Industry led research – Assessing the implementation of software for the management of non-financial risk

Providing clarity on upcoming trends and opportunities within non-financial risk, and an
assessment of the current software available to manage those risks

With more traditional credit and market risks better understood and controlled across the financial industry, attention is shifting towards understanding and management of Non-Financial Risks (NFR). The remit and definition of NFR continues to evolve and increase in focus and importance across the industry with areas spanning from model risk to operational risk and its subsets.

With NFR building momentum across the industry, this report looks to provide insights on the top non-financial risks prominent across the industry and to assess the future of these risks, future trends and challenges and also provide peer led vendor and in-house software rankings!

The 2020 survey assessed the following non-financial risks. 2021 will look to significantly expand the areas of focus and analysis:

For more information on CeFPro, or the FinTech Leaders, please contact us at

Providing clarity on upcoming trends and opportunities within non-financial risk, and an assessment of the current software available to manage those risks

Find out who was voted best in:

Operational Risk Service Provider
Model Risk Service Provider
Financial Crime Service Provider
Technology Risk Service Provider


Key Questions answered:

Top Non-Financial Risk Priorities

Vendor, In-house and Microsoft Office Software Assessmen

Considerations when purchasing vendor solutions

Key challenges when implementing vendor-provided software

Best practices when implementing vendor-provided software

Future requirements for vendors

Find out where 900+ industry professionals
ranked the top non-financial risks


Third Party




Financial Crime






Already a member of CeFPro? You can access this report by logging in here.

This report enables organizations to benchmark their performance against others in the industry in order to ascertain whether they are behind, in line with or ahead of their peers when it comes to implementing NFR software.

Jennifer Matney, CeFPro NFR Advisory Board Member & SVP / Director of Operational Risk Management, UMB Financial Corp

CeFPro’s Non-Financial Risk Leaders is an invaluable platform to enable the industry to share ideas and agree best practices.

Sean Miles, CeFPro NFR Advisory Board Member & Head of Risk, Pay.UK


This research aims to assess the trends and challenges within technology risk; including data governance, real-time analytics, API management, data virtualization, data science and integration.

This report looks to provide insight across the industry and identify success factors from peers to benchmark and understand progress and review optimization strategies.

This 2nd annual survey is largely based on the end-user’s responses and perspectives, allowing CeFPro’s research and analyst team to take the pulse of the industry.

Meet Our Non-Financial Risk Advisory Board

An essential component of our research methodology is to regularly engage with operational risk experts and thought-leaders within our “The Operational & Emerging Risk Advisory Board”. This is a team of carefully selected independent subject matter experts with expertise in one or more of the various operational risk sub-categories (e.g. Fraud, cyber risk, conduct risk).


Dominique Benz
Director, Operational Risk Management
Mizuho Americas


Simon Cartlidge
Head of Risk (LGIM Retail)
Legal & General Investment Management


Paul Clarke
SVP US Operational Risk Management
TD Bank


Charles Forde
Head of Shared SVC Operational Risk for Investment Bank and UBS UK and Operational Resilience

About Dominique

Dominique has over 20 years of financial services industry experience and deep expertise in Operational Risk, Technology, and Process Transformation. Dominique is a Director at Mizuho Bank in the Americas Risk Department providing 2nd line of defense services to all corporate and investment banking business lines across Mizuho U.S. operations.

He is responsible for the build out, implementation and oversight of the Operational Risk Management framework and establishment of related risk policies. Dominique leads a team of Key Risk Officers providing Operational Risk coverage and credible challenge across all non-financial risk domains including third party services, business continuity, data management, transaction processing, conduct and fraud. He architected and maintains the firm’s Operational Risk Appetite Statement. In collaboration with the business, Dominique also spearheads the firm’s Key Risk Indicator Program.

Prior to joining Mizuho, Dominique has worked in similar capacities for some of the world’s leading global banking institutions including Goldman Sachs, Morgan Stanley, Deutsche Bank and Citigroup. Dominique holds an MBA and a BS in Industrial Engineering from Rutgers University in New Jersey.

About Simon

Simon Cartlidge is Head of Risk (Retail & DC) within Legal & General Investment Management. Simon has spent 20 years with Legal & General, previously holding a variety of senior risk management roles in Group, retail investments, and banking business units.

Simon worked on the Solvency II programme, focusing on Pillar 2 (risk framework). Immediately prior to his current role, he was responsible for the Group-wide operational risk framework. Prior to Legal & General, Simon worked for Bradford & Bingley Building Society, as Credit Risk Manager in their retail mortgage business.

About Paul

Biography coming soon!

