Draft Agenda

Workshops Days: 

June 17 2019: 
1. Cyber risk quantification 

2. Risk Identification - Aymeric Kalife, Head of Inforce & Product Management, Group Risk Management, AXA

June 20 2019
1. Risk culture and reputational risk
2. 3rd party Risk Management and Setting Risk Appetite


Day 1: 18 June 2019


Breakfast Clinic: IBM Briefing.

**This is an invitation only**
If you are interested in attending please send an email to                              


Registration and Continental Breakfast


Chair’s Opening Remarks and Live Audience Poll Envisioning NextGen OpRisk

  • Is your firm currently developing an advanced operational risk framework?
  • Is operational risk helping to inform your business critical decisions? 
  • How heavily are you investing in cognitive advances? 
  • If you were to choose one key challenge that keeps you awake at night, what would it be?

Get involved! The audience is encouraged to participate via our interactive and completely anonymous SLIDO polling application.


Editor's Welcome: Key Industry Trends

Duncan Wood, Editor-in-Chief, RISK.NET


Opening Address: Concentration Risk and OCC’s Heightened Standards for Monitoring and Reporting

  • Where does OCC see risks concentration across different risk categories?
  • Common trends and risks that stand in silo
  • How banks can effectively use machine learning and third party services
  • Preparing for an array of potential scenarios



The CRO’s Perspective: The Chief Risk Officer’s Top Priorities for 2019/ 2020

  • What keeps us awake: the crucial risks that are every CRO’s nightmare
  • Why it’s all about cybersecurity
  • Emerging tech: innovation as a conduit for new opportunities… and challenges
  • Managing the evolving regulatory landscape


CRO Panel: The Drivers Shaping Operational Resilience … and How Top Firms Are Moving Beyond Risk-Resilience Silos

  • What does robust crisis management look like? How are firms developing operational resilience?
  • How can organizations meet specific resilience requirements?
  • Effectively developing resilience for your third parties: how can firms ensure their practices are robust enough?
  • Operational resilience as a competitive advantage: why your competitors are putting resilience first  Moving beyond risk-resilience silos: developing robust practices and synergies
  • Resilience as a top priority for CROs

Panellists include:

Jean-François (JF) Bureau, Senior Vice President and Chief Risk Officer, PFP Investments


Fireside Chat: Confidently Managing Risk in an Evolving Regulatory Environment

Bala Ayyar, Managing Director, Chief Data Officer - Americas, Société Générale


Morning Coffee Break and Speed Networking

Stream 1: Advanced Operational Risk Management


Opening Panel: Maximizing the Benefits of an off-the-shelf OpRisk Framework

  • If you had no pre-existing OpRisk framework, what would you establish first?
  • Analysis of the different frameworks being practiced and the potential benefits for your organization
  • Taxonomies that should be implemented in order to make the most out of your framework
  • What are the key risks you would establish for this framework?

Jay Newberry, Managing Director, Operational Risk Management, Citi

Panellists Include: 
Gustavo Ortega, Head of Technology, Innovation and Operations Risk Management, Voya Financial

Penny Cagan, Managing Director, MUFG


Panel: Innovating GRC: How Key Technologies are Revolutionizing this Space

  • Moving towards a more streamlined GRC: how are key advancements encouraging simplification?
  • More intelligence and less workflows: gleaning pivotal risk insights from data
  • GRC cloud infrastructure: simplifying deployment and decreasing costs


Michael Colasso, Head Of Enterprise Operational Risk, SunTrust


Fireside Chat: Unleashing the Potential for Next Generation GRC

  • AI and cognitive process as a conduit for transformation
  • The emerging challenges driving GRC innovation
  • Cloud computing and the impact on GRC
  • Benefiting from advanced analytics and cognitive capabilities

Bala Ayyar, Managing Director, Chief Data Officer - Americas, Société Générale
Anne-Sophie Gug Christ, Program lead – GRC, Société Générale

Stream 2: Operational Risk Measurement


Opening Panel: CCAR Results Analysis: Were the Quants Right?

