3rd Annual New Generation Operational Risk 2017

New Generation Operational Risk
3rd Annual

New Generation Operational Risk: Europe 2017

Aligning Operational Risk Frameworks and Controls for a Broader View of the Risk as a Function and Using to Drive Business Decisions

CPD Certified Logo

Key Highlights of 2017

People Risk
Reviewing the evolution and remit of people risk oversight department

Cyber Risk
Managing the increasing cyber and technology/IT threat under operational risk with limited practical expertise

Scenario Analysis
Utilising operational risk scenario analysis and stress testing to gain benefit to the business

Policy & Framework
Adopting policy requirements and embedding into day to day activities

Aligning operational risk and compliance teams for effective oversight and management

Capital Models Post AMA
Calculating operational risk capital under the new SMA requirements and understanding the changes

Enterprise Risk Management
Structuring operational risk as a function within a broader ERM framework: Fragmented Vs. Holistic ERM approach

Defining the key in key risk indicators: building a framework to report leading indicators

Risk Appetite
Setting a risk appetite contingent with the organisation’s operational risk framework to add value

Business Continuity
Business continuity: reviewing emerging threats and ensuring resilience

Vendor & Third Party Risk
Reviewing third party supply chain processes to understand and identify vulnerabilities

Keynote Regulatory Address

Tin Lau

Tin Lau

Manager, Financial Risk & Products and Operational Risk


Hear from the following operational risk professionals

Simon Cartlidge

Simon Cartlidge

Head of Operational Risk Governance

Legal & General Group PLC

Natalie Saunders

Natalie Saunders

Head of People Risk

Yorkshire Building Society Group

Michael Grimwade

Michael Grimwade 3

Executive Director, Operational Risk Management

MUFG Securities

Philip White


Executive Director, Framework, Conduct Risk and Capital

UBS Investment Bank

Will Martyn


Head of Operational Risk Framework & Policy


Sean Miles

Sean Miles Head Shot copy

Head of Resilience and Op Risk Unit, Technology & Operations


Day One | 14 March 2017

08.00 Registration & morning coffee

08.50 Chair’s opening remarks

09:00 Managing regulatory risk in an increasingly uncertain world where the costs of failure have never been greater

  • Why has op risk not been a greater focus of Basel given the GFC was largely driven by operational risk failures?
  • What do the regulators expect from operational risk and OR managers?
  • Regulatory change – how to survive the continuing storm
  • The demise of AMA – what does it mean and what lessons are there?
  • Managing uncertainty post Brexit – lessons learned for risk managers
  • Regulatory trends: managing regulatory risk in an increasingly uncertain landscape
  • Operating in a zero or negative interest rate environment

Andrew Sheen, Head of Operational Risk Regulatory Advisory, Credit Suisse 
Jimi Hinchliffe, Former Head of Policy, Risk & Regulatory Affairs, MUFG

9:45 Defining the key in key risk indicators: building a framework to report leading indicators

  • Building frameworks
  • Limiting metrics – they can’t all be ‘key’
  • Responsibilities between lines
  • Continuous or dynamic based risk assessment
  • Trigger based approach
  • Impact on organizations
  • Practical challenges – how to ‘use’ KRIs to drive decision making
  • Board room to basement

Bart van der Hoeven, Senior Director Solutions Consulting, Nasdaq BWise

10.20 Morning break

10.50 Risk frameworks – understanding roles and responsibilities of each line of defense and the role for operational risk managers

  • Responsibility and accountability of each line
  • Oversight: people, structure and reporting lines
  • Operational risk as a function – what is the value proposition
  • Skills required for effective operational risk/oversight team
  • Key linkages/ interactions – including with the 3rd LOD
  • Risk appetite/ tolerance

Philip White, ED, Head of Framework, Design & Systems, UBS Investment Bank
Jenny Birdi, Global Head of Three Lines of Defense, HBSC

12.00 Why are conventional risk mitigation solutions blind in one eye and short-sighted in the other?

  • How can businesses adapt to increased regulatory and compliance pressure amidst constantly
    changing environments?
  • Risk Management in a digital world – addressing cyber security threats
  • Instoring the right and efficient governance processes
  • Mitigating risks of fraud or anti-money laundering
  • Connecting dots to find fraud and detect new risks

Ariel Luedi, Chairman of the Board, OXIAL
Eric Berdeaux, Founder and CEO, OXIAL

12.35 Lunch break

14:00 Structuring operational risk as a function within a broader ERM framework: Fragmented Vs. Holistic ERM approach

  • Aligning with financial crime, regulatory risk, compliance
  • Bringing risk siloes together – providing the ‘umbrella’ for centralized reporting, risk taxonomy etc.
  • Convergence and balance across the industry
  • Case study: L&G

Will Martyn, Head of Operational Risk Framework & Policy, HSBC
Simon Cartlidge, Head of Operational Risk Governance, Legal & General

14:45 Technology strategies for enabling operational risk and associated ERM functions

  • A stock-take of the success and failures of risk automation
  • Stakeholder preferences that matter when determining a
  • Lines of Defence technology strategy
  • Reconstituting proven technologies for the risk professional
  • Practical technology applications in a world of non-
    standardised data
  • A look at what’s next for risk technology

Gareth Evans, Managing Director, Enterprise Risk Management, Thomson Reuters
Jamie March, Proposition Lead, Enterprise Risk Management, Thomson Reuters

15:20 Afternoon Break

15:50 Aligning operational risk and compliance teams for effective oversight and management

  • Rules based to more principles based
  • Considering risk management processes
  • Changing nature of regulatory compliance
  • Ownership of risk and control framework
  • Residual risk exposure and transparency
  • How to manage thematic/ cross cutting issues and risks

