Pre-conference workshops: March 19, 2018
  • Workshop 1: Vendor/ Third party risk management and intelligence

*Features Platform Hour: A time-saving opportunity to meet and compare the leading vendor risk management platforms in one hour of networking and learning alongside your oprisk peers

  • Workshop 2: Revamping your firms KRIs and risk appetite

Post-conference workshops: March 22, 2018
  • Workshop 3: eGRC with reporting and management information (MI)

*Features Platform Hour: A time-saving opportunity to meet and compare the leading GRC platforms in one hour of networking and learning alongside your oprisk peers

  • Workshop 4: Cyber risk management and quantification for op risk and cyber risk practitioners

 

Conference Program - March 20 & 21, 2018

Conference Day 1, March 20 2018

08:00am

Registration and refreshments

08:50am

WELCOME REMARKS:

Alexander Campbell, Divisional Content Editor, RISK.NET

*Interactive Audience Poll via Sli.do
Vote live to generate real time content #OpRiskNA

09:00am

REGULATORY KEYNOTE ADDRESS

*Audience Q&A
Submit your questions via sli.do

09:30am

KEYNOTE ADDRESS: UBS Innovation- The transformation of a global giant

  • Then and now
  • What are the benefits of merging operational risk and compliance functions? What were the obstacles faced?
  • How to establish a firm-wide risk taxonomy 
  • The need to revamp risk and control assessments
  • Deterring internal misconduct and monitoring employee behaviour 

James Oates, Global Head of Compliance and Operational Risk Control, UBS

10:00am

THE LEADER'S DEBATE: Next generation operational risk management

  • Regulatory developments in operational risk management
    • Where are the biggest regulatory demands coming from? How are firms adapting to growing regulatory burden and escalating costs?
    • Do regulatory sandboxes, bank-run pilots work for emerging fintech?
  • Conduct and culture

10:50am

Morning coffee and networking break

STREAM 1 : Emerging risks and current barriers

11:20am

CHAIR'S OPENING REMARKS

11:25am

PRESENTATION: Agile risk management - Innovating in the risk space

Philippa Girling, SVP, Chief Risk Officer, INVESTORS BANK

5 min intermission allowing participants to change streams

12:00pm

PANEL DISCUSSION: Maximising operational risk efficiency through revamped KRIs and taxonomy

  • How do you effectively identify, assess, measure and manage operational risk events
  • How did you build your risk taxonomy? The benefits of customising your risk register or taxonomy

Gustavo Ortega, ‎Head of Corporate Operational Risk Management, AIG

12:45pm

Lunch and networking break

1:45pm

PRESENTATION: Next generation GRC 

  • eGRC: Transitioning from having the risk team's entering data, to risk owners entering- How to manage that behavioural/cultural change?
  • Use of GRC tools and techniques to inform operational risk management
  • How to use your GRC tool across various business lines

5 min intermission allowing participants to change streams

2:20pm

LIVE INTERVIEW: Delving into risk appetite and emerging risks 

  • How to think about a good risk appetite?
  • Who should own the risk appetite- The 1LOD or 2LOD?
  • How you define risk appetite and limits for emerging risk like process risk?
  • Managing the emerging customer risk
  • Protecting customer data and risk mitigation tactics for data breaches

Michael Reidy, Director, Head of Risk Frameworks and Programs, CITIZENS FINANCIAL GROUP

STREAM 2 : Vendor risk management

11:20am

CHAIR'S OPENING REMARKS

11:45am

PRESENTATION: Strengthening governance framework and reporting for vendor management

  • How can governance frameworks be strengthened to increase accountability?
  • Where does vendor risk sit in a 3LOD model?
  • What does the regulator focus on when they review third party risk? 
  • How to effectively report on third party risk?

5 min intermission allowing participants to change streams

12:00pm

PANEL DISCUSSION: Vendor risk in the next generation firm 

  • Fourth party risk management- How do you "manage" fourth parties? What successful approaches have you witnessed and/or implemented?
  • Should vendors themselves be regulated to some degree to shift some of the burden around regulatory demands and ensure cooperation with financial institutions
  • Can AI increase third party risk?

