This survey is to assess the current state of software implementations for management of the following NFRs: Operational risk; Financial crime risk; Third-party risk; Technology risk; Conduct risk; and Model risk. The research will also look to provide peer-led vendor rankings for each of these sections.

For each of the above NFRs, the survey aims to assess the following topics: Preference for in-house developed software vs. purchasing vendor provided software | Key criteria used by organizations to select the most appropriate vendor software | Most widely implemented vendor provided software | Typical implementation challenges and solutions adopted to address these | Most widely used consulting and service providers for designing frameworks and supporting implementation of the software | The key emerging business requirements.

We have divided the survey into six separate NFR’s, please pick one to complete:

Operational Risk 

Third-Party Risk 

Financial Crime Risk

All survey respondents will receive a complimentary full copy of the final report

Conduct Risk

Technology Risk

Model Risk

All survey respondents will receive a complimentary full copy of the final report

An essential component of our research methodology is to regularly engage with operational risk experts and thought-leaders within our “The Operational & Emerging Risk Advisory Board”. This is a team of carefully selected independent subject matter experts with expertise in one or more of the various operational risk sub-categories (e.g. Fraud, cyber risk, conduct risk).


Dominique Benz
Director, Operational Risk Management
Mizuho Americas


Brandon Blanchard
Vice President, Operational Risk Manager
Commerce Bank


Simon Cartlidge
Head of Risk (LGIM Retail & DC)
Legal & General Investment Management


Paul Clarke
SVP US Operational Risk Management
TD Bank

About Dominique

Dominique has over 20 years of financial services industry experience and deep expertise in Operational Risk, Technology, and Process Transformation. Dominique is a Director at Mizuho Bank in the Americas Risk Department providing 2nd line of defense services to all corporate and investment banking business lines across Mizuho U.S. operations.

He is responsible for the build out, implementation and oversight of the Operational Risk Management framework and establishment of related risk policies. Dominique leads a team of Key Risk Officers providing Operational Risk coverage and credible challenge across all non-financial risk domains including third party services, business continuity, data management, transaction processing, conduct and fraud. He architected and maintains the firm’s Operational Risk Appetite Statement. In collaboration with the business, Dominique also spearheads the firm’s Key Risk Indicator Program.

Prior to joining Mizuho, Dominique has worked in similar capacities for some of the world’s leading global banking institutions including Goldman Sachs, Morgan Stanley, Deutsche Bank and Citigroup. Dominique holds an MBA and a BS in Industrial Engineering from Rutgers University in New Jersey.

About Brandon

Brandon has been in the field of banking for 12 years and his experience ranges across retail, finance, sales, product development and risk management. He obtained an MBA and an MS in Accountancy. For the past 3.5 years, while at Commerce Bank, he has built the model risk management program from the ground up and picked up other operational risk management responsibilities including third-party risk management, corporate insurance, operational risk management, and data governance.

About Simon

Simon Cartlidge is Head of Risk (Retail & DC) within Legal & General Investment Management. Simon has spent 20 years with Legal & General, previously holding a variety of senior risk management roles in Group, retail investments, and banking business units.

Simon worked on the Solvency II programme, focusing on Pillar 2 (risk framework). Immediately prior to his current role, he was responsible for the Group-wide operational risk framework. Prior to Legal & General, Simon worked for Bradford & Bingley Building Society, as Credit Risk Manager in their retail mortgage business.

About Paul

Biography coming soon!


Charles Forde
Head of Shared SVC Operational Risk for Investment Bank and UBS UK and Operational Resilience


Hafsteinn Gislason
VP- Operational Risk


Mariana Gomez de la Villa
Program Director Distributed Ledger Technology


Jennifer Matney
SVP/Director of Operational Risk Mgmt | Corporate Risk Services
UMB Financial Corporation

About Charles

Charles is currently the Global Head of Third Party, Outsourcing & Inter-Entity Risk at UBS. The function is part of Compliance & Operational Risk, the 2nd Line of Risk in the firm. Previously, Charles held the position of COO of Operations & Technology for Group Data, Reconciliations and the Client Data Confidentiality Programme at UBS.

Before joining UBS 7 years ago, Charles was with ERNST & YOUNG in London in the Risk Advisory practice. Charles has previously held roles managing risk and operations for Goldman Sachs, JP Morgan and Barclays.

He began his career at the UNITED NATIONS managing technology and operations to support military peace-keeping operations and humanitarian programmes.

About Hafsteinn

Hafsteinn (Haffi) is an Operational Risk professional that started his career in risk in the turmoil surrounding the fallen banks in Iceland in 2008. He then moved to New York in 2013 continuing his profession at CIT in Operational Risk.

A self-described romantic when it comes to Operational Risk and its potential in the world of finance and a firm believer that Operational Risk can be instrumental in bridging qualitative risk functions to improve overall risk management. He has decade of experience in both implementing and managing Operational Risk framework elements and capital calculations. In recent years he has had the opportunity to play a key role in convergence that broadens the scope of the Operational Risk Framework to other Enterprise Risk areas.