Brian Gregory, VP, Market Management, Non-Financial Risk/ GRC, EMEA, Wolters Kluwer
Simon Cartlidge, Head of Operational Risk Governance, Legal & General

16.25 The senior managers’ and certification regime – a year on

  • Rules based to more principles based
  • Considering risk management processes
  • Changing nature of regulatory compliance
  • Ownership of risk and control framework
  • Residual risk exposure and transparency
  • How to manage thematic/ cross cutting issues and risks

Natalie Saunders, Head of People Risk, Yorkshire Building Society Group

17:00 Adopting policy requirements and embedding into day to day activities

  • What is a good policy
  • Monitoring compliance with policy
  • Policy versus WAH (What Actually Happens)
  • Adopting policy and embedding into day to day activities
  • Control monitoring
    • Good control approaches
    • Monitoring and testing
    • Control framework
  • Back to basics

Will Martyn, Head of Operational Risk Framework & Policy, HSBC
Richard Pike, Non Executive Director, Permanent TSB
Thomas George, Head of Risk, Monzo

17:45 Chair’s closing remarks

17.55 End of Day One and drinks reception

3rd Colleague Half Price

Day Two | 15 March 2017

08:30 Registration & morning coffee

08:50 Chair’s opening remarks

Mike MacDonagh, Director of Content, Wolters Kluwer

09:00 Reviewing how conduct and operational risk overlap and fitting conduct risk into broader risk framework

Tin Lau, Management, Financial Operational Risk & Complex Products, Prudential Specialist Division, FCA

09:35 Utilising operational risk scenario analysis and stress testing to gain benefit to the business

  • Challenges
    • Anatomy of historical tail risks
  • Overview
    • Determining a portfolio of scenarios
    • Techniques: root cause analysis, Delphi and judgment
    • Validation: individual scenarios and portfolios
  • Uses
    • Pillar 2a & b
    • Limit setting, insurance, product design, & targeted monitoring of key controls

Michael Grimwade, Executive Director, Operational Risk Management, MUFG Securities

10:10 Morning refreshment break & networking

10.40 Reputation Risk: Reviewing the link between conduct risk events and reputation

Peter Mitic, Head of Advanced Analytics, Santander UK

11:15 Setting a risk appetite contingent with the organisation’s operational risk framework to add value

  • Making it real – the ‘use test’
  • Level of set up required
  • Practical and granular vs. high level and abstract
  • Building, measuring and aggregating
  • Value added to the business
  • Control environment in line with appetite

Campbell Davidson, Head of the Operational Risk Management Framework Programme, Royal Bank of Scotland

11.50 Operational Risk as part of an integrated approach to Resilience

  • Defining Operational Resilience
  • The “Build, Verify, Track” approach
  • From compliance to capability
  • Sourcing meaningful data from the frontline
  • The single version of the truth

12:25 Lunch break & networking

13:25 Developing effective operational risk frameworks and adding value to the business and operational risk function

  • Identifying operational risk
  • Effective modeling of operational risk
  • Monitoring and reporting
  • Using tools to make informed business decisions

Simon Cartlidge, Head of Operational Risk Governance, Legal & General
Sean Miles, Head of Resilience and Op Risk Unit, Technology & Operations, Santander
Francesca Gomez, Head of Operational Risk, Tandem Bank

14:10 Cyber Security and Business Risk – Practical Advice from the Frontline

  • Cyber security – what is all the fuss about? Should I be
  • How cyber security issues can impact the bottom line
  • Regulatory risk and the GDPR elephant in the room
  • Building a cyber operational risk model
  • Who is providing service: vendor outsourcing
  • 5 practical next steps to manage cyber security risk

Nigel Stanley, Practice Director – Cyber Security, OpenSky

14:45 Afternoon refreshment break & networking

15:15 Assessment of operational loss data and its implications for capital modeling

  • Introduce a method for dealing with operational loss data
  • Apply to actual data
  • Understanding staff as the biggest exposure
  • Evaluate the outcome
  • Assess implications for capital modelling

Ruben Cohen, Operational Risk Analytics, Former Citi

15:50 Next generation operational risk

  • Is the death of AMA the end for OR modelling?
  • What lessons learned must we take from the failure of AMA?
  • How can operational risk managers be more influential in emerging risks?
  • How can operational risk managers support the leaner more flexible firm?
  • What are the main challenges for operational risk managers in the next year?
  • How to tackle new/ higher priority risks that are highly specialized in nature (challenge for op risk generalists) – e.g. model risk, cyber, conduct

Laurence Bogni Bartholme, Head of International Risk Oversight for EMEA, Wells Fargo
Craig Ivey, Head of Operational Risk Economic Capital, RBS
Richard Pike, Non Executive Director, Permanent TSB

16.50 Chair’s closing remarks

17:00 End of Summit

Screen Shot 2017-02-16 at 18.17.20

Eric Berdeaux, Founder and CEO, OXIAL

Eric Berdeaux is the CEO and founder of new generation GRC solutions software provider OXIAL. Eric is a specialist in information technology, risk and control management with over 20 years experience in the IT industry, and more specifically in banking and finance. He founded Oxial in 2005 with the idea of offering a powerfull and easy to implement solution to support Risk Management Initiatives. Eric’s initial background is in software engineering and consulting.

