By Melissa Mellen, Officer and Department Head of Policy, Analytics and Vendor Strategy, Federal Reserve Bank of New York
What, for you, are the benefits of attending the ‘Risk Americas Convention’ and what can attendees expect to learn from your session?
The benefits of attending the “Risk Americas Convention” are substantive, beginning with knowledge sharing in a consortium based approach. Networking with new, and reconnecting with prior colleagues is a crucial element of individual growth, as it allows us to benchmark our practices with others in the industry. Not only are we benchmarking with others in the industry, but CeFPro has committed to finding leading subject matter experts in the Risk space; the knowledge we takeaway is of extreme value and pertinence.
During my session, I will be sharing my experience with operational resiliency from a Third Party Risk perspective. As organizations rely on critical systems, emerging technology, and increasing volumes of outsourcing products and services, our reliance on these third (and fourth) parties continually grows, adding potential for higher volatility to the business. Resiliency efforts are a crucial component in effectively mitigating vulnerabilities, by adding viable preparedness mechanisms.
With emerging complexity of technological solutions, such as Artificial Intelligence, I am specifically interested to capture how fellow practitioners are utilizing such capabilities to enhance resiliency efforts. While AI surveillance has been ground-breaking in maximizing our physical security resiliency, and protecting our human capital, which is an organization’s most valuable asset, what other means of resiliency can we explore with AI.
In your opinion why is it important to build strong resilience into operational risk?
Resilience in itself can be applied to a plethora of avenues in which we operationalize business practices. By definition alone, the magnitude of organizational resilience is at the forefront of progressive risk management. It is for this purpose that Risk Managers work so hard to forecast potential areas of concern and/or threat. Only by doing so, can we navigate and deploy resiliency plans that are feasible and will preserve business operations by mitigating dependency downfalls.
In your opinion, what are some of the challenges of converting existing process and frameworks from a Third Party resiliency perspective?
A significant challenge in the space of converting existing processes and frameworks is inevitable with shifting or conflicting organizational cultures. With increasing amounts of M&A, as well as generational conflict in the workplace, resistance to adaptation of organizational behaviour will impact a firm’s ability to efficiently convert existing frameworks.
One way in which we can maximize effectiveness of our resiliency programs is through requiring accountability through clear and prescriptive roles and responsibilities throughout the organization. This seems fundamental in nature, however it is important to be mindful of program implementations where R&R remains ambiguous. When tackling Third Party resiliency efforts, engagement from subject matter experts is a necessity, as it relates our Business, Risk, and Business Continuity stakeholders. Overlooking or not thoroughly establishing R&R, along with accountability, will ultimately create challenges in the short and long term, as well as impact the integrity of resiliency planning.
The most effective approach to obtain buy in and establish accountability is by maintaining inclusivity of participating parties throughout program buildout, as well as cadenced enhancement evaluations. No one knows their business, turnaround time, and subject area risks, better than our SME counterparts, so let’s be sure to engage them and work collaboratively. This will increase program productivity, effectiveness, and best position our organization to have viable resiliency processes in place.