Agenda: Operational Risk Management, online course

Agenda timing is in BST
Session one - 2pm BST/ 9am EDT
Session two - 3.15pm BST/ 10.15am EDT
End - 4.15pm BST/ 11.15am EDT

Day One: Tuesday, May 26, 2020


Building an ORM framework

14:00 - 15:00

  • Governance of operational risk

  • Understanding the losses that can occur

  • Relationship between 1st and 2nd lines of defence

  • Business value of ORM

  • Creating an integrated approach to operational risk

  • Challenges and opportunities for ORM frameworks

Jeremy Holmes

Director, advisory & oversight, GRM operational risk, corporate functions


Jeremy is Director, Operational Risk, Corporate Functions at RBC.  Within his current role, Jeremy is responsible for providing Oversight and Challenge to RBC’s Technology and Operations, Human Resources, Finance, Group Risk Management, Compliance, AML, Internal Audit and a collection of units within the CAO globally.  Jeremy has 20 years of financial industry experience, including 7 years in reporting and oversight roles in the CAMLO office of RBC, 5 years as an Operational Risk Advisor at TD and RBC, and 3 years in Internal Audit at TD Financial Group.   His team has successfully rolled out a Program Maturity Assessment across the Corporate Functions at RBC to objectively evaluate the breadth and maturity of the Operational Risk Program in each unit, thereby allowing management and the lines of business the ability to understand the level of embeddedness of the Operational Risk Management program in Corporate Functions.

Mike Brunetto

Associate Director, GRM Operational Risk, Corporate Functions


Michael is currently an Associate Director of Operational Risk, Corporate Functions at RBC.  Within his current role, Michael is responsible for providing Oversight and Challenge to RBC’s Human Resources, Finance, Group Risk Management, Compliance, AML, Internal Audit and the Office of the CAO.  Michael has over 20 years of both financial and insurance industry experience, including the last 4 years in a second line capacity at RBC.  Michael has been an integral partner in the successful roll out of the Program Maturity Assessment across the Corporate Functions to objectively evaluate the breadth and maturity of several Operational Risk Programs in each unit.



15:00 - 15:15


The emergent nonfinancial risk environment: perspective towards 2030

15:15 - 16:15

  • How is the nonfinancial risk profile evolving?

  • The coalescence of nonfinancial risks and how to manage it

  • How the demands of the emergent risk environment may impact the lines of defence model

  • Organizational conditions that must be put into place now

  • Ensuring compliance to guidelines

  • Looking at operational risk going forward

Tanna Brodbar

Vice president of operational risk management

Great-West Lifeco


End of day one

16:15 - 16:16

Day Two: Wednesday, May 27, 2020


Incident management perspective

14:00 - 15:00

  • Incident and loss management approaches and processes

  • Should we incorporate near misses?

  • Implementation of new incident systems

  • Regulatory loss event reporting to regulator

  • Internal vs external loss events

Sergio Ledesma

Senior advisor operational risk management

Laurentian Bank of Canada

Sergio currently supports the design and implementation of the Operational Risk Management Framework at Laurentian Bank. In his role within the Second Line of Defense, he helps business units and corporate functions identify key risks and properly assess them to ensure the achievement of the Bank’s strategic goals.

Sergio holds an MBA from the University of St. Gallen in Switzerland and a Master’s in Financial Markets from the Instituto de Estudios Bursátiles in Spain. He completed his Bachelor’s in Economics in the Dominican Republic. After 13 years in the financial services industry in Europe, he joined Scotiabank as an Operational Risk Manager where he led the enhanced implementation of the Operational Risk Management Framework in the Caribbean.

Passionate volleyball player, enthusiast of foreign languages, cultures and gastronomy.



15:00 - 15:15


Understanding risk culture

15:15 - 16:15

  • What does a good risk culture look like?

  • Risk culture framework

  • Internal and external factors affecting risk culture

  • Effective tools for managing and assessing risk culture

  • An integrated approach to risk culture change

David Lannoy

Associate director

Chapelle Consulting

David Lannoy has a vast experience in Risk Management gained in 15 years of working in various sectors of industry such as transport, finance and telecommunication. His achievements include: developing an Enterprise Risk Management approach in a technology firm providing payment services; bringing operational risk management and business continuity to a higher level in financial companies; implementing criminal risk assessment and terrorist threat assessment for the public sector, designing and facilitating RCSA workshops in entreprise-wide projects.

David holds a Master degree in Political Sciences, Certificates from high-profile Risk Management courses. He has been admitted to join The Institute of Risk Management in London as a Specialist Member and has also become Certified ISO 31000 Risk Manager and Certified ISO 31000 Lead Trainer. He is a regular guest lecturer and master thesis supervisor at the HEG Geneva School of Business Administration and contributes to professional publications.