Photography by Roy Riley 2014
0781 6547063

HSBC Portraits
Jenny Birdi

Jenny Birdi, Global Head of Three Lines of Defence Programme, HBSC

Jenny has worked in HSBC for 23 years and has had a number of roles within the Bank over that period. She worked initially within the IT function, focussing on project management and support. She then moved into Internal Audit, where she spent 10 years undertaking global and local business, IT and project audits. She then undertook a 12 month secondment to Vietnam to assist a local Bank in establishing a risk-based Internal Audit department, following which she returned to the UK in 2009 and joined the European Operational Risk team, oversighting the Banks supporting functions including IT. Since then Jenny has alternated roles between the second and third line of defence, with spells as the Head of Operational Risk Audit and more latterly the Head of Three Lines of Defence Programme, responsible for implementing and embedding the Bank’s Three lines of Defence model and the current operational risk management framework across the Bank.

Laurence Bogni1

Laurence Bogni-Bartholmé, Head of International Risk Oversight for EMEA, Wells Fargo

Laurence Bogni-Bartholmé is a senior vice president and Head of EMEA International Risk Oversight within Wells Fargo Corporate Risk. Based in London, she is responsible to provide independent oversight and credible challenge to strengthen operational risk, compliance management and foundational business practices of the EMEA region.

Laurence has over 24 years Risk Management experience, with specific expertise in credit and operational risk in corporate and commercial lending businesses. Prior to joining Wells Fargo, Laurence spent 13 years with GE Capital where she was lastly the EMEA chief operating officer at GE Leverage Finance. Before that, she held various chief risk officer roles in GE Capital, in Corporate Risk and in business lines in EMEA and globally.

Laurence started her career with KPMG and spent 7 years at Credit Agricole Leasing and Factoring in audit and portfolio management before joining GE Capital. Laurence served on several General Electric Company Boards in France, Italy, UK and The Netherlands.

Some of her accomplishments have been the development of Enterprise Risk Frameworks on all risk types, internal controls programs design and implementation, governance frameworks in multijurisdictional and regulated environments, organization and infrastructure redeployment in Operations and Risk, with European centers of excellence, offshoring and outsourcing programs. Laurence led multi-cultural teams in North America, Europe and China.

Laurence holds a Master Degree in Banking and Corporate Finance from Aix-Marseille University and a Master in Management Sciences, Finance and Tax from Paris Dauphine University. She is six-sigma certified.

Simon Cartlidge

Simon Cartlidge, Head of Operational Risk Governance, Legal & General Group PLC

Simon is L&G Group’s Head of Operational Risk Governance. He has spent 17 years with the organisation, previously holding a variety of senior risk management roles in the retail investments and banking business units. Simon recently worked on L&G’s Solvency II programme, focusing on the Pillar 2 workstream and leading the IMAP Submission. Immediately prior to his current role, he was responsible for governance arrangements over the Group’s Internal Model. Prior to L&G, Simon worked for Bradford & Bingley Building Society, as Credit Risk Manager in their retail mortgage business.

Ruben Cohen

Ruben Cohen, Operational Risk Analytics, Former Citi

Ruben Cohen has been working in the financial industry for over 17 years, with most of the last 10 in operational risk analytics at Citi and his latest assignment in model risk at BAML.

Prior to that, Ruben spent 10 years on the faculty of Mechanical Engineering & Materials Science at Rice University in Houston, specializing in Fluid Mechanics and Thermodynamics. He holds a Ph.D. in Mechanical Engineering from M.I.T. and has subsequently obtained an M.A. in Economics from McGill University.

Ruben is based in London and has published over 50 papers in a variety of areas, including engineering, physics, economics and finance.


Campbell Davidson, Head of the Operational Risk Management Framework Programme, Royal Bank of Scotland

Campbell Davidson is the Head of Operational Risk Design at Royal Bank of Scotland. He has extensive experience working across the 1st, 2nd and 3rd line of defence where he has developed, embedded and provided assurance on firm-wide risk and control frameworks. In addition to his time at RBS, he has previously worked within Lloyds banking Group and Standard Life plc.

Gareth Evans

Gareth Evans, Managing Director of Enterprise Risk Management (ERM), Thomson Reuters

Gareth Evans is the Managing Director of Enterprise Risk Management (ERM) at Thomson Reuters. In this role he is responsible for leading all proposition and solution development in the ERM services division. Prior to this position Gareth was a Director at PwC UK where he created and led their eGRC practice which advised clients on strategies employed to automate and integrate Lines of Defence activities – such as Risk Management, Compliance, and Internal Audit. Spanning all regulated sectors, including banking, insurance, telecoms, oil & gas and utilities, Gareth has engaged a number of global Tier I banks and FTSE 100 and Fortune 500 corporates.

Screen Shot 2017-02-28 at 15.36.42

Francesca Gomez, Head of Operational Risk, Tandem Bank

Francesca is Head of Operational Risk at Tandem, a start-up digital bank planning to help customers be more on top of their money and spend less time on it. Before joining Tandem, she was part of the Digital Risk practice at Deloitte where she helped clients manage the operational risks from their digital business operations. Francesca has experienced risk management across all three lines of defence and has seen first-hand how it can deliver benefits or impediments to a business. She is interested in developing intelligent and pragmatic approaches to managing risk that enable business innovation.


Aarti Anhal Gooden, Partner, 4C Strategies

Dr Aarti Anhal Gooden is a Partner at 4C Strategies, a leading international provider of risk management solutions. Having successfully established 4C Strategies in the UK as part of her COO mandate in 2010, she now leads cross-sector business development to support clients with software solutions aimed at building, verifying and tracking their risk and resilience capabilities. She has project managed the implementation of both ERM and Resilience software solutions for several 4C Strategies clients in the government and transport sectors. She joined the company from Crisis Solutions, where she undertook the role of Director of Future Operations. Prior to this, Aarti managed the Consulting Team at Olive Group, providing risk and crisis management consultancy services to multinationals operating in high-risk environments, including Iraq and Afghanistan. Her academic background originated in the field of international law – she obtained an LLB/Maitrise in English & French Law at King’s College London and the Université de Paris I (Sorbonne), followed by an MA in International Peace and Security. She has a PhD in International Studies from the University of Cambridge.