1-2-1 Innovation Tables: Have you seen the latest initiatives for effective vendor risk management? Ask the experts

12:45pm

Lunch and networking break

1:45pm

CASE STUDY: Learning from a vendor breach

  • How do you manage "crisis" situations that could impact your third party network (e.g. broad cyber events like WannaCry)?
  • Putting a BCP in place for when a HVAC contractor is compromised

5 min intermission allowing participants to change streams

2:20pm

LIVE INTERVIEW: Third party risk assessment

  • How do you strike the right balance of rationalizing down the number of vendors vs. having available alternative vendors you need to exit?
  • How do you determine who your critical service providers are? How many categories of service providers do firms have?
  • Who checks the vendor agreements - the 1LOD or 2LOD?
  • How do you control your third party's risk exposure to a third party?

STREAM 3 : Threats and risks

11:40am

CHAIR'S OPENING REMARKS

Heyna Deepa Patel, Senior Vice President, Senior Segment Risk Manager, THE HUNTINGTON NATIONAL BANK

11:45am

PRESENTATION: Assessing emerging risks and their impact on ORM

  • How do you identify emerging risks?
  • What are the tools and techniques used to gauge exposures and vulnerabilities?
  • Examining how to treat causes over symptoms

Brenda Boultwood, Senior Vice President of Industry Solutions, METRICSTREAM

5 min intermission allowing participants to change streams

12:15am

PANEL DISCUSSION: Managing third party risk

  • How do banks approach third party risk?
  • What are the expectations around internal BCP for vendor outage?
  • Ensuring the first line of defence understands third party risk, builds adequate monitoring and escalates out-of-tolerance metrics in a "standard" manner
  • How to evaluate country and economic risk for offshore vendors
  • How to detect vendor fraud?

Moderator: Gayle Woodbury, CIA, CISA, CCSA, CTPRP, Managing Director, CROWE HORWATH
Yakut Akman,
Chief Third Party Management Officer, CITI
Brian Neary,
Vice President, Chief Operational Risk Officer, THE HARTFORD
Joe Peddle,
Third Party Risk Leader, SVP Operational Risk, GE CAPITAL
Michele Keelan Ushkowitz,
Head of Risk Supervision, Managing Director, SOCIÉTÉ GÉNÉRALE

1:00pm

Lunch and networking break

2:00pm

PRESENTATION: The impact of cyber security breaches on business continuity

Janet Lerch, Chief Continuity and Technology Risk Officer, U.S. BANK

5 min intermission allowing participants to change streams

2:35pm

LIVE INTERVIEW: Terrorism and physical security- the impact on business continuity

  • How do banks adapt to terrorist attacks? How does crisis management in banks need to adapt?
  • How to ensure your people and operations are safe? Does physical security need to be revamped?

Moderator: Ed Kim, Operational Risk Expert
Janet Lerch,
Chief Continuity and Technology Risk Officer, U.S. BANK
Ihab Dana,
CBCP, Head of Business Continuity Management US, RBC

STREAM 4 : Cyber risk

11:40am

CHAIR'S OPENING REMARKS

Shelly Martin, Vice President Operational Risk, STATE STREET

11:45am

PANEL DISCUSSION: Quantifying cyber risk exposure

  • Using factor analysis of information risk (Fair) VAR model for quantification and analysis
  • Putting a price tag on enterprise-wide loss exposure

Moderator: Robert Paolino, Former Chief Risk Officer, FORMERLY BANK OF TOKYO-MITSUBISHI UFJ
Jack Freund,
‎Senior Manager, Cyber Risk, TIAA
Nick Sanna,
CEO, RISKLENS
Evan Wheeler,
Director, Information Risk Management, MUFG UNION BANK

5 min intermission allowing participants to change streams

12:20pm

PANEL DISCUSSION: Measuring the impact of cyber security breach and managing cyber risk

  • The cost of business interruption
  • Reputational damage and legal costs associate with theft of customer information
  • The growing trend of cyber liability insurance
  • Building robust business continuity and disaster recovery plans
  • What type of data is needed for managing this risk?