About Charles

Charles is currently the Global Head of Third Party, Outsourcing & Inter-Entity Risk at UBS. The function is part of Compliance & Operational Risk, the 2nd Line of Risk in the firm. Previously, Charles held the position of COO of Operations & Technology for Group Data, Reconciliations and the Client Data Confidentiality Programme at UBS.

Before joining UBS 7 years ago, Charles was with ERNST & YOUNG in London in the Risk Advisory practice. Charles has previously held roles managing risk and operations for Goldman Sachs, JP Morgan and Barclays.

He began his career at the UNITED NATIONS managing technology and operations to support military peace-keeping operations and humanitarian programmes.


Hafsteinn Gislason
VP – Enterprise Operational Risk

WIT (Mariana)

Mariana Gomez de la Villa
Program Director Distributed Ledger Technology


Jennifer Matney
SVP/Director of Operational Risk Management

Stephan Meili

Stephan Meili
Managing Director – Risk Management

About Hafsteinn

Hafsteinn (Haffi) is an Operational Risk professional that started his career in risk in the turmoil surrounding the fallen banks in Iceland in 2008. He then moved to New York in 2013 continuing his profession at CIT in Operational Risk.

A self-described romantic when it comes to Operational Risk and its potential in the world of finance and a firm believer that Operational Risk can be instrumental in bridging qualitative risk functions to improve overall risk management. He has decade of experience in both implementing and managing Operational Risk framework elements and capital calculations. In recent years he has had the opportunity to play a key role in convergence that broadens the scope of the Operational Risk Framework to other Enterprise Risk areas.

He has obtained a Bachelor degree in Industrial Engineering from Reykjavik University and a Master’s degree in International Economics and Finance from the Newcastle University Business School in England. Certified GARP FRM and is a licensed securities broker in Iceland.

About Mariana

Mariana Gomez de la Villa has joined ING in 2015 and is currently the Distributed Ledger Technology Program Director at ING, with overall responsibility for driving research, development and implementation of Distributed Ledger Technology as well as capitalizing on its potential in order to unlock mass-scale value.

Under Mariana’s leadership, the Blockchain program has delivered over 44 proofs of concept and 8live pilots in collaboration with the following business areas: payments, trade finance and working capital solutions, financial markets, post-trade, bank treasury, lending, compliance and identity.
Mariana is also responsible for setting up long-term purpose and vision, including the governance of the program within ING globally. Mariana is an active leader in global consortia, outlining the Distributed Ledger Technology strategy and envisioning market landscapes.

Mariana’s accountabilities include the definition of products, services and business models, as well as foresight to business, technology, leadership communities and international stakeholders, including regulators.

About Jennifer

Jennifer was in the field of finance for 14 years and now has added 5 years in banking corporate risk. She started her career at the Federal Reserve Bank of KC after receiving a BA in finance/management. In her nearly 7 years at the Fed she worked with phenomenal people and had mentors that encouraged her to further her education. She obtained a MA in Economics and has all but the dissertation completed on a PhD in Economics and Public Administration. She then worked for DST Output and Pioneer Services as a Director of Finance. For the past 5 years, while at UMB, she has built the model risk management program from the ground up and acquired other operational risk management responsibilities such as third-party risk management onboarding and monitoring, corporate insurance, and contracts management.

About Stephan

Stephan Meili is a Managing Director at Citi leading the Convergence Risk effort for the investment, corporate and private bank. Previously, he was Global Head of Market Risk for Securitized Products Trading and Municipal Derivatives at Barclays. Stephan has 20+ years of financial markets experience in Europe, US and Asia ranging from risk management (market, credit and operational risk) and asset management to quantitative modeling and model validation for investment banks, asset managers and consulting firms. Furthermore, he has represented banks at industry forums and conferences on financial regulation and has taught courses on derivatives, regulation and risk management at the Federal Reserve Bank and at Columbia University. He holds a MS in Finance from Northwestern University and a degree in economics and business administration from the University of Basel, Switzerland. He is also a CFA, FRM and CAIA charterholder.


Sean Miles
Head of Risk


Vasanth Murugan
Director, Operational Excellence, Global Commercial Services
American Express


Christopher Nestore
US Head of Operational Risk Management
TD Bank

Nimesh Patel

Nimesh Patel
Director – External Cyber Assurance & Monitoring Barclays

About Sean

I am head of Operational Risk for Santander Services.  This covers the back-office operations and technology units of the Retail Bank.  I left Oxford University with a degree in Physics and trained as an Accountant at Andersens working in Birmingham and Melbourne.  After that I worked as an Internal Auditor, then in Operational Risk at Barclaycard.