  • An analytical discussion of the early results of the SMA versus new developments in operational risk measurement
  • Capital calculation for operational risk and meeting regulatory requirements: what your organization needs to be considering

Panellists include: 

Nedim Baruh, Managing Director - Head of Operational Risk Measurement and Analytics, JPMorgan Chase


Presentation: SMA and Stress Testing Methodologies for Operational Risk

  • Econ capital and the different approaches to stress testing

  • Did any organizations fall short of these calculations?

Hakan Danış, Macroeconomic Scenarios, Director, MUFG Union Bank

Stream 3: Regulatory Expectations


Opening Panel: 3rd Party Risk and Re-Designing the Pre-Existing Risk Processes to Meet Regulatory Expectations

  • How have regulatory expectations increased?

  • Meeting the regulatory pressures under a costs constrained budget

  • Sourcing third parties in the evolving tech and AI landscape

Panellists Include: 

Daniel Navarino, Expert Advisor for Third Party Risk, Finance, Strategy, and Controls, former Global Process Owner, Third Party Risk, Citi


Spotlight Session: How to Effectively Set the Risk Appetite for 3rd Party Dependence

  • How do you articulate 3rd parties to regulators?

  • How can your organization prepare different scenarios for the potential risks involved?

  • Outlining your BCM plans

  • Identifying crucial KRIs

Stream 4: Cyber Risk North America


Chair's Opening Remarks


Opening Keynote: Setting the Scene for the Future of Cyber Risk

  • Envisioning the future of cyber threats and risks
  • Data as the top asset
  • Banks as digital entities
  • Emerging tech in a hyper connected landscape


CISO PANEL: Maneuvering Cyber Security in the Era of Technical Innovation

  • Digital transformation as a conduit for risk
  • Developing risk appetite limits for security risk
  • Opportunities related to data aggregation and intelligence gathering tools to help manage security risks
  • Identifying risk for information assets
  • Thinking next generation cybersecurity
  • Mitigating risk in a super connected landscape: how are innovations such as IoT going to impact cyber risk?


Morning Coffee Break and Speed Networking


Panel Discussion: Resolutely Managing and Modelling Cyber Risk

  • Applying scenario modelling to cyber risk: why cyber risk modelling is still a challenge
  • How can risk models effectively and accurately capture cyber risk?
  • Applying stress testing and scenario analysis to cyber risk
  • Assessing risk on an annual basis


Presentation: The Data Conundrum: Preparing for California Privacy Laws (CCPA), CASL, GDPR and Mifid Compliance

  • Balancing and managing reputational risk
  • Privacy laws enforcement in the US: what your organization might not be considering
  • Fintechs and data privacy laws: can innovation in financial services coexist with data privacy laws?
  • First California, Vermont and who’s next?
  • Mitigating against wire fraud and business email compromise issues: key considerations


Presentation: Effectively Manoeuvring Cyber Theft, Unauthorized Access and Accidental Disclosure


Lunch and Themed Discussion Roundtables

a) Effectively Establishing an Inclusive Approach to Diversity in Risk

b) CCAR Results and Analysis: Were the Quants Right?

c) 1LOD and 2LOD: Who Owns the Controls?

d) IT, Cyber Risks and Failures: How Prepared is Your Organization?

Each roundtable is led by an industry specialist focusing on the key issues pertaining to each roundtable.

Stream 1: Advanced Operational Risk Management


Panel: Risk Identification: Combining Top Down and Bottom Up Views

  • Pinpointing what makes risk identification such a challenge and why
  • How do you incorporate RCSAs?
  • Defining crucial processes in relation to risk identification
  • How do you overcome the myopia of a granular view?


Presentation: Establishing Risk Taxonomies that can be Used Across the Industry

  • How can organizations effectively identify and capture losses?
  • What are the typical risk categories that this will encompass?
  • What key sets of definitions are being carved out?


Panel: Credible Challenge and the Second Line

Deborah Hrvatin, Managing Director, Citi
Dolores (Lori) Miller, Managing Director, AIG


Presentation: Increased Efficiencies for Setting the Right Risk Appetite Limits

  • Developing robust scenario analysis for different risk appetite levels
  • Amalgamating risks and analysing metrics used under different challenges
  • Moving towards new linkages across different elements that can improve risk identification within your organization
  • How can your company better link operational risk framework?