Brian Gregory[1] copy

Brian Gregory, VP, Market Management, Non-Financial Risk/GRC, EMEA, Wolters Kluwer

Brian is a qualified Chartered Accountant and spent 11 years with EY primarily in the audit department.
Since then he has worked in the IT industry including senior EMEA roles at Oracle and IBM. Brian has
been involved in helping customers address their Governance, Risk and Compliance needs in a sustainable,
repeatable manner since 2002. His subject expertise includes Business Intelligence/Corporate Performance Management,
ERP, Financial Services, Human Capital Management and Corporate Governance. At Wolters Kluwer Financial Services
he is responsible for the go-to-market strategy and direction of OneSumX GRC.

Michael Grimwade 3

Michael Grimwade, Executive Director, Operational Risk Management, MUFG Securities

Michael has worked in Op Risk Management for 20 years. He is currently Head of Op Risk for MUFG Securities, and was previously Op Risk Director for Lloyds TSB’s Wholesale & International Division and also Head of Op Risk Stress Testing at RBS. Prior to this he worked for a decade as a management consultant.

Michael received an award in 2014, from the Institute of Op Risk, for his ‘Contribution to the Discipline of Op Risk’, primarily for his work on Scenario Analysis. Subsequently, in 2015 he became a Director of the IOR. Most recently, in 2016, RiskBooks published his book entitled “Managing Operational Risk: New Insights & Lessons Learnt”.

JimiHinchliffe-Headshot copy

Jimi Hinchliffe, CEO, NJ Risk and Regulatory Consulting, Former Head Policy, Risk and Regulatory Affairs, MUFG

Dr Hinchliffe is a former regulator, operational risk and regulatory affairs professional. He completed his Ph.D. on financial regulation and public choice economics in 2000 and joined the UKFSA as an operational risk policy SME. From 2002-2006 he worked as a bank and investment bank supervisor, before finally joining and then leading the Basel 2 implementation project within wholesale firms. Jimi left the UKFSA in 2008 to join the GSIFI MUFG where he managed Regulatory Affairs in EMEA. In 2012 he joined the Executive Committee and then the Board (Council) as a Director of the Institute of Operational Risk (IOR), and in 2016 was made a Fellow of the Institute. In 2016 Jimi left MUFG to form NJ Risk and Regulatory Consulting to provide professional services, advice and practical support in the fields of operational risk and regulatory affairs, and since October 2016 has been interim Head of Business Partner Groups Risk at BNY Mellon.

Craig Ivey Headshot

Craig Ivey, Head of Operational Risk Economic Capital, RBS

Craig has a proven track record of delivering audits and risk management capabilities against OpRisk Advanced Measurement Approach (AMA) requirements in Europe and North America. He is degree educated, a qualified accountant and an ACCA global prize winner. He has been appointed the Head of Operational Risk Economic Capital within RBS’ Enterprise Wide Risk Management Function. He has a proven track record of communicating complex concepts to a varied audience in a logical and precise manner while being sensitive to business needs and requirements. In his free time he enjoys running and family days out with his two young sons.

Tin Lau

Tin Lau, Manager, Financial Risk & Products and Operational Risk, FCA

My early background includes: earning a dual-honours Masters in Engineering from the University of Warwick, being called to the Bar of England and Wales in 2004, qualifying as Chartered Accountant (ACMA, CGMA) in 2006, holding an investment management certificate (2007), CFA level I (2008) and qualifying as a Chartered MCSI (2010).

My experience includes three years as a financial services/SOX auditor focusing on investment banking and pensions companies. I was then a quantitative analyst and portfolio manager of a multi-asset hedge fund for six years in the asset management arm in a leading Swiss bank with an AUM of CHF 63B.

In addition, I worked at PIMCO for almost two years as a global portfolio oversight manager for the mutual funds group (AUM of $1.7T) including UCITIS, ETFs, Cayman Islands and Bermuda 40 Act Funds. This also included a significant amount of quantitative regulatory work and providing leadership on EMEA’s KIID process.

Prior to joining the FCA in January 2015, I was the head of market risk management at MUTB in London, the trust bank of MUFJ; where I was the principal market risk and economic capital analyst and modeller.

Photo Ariel Luedi

Ariel Luedi, Chairman of the Board, OXIAL

Ariel Luedi is Chairman of the Board of new generation GRC solutions provider OXIAL. He is also a market visionary, a successful entrepreneur and the founder and owner of venture capital firm Hammer Team. Prior to this Ariel was a major shareholder and CEO of hybris software, acquired by SAP in August 2013. Prior to joining hybris, Ariel held senior positions at Oracle and Salesforce.com. He entered the realm of e-commerce in 1996 as SVP Europe at BroadVision. Ariel studied Physics at ETH in Zurich.

Jamie March

Jamie March, Proposition Lead – Connected Risk Platform, Thomson Reuters

Jamie March is a Proposition Lead for the new-to-market Connected Risk platform at Thomson Reuters. Jamie works across product, marketing, sales and pre-sales to build compelling software on this next generation platform. Prior to this, Jamie was a Principal Consultant at Empowered Systems, where he was involved in the design and implementation of governance, risk and compliance solutions with a focus on clients in the Banking and Insurance sectors


Will Martyn, Head of Operational Risk Framework & Policy, HSBC

Will is the Head of Operational Risk Framework & Policy at HSBC. Will joined HSBC in June 2015 after spending the previous four years as a Senior Manager in Deloitte’s Operational Risk practice, primarily supporting clients in designing and implementing Operational Risk Frameworks across the Financial Services industry.

