Agenda

Agenda

Day one - Wednesday 20 November 2019

8:30

Registration and Refreshments

9:00

Governing, creating and implementing an op risk framework 

  • Background – drivers of risk management, high levels of enforcement and fines
  • Designing effective op risk governance:
    • Common risk language
    • Risk management steering committees
    • Linkage to policy framework
    • Building blocks for information security risk
    • Roles and responsibilities across the board
  • Implementing a proper first, second and third LoD
  • Non-financial risk, enterprise risk & op risk – differences and similarities
  • Creating an integrated approach to op risk
  • Challenges and opportunities for op risk frameworks

10:30

Morning Break

10:45

Risk Appetite 

  • Definitions and governance
  • How do risk appetite frameworks differ across financial services (banks, asset managers, pension funds, insurers?)
  • Who should own the risk appetite? First or second LoD?
  • Statements on risk appetite
  • How can you utilise risk appetite to drive forward business strategy and decisions?
  • Key risks and controls in relation to key effectiveness testing

12:00

Lunch

1:00

RCSAs 

  • What is a risk (including cause and effect) and what are controls?

    • Control environment
    • Characteristics of a good control
    • Objectives of a control
  • What is an RCSA, what is the purpose and added-value?
  • What are important elements of the set-up and process flow regarding RCSAs?
  • What does the effective use of an RCSA within an integrated ORM framework look like?
  • How can an RCSA be maintained most effectively?
  • What are common pitfalls regarding RCSAs?

2:30

Afternoon break

3:00

Incident management perspective – loss events 

  • Defining and implementing incident & loss management approaches and processes
  • Should we incorporate near misses?
  • Agile/scrum implementation of new incident systems
  • Regulatory loss event reporting to regulator
  • Internal vs. external loss events

4:30

End of Day One

Day two - Thursday 21 November 2019

8:30

Morning Refreshments

9:00

 KRI deep dive

  • The characteristics of a good KRI and preventative KRIs
  • Comparisons between KPIs and KRIs and reference to corporate strategy
  • KRI design
  • How can you leverage existing business processes?
  • Maximising op risk efficiency through revamped KRIs
  • KRI governance and reporting

10:30

Morning Break

10:45

Risk Culture

  • What does a good risk culture look like?
  • Creating a risk culture framework
  • Understanding internal and external factors affecting risk cultures
  • Managing risk cultures: effective tools
  • Assessing risk culture
  • Risk culture change with an integrated approach

12:00

Lunch

1:00

IT, cyber risk and AI 

  • IT security as seen through the eyes of an op risk manager
  • Where do IT security and op risk meet?
  • Aligning op risk management and cyber security processes
  • Information security
  • The impact of AI technology in operational risk

2:30

Afternoon Break

3:00

Regulatory context  

  • Regulation and operational risk – how we got here
  • Key areas of regulatory focus and expectations including:
    • Conduct
    • Operational resilience
    • Vendor management
    • Cyber
    • Organisational change
  • Regulation – the future

4:30

End of Course