Stream 2: Operational Risk Measurement


Presentation: Structured Scenario Analysis

  • What does it mean if we moved away from AMA? What implications will this have?
  • Do we still need modeling? Is modelling becoming obsolete?
  • Regulatory model and exposure to measurement and modeling
  • Quantifying exposure with historical data as well as projected losses: What is more actionable?


Deep Dive: How to Cater your Operational Risk Framework

  • Implications for retail banks vs large banks
  • The ins-and-outs of requirements and regulations
  • Who is regulated and how?
  • Learn from key examples of effective operational risk management

After a brief 10 minute overview, this is an interactive session that will be held as a Q and A with an ORM specialist. Questions are to be submitted via slido.

Stream 3: Regulatory Expectations


Deep Dive: Analysing the Regulatory Definition of 1LOD

  • 1LOD vs 2nd LOD – who is owning the controls and making sure everything is working as usual
  • Whose responsibility is it to ensure the risk appetite is maintained?
  • Testing appropriate controls: how do you pick which controls to test and how do you choose monitoring versus testing?
  • Are there ways to automate these processes?

After a brief 10 minute overview, this is an interactive session that will be held as a Q and A with an ORM specialist. Questions are to be submitted via slido.


Presentation: New Economic Rules, Ties and Tariffs: How Can Your Organisation Prepare?

  • Systemic risks and anticipating the impact of Brexit
  • Regulatory relief? Analysis of current amendments to the Dodd-Frank reform
  • Amid amendments, understand how this will impact the industry and the resultant initial feedback

Stream 4: Cyber Risk North America


Spotlight Session: Taking an Integrated Approach to Enterprise Wide Cyber Risk

  • Identifying how you can fend against a potential cyber-attack and ensuring your organization is up to speed with all contributing risk factors
  • Preparing your organization for cyber-attacks: how you can minimize the risk and what you need to know in the event of an attack
  • Minimizing the potentially lasting impact of a cyber-attack: it’s all about immediate action


Panel: Effectively Managing Third Party Cyber Security

  • Developing robust governance models
  • Employing the appropriate processes to mitigate against risk
  • Gaining visibility and monitoring of sub-contractors engaged by third-parties.


Fireside Chat: What Can the Industry Learn from IT Failures and Breaches?

  • Developing a robust internal strategy to help elevate risk should there be an IT failure
  • Learning from past failures: what key takeaways can be identified in order to better your strategy and approach?
  • Drilling down into areas that are often overlooked: prioritizing upgrading your legacy infrastructure and rating your key priorities


Afternoon Coffee Break and Knowledge Cafes

Grab a coffee and join a table of your choice in the exhibition area to share ideas, questions, and developments all while you network with your fellow industry specialists.

Keep up to speed with crucial industry developments by joining one of our Knowledge Cafes led by our leading specialists:

a) Developing Robust Operational Resilience

b) Effectively Managing 3rd party vendor risk

c) Keeping up-to-speed with Evolving Regulation

d) Unleashing the Potential for Data, AI and Machine Learning

e) LIBOR: how will this impact us and where do we start?



Live Debate: Moving Beyond the FinTech Hype

  • The current technologies revolutionizing the operational risk space and helping organizations better deliver on their KRIs
  • AI, machine learning and data as a conduit for change: identifying the technologies adding true value to operational risk
  • How much has technology changed the role of specialists working in operational risk?

Angel Lorente, Americas Finance Innovation Leader, Morgan Stanley


Power Panel: The Libor Transition: How Leading Firms Are Preparing for A Post Libor World

  • Transitioning to a reliable benchmark
  • Broad market adoption of RFRs
  • Realigning legacy contracts
  • Envisioning the ideal end game


Power Panel: Identifying and Anticipating Geo Political Risks and Balancing Market Exposure

  • Uncertainty around regulation and political atmosphere across the globe: how can your organization prepare in an era of flux and constant change?
  • How can your company successfully govern the business during political gridlock?
  • During a time of upheaval, identify how your organization can prioritize and evolve the OpRisk program