Sean Miles Head Shot copy

Sean Miles, Head of Resilience and Op Risk Unit, Technology & Operations, Santander

I am the head of Resilience and Operational Risk for Technology and Operations (T&O) at Santander UK plc. I am responsible for Operational Risk implementation as well as for oversight and resilience implementation within T&O.  I studied Physics at Oxford University and on graduation I trained to be an accountant at Andersens working in the UK and Australia.  I then worked at Barclaycard in Internal Audit and Operational Risk, focusing on payments acceptance and implanting a new Operational Risk Framework. Since moving to Santander, I have focused on implementing the Operational Risk framework within T&O, to ensure changes in Fraud, Payments risks, Resilience requirements as well as Technology and Cyber risks are managed.

Peter Mitic

Peter Mitic, Head of Advanced Analytics UK, Santander UK

I studied mathematics at Oxford University, and later gained a PhD from the Open University, where I researched object-oriented modelling techniques with computer algebra. After some years as a mathematics lecturer, I have been working with risk-related projects in major banks in the UK and the Netherlands for twenty years, and am now Head of Advanced Analytics at Santander (UK). There I have been active in developing new statistical techniques in operational risk, and in formulating a framework for measuring reputational risk so that it can be quantified in monetary terms. In addition I coordinate and supervise graduate student projects at University College London and the University of Oxford. Away from dry land I am a keen scuba diver.

Richard_Pike copy

Richard Pike, Non Executive Director, Permanent TSB

Richard has extensive experience of working with financial institutions throughout the world, assisting companies in managing enterprise risk more efficiently while addressing local regulatory guidelines and standards.  He is currently an Independent Non Executive Director at PermanentTSB Bank plc. and has previously worked in various senior banking, insurance, credit and market risk roles at Wolters Kluwer Financial Services, ABN AMRO, Bain, COMIT Gruppe and Quay Financial Software.  He has analysed, designed and managed the development of core treasury and enterprise risk management systems for large financial institutions, including UBS, Citibank, Schroders and Unicredito. In 2009, Richard was recognised as a “Top 50” Face of Operational Risk by Op Risk & Compliance magazine and was a contributing author to two books on risk management.  He is also a board member of the Governance, Risk and Compliance Technology Centre which focuses on research in the area of financial services governance, risk and compliance. Richard has also received the designation of ‘Certified Bank Director’ by the Institute of Banking.

Natalie Saunders

Natalie Saunders, Head of People Risk, Yorkshire Building Society Group

Natalie Saunders studied law at Magdalen College, Oxford and qualified as a solicitor at international law firm Freshfields Bruckhaus Deringer in London in 2000.

Natalie has considerable legal and operational HR experience and ran her own business for 4 years.

Natalie joined Yorkshire Building Society in 2015 and assumed the role of Head of People Risk, a new function within the business.

Natalie has developed the strategy, remit and profile of the function, including identifying the key people risks faced by YBS and building understanding of how those could be measured and mitigated, whilst also ensuring successful embedding of the Senior Managers’ and Certification Regime.

Andrew Sheen copy

Andrew Sheen, Head of Operational Risk Regulatory Advisory, Credit Suisse

Andrew Sheen joined Credit Suisse as the Head of Operational Risk Regulatory Advisory in December 2015 and provides advice on all rules and guidance related to operational risk.  Previously Andrew had been the Head of Operational Risk, Use and Embedding, at HSBC having joined from the PRA in September 2013. In his 9 years at the PRA (previously the FSA)  Andrew was initially Head of the Operational Risk Policy Team and then became Head of the Risk Specialist Team for Operational Risk. Whilst at the regulator Andrew represented the UK on the operational risk working groups for both the Basel Committee and also the European Banking Authority. Prior to joining the regulator Andrew had held operational risk roles in international and investment banks.

Nigel Stanley Small

Nigel Stanley, Practice Director – Cyber Security, OpenSky

Nigel is a specialist in information (cyber) security and business risk with over 25 years’ experience in the IT industry. He is a well-recognised thought leader and subject matter expert capable of delivering complex cyber security projects across small, medium and large scale enterprises.

Nigel has in-depth knowledge of cyber security, information security, business risk, data breach incident response, digital forensics, business continuity, cyber warfare, cyber terrorism, mobile device security, BYOD, smartphone security, application development, software development, systems engineering and industrial control systems.

He has written three books on database and development technologies and is a regular conference speaker. Nigel has presented papers at InfoSec, IFSEC and IPEXPO as well as at numerous webinars and online events.

Nigel is able to passionately bring his technical knowledge together with his practical experience of cyber security and business to help clients derive benefit from information security.
Nigel is a Chartered Engineer and member of the Institution of Engineering and Technology (where he sits on the IET Cyber Security Steering Group and is a professional registration interviewer), Institute of Electrical and Electronic Engineers, Armed Forces Communications and Electronics Association and the British Computer Society.

He has an MSc in Information Security from Royal Holloway, University of London where he was awarded the Royal Holloway University Smart Card Centre Crisp Telecom prize for his MSc research dissertation.


