermission allowing participants to change streams

12:15pm

PANEL DISCUSSION: RCSAs

  • Do firms use a database / system to record RCSAs? Or is it done "offline"/ user tools?
  • How to view RCSA and granular risk assessment? 
  • What industry tools are used most often to perform RCSAs by most companies?
  • Do you find the 3LOD utilising weak control environments as per RCSAs to focus their testing efforts on?

Sophie Dupré-Echeverria, Compliance & Operational Risk Control - Executive Director, UBS AM
Georgia Simmons, VP, Operational Risk RCSAs, BARCLAYS
Danny Frost, Head of Operational Risk Management EMEA & APAC, AIG ASSET MANAGEMENT (Europe)

 

 

STREAM 4 : Technology Innovation

 11:40am

FINTECH HUB

At the event to shop and not just network? Then this is your time-saving opportunity to experience a live demonstration of ORM products that stand out for innovation. Compare the leading vendor risk management, GRC and ORM platforms on our exhibition floor

 

5 minute intermission allowing participants to change streams

12:15pm

FINTECH HUB

At the event to shop and not just network? Then this is your time-saving opportunity to experience a live demonstration of ORM products that stand out for innovation. Compare the leading vendor risk management, GRC and ORM platforms on our exhibition floor

1:05pm

LUNCH AND NETWORK

Advice sharing and networking tables over lunch: Have a seat at a table to share your experiences with fellow peers and give advice on everything from the SMA to recruiting millennials.

2:05pm

SPOTLIGHT ON:

Speaker TBC, NASDAQ BWISE

*Audience Q&A
Submit your questions via sli.do

2:35pm

C-LEVEL PANEL DISCUSSION: Risk Culture- Where to from here?

  • How has the definition of conduct and culture changed over the years? Is conduct risk going to become a bigger focus for organisations in the year to come? 
  • Identifying metrics to measure how "op risk aware" a firms culture is
  • Who owns risk culture within firms? Is it 1LOD, 2LOD or 3LOD? Or is it embedded divisionally?
  • Regulatory expectations and strengthening accountability- what are the conduct rules in place with SMR?

Moderator: Rajat Baijal, ‎Head of Enterprise Risk, CANTOR FITZGERALD
Paul Kelly, CCO Europe- GCCO Office, HSBC 

 

3:20pm

AFTERNOON COFFEE AND NETWORKING

1-2-1 Meetings: These bespoke meetings held in the dedicated meeting zone will provide you with the opportunity to address your specific concerns and challenges

3:50pm

WRAP UP PANEL: OpRisk Europe 2018- what are the key takeaways and industry view on the most critical op risk events over the past year

Featuring members of the 2018 Advisory Board

Steven Portway, Group Head of Operational Risk Framework, Policy and Conformance, BARCLAYS
Veronica Lazenby, CAO & EMEA Head of Operational Risk, BNY MELLON
Paul Neale, Head of Operational Risk, MIZUHO INTERNATIONAL

4:35pm

CHAMPAGNE KEYNOTE ADDRESS: Future outlook- Cyber threat landscape

Royce Curtin, Managing Director of Global Intelligence, BARCLAYS

5:05pm

CHAIR'S CLOSING REMARKS

Tom Osborn, Editor, Risk Management, RISK.NET

5:10pm

END OF CONFERENCE