Panellists include:
Hakan Danış, Macroeconomic Scenarios, Director, MUFG Union Bank
Manan N. Rawal, EVP - US Head of Model Risk Management, HSBC


Closing Remarks


Drinks Reception

In Partnership with EY

Day 2: 19 June 2019


Breakfast Clinic: Nice Actimize

**If you would like to attend this session please send an email to Your name will be added to the guest list.** 

Session to be confirmed shortly


Registration and Continental Breakfast


Chair's Opening Remarks:

Duncan Wood, Editor-in-Chief, RISK.NET


Keynote Fireside Chat: Technology and the Future of Operational Risk

  • How does the operational risk department view the potential for technology?
  • Where do technologies such as AI, Machine Learning and Robo-Advisors, sit on the myriad of priorities?
  • Anticipating a revolution: What will operational risk management look like 5 years down the line? What key innovations can we anticipate in the near future?
  • How does technology change the dynamic of risk?


Spotlight Session: Unleashing the potential for AI in OpRisk

  • Importance of Artificial Intelligence and Machine Learning techniques and technologies to firms of all sizes and scales
  • Leveraging these techniques to improve efficiency and effectiveness in ORM
  • How to govern and control the risks these techniques introduce to the enterprise


Power Panel: Innovating Operational Risk with AI

  • Making tech tangible: Visualizing the use robotics and AI in operational risk arena
  • What are some of the advances in the controls library and key words text analysis?
  • AI that identifies the various risk groups that are not possible to achieve manually
  • How can your organization effectively employ AI to understand these groupings?
  • Using AI as an approach to monitoring
  • Automating reconciliation: benefits versus challenges
  • How can you manage risk whilst implementing new technology
  • To what extent are businesses investing and researching applications for AI?
  • What, if anything, could potentially hold AI back in the space of operational risk?

Panelists include:

Emil Matsakh, Chief Analytics Officer, Commonwealth Bank of Australia Professor Ina Wanca, New York University

Gordon G Liu, Executive Vice President, US Head of Global Risk Analytics, HSBC


Power Panel: What’s Worked, What Hasn’t, and How To Streamline What’s Necessary


Ken Abbott, former Managing Director, IHC CRO, Barclays


Presentation: Taking a Pragmatic Approach to KRIs

  • How can firms effectively and accurately interpret results?
  • Managing the volume of data and effectively measuring results to provide achievable actions
  • Identifying the threshold and reporting methodologies

Graeme Farrell, Managing Director - Chief Operational Risk Officer, AQR


Morning Break and Knowledge Cafés

Grab a coffee and join a table of your choice in the exhibition area to share ideas and network with fellow industry professionals.

a) Robust Change Management

b) Managing Risk Culture

c) KRIs and RCSAs

d) Operational Risk as a Value Add

Stream 1: Change Management


Opening Fireside Chat: Boundaries Risk: Segregation of duties between 1st and 2nd Lines of Defense

  • Internal control testing and its remit
  • Are they truly independent?
  • Which are, or are not, robust?
  • Ownership and execution where is most appropriate


Panel: Systemic Risks and the Greater Implications for Operational Risk Management

  • Anticipating the unimaginable: What kinds of risk could be on your horizon?
  • Mitigating against cascading failures where safeguarding the market as a whole simply isn’t plausible
  • Preparing your organization internally: moving beyond rules and policies


Spotlight Session: Taking an Integrated Approach to OpRisk Management with a Dynamic ERM Function

  • ORM versus ERM: the role of operational risk in ERM
  • Key considerations for organizations working on their ERM function


Fireside Chat: Taking a Dynamic Approach to AML and Financial Crime

  • How are leading organisations improving their approaches to managing financial crime and inspiring auspicious behaviour/ practices?
  • Managing risk with high standards for AML systems
  • Automation and innovation in the move towards more diligent practices

Talal Mahmud, Regional Head Financial Crime Compliance (Trade), Standard Chartered

Stream 2: OpRisk as a Competitive Advantage


Opening Panel: Successfully Managing the Risk Appetite at the Business Level

  • How are various firms approaching risk management at the business level?
  • What are the implications to the overall growth of the business?
  • Demystifying operational risk and achieving corporate buy-in to the operational risk framework