Philip White, Executive Director, Framework, Conduct Risk and Capital, UBS Investment Bank

Philip is a qualified accountant who has worked in the Financial Services Industry for over 30 years including at The Bank of England, Lloyds Bank and now UBS and across multiple functions including operations, credit risk, product development and Finance. Philip has been in Operational Risk for the past 10 years, headed the Compliance and Operational Risk Framework team for 5 years and is now focusing on offshore/nearshore and robotics/AI opportunities in Operational Risk.

In his spare time Philip plays rugby, enjoys cooking and travelling and spending time with his wife and four children.

Bart van der Hoeven

Bart van der Hoeven, Senior Director Solutions Consulting, Nasdaq BWise

Bart van der Hoeven is responsible for global solutions consulting, and is a member of the content and solutions board in charge of product strategy and planning. As a GRC thought leader, he offers his knowledge as a strategic and pragmatic thinker with proven ability to translate business challenges into effective and efficient IT solutions.

Bart joined the BWise Team in 2008, and is a customer focused IT professional with significant enterprise software product management and consultancy experience at both large and mid-sized software companies. Bart graduated from the University of Technical Informatics in Bremen, Germany and University of Informatics in Breda, Netherlands.


Thomas George, Head of Risk, Monzo

Thomas George is the Head of Risk at Monzo Bank, and is currently developing and rolling out the Bank’s Risk Management Framework.

Previously he worked on the banking licence application process with the FCA and PRA, and the firm was successfully authorised in August 2016.

Monzo was started in 2015 with the objective of building the best current account in the world. The Bank launched a Beta programme in 2016 and now has over a 120,000 customers, with more than £100m having been spent on Monzo cards around the world. The full current account will be launched later in 2017.

Find our Operational Risk thought-leadership articles here. These articles feed from our much larger Risk Insights section of our website which provides you with thought-leadership, white papers, articles and more across risk and regulation.

27th February 2017
4C Aarti

Integrating risk and resilience

16th February 2017

Aligning operational risk and compliance teams for effective oversight and management

Brian, can you please tell the Risk Insights’ readers about yourself and your professional experiences? I began my career as a Chartered Accountant working at EY […]
15th February 2017

Defining the key in key risk indicators: Building a framework to report leading indicators

Bart, can you tell the Risk Insights’ readers about yourself and your professional experiences? In addition to leading the Solutions Consulting team, I am a product […]
14th February 2017

A new generation of operational risk

27th January 2017

Cyber security and business risk – practical advice from the frontline

26th January 2017

Assessment of operational loss data and its implications for capital modeling

24th January 2017

Systemic operational risk

12th December 2016

The senior managers’ and certification regime – a year on

9th December 2016

Study claims Tesco Bank cyber attack involved guesswork

11th November 2016

Adopting policy requirements and embedding into day to day activities

8th November 2016
romain Wilt banner no pic

Developing an accurate KRI framework for both leading and lagging indicators

8th November 2016

Security experts think the Tesco hack is the ‘most serious’ attack on UK banks ever

20th October 2016

Quality MI is integral to good quality non financial risk management

14th October 2016

Risk models: A general strategy

14th October 2016

How to manage and set operational risk appetite

8th October 2016

Case studies: how we can learn from past experiences to better overcome further risks

23rd September 2016

Structuring operational risk as a function within a broader ERM framework

22nd April 2016

Conference review: New generation operational risk

11th March 2016

Operational Risk Scenario Analysis

10th March 2016

Embedding an Enterprise Risk Management Framework for a More Holistic View of Risk

10th March 2016

Management of Operational Risk in Regulatory Change

3rd February 2016

What is Defined as ‘Good Risk Culture’?

28th January 2016

The Future of Risk Conduct & Culture

15th December 2015

Challenges for a New Generation of Operational Risk

23rd November 2015
Operational Risk Management article

A New Generation of Operational Risk Management

4th November 2015
Simon Cartlidge

Operational Risk Scenario Analysis

15th March 2015

MiFID II Set To Expand Op Risk Remit?


4C Strategies

Deliver success in today’s complex operating environment
4C Strategies is one of the world’s leading providers of risk management solutions. Combining expertise with an innovative approach, 4C’s advisory services and software solutions help organisations to build, verify and track the Readiness capabilities they need to deliver on their strategic and operational objectives. Our software solution (Exonaut™) delivers a platform from which organisations can identify and assess risk, implement mitigation strategies, record validation activities, track real-time performance and respond dynamically to major incidents. The Exonaut™ suite of integrated modules is supported by an enterprise-wide mobile app, which enables staff to log and access critical risk data, wherever they are in the world, to support risk-informed decision-making and performance optimisation.

Nasdaq BWise

Nasdaq BWise is a global GRC technology leader. We help organizations, both big and small, around the globe, embed, sustain, and streamline their GRC and integrated risk management activities. The BWise software application is the cornerstone of Nasdaq’s GRC technology portfolio. It offers a wide range of leading GRC functional capabilities for risk management, internal audit, internal control, information security and regulatory compliance.

Having implemented some of the largest GRC projects in various industries around the globe in various industries means that Nasdaq BWise will truly be able to leverage its global resources to ensure a successful implementation by bringing a blend of technical and industry experience, a mature project governance methodology, and a dedication to effectively and efficiently transfer knowledge for long-term success.

BWise is recognized by independent analysts as a leader in GRC software and won awards for best product as well as best vendor in the industry. For more information about our solutions and services, please visit www.bwise.com.


OpenSky is an independent consulting company and we provide solutions that help enterprises enable and secure the digital enterprise. Using a proven engagement methodology, we are able to reduce the cost and risk of becoming a digital enterprise. We provide solutions in the areas of Mastering Risk, Cloud Enabled Infrastructure, and Advanced Cyber Defenses. Our consultants average 10 plus years of enterprise experience and use a collaborative style to maximize knowledge transfer to our customers.