End of day two

16:15 - 16:16

Day Three: Thursday, May 28, 2020


Assessing your risk appetite

14:00 - 15:00

  • Definitions and governance

  • How to assess your risk appetite and the factors affecting it

  • Understanding what your risk profile is against your risk appetite

  • Quantifying qualitative operational risk

  • How to utilize risk appetite to drive forward business strategy and decisions

Leeanne Barnes

Director, enterprise and operations risk management,

Ontario Teachers’ Pension Plan

Leeanne Barnes is a seasoned risk management professional with over 20 years of experience in various industries.  Prior to joining Ontario Teachers' Pension Plan in 2013, she held roles of increasing responsibility at ING DIRECT, including leading and maturing  the Operational Risk Management function, Fraud Detection, Information Security, Business Continuity, Sarbanes Oxley, Outsourcing, Procurement, and Special Projects.  Through this time, Leeanne also worked closely with Canadian and European Regulators.  Prior to ING, Leeanne spent five years at Deloitte, assisting clients in the Risk Consulting and Regulatory Services space.

Leeanne is currently the Director of Enterprise and Operational Risk Management at Ontario Teachers' Pension Plan.  Leeanne works closely with the Board and Executive Team to provide a consistent approach to effectively understand, measure, report and manage / mitigate new & emerging enterprise and operational risks.  She also supports the enterprise view of risk appetite, and supports the Board and Management Committees in overseeing important enterprise risks. 



15:00 - 15:15


Cyber security and cyber risk

15:15 - 16:15

  • Introduction to cyber security

  • Where do cyber security and operational risk management meet?

  • How do cyber security and cyber risk affect one another?

  • Aligning operational risk and cyber security processes

  • Managing risk associated with AI

Flavius Plesu

Former head of information security, Bank of Ireland

Founder, OutThink

•   Former Head of Information Security, Bank of Ireland
•   Founder, OutThink
•   Security Behaviour Practitioner, Research Institute in Science of Cyber Security (RISCS)

As Head of Information Security of Bank of Ireland, Flavius was responsible for all aspects of information security risk and compliance as well as managing the information security improvement programme. Having successfully built security culture and behavioural change programmes from the ground up Flavius brings an often opinionated and forward thinking view of assessing and managing human risk, but is able to do so with humour and pragmatism (mostly). An international public speaker Flavius contributes to a number of industry forums and events, openly sharing knowledge and best practice. 

Flavius is also the Founder of OutThink and Research Institute in Science of Cyber Security (RISCS) Practitioner. The primary objective of the Institute is to develop novel, innovative social-science and socio-cultural techniques for cyber security.


End of day three

16:15 - 16:16

Day Four: Friday, May 29, 2020


Third party risk management

14:00 - 15:00

  • Third party risk management cycle

  • Indicating key third party management risks

  • Reliance on vendors to provide services

  • Focusing on third parties posing the greatest risks

  • Internal vs external outsourcing

  • Risk assessment, effective controls, best practices

Matthew Moog


Ernst & Young

Having been with EY for over 17 years, Matthew is the EY Global Third-Party Risk Leader in Financial Services.

His role has afforded him the opportunity to grow and develop EY people, services and the EY brand within the market on a global scale.

He has led multi-year global transformations for some of the organization’s largest clients and is currently leading disruptive efforts within the marketplace around collaboration and Managed Services.

Matthew received a BS in Management from Rensselaer Polytechnic Institute.

How Matthew is building a better working world

“As a leader of the Third-party Risk Management (TPRM) services, we live our values daily. More specifically, in my role as a global leader, we have a big focus on strengthening the EY brand globally while empowering EY efforts locally. We truly operate as a global organization and routinely provide mobility opportunities to integrate the teams globally. In addition, we are leading disruptive efforts in the TPRM space; changing the way financial services organizations execute third-party assessments in a collaborative manner.”



15:00 - 15:15


Operational resilience

15:15 - 16:15

  • Understanding regulatory requirements

  • Operational resilence vs business continuity management 

  • Determining impact tolerance

  • Making sure the bank as a business can still operate

  • Establishing appropriate crisis management 

Katherine Macpherson

National non-financial risk leader | Financial services advisory

Ernst & Young

Katherine works in the Financial Services Advisory practice of Ernst & Young. She leads the Non-Financial Risk practice in Canada, specializing in operational risk, regulatory compliance, culture and conduct, and enterprise risk management. With 12 years of experience at the Office of the Superintendent of Financial Institutions (OSFI), and over 7 years of Risk Management experience in the banking and insurance industries, Katherine has a deep first-hand practical understanding of regulatory requirements and leading risk management practices.

Katherine is also an advisory board member and regular instructor at Osgoode Law School’s regulatory compliance certification course and York University’s Insurance Risk Management diploma course, and participates as guest speaker at the Basel Committee on Banking Supervision’s (BCBS) operational/cyber risk working group meetings, on the topic of resilience

Diana Halder


Ernst & Young

Diana Halder is an executive in the financial services industry.  She has over 12 years of experience in payments product innovation, product management, payments strategy and large scale program delivery.

Diana works primarily with Canadian and US banks and Fintechs to bring them in-depth knowledge and experience with-in the commercial and retail payments domains.  She is actively involved with initiatives that examine the resiliency of the Canadian financial services industry. 

Diana is also a member of Canada’s Standards Council where she works to develop national standards for financial services APIs to enable open banking solutions in Canada and globally. 


End of course

16:15 - 16:16