Moderator: Robert Paolino, Former Chief Risk Officer, FORMERLY BANK OF TOKYO-MITSUBISHI UFJ
Ryan E. Bateman,
Director- Technology, SANDS CAPITAL MANAGEMENT
Thomas A. Fuhrman,
Managing Director, Cyber Security Consulting and Advisory Services, MARSH
Viktor Grinberg, H
ead of Compliance and Regulatory Technology, US, DEUTSCHE BANK

1:00pm

Lunch and networking break

2:00pm

PRESENTATION: Changing threat landscapes and new technology outlook

  • Identify today's cyber attack vectors, from IoT devices and insider threat to third-party service providers and cloud platforms
  • Evaluate applications of machine learning and AI technologies to advanced cyber defense
  • Discuss prioritization and visualization of threats as a tool for better resource allocation and lower risk
  • Examine real-world examples of detected threats that routinely bypass traditional controls

Nicole Eagan, CEO, DARKTRACE

5 min intermission allowing participants to change streams

2:35pm

LIVE INTERVIEW: Cyber as a subset of operational risk

  • Can information security use the same op risk framework? Will existing taxonomies and risk registers used to classify op risk losses suffice?
  • Moving away from unsupported legacy systems to established taxonomies that bridge the gap between technology specialists and risk professionals

Moderator: Shelly Martin, Vice President Operational Risk, STATE STREET
Ivan Pooran,
Head of Operational Risk, GUARDIAN LIFE
Mandar Rege,
Senior Vice President, Global Head Enterprise Technology Risk Management, TD BANK

3:05pm

Afternoon coffee and networking break

3:35pm

ALL-STAR PANEL: The "new normal": Convergence of operational and cyber security risk

  • Expanding operational risk to include cyber security risks
  • Revamping the ERM strategy: How can aligning fraud, IT, cyber security and operational risk management help join the dots?
  • Updating the three lines of defence to align board-level risk appetite
  • Crossing silos to foster knowledge sharing and cooperation

Moderator: Joshua Kotok, CFE, CISA, Chief Risk and Compliance Officer, FIRST SAVINGS
Beth Rudofker, Global Head of Operational Risk Management, CITI
John J. Doherty, Partner, Information Technology Advisory Services, ERNST & YOUNG
Brian Tierney, Managing Director - US Head of Operational Risk, RBC
Deborah Hrvatin, ‎
Managing Director, Head of Operational Risk Management Americas, DEUTSCHE BANK

*Audience Q&A
Submit your questions via sli.do

4:20pm

CHAMPAGNE ROUNDTABLES:

From session to roundtable - Take the day's most contentious issues and fully engage with your peers in small interactive roundtable discussions to drill down, best practice share and take away diverse approaches to the same challenge from your fellow industry peers.

• Roundtable 1: Regulation
Host: Craig Spielmann, Former Global Head of Enterprise Risk Management Strategy, FIRST DATA
• Roundtable 2: AML and fraud
Host: Lester Joseph, SVP, Manager Global Financial Crimes Intelligence Group, WELLS FARGO
• Roundtable 3: Cyber risk and data security
Host: Ryan E. Bateman, Director- Technology, SANDS CAPITAL MANAGEMENT
Roundtable 4: Geopolitical risks
Host: Ivan Pooran, Head of Operational Risk, GUARDIAN LIFE
Roundtable 5: Outsourcing
Host: Deborah Hrvatin, ‎Managing Director, Head of Operational Risk Management Americas, DEUTSCHE BANK
Roundtable 6: Conduct risk
Host: Jitendra Rathod, Senior Examiner, FEDERAL DEPOSIT INSURANCE CORPORATION (FDIC)
Roundtable 7: Organisational change
Host: Dolores (Lori) Miller, Managing Director, Head of Operational Risk, Investments, AIG
Roundtable 8: Measuring risk and security metrics
Host: Nick Sanna, CEO, RISKLENS
Roundtable 9: ORM to ERM: OpRisk management concepts portable to Enterprise Risk Management
Host: Prasad Kodali, Head of Operational Risk, CIT GROUP
Roundtable 10: Convergence of operational and cyber risk
Host: Shelly Martin, Vice President Operational Risk, STATE STREET
Roundtable 11: The impact of fintech and innovation on operational risk
Host: Jeffrey M. Bandman, Founding Director, LabCFTC; Special Counsel to the Chairman, FinTech Advisor, U.S. COMMODITY FUTURES TRADING COMMISSION
Roundtable 12: 3LODs
Host: Mike Dempsey, Director, Financial Services Advisory, KPMG