Today’s global, fully connected and rapidly changing business environment requires thinking about risk in new ways. OXIAL’s leading-edge Governance Risk and Compliance (GRC) solutions take an innovative and unified approach to allow you to maximize strategic and operational performance, cost-effectively manage regulations and policies and proactively mitigate business risks.

Our solutions are entirely built to match organizations’ specific needs, with an integrated GRC approach which aligns and links all essential governance, risk, internal control, internal audit, finance and compliance elements on a single platform. OXIAL’s modular and scalable solutions are designed to address some of the greatest challenges impacting organisations that are faced with Risk Management, Internal Control, Compliance and Audit.

OXIAL operates globally across multiple industries. More than 40 customers have already chosen OXIAL to drive business performance and achieve success.

RSA Security

More than 30,000 customers worldwide—including nearly half the global Fortune 500—rely on RSA’s business-driven security™ strategy for cyber threat detection and response, identity and access management, online fraud prevention, and governance, risk and compliance solutions. Armed with the industry’s most powerful tools, enterprises can better focus on growth, innovation and transformation in today’s volatile business environment.
RSA Archer® empowers you to address the most critical domains of business risk and to evolve your risk management program. It features a full suite of multi-disciplinary risk management solutions and a single configurable software platform.

RSA SecurID® Suite is an integrated, end-to-end identity assurance solution that allows organizations to confirm and manage identities and provide secure and convenient access to users from the endpoint to the cloud.

Protect your organization from known cyber threats and from attack methods no one has ever seen before with RSA NetWitness® Suite, an award-winning solution that gives you the ability to stop cyber-attacks in their earliest stages.

Thomson Reuters

Thomson Reuters provides professionals with the intelligence, technology and human expertise they need to find trusted answers.

We enable professionals in the financial and risk, legal, tax and accounting, and media markets to make the decisions that matter most, all powered by the world’s most trusted news organization.

Wolters Kluwer

Whether complying with regulatory requirements or managing financial transactions, addressing a single key risk, or working toward a holistic enterprise risk management strategy, Wolters Kluwer works with customers worldwide to help them successfully navigate regulatory complexity, optimize risk and financial performance, and manage data to support critical decisions. Wolters Kluwer provides risk management, compliance, finance and audit solutions that help financial organizations improve efficiency and effectiveness across their enterprise, with more than 30 offices in 20 countries.
For further information please visit www.wolterskluwerfs.com.


Can your organisation contribute at our New Generation Operational Risk Summit?

Please contact the Center for Financial Professionals today to discuss how we can deliver your thought-leadership at the event, help you generate leads, and provide you with unique networking and branding opportunities. Below is an outline of what we can offer, but please contact sales@cfp-events.com or call us on +44 (0)20 7164 6582 where a member of the team will be happy to tailor the right package for you.

Endorsed By

ORIC International

Founded in 2005, ORIC International is the leading operational risk consortium for the (re)insurance and asset management sector globally. There are currently 41 members of the consortium, with accelerating international growth.

ORIC International is a not-for-profit industry body dedicated to helping its members enhance the capabilities of their operational risk functions. This industry body facilitates the anonymised and confidential exchange of operational risk intelligence between member firms, providing a diverse, high quality pool of quantitative and qualitative information on relevant operational risk exposures.

As well as providing operational risk event data, ORIC International also provides industry benchmarks, undertakes leading edge research, sets trusted standards for operational risk and provides a forum for members to exchange ideas and best practice. This comprehensive offering is designed to empower risk professionals to help their business and their Board in the identification, assessment, management/measurement, monitoring and reporting of operational risk.

For more information email enquiries@ORICInternational.com or visit www.ORICInternational.com

Media Publications

We are happy to support publications, associations and organisations at this event. From a simple company listing with your logo to taking advantage of some of our sponsor benefits listed above. To discuss a media partnership further please email olympia.nolan@cefpro.com or call +44 (0)20 7164 6582.

ABA Logo 245x150
Banking Technology
CR_Logo copy
DFM_logo_blue copy
Financial IT
Fintech Finance 180x110
Fintech Weekly
Focus Economics
GBAF 180x110
PCNetwork 245x150 copy
Risk &N Insurance 180x110
Screen Shot 2016-11-04 at 14.28.07
IOR 180x100
Risk universe 180x110


Monument – 8 Eastcheap

Etc Venues – Monument
8 Eastcheap

Earn up to 15.5 CPD Points

Nearby Accommodation:

Download the Risk Insights App

Interact with your colleagues, peers and industry thoughts leaders live at the New Generation Operational Risk Summit. 

Our Risk Insights App provides an audience interaction participation tool at the Summit which allows you to ask speakers and panelists questions throughout the sessions and engage in industry polls with other senior risk professionals.

All Summit information is available at a click of a button such as the two day agenda, biographies of all presenters map location and surveys


Sponsor the App. For more information, email us.


1. Search for “Risk Insights” on your relevant app store.


2. Once the App is downloaded and opened, New Generation Operational Risk: Europe will appear on your dashboard. Select “Access Now”

3. You will be asked to provide the event access code, an email with this code has been sent to you by email after registering for the event.

4. Here you will be able to access all details you need prior and during the event, i.e presentations, agenda and map. The polls and ask a question features will be used during the course of the two days so make sure to keep your phones handy during the event.


We have a web App available to use through your phone internet browser. At the event visit www.cefpro.com/app and simply select New Generation Operational Risk Summit, then enter your details and the access code (refer to your emails for the code)

If you are having any issues please feel free to drop us a call on +44 (0)20 7164 6582 and a member of the team will be able to help you out.