Fireside Chat: Promoting an Ethical Risk Culture in your Organization

  • How can you promote an ethical culture within your sales and client facing role?
  • Taking a top down approach: influence starts from the top

Bonnie Frank, Vice President, Enterprise Risk and Crisis Management, PSP Investments


Panel: Demonstrating and Measuring Excellence in OpRisk

  • Ensuring your organization can see clear achievements and identify the benefits to the overall business as a unit

  • Successfully qualify how your OpRisk framework has held up to your KRIs

  • Facilitating a culture of knowledge: OpRisk as a business critical function


Fireside Chat: Attracting a Dynamic Workforce in the Era of Innovation

  • Attracting, training and retaining talent in a competitive work environment
  • Making the finance industry attractive for techies

Stream 3: Setting Appropriate KRIs and RCSAs 


Opening Panel: Determining the Right Balance for RCSAs

  • What are banks doing differently around RCSA?
  • What is the right assessment and how can it be achieved?
  • How can your department integrate better with compliance and internal controls to provide a comprehensive view and achieve sign off?

Panellists include:
Matt Duditch, Senior Vice President, Operational Risk Management & Risk Management & Compliance Chief Risk Officer, U.S. Bank


Fireside Chat: Getting RCSAs Right

  • Identifying the benefits of questionnaires and process controls
  • Systems available to process controls effectively
  • Identify how leading firms are capturing high volumes of risk event data
  • How are firms able to amalgamate this risk data with the general ledger?

Stream 4: Cyber Risk North America


Opening Panel: Cloud Based Computing and Third Party Risk Management

  • How are leading firms managing, storing, moving (…or not moving) data?
  • What impact has cloud providers had on operational risk and how are organizations managing this?
  • What pivotal grey areas still remain in determining the risk of cloud based computing and third party providers?


Presentation: Effectively Mitigating Risk in the Cloud

  • Assessing risk in the cloud
  • Revisiting cloud usage culture
  • Audits rights for cloud providers
  • Don’t get left behind: how the cloud paradigm has changed the way we operate


Presentation: Recovering from Reputational Damage After a Cyber-Attack

  • How do you re-establish your reputation?
  • What is the acceptable level of cyber risk?
  • Insurance for cyber risk: what should be on your radar
  • Managing cyber risk with hardware and software


Networking Lunch and Live Demos


War Games:

How resilient is your organization? Disaster recovery and business continuity in operational and cyber risk


Out of the Box Perspective: Managing Non-financial Risk – Lessons Learned from Outside the Finance Industry

Identifying common taxonomies, core principles and different level of maturity at corporate companies.


Power Panel: Technology Risk Management and the Relationship with Operational Risk

  • Thinking tech: why technology is synonymous with the modern bank and what this means for risk
  • Identifying critical operational risks within the capacity of new tech: disruption of typical processes outsourced to vendors, consumer and employee data and denial of service attacks
  • How are leading banks managing the myriad of new applications?
  • New roles and responsibilities emerging from technical innovations and upgrades to infrastructure

Michael Barry, Executive Director - Head of Operational Risk and Information Security, Natixis


Coffee Break


2019: Risks and Opportunities from a Front Office Perspective

Kevin D. Mahn, President and Chief Investment Officer, Hennion & Walsh Asset Management


The Time Capsule Panel: Thinking 2020 and Beyond

  • What role can we expect operational risk to play over the next 5 years? 10 year and beyond?
  • Anticipating and industry in flux: what key challenges will shape the scope of operational risk?
  • How can operational risk add the greatest value in the future?
  • The mandate of operational risk on the board level
  • Key takeaways to technical innovation and risktech


Forward Thinking Fireside Chat: DLT and Operational Risk

  • How does DLT function? What impact does this have on operational risk and security?
  • Contextualizing how DLT functions in regards to digital currency, initial coin offerings, smart contracts and regulatory reporting
  • Establishing risk and controls specific to DLT
  • Anticipating the future of a secure, tokenized infrastructure

Anil Mishra, Senior Manager, Risk, Deutsche Bank


Closing Remarks and Key Takeaways


End of conference