He has obtained a Bachelor degree in Industrial Engineering from Reykjavik University and a Master’s degree in International Economics and Finance from the Newcastle University Business School in England. Certified GARP FRM and is a licensed securities broker in Iceland.

About Mariana

Mariana Gomez de la Villa has joined ING in 2015 and is currently the Distributed Ledger Technology Program Director at ING, with overall responsibility for driving research, development and implementation of Distributed Ledger Technology as well as capitalizing on its potential in order to unlock mass-scale value.

Under Mariana’s leadership, the Blockchain program has delivered over 44 proofs of concept and 8live pilots in collaboration with the following business areas: payments, trade finance and working capital solutions, financial markets, post-trade, bank treasury, lending, compliance and identity.
Mariana is also responsible for setting up long-term purpose and vision, including the governance of the program within ING globally. Mariana is an active leader in global consortia, outlining the Distributed Ledger Technology strategy and envisioning market landscapes.

Mariana’s accountabilities include the definition of products, services and business models, as well as foresight to business, technology, leadership communities and international stakeholders, including regulators.

About Jennifer

Jennifer was in the field of finance for 14 years and now has added 5 years in banking corporate risk. She started her career at the Federal Reserve Bank of KC after receiving a BA in finance/management. In her nearly 7 years at the Fed she worked with phenomenal people and had mentors that encouraged her to further her education. She obtained a MA in Economics and has all but the dissertation completed on a PhD in Economics and Public Administration. She then worked for DST Output and Pioneer Services as a Director of Finance. For the past 5 years, while at UMB, she has built the model risk management program from the ground up and acquired other operational risk management responsibilities such as third-party risk management onboarding and monitoring, corporate insurance, and contracts management.

Stephan Meili

Stephan Meili
Managing Director – Risk Management


Sean Miles
Head of Risk


Vasanth Murugan
Director, Operational Excellence, Global Commercial Services
American Express


Christopher Nestore
US Head of Operational Risk Management
TD Bank

About Stephan

Stephan Meili is a Managing Director at Citi leading the Convergence Risk effort for the investment, corporate and private bank. Previously, he was Global Head of Market Risk for Securitized Products Trading and Municipal Derivatives at Barclays. Stephan has 20+ years of financial markets experience in Europe, US and Asia ranging from risk management (market, credit and operational risk) and asset management to quantitative modeling and model validation for investment banks, asset managers and consulting firms. Furthermore, he has represented banks at industry forums and conferences on financial regulation and has taught courses on derivatives, regulation and risk management at the Federal Reserve Bank and at Columbia University. He holds a MS in Finance from Northwestern University and a degree in economics and business administration from the University of Basel, Switzerland. He is also a CFA, FRM and CAIA charterholder.

About Sean

I am head of Operational Risk for Santander Services.  This covers the back-office operations and technology units of the Retail Bank.  I left Oxford University with a degree in Physics and trained as an Accountant at Andersens working in Birmingham and Melbourne.  After that I worked as an Internal Auditor, then in Operational Risk at Barclaycard.

About Vasanth

Biography coming soon!

About Chris

Twenty-two years of banking experience with an emphasis on risk and controls.  Mr. Nestore is the Head of US Operational Risk Management at TD Bank, America’s most Convenient Bank.  He has been with TD for seven years and has held a variety of roles in Risk Management and Finance including previous work leading the Segment Risk team in Operational Risk.  Most recently, he was providing strategic oversight and assisting in the execution of the CCAR strategy.

Mr.  Nestore initially joined Operational Risk Management in November 2013 as the Segment Risk Director responsible for leading the Segment Risk Team that provides second line challenge to the major revenue producing US business lines.  Those business lines include: Consumer Banking, Regional Commercial, Corporate & Specialty Banking, TD Wealth and Epoch .  He joined TD in April 2011 as the Head of Finance Governance and Shared Services where he led teams responsible for: Governance, Controls & Risk, Project Management Office, FDIC Liaison Team, Reconciliation Control Unit, General Accounting and Fixed Assets/ Accounts Payable.

Nimesh Patel

Nimesh Patel
Director – External Cyber Assurance & Monitoring Barclays


Theresa Reynolds
Director, Control Assurance and Corporate Insurance
Operational Risk Management Division
Capital One


Gary Savill
Head of Risk

John Schiavetta

John Schiavetta, CFA
SVP, Deputy Chief Risk Officer
Alliance Bernstein

About Nimesh

Nimesh Patel heads up Supplier Lifecycle Due Diligence at Barclays for External Cyber Assurance and Monitoring within the organisation and brings a unique blend of Financial Services experience and Cyber security skills to strengthen the assessment and assurance process for Barclays vendors. He has over 20 years financial services experience. By utilising his new processes new contracts, material changes and exit of services fall into the scope of his team for due diligence.

