Agenda
Virtual Workshops
OpRisk Charlotte 2024 Agenda
09:00 – 09:05
Opening remarks
09:05 – 09:30
Regulatory keynote
09:30 – 10:00
Basel III's Notice of Proposed Rulemaking: operational risk capital's new landscape
Basel III's Notice of Proposed Rulemaking (NPR) will usher in notable changes in the U.S. operational risk capital arena from the Advanced Measurement Approaches (AMA) to the Standardised Measurement Approach (SMA) and the extension of capital requirements to Category 3 and 4 firms.
- Risk-weighted assets: Calculation and challenges for tier-2 banks.
- Strategies for capital optimisation and risk management.
- Leveraging technology to ensure compliance and reduce risk.
10:00 – 10:30
OpRisk and model risk: rethinking their relationship in the AI era
The evolving landscape of operational risk and model risk is drawing renewed attention, especially with AI technologies amplifying model complexities. While model risk once sought its niche within the operational risk framework, the rise of sophisticated AI-driven models is raising questions about its distinct challenges and need for specialisation.
- AI's disruption through its inherent intricacies is elevating model risk concerns.
- The case for distinction: does challenges posed by AI-driven models necessitate a separate risk category?
- Regulatory implications: would regulations for AI-driven model risk be any different than present?
- Best practices for banks and financial institutions to manage and monitor AI-induced model risks.
- Evan G. Sekeris is chief model risk officer with Capital One, based in Washington, D.C. His areas of focus are stress testing, operational risk, and cyber risk. Evan’s background is in the measurement and quantification of credit risk and operational risk. His primary focus is currently on supporting institutions in building stress testing frameworks, developing their risk identification process and developing their model risk management frameworks.
- His projects include:
- Supporting a wide range of large global and regional banks with their CCAR frameworks, with a particular emphasis on their non financial risks.
- Developed a cyber risk quantification framework for a number of clients including a global financial institution and a fortune 250 industrial.
- Assessment and redevelopment of risk operating models and of 3LoD frameworks for various large global and regional banks.
- For a large internationally active US bank: supported major change of course in CCAR operational risk stress estimates a few months prior to submission in reaction to regulatory guidance.
- Supported the development of operational risk models for capital and stress testing purposes at more than 20 institutions worldwide.
- Previously, Evan was with MUFG, Oliver Wyman, and Aon in Columbia, Maryland, and assistant vice president of the Federal Reserve Bank of Richmond, where he created the center of excellence for operational risk which served the system needs for operational risk related matters. The team was in charge of the supervision of all AMA and CCAR banks in the US and developed the Fed’s CCAR model for operational risk.
- Evan earned a B.A. and M.A. in Economics from the Université Catholique de Louvain in Belgium. He received his Ph.D. in Economics from the University of California at Los Angeles.
- He has numerous publications in both academic and practitioner journals
- Evan is an editor of the Journal of Operational Risk
Judith joined DWS (formerly known as Deutsche Asset Management) in 2005 following 8 years with JPMorgan Chase. Prior to her current role as head of non-financial risk management & programmes, Judith was the chief risk officer for DWS Americas, she served as the regional control officer for DWS Americas. Before that, she was the global chief operating officer for the DWS Alternatives and Fund Solutions business based in London.
Judith holds an MBA in Financial Management from Pace University, New York.
Agus Sudjianto is an executive vice president, head of Model Risk and a member of Management Committee at Wells Fargo, where he is responsible for enterprise model risk management.
Prior to his current position, Agus was the modeling and analytics director and chief model risk officer at Lloyds Banking Group in the United Kingdom. Before joining Lloyds, he was an executive and head of Quantitative Risk at Bank of America.
Prior to his career in banking, he was a product design manager in the Powertrain Division of Ford Motor Company.
Agus holds several U.S. patents in both finance and engineering. He has published numerous technical papers and is a co-author of Design and Modeling for Computer Experiments. His technical expertise and interests include quantitative risk, particularly credit risk modeling, machine learning and computational statistics.
He holds masters and doctorate degrees in engineering and management from Wayne State University and the Massachusetts Institute of Technology.
