Agenda

agenda

Day 1 

Tuesday 17th September 2019

09:00

Registration and refreshments

09:30

Non-Financial Risk: Background, Governance and Types

  • Background – drivers of risk management, high levels of enforcement and fines
  • What are the regulators expectations and definitions for governance
  • What are the differences for banks, asset management and/or insurance?
  • Setting out building blocks for effective risk governance
    • Common language around risk
    • Risk management steering committees
    • Roles & responsibilities of board, senior management, support functions, internal audit and compliance, risk management etc.
  • What are the types of non-financial risk? Model risk, operational risk etc.

Speaker Kellie Bickenbach, Head of Operational Risk Oversight, Fannie Mae

11:00

Morning break

11:30

Enterprise Risk Management

  • Value of ERM
  • Elements of an effective ERM framework
  • Integrating ERM with corporate strategy
  • Setting up a ERM framework
    • Defining scope
    • Mapping risk
    • Action plans
    • Automation
    • Monitoring and measuring
  • Risk insight and transparency

Speaker: Gemini Yadav, Enterprise Risk Management Audit Manager, Signature Bank

13:00

Lunch

14:00

Op Risk and Non-Financial Risk Management Frameworks

  • Implementing ORM and NFR frameworks
  • Linking to risk appetite framework
  • Creating taxonomies where none currently exist
  • Creating an integrated approach to NFRM;
    • An enhanced governance framework
    • A set of enablers
    • Changes in the front office approach and mind set
  • Effective risk assessments
  • NFR framework – lessons learnt
  • Increasing awareness of NFR

Speaker: Stephen Woitsky, SVP, Operational Risk Group Manager, Bank of the West

15:30

Afternoon break

16:00

Operational Resilience 

  • What is operational resilience?
  • Regulatory expectations
  • Governance arrangements and overall approach
  • Strengthening existing mitigating frameworks (e.g. BCP)
  • Outsourcing dependency
  • How can you ensure continuing resilience in a cost-cutting environment?
  • How can existing risk frameworks be used to manage resilience risk (e.g. KRIs for impact tolerances) - class to share experiences
  • How frequently and to what extent should resilience be tested?
  • Current status and next steps in the operational resilience roll out (class to share experiences)

17:30

End of day one

Day 2

Wednesday 18th September 2019

09:00

Refreshments

09:30

Approaches to Building and Maintaining a Successful Conduct risk Framework and Program

  • Senior Management Buy-In, Stakeholder Management, Budget, Timelines and Responsibilities
  • Selection of models and processes and application into RCSA
  • Methods of measurement (employee breaches and loss event reporting etc.)
  • How HR performance management and compensation plays into driving behavior
  • Conduct risk Analysis and understanding of behavioral drivers to better educate employees and better understand risk culture

Speaker: Tanya Weisleder, Global Head Conduct Risk, Credit Suisse

11:00

Morning break

11:30

Cyber Risk and InfoSec

  • Cyber risk, risk management and governance
  • The differences between IT risk, cyber risk, security risk and other related risks
  • How do IT risks fit into the context of the business?
  • Engaging the board – who is responsible for cyber?

13:00

Lunch

14:00

Outsourcing and Third-Party Risk Management

  • Overview of vendor partnerships and associated risks
  • Selecting a vendor partner
  • Designing the technical and business process interface with the vendor
  • Integrating vendor's risk management procedures and practices
  • Merits of Conducting joint incident response exercises
  • Continuous management of the risk profile
  • Risk managing vendor sub-contracting (fourth party risk)

15:30

Afternoon Break

16:00

Data Analytics

  • Moving to evidence based risk assessment
  • Importance of a common taxonomy (risk, root cause and assessment unit) to tie indicators together
  • What are some of the key data sets and why are they valuable
  • Eg. Risk assessment results, incidents (int / ext), metrics, controls assessment, issues/actions, vendor risk etc.
  • Looking across risk dimensions – 3rd party, compliance, HR, tech etc.
  • Some interesting techniques to identify risk concentrations and more forward looking read across
  • Linkage to resilience (i.e. before it goes wrong)
  • Opportunities for risk incentivisation
  • Possible application to capital
  • Key challenges

Speaker: Aengus Hallinan, Managing Director, Group Head of Operational Risk Management, Credit Suisse

17:30

End of Course