5:20pm

CHAIR'S CLOSING REMARKS

Alexander Campbell, Divisional Content Editor, RISK.NET

5:30pm

Networking drinks reception - Hosted by EY

7:00pm

Private dinner- Invite only

Conference Day 2, June 21 2017

 

8:30am

Registration and refreshments

9:05am

WELCOME REMARKS

Alexander Campbell, Divisional Content Editor, RISK.NET

9:15am

KEYNOTE ADDRESS: Supervision in a new era

Maryann Hunter, Deputy Director- Division of Banking Supervision and Regulation, BOARD OF GOVERNORS OF THE FEDERAL RESERVE SYSTEM

*Audience Q&A
Submit your questions via sli.do

9:50am

KEYNOTE PANEL: Digital disruption in the financial markets and its impact on operational risk

  • What's the Chief Operational Risk Officers view of blockchain, virtual currencies and distributed ledger? Is it added complexity or added security?
  • Understanding how banks need to adapt oversight, processes and tools to support real time digital innovation
  • Digital disruption and innovation in banking - What are the emerging risks and how does it impact operational risks?

Moderator: Kris Devasabai, New York Bureau Chief, RISK.NET
Deborah Hrvatin, ‎Managing Director, Head of Operational Risk Management Americas, DEUTSCHE BANK
Aengus Hallinan,
Managing Director, Head of Operational Risk Management for the Americas and Global Markets, CREDIT SUISSE
Jodi Richard,
Chief Operational Risk Officer, U.S. BANK

*Audience Q&A
Submit your questions via sli.do

10:35am

Morning Coffee and networking break

STREAM 1 : Oprisk losses and modeling

11:05am

CHAIR'S OPENING REMARKS

Ed Kim, Operational Risk Expert

11:10am

PRESENTATION: Insights on risk management and operational risk from Deloitte Touche Tohmatsu Limited's Global risk management survey, 10th edition

  • What risks are concerning organizations the most
  • What is the current state of play and what have firms been focusing on in their development of their risk programs
  • Where are organizations focusing next for their risk programs

Edward Hida, Partner, DELOITTE

5 min intermission allowing participants to change streams

11:45am

PANEL DISCUSSION: Types of operational risk models

  • LDA, regression, scenario, and other models
  • Evaluating model adequacy
  • Integrating models with risk management and regulatory requirements

Moderator: Ed Kim, Operational Risk Expert
Tonia Durfee,
Director ORM Capital, CREDIT SUISSE
Mike Rachlin,
Director CorporateOperational Risk, BNY MELLON
Deniz Senturk, PhD,
Head of Model Risk Management, STATE STREET

12:30pm

Lunch and networking break

1:30pm

LIVE INTERVIEW: Preventing fraud

  • Moving away from the siloed approach to real time identification and prevention
  • Has insider fraud been trumped by online fraud?
  • Examining the interaction of internal and external fraud
  • How to data mine for internal and external fraud- what are the current trends and techniques?
  • The rise of application fraud

Moderator: Dolores (Lori) Miller, Managing Director, Head of Operational Risk, Investments, AIG
Joshua Kotok,
CFE, CISA, Chief Risk and Compliance Officer, FIRST SAVINGS
Colleen Graham,
Chief Supervisory Officer, SIGNAC

5 min intermission allowing participants to change streams

2:10pm

SPOTLIGHT ON: Risks and opportunities in 2017 from a front office perspective

2017 is shaping up to be a year of many changes and much uncertainty. This keynote address will delve into several risks that front offices will likely be exposed to in the New Year and the business and investment opportunities that may exist as a result.

  • Market risks
  • Geopolitical risks
  • Tweet risks
  • Regulation risks
  • Technology risks
  • Cybersecurity risks

Kevin D. Mahn, President & Chief Investment Officer, HENNION & WALSH ASSET MANAGEMENT

 

STREAM 2 : ORM

11:05am

CHAIR'S OPENING REMARKS

Heyna Deepa Patel, Senior Vice President, Senior Segment Risk Manager, THE HUNTINGTON NATIONAL BANK

11:10am

PRESENTATION: The role of creativity in ORM

  • The evolving face of operational risk management
  • The role of creativity
  • Emerging risks or converging risks?