10:30 – 11:00
Managing data risks in modern financial institutions
Explore the challenges posed by data risks in today's digital age and how financial institutions can protect themselves.
- Data transmission: upstream and downstream data transportation and regulation.
- Data governance and quality: Ensuring accuracy and reliability.
- Leveraging technology: Tools and platforms to manage and monitor data risks.
- Tools in the market – software for monitoring – the concept of compliance as a service.
Badri Iyengar
Senior vice president, global technology compliance and operational risk
Bank of America
Badri is a forward-thinking operational risk executive with over 15 years of experience in the financial services industry. As a senior vice president, operational risk executive, Badri is accountable for the effective execution of the bank’s operational risk programme for the global technology organisation. As part of this role, he and his team provide oversight of key operational risks including data risk, cybersecurity, resiliency, technical change across global technology CIO organisations. Badri has a proven track record of developing and implementing comprehensive risk management strategies that safeguard organisational assets, enhance regulatory compliance, and optimise operational efficiency. Prior to this role, Badri served as the operational risk lead for the consumer and small business organisation with a focus on implementing the operational risk programme and strategies across consumer products and services, including but not limited to, credit card, ATM/online banking, first mortgage and home equity. Badri joined Bank of America in 2010 in the global risk management organisation and has since then served on multiple credit and operational risk roles. He received his B.S. degree in electrical engineering from VIT University, India and earned his Master’s degree in mathematical finance from University of North Carolina, Charlotte.
11:00 – 12:00
Networking refreshments break and roundtables
Operational resilience in the digital age
The digital age presents an ever-evolving panorama of opportunities and threats, demanding robust operational resilience from financial institutions. This session will delve into the strategies and frameworks that ensure continuous service delivery amid a landscape punctuated by cyber threats, regulatory changes, and the imperative for digital innovation.
- Regulatory readiness: current and upcoming regulatory requirements impact digital operations – How to comply without compromising service innovation.
- The human element: The critical role of human oversight amidst automation, ensuring that human judgement remains inbuilt into the culture and processes of resilience, not just the technology.
12:00 – 12:30
Beyond the firewall: reviewing cyber defences
Delve into the evolving cybersecurity threats and the best practices financial institutions should adopt to guard against these risks.
- Holistic defence strategies: From technical defences to employee training.
- Cloud security – what is a well-defined cloud strategy that factors concentration?
- Cyber insurance – a reassuring support for breached defences?
- Worming their way in - outsourcing IT offshore is a mistake.
Evan Wheeler, senior director, leads the risk identification and assessment team within technology risk management at Capital One. Evan got his start in cybersecurity working with the U.S. Department of Defense in a Security Operations Center (SOC) and has since held several executive level cybersecurity and operational risk management roles at global organizations such as MUFG Union Bank, Depository Trust & Clearing Corporation (DTCC), and various fintech firms. At MUFG, Evan designed and implemented a new second line information risk management programme, focusing on harmonising the tech/cyber assessments with the enterprise risk framework, and deploying a data driven methodology to quantify risk for IT processes. Evan originally joined the DTCC with responsibility for developing a risk framework for the cyber organisation, and later moved on to oversee second line operational risk management for 10 diverse lines of business, subsidiaries, and joint ventures. Along the way, he drove major initiatives such as a migration to AWS, implementing DDoS protection, dynamic application security testing, and privileged access control. During his tenure at DTCC, Evan was actively involved with cross-sector initiatives through the FSSCC and FS-ISAC.
12:30 – 13:00
Operational risk & GRC: navigating the digital transformation in an ESG context
Explore the intersection of operational risk and GRC in the digital landscape. Embrace the value of standardisation and dive into evolving GRC platforms. With real-world case studies and data insights, we'll navigate the complexities and opportunities presented by technology.
- Data-driven risk management in leveraging analytics for proactive risk mitigation.
- GRC platforms enabling streamlining compliance in an evolving landscape.
- Need for more diverse, well-rounded candidates in data and IT.
- Defining and practically implementing changes to reach ESG goals.