About Vasanth

Vasanth currently serves as Director of Operational Excellence within American Express Global Services Group that is comprised of key internal and external servicing functions and delivers customer care to card members, merchants and commercial clients  of the company. Vasanth works closely with control functions and business leaders to implement operational risk framework and also to stand up critical control programs that support operational risk within the company.

Vasanth has a broad range of experience within American Express, holding roles in implementation of Next-Generation payment platform in international markets; driving Information Security and internal control program within Technology Services group , and recently, leading Issue Management program for the company. Vasanth is passionate about Operational Risk topics and has worked with leaders to drive enterprise risk management and implement best practices that directly impact operational risk, controls and compliance, growth and service quality.

About Chris

Twenty-two years of banking experience with an emphasis on risk and controls.  Mr. Nestore is the Head of US Operational Risk Management at TD Bank, America’s most Convenient Bank.  He has been with TD for seven years and has held a variety of roles in Risk Management and Finance including previous work leading the Segment Risk team in Operational Risk.  Most recently, he was providing strategic oversight and assisting in the execution of the CCAR strategy.

Mr.  Nestore initially joined Operational Risk Management in November 2013 as the Segment Risk Director responsible for leading the Segment Risk Team that provides second line challenge to the major revenue producing US business lines.  Those business lines include: Consumer Banking, Regional Commercial, Corporate & Specialty Banking, TD Wealth and Epoch .  He joined TD in April 2011 as the Head of Finance Governance and Shared Services where he led teams responsible for: Governance, Controls & Risk, Project Management Office, FDIC Liaison Team, Reconciliation Control Unit, General Accounting and Fixed Assets/ Accounts Payable.

About Nimesh

Nimesh Patel heads up Supplier Lifecycle Due Diligence at Barclays for External Cyber Assurance and Monitoring within the organisation and brings a unique blend of Financial Services experience and Cyber security skills to strengthen the assessment and assurance process for Barclays vendors. He has over 20 years financial services experience. By utilising his new processes new contracts, material changes and exit of services fall into the scope of his team for due diligence.


Theresa Reynolds
Director, ORM Validation and Insurance Risk Management
Operational Risk Management
Capital One


Gary Savill
Head of Risk

John Schiavetta

John Schiavetta, CFA
SVP, Deputy Chief Risk Officer
Alliance Bernstein


Andrew Sheen
Head of Operational Risk Regulatory Risk Management and Non-Executive Director
Institute of Operational Risk

About Theresa

Theresa Reynolds has more than 20 years of experience in Financial Services, working across both the first and second lines. She currently leads Capital One’s Operational Risk Management Validation program as well as our Insurance Risk Management program. As the Validation lead, she owns the methodology which enables independent control assurance activities across the Operational Risk spectrum.  Additionally, her team is responsible for providing assurance for several Operational Risk Management programs that have broad impacts across the company.  As the Insurance Risk Management lead, she ensures that Capital One mitigates several major types of risk through procurement of appropriate insurance policies.  Her Insurance Risk Management team provides financial risk transfer solutions to help mitigate a broad range of risks for the Enterprise as well as providing consultative services for third party contracts across the company.   

About Gary

Gary Savill is Head of Risk for Saga Group and has over 12 years of extensive risk management expertise, working previously in general insurance for AXA UK for 10 years and as Deputy Head of Operations for Sanlam Investment Management for 4 years.  Gary is a Chartered Management Accountant, qualifying whilst working for Nestle UK and is also a Specialist member of the IRM and member of the Institute of Management.

Gary have extensive experience of Solvency II, capital modelling, risk frameworks, conduct risk, risk culture, third party risk oversight and  building high performance teams.

About John

John Schiavetta is Deputy Chief Risk Office for AB, overseeing aspects of risk management to ensure that risks being taken are well understood and appropriately managed. Schiavetta joined AB in 2008 as Director of Risk Management with responsibilities for Fixed Income Risk, Liquidity Risk, Counterparty Risk and Valuation. Previously, he was at Fitch Ratings for 15 years, most recently as group managing director responsible for managing the agency’s global structured credit-ratings group. Prior to that, Schiavetta was product manager at the pension-consulting firm CDA Investment Technologies. He began his career at the Dreyfus Corporation. Schiavetta holds a BA in economics from Bates College and is a CFA charterholder. Location: New York.

About Andrew

Andrew is Head of Operational Risk Regulatory Risk Management. He is also a non-Executive Director of the Institute of Operational Risk. Andrew is probably best known for his work at the FSA and subsequently the PRA. During his time at the FSA and PRA Andrew managed the Operational Risk Review team in the Risk Specialist Division and represented the UK on the BCBS’ and EBA’s Operational Risk working groups.