Aengus Hallinan, Managing Director, Head of Operational Risk Management for the Americas and Global Markets, CREDIT SUISSE

5 min intermission allowing participants to change streams

11:45am

PANEL DISCUSSION: Risk appetite and KRIs

  • Should the RAS be the first source of top-down KRIs?
  • Are resources that calculate op risk capital that's more quant related different than RCSA resources that's more qualitative?
  • Can the risk appetite level and the tolerance level be at the same point?
  • Operating outside of the appetite
  • Setting KRIs for reputational risk and conduct risk?


Moderator: Craig Spielmann, Former Global Head of Enterprise Risk Management Strategy, FIRST DATA
Richard Cech,
Senior Bank Examiner, Operational Risk Governance, Financial Institution Supervision Group, FEDERAL RESERVE BANK OF NEW YORK
Karthik Ramakrishnan, Senior Manager- Financial Services Risk Management, ERNST & YOUNG
Siddhartha Medappa,
Head of Operational Risk & Model Risk Officer - Commercial Line, AIG

12:30pm

Lunch and networking break

1:30pm

LIVE INTERVIEW: Evaluating operational risk in buyside firms and banks

  • What kind of event type structure needed in each of these firms?
  • Will event and taxonomy structure look similar?
  • Integrated GRC programs for oprisk

Moderator: Craig Spielmann, Former Global Head of Enterprise Risk Management Strategy, FIRST DATA
Christopher Nestore,
SVP and Head of Operational Risk Management, TD BANK
Barry F. Macklin,Director-Enterprise Risk Management, AIG

5 min intermission allowing participants to change streams

2:10pm

PRESENTATION: The invisible ORM

  • How can ORM embed itself in existing business processes?
  • What kind of information/ metrics are required from the ORM function, other than loss reporting data?
  • Should ORM test controls to determine effectiveness or should this solely be the job of Audit and/or Compliance?

Daniel McKinney, Partner, Financial Services Organization, EY

STREAM 3 : The future of OpRisk

11:05am

CHAIR'S OPENING REMARKS

Rajat Baijal, ‎Head of Enterprise Risk, CANTOR FITZGERALD

11:10am

PRESENTATION: Big data-an emerging risk or opportunity?

  • How to keep up with the growing demands for quicker and more detailed risk intelligence, based on the processing of ever-growing volumes of data
  • How can data be controlled, efficiently delivered and kept transparent and auditable?
  • Why is big data being considered a threat to the industry?

Frederick Spencer CGEIT, ICBRR, US Chief Data Risk Officer, SOCIÉTÉ GÉNÉRALE

5 min intermission allowing participants to change streams

11:45am

PANEL DISCUSSION: Conduct risk

  • What are the drivers of conduct risk
  • Evaluating the way major banks approach conduct risk
  • What are the metrics used to monitor conduct exposures?

Moderator: Rajat Baijal, ‎Head of Enterprise Risk, CANTOR FITZGERALD
Fenton Aylmer,
Operational Risk Head of Business Practice and Conduct, CITI
Jitendra Rathod,
Senior Examiner, FEDERAL DEPOSIT INSURANCE CORPORATION (FDIC)
Vincent R. Pinelli, Managing Director, COO & Head of Audit Professional Practices, MUFG AMERICA

12:30pm

Lunch and networking break

1:30pm

AUTHOR'S PANEL: The future of operational risk standards

  • New Paradigm in Operational Risk Management
  • Shift in Risk Management Infrastructure
  • Links to operational risk and macroeconomic/macro-prudential management
  • FinTech and New Operational Risk Challenges - Beyond Cyber Protections

Moderator: Rajat Baijal, ‎Head of Enterprise Risk, CANTOR FITZGERALD
Jitendra Rathod,
Senior Examiner, FEDERAL DEPOSIT INSURANCE CORPORATION (FDIC)
Prasad Kodali,
Head of Operational Risk, CIT GROUP

5 min intermission allowing participants to change streams

2:10pm

PRESENTATION: Thinking beyond conventional GRC

  • Examining the significance for GRC in today’s business
  • Why should firms invest on next-generation GRC technology?
  • What are the trends in GRC technology and key drivers for GRC in the market?
  • Integrating policy management, vulnerability risk management and content library

Mason Karrer, Principal GRC Strategist, RSA

STREAM 4 : Cyber risk

 11:05am

CHAIR'S OPENING REMARKS

Gideon Pell, Adjunct Faculty, UNIVERSITY OF CONNECTICUT SCHOOL OF BUSINESS

 11:10am

PRESENTATION:Quantifying Cyber Security Risk - IT'S TIME!"