Mark Hofberg is an accomplished risk management leader with over 20 years of industry experience. He previously served as a leader in a variety of audit, risk and compliance management functions within retail, wealth, and investment banking at Bank of America. Mark currently serves customers as Risk Solutions Executive within ServiceNow’s financial services division. Prior to joining ServiceNow, Mark served as RSA Archer’s field risk officer for US and Canada.
Mark has held various senior leadership roles at Accenture, Bank of America, RSA and now guides customers on their integrated risk transformation journeys with ServiceNow. He is passionate about the evolution of risk management, emerging risks, and the utilization of technology to optimize business outcomes. Mark has co-authored white papers on impacts of technical debt, digital risk, and has a patent on optimization of technology decisions (US 8,321,363 · Issued Nov 27, 2012) along with a patent pending process risk prioritization model. Mark holds a bachelor’s degree in engineering from North Carolina State University.
Tripp Rex is the operational risk framework executive at U.S. Bank, which encompasses the RCSA, internal control and control testing, product delivery risk, operational loss, scenario analysis and issue management. Since joining U.S. Bank in 2014, Tripp has led functions within technology risk, control testing, and technology strategy for risk management. Prior to U.S. Bank, he held prior roles in risk and programne management at Bank of America. Prior to that, Tripp worked at Accenture in management consulting supporting various financial institutions. Tripp is an alumni of Clemson University and received his MBA from the University of South Carolina.
Judith joined DWS (formerly known as Deutsche Asset Management) in 2005 following 8 years with JPMorgan Chase. Prior to her current role as head of non-financial risk management & programmes, Judith was the chief risk officer for DWS Americas, she served as the regional control officer for DWS Americas. Before that, she was the global chief operating officer for the DWS Alternatives and Fund Solutions business based in London.
Judith holds an MBA in Financial Management from Pace University, New York.
13:00 – 14:00
Networking lunch and roundtables
- Deep dive: Mastering AI models for future-ready finance
This roundtable session will be a collaborative, in-depth discussion among industry experts, regulators, and technologists. It will facilitate a detailed exploration of the creation, implementation, and governance of AI models within the financial sector.
- Designing AI with integrity: Delve into the methodologies behind building AI models that are transparent, explainable, and free of bias. Examine the tools and techniques that ensure these standards are met from the ground up.
- Regulatory compliance for AI models: Explore how financial institutions can navigate the evolving regulatory landscape for AI. Discuss the challenges and solutions for maintaining compliance in a field that is advancing rapidly.
- Risk management in AI deployment: Break down the strategies for identifying and mitigating risks when deploying AI models. Focus on the balance between innovation and risk, including the management of unexpected outcomes.
- Ethics and AI models: Engage in a critical conversation about the ethical implications of AI in finance. Discuss how to uphold ethical standards amidst the pressure to leverage AI for competitive advantage.
2. Elevating operational risk management: the power of data standards and controls
This session addresses the crucial role of data standards and controls in enhancing operational risk management. It focuses on the integration of data standardisation and effective control mechanisms to improve risk assessment accuracy and operational efficiency.
- Enhancing risk assessment with data standardisation: exploring the benefits of standardised data in risk analysis and reporting.
- Effective data controls: strategies for implementing robust data controls to safeguard critical risk information.
- Predictive risk analysis techniques: utilising advanced technologies for proactive risk management.
- Regulatory alignment through data management: leveraging data standards for regulatory compliance and operational excellence.
- Risk culture: defining risk policies and implementation across risk departments.
- Evan G. Sekeris is chief model risk officer with Capital One, based in Washington, D.C. His areas of focus are stress testing, operational risk, and cyber risk. Evan’s background is in the measurement and quantification of credit risk and operational risk. His primary focus is currently on supporting institutions in building stress testing frameworks, developing their risk identification process and developing their model risk management frameworks.
- His projects include:
- Supporting a wide range of large global and regional banks with their CCAR frameworks, with a particular emphasis on their non financial risks.
- Developed a cyber risk quantification framework for a number of clients including a global financial institution and a fortune 250 industrial.
- Assessment and redevelopment of risk operating models and of 3LoD frameworks for various large global and regional banks.
- For a large internationally active US bank: supported major change of course in CCAR operational risk stress estimates a few months prior to submission in reaction to regulatory guidance.