Chris Smigielski

Chris Smigielski
Director of Model Risk Management
Arvest Bank


Craig Spielmann
former Global Head of Enterprise Risk Management Strategy
First Data

Jeremy Resler

Jeremy Resler
Vice President, Director of Third Party Risk Management Governance
U.S. Bank


Jack Sprague
Senior Vice President, US Head of Operational Risk Policy, Framework, and Capital

About Craig

Chris Smigielski’s biography will be coming very soon!

About Craig

Craig Spielmann will be presenting at the forthcoming X-Tech 2019 Convention and his biography will be coming very soon!

About Jeremy

Jeremy has over ten years of experience and expertise in the financial services and legal sectors, and is currently a Vice President and the Director of Governance in the Corporate Third Party Risk Management group at U.S. Bank.

Jeremy is responsible for overseeing various functions and teams within the centralized, enterprise TPRM Program, including quality assurance, policy and audit/exam management, fourth party risk, joint venture/strategic alliance risk, merger and acquisition operational risk, and enterprise RCSA third party risk. Jeremy graduated with an Economics degree from the University of Minnesota and a Juris Doctor from the William Mitchell College of Law in St. Paul, MN. Prior to U.S. Bank, Jeremy worked for a legal publishing company and subsequently clerked for a District Court Judge in Hennepin County, MN.

About Jack

Jack Sprague is a Senior Vice President and the Head of Operational Risk Policy, Framework, and Capital for the Americas at HSBC.

Jack has worked at HSBC since 2010 and in his current role, he is responsible for designing the Operational Risk framework in the US and developing associated policies and procedures.  He is also responsible for the firm’s Operational Risk CCAR program and regional submissions to support global stress tests and economic capital calculations.

Previously, Jack was the Head of Business Risk and Control for the Private Banking division in the Americas, where he implemented a first line risk management program and managed risk and control teams across the US and Latin America.  Jack has also held Operational Risk advisory roles at HSBC.


Thomas Tobin
Director of Operational Risk Management
Mizuho Americas


Ken Wolckenhauer
VP, Vendor Management
Nordea Bank, International Division


Stephen Woitsky
SVP, Operational Risk Management
Bank of the West


Freek van Velsen
Chief Audit Executive
LeasePlan Corporation N.V

About Thomas

Tom has over 20 years of financial services industry experience and is currently a Director of Operational Risk Management at Mizuho Bank in the Americas Risk Department. As part of the 2nd line of defense, Tom is responsible for the creating the Operational Risk Framework and implementing the tools, including the KRIs, RCSA program, establishing and maintaining the Control Library and Risk Taxonomy, Key Risk Assessments, and integrating the GRC system to all business lines across U.S. operations.

About Ken

Ken Wolckenhauer is the Head of Vendor Management at Nordea Bank’s New York branch. Leading up to this position, Ken was as a subject matter expert, trainer, solutions provider, and consultant for FIS, the world’s largest global provider dedicated to banking and payments technologies. With FIS, Ken specialized in financial industry regulatory risk and compliance, mostly in the area of anti-money laundering and watchlist compliance. Nordea Bank leveraged Ken’s risk and compliance knowledge to build out the vendor management program for the New York branch, developing a program that would properly manage risk as well as gaining acceptance to the US regulators. The success of the US program is now being used to advise Nordea’s European branches on enhancements to its TPRM program. Ken is a graduate of Bucknell University and is a Certified Anti-Money Laundering Specialist.

About Stephen

Hands-on and results-driven Risk Management Executive with 25+ years of leadership expertise in internal audits, regulatory compliance, controls, and overall strategic audit planning/execution for companies such as CLS Bank, Credit Suisse and UBS and BNP Paribas.

Strong, energetic leader with forte in streamlining processes ensuring compliance with regulatory standards; extensive experience launching internal audit and risk management operations.

Trusted and active advisor in dissecting, analyzing and presenting key strategic financial solutions to executive leadership.

Active volunteer and board member with Bridges Outreach since 2015 focusing on feeding and servicing people in need in NJ and NYC,  providing input into the strategic planning process and doing fundraisers with local businesses and schools.

About Freek

Biography coming soon!

If you are interested to explore the options how you can be part of CeFPro research, call us on: +44(0) 20 7164 6582 / +1 888 677 7007, or, email us at:

Stay Updated
Receive CeFPro’s news, magazine, webinars, research reports and more...
I agree to receive emails from CeFPro (no spam or third parties)
Subscribe Now!
I agree to receive emails from CeFPro (no spam or third parties)
Get 50% OFF
Join our newsletter and get 50% off your next purchase
Privacy Policy. This information will never be shared for third part
Subscribe Now!