Joe Portale, Solutions Architect - Cyber Security, L3 TECHNOLOGIES

5 min intermission allowing participants to change streams

11:45am

PANEL DISCUSSION: Cloud security

  • Evaluating cloud security threats: Loss or theft of intellectual property, Loss of control over end user actions
  • Investigating the risk of cloud services
  • The insider threat of Bring Your Own Cloud (BYOC)

Moderator: Gideon Pell, Adjunct Faculty, UNIVERSITY OF CONNECTICUT SCHOOL OF BUSINESS
Sheldon Cuffie,
CISSP, VP & Chief Information Security Officer, NORTHWESTERN MUTUAL
Peter Keenan
,
Chief Information Security Officer (CISO), LAZARD
John Polis,
Chief Operating & Technology Officer, STAR MOUNTAIN CAPITAL

12:30pm

Lunch and networking break

1:30pm

 

WAR GAMES: Responding to a cyber security breach

Simulation of 3 cyber breaches: phishing, malware and insider threat

  • Hierarchy of response- who are the 1st and 2nd responders?
  • How will C-level executives report back to the board?
  • The role of cyber risk practitioners to patch up the breach
  • Op risk managers and getting systems and servers back up
  • Evaluating reputational damage
  • Handling PR communications

 

5 min intermission allowing participants to change streams

2:10pm

 SPOTLIGHT ON: Emerging cyber regulation- A second and third line of defense perspective

  • More prescriptive guidance
  • New paradigm for risk management and audit
  • Enhanced board and executive management expectations

Hugh Kominars, Vice President- IT Audit Director, STATE STREET
Sandip Biswas,
Vice President, Senior Business Technology Risk Officer, STATE STREET

2:40pm

Afternoon coffee and networking break

3:10pm

CHAMPAGNE KEYNOTE ADDRESS: The role of AI, machine learning and big data in assessing risks- a regulatory perspective

Scott Bauguess, Acting Director and Acting Chief Economist, Office of the Director, U.S. SECURITIES AND EXCHANGE COMMISSION

*Audience Q&A
Submit your questions via sli.do

3:45pm

ALL-STAR PANEL: Redefining the 3 LODs across op risk and cyber risk

  • If 2LOD is supposed to be the police within the organization, is the 3LOD the judge?
  • How best should the 1LOD demonstrate their value to the businesses they support?
  • Ensuring the 1LOD and 2LOD safeguard information security
  • How to address the potential redundancy of testing across the 3LOD?
  • How much controls testing does the 2LOD execute? Does it vary for IT vs other control types?
  • How to enhance the communication between the 1st and the 2LOD for more effective op risk and cyber risk management?
  • Is it common to have a "1.5" LOD that links the risk management activities in the 1LOD with the 2LOD?
  • Do we need a 4LOD?

Moderator: Craig Spielmann, Former Global Head of Enterprise Risk Management Strategy, FIRST DATA
Carrie M. Barranca,
Head of Audit, Operational Risk, STANDARD CHARTERED
Rock Rockefeller, Director, KPMG
Don Anderson Jr.,
Senior Vice President & CIO, FEDERAL RESERVE BANK OF BOSTON

*Audience Q&A
Submit your questions via sli.do

4:30pm

GUEST ADDRESS: The FBI on Wall Street - The 1LOD perspective for compliance and operational risk

The inside story of “Tipper X” - how a former hedge fund analyst became one of the most prolific FBI informants in securities fraud history

Tom Hardin (Tipper X), The FBI's most productive cooperating witness in Operation Perfect Hedge

*Audience Q&A
Submit your questions via sli.do

5:00pm

CHAIR'S CLOSING REMARKS

Alexander Campbell, Divisional Content Editor, RISK.NET

5:05pm

End of conference