- Supported the development of operational risk models for capital and stress testing purposes at more than 20 institutions worldwide.
- Previously, Evan was with MUFG, Oliver Wyman, and Aon in Columbia, Maryland, and assistant vice president of the Federal Reserve Bank of Richmond, where he created the center of excellence for operational risk which served the system needs for operational risk related matters. The team was in charge of the supervision of all AMA and CCAR banks in the US and developed the Fed’s CCAR model for operational risk.
- Evan earned a B.A. and M.A. in Economics from the Université Catholique de Louvain in Belgium. He received his Ph.D. in Economics from the University of California at Los Angeles.
- He has numerous publications in both academic and practitioner journals
- Evan is an editor of the Journal of Operational Risk
Agus Sudjianto is an executive vice president, head of Model Risk and a member of Management Committee at Wells Fargo, where he is responsible for enterprise model risk management.
Prior to his current position, Agus was the modeling and analytics director and chief model risk officer at Lloyds Banking Group in the United Kingdom. Before joining Lloyds, he was an executive and head of Quantitative Risk at Bank of America.
Prior to his career in banking, he was a product design manager in the Powertrain Division of Ford Motor Company.
Agus holds several U.S. patents in both finance and engineering. He has published numerous technical papers and is a co-author of Design and Modeling for Computer Experiments. His technical expertise and interests include quantitative risk, particularly credit risk modeling, machine learning and computational statistics.
He holds masters and doctorate degrees in engineering and management from Wayne State University and the Massachusetts Institute of Technology.
Madiha Fatima is an executive director - operational and outsourcing risk management at JP Morgan, where she leads the second line of defence function for operational and outsourcing risk overseeing third-party risk management, sourcing, procurement and inter-affiliate management. Previously, Madiha was the head of the third-party risk management department at Angelo Gordon, where she was responsible for developing a third-party risk management framework while enabling businesses to achieve their strategic objectives by utilising vendors. Before joining Angelo Gordon, Madiha Fatima was the head of third-party risk governance & oversight at DTCC. Madiha is a certified third-party risk professional (CTPRP). Madiha earned a Bachelor of Science in financial and capital markets from Rutgers Business School.
14:00 – 14:30
Auditing the future: best practices for Gen AI and advanced machine learning
As Generative AI and advanced ML reshape industries, effective auditing of these technologies is vital. This session offers insights into auditing these AI and ML systems, emphasising accuracy, fairness, and regulatory compliance.
- Explore the newest audit tools and methodologies for AI and ML auditing.
- Risk, tech, audit, employee training – educating against the dangers.
- Nullifying responsibility of human error through AI use.
- Ownership and governance over automation.
- AI’s use by shadow IT.
14:30 – 15:00
Privacy in the financial world: balancing security with user rights
Delve into the challenge of maintaining privacy in financial transactions and how institutions can respect user rights while ensuring security.
- Regulatory implications: GDPR, CCPA, and other global privacy laws.
- Privacy by design: Incorporating privacy considerations into product design.
- Case studies: Lessons learned from privacy breaches in the financial world.
- Vendor risk management: ensuring your partners respect privacy too.
15:00 – 15:40
Balancing innovation and integrity: banks, fintechs, and the new frontier of risk management
In an era where fintechs are disrupting traditional banking norms, how can banks effectively manage third-party risks while staying competitive? This session delves into the unique challenges banks face, from determining acceptable risk thresholds to grappling with perceived unfair advantages of fintech competitors. We'll also explore if regulatory frameworks can evolve swiftly enough to keep pace with fintech advancements.
- Evolving landscape of TPRM: strategies for traditional banks to stay relevant, competitive, and resilient amidst the fintech revolution.
- How much risk should traditional banks accept as they integrate with or compete against fintechs?
- How can banks stay competitive when fintechs might operate without the same regulatory burdens or legacy systems? Are there inherent advantages that banks can leverage?
- As fintechs blur the boundaries of traditional financial services, can regulators keep up? How are regulatory bodies adapting, and what should banks anticipate in terms of regulatory changes?
- How to bridge the gap between Fis and FinTech to meet the demands of consumers?
15:40 – 15:45
Closing remarks
15:45 – 19:00