After the Event

Keep the Risk Insights App after the event to browse risk and regulation insights, share and save articles, and receive notifications on the latest challenges all within your professional interests. Our network of authors range from risk professionals within banking risk, financial regulation, market risk, credit risk, operational risk and treasury/balance sheet management.

Frequently Asked Questions

Can I present at New Generation Operational Risk Summit?

Yes, the Center for Financial Professionals are happy to discuss speaking opportunities at New Generation Operational Risk Summit 2017. For further information on this please contact alice.kelly@cefpro.com or call us on +44 (0) 20 7164 6582.

Are there any rules on the dress code?

Business attire is requested. The Summit is a formal opportunity to network with like-minded professionals and to gain knowledge from the industry’s finest risk management experts.

What is the cost and what is included in the registration fee?

We offer incentives for ‘early bird’ registrants of the Summit, as outlined on our pricing structure.

Registration includes breakfast, refreshment breaks, lunches, the cocktail reception at the end of the day, full access to the Summit sessions and exhibition area. Presentations from sessions are also available, subject to speaker approval.

Where can I find the Summit documentation and speaker presentations?

All registered attendees will receive an email with access to documentation and speaker presentations after the Summit*

We will work with our presenters to include as many presentations as possible on our Risk Insights App during the Summit.

*Please note that our speakers often have to gain permission from their relevant compliance departments to release their presentations. On rare occasions compliance may not allow presentations to be distributed.

Will breakfast, lunch and refreshment be provided?

Yes. As with all of our events the Center for Financial Professionals will be providing brilliant coffee, breakfast, lunch, refreshments, and smaller bites during the networking breaks.

This will be provided on both days of the Summit.

Will there be opportunities to network with other attendees?

There are ample opportunities for networking and interaction throughout the Summit, such as

  • Breakfast, lunch and refreshment breaks
  • Cocktail reception at the end of the day (Subject to confirmation)
  • Q&A, panel discussions and audience participation technology available through the Risk Insights App
I have several colleagues that would like to attend, is there a group discount?

Certainly! We are pleased to offer you a 50% discount on the third registration or provide a fifth registration for free.

If you would like to register more than five colleagues please contact us on +44 (0) 20 7164 6582

Please note:

  • Registrations must be made at the same time
  • Registrations must come from the organisation
  • The lowest registration will be discounted
Are there opportunities to share my thought-leadership at New Generation Operational Risk?

Yes there are plenty of opportunities for the Center for Financial Professionals to share thought-leadership to the attendees of New Generation Operational Risk and our wider risk professionals community.

At the event
We can distribute your material to the attendees, offer you an exhibition booth, and provide speaking opportunities so that you may enjoy a more prominent presence at the Summit. Visit the Sponsor tab for further information or contact sales@cefpro.com / +44 (0) 207 164 6582.

Risk Insights
Feature your content on our Risk Insights website and supporting Risk Insights monthly newsletter. For further information please download our media pack here.

Are media partnerships available for New Generation Operational Risk?

Yes. As part of a media partnership we can offer a variety of options to increase the branding and awareness of your association, company, certificate, publication or media. We are flexible with what we can offer however we usually:

  • Provide a discounted rate to attend
  • Place your logo and profile on the Summit website
  • Place your logo on the Summit brochure
  • Place your logo on promotional content where applicable
  • Distribute your media/marketing at the Summit
  • Promote through social media channels

To discuss this further please contact jesse.hopkins@cefpro.com or call +44 (0) 20 7164 6582.

After the conference, all attendees are asked to fill out an evaluation form. See what they had to say about the New Generation Operational Risk Congress in 2016:

“Good interaction with the attendees.”

Investel Wealth & Investment

“I was delighted that the emerging concept of Conduct Risk was discussed in great depth and detail.”

Aberdeen Asset Management

“Well run event and CFP staff were extremely helpful. Also, speakers were of high calibre.”

Berwin Leighton Paisner

“Great quality content and challenging debate.”


“High level and relevant topics.”

Investic Wealth and Investement

“It brings a good mix of people together to network and knowledge is shared.”


“Topics were very interesting and speakers were knowledgable.”

Commercial International Bank, Egypt

Earn CPD Points

To claim your CPD points please contact info@cefpro.com or call (0)20 7164 6582

CPD Certified Logo

See Us In Action

Early Bird Standard Rate Register Now
3rd Annual New Generation Operational Risk
March 14-15
Register by March 3
(Save £300)
£1599* Register

Should you have any questions regarding registering, please contact the Center for Financial Professionals, please contact us on +1 888 677 7007 (US) or +44 (0)20 7164 6582, or email info@cfp-events.com

*All rates are subject to UK VAT

Group Bookings:

Group rates are available for 2 or more attendees from the same organisation, when registering at the same time. The current rate allows every third colleague to come along for half price! or a fifth colleague to attend for free

Other ways to register

Save time – Register by email

Simply email us your e-signature – and we will do the rest for you!

2. Contact Us Directly

3. Download the PDF Registration Form

oprisk brochure
Keep Updated


Interested in Operational Risk Management but not ready to register? Click here to keep updated.

Download the Risk Insights App


4C 245x150
Nasdaq BWISE
OpenSky 245x150
OXIAL 245x150
RSA_Logo_Red_RGB copy
Screen Shot 2017-01-10 at 17.00.29
Wolters Kluwer Financial Services

Endorsed By

ORIC International


Connect With Us | #OpRisk17

TwitterLinkedInFacebookYouTubephone icon 50px