About Theresa

Theresa Reynolds has 20 years of financial services industry experience with time spent in both the first and second lines of defense. Today she is responsible for the Operational Risk Management Validation and the Corporate Insurance Risk Management programs at Capital One. In her assurnacerole, she oversees the second line of defense operational risk management control assurance program. In addition to establishing corporate guidelines and methods, her team is responsible for execution of the assurance strategy for many types of operational risk across Capital One. Additionally, she oversees the insurance function, striving to ensure Capital One has effective contractual risk transfer strategies in place as well as enabling innovation across the Enterprise by finding unique ways to insure risks.

About Gary

Gary Savill is Head of Risk for Saga Group and has over 12 years of extensive risk management expertise, working previously in general insurance for AXA UK for 10 years and as Deputy Head of Operations for Sanlam Investment Management for 4 years.  Gary is a Chartered Management Accountant, qualifying whilst working for Nestle UK and is also a Specialist member of the IRM and member of the Institute of Management.

Gary have extensive experience of Solvency II, capital modelling, risk frameworks, conduct risk, risk culture, third party risk oversight and  building high performance teams.

About John

John Schiavetta is Deputy Chief Risk Office for AB, overseeing aspects of risk management to ensure that risks being taken are well understood and appropriately managed. Schiavetta joined AB in 2008 as Director of Risk Management with responsibilities for Fixed Income Risk, Liquidity Risk, Counterparty Risk and Valuation. Previously, he was at Fitch Ratings for 15 years, most recently as group managing director responsible for managing the agency’s global structured credit-ratings group. Prior to that, Schiavetta was product manager at the pension-consulting firm CDA Investment Technologies. He began his career at the Dreyfus Corporation. Schiavetta holds a BA in economics from Bates College and is a CFA charterholder. Location: New York.


Andrew Sheen
Head of Operational Risk Regulatory Risk Management and Non-Executive Director
Institute of Operational Risk


Craig Spielmann
former Global Head of Enterprise Risk Management Strategy
First Data

Jeremy Resler

Jeremy Resler
Vice President, Director of Third Party Risk Management Governance
U.S. Bank


Jack Sprague
Senior Vice President, US Head of Operational Risk Policy, Framework, and Capital

About Andrew

Andrew is Head of Operational Risk Regulatory Risk Management. He is also a non-Executive Director of the Institute of Operational Risk. Andrew is probably best known for his work at the FSA and subsequently the PRA. During his time at the FSA and PRA Andrew managed the Operational Risk Review team in the Risk Specialist Division and represented the UK on the BCBS’ and EBA’s Operational Risk working groups.

About Craig

Craig Spielmann will be presenting at the forthcoming X-Tech 2019 Convention and his biography will be coming very soon!

About Jeremy

Jeremy has over ten years of experience and expertise in the financial services and legal sectors, and is currently a Vice President and the Director of Governance in the Corporate Third Party Risk Management group at U.S. Bank.

Jeremy is responsible for overseeing various functions and teams within the centralized, enterprise TPRM Program, including quality assurance, policy and audit/exam management, fourth party risk, joint venture/strategic alliance risk, merger and acquisition operational risk, and enterprise RCSA third party risk. Jeremy graduated with an Economics degree from the University of Minnesota and a Juris Doctor from the William Mitchell College of Law in St. Paul, MN. Prior to U.S. Bank, Jeremy worked for a legal publishing company and subsequently clerked for a District Court Judge in Hennepin County, MN.

About Jack

Jack Sprague is a Senior Vice President and the Head of Operational Risk Policy, Framework, and Capital for the Americas at HSBC.

Jack has worked at HSBC since 2010 and in his current role, he is responsible for designing the Operational Risk framework in the US and developing associated policies and procedures.  He is also responsible for the firm’s Operational Risk CCAR program and regional submissions to support global stress tests and economic capital calculations.

Previously, Jack was the Head of Business Risk and Control for the Private Banking division in the Americas, where he implemented a first line risk management program and managed risk and control teams across the US and Latin America.  Jack has also held Operational Risk advisory roles at HSBC.


Thomas Tobin
Director of Operational Risk Management
Mizuho Americas

Ken W Headshot (2)

Ken Wolckenhauer
VP, Vendor Management
Nordea Bank


Stephen Woitsky
SVP, Operational Risk Manager
Bank of the West


Freek van Velsen
Chief Audit Executive
LeasePlan Corporation

About Thomas

Tom has over 20 years of financial services industry experience and is currently a Director of Operational Risk Management at Mizuho Bank in the Americas Risk Department. As part of the 2nd line of defense, Tom is responsible for the creating the Operational Risk Framework and implementing the tools, including the KRIs, RCSA program, establishing and maintaining the Control Library and Risk Taxonomy, Key Risk Assessments, and integrating the GRC system to all business lines across U.S. operations.

About Ken

Ken Wolckenhauer is the Head of Vendor Management at Nordea Bank’s New York branch. Leading up to this position, Ken was as a subject matter expert, trainer, solutions provider, and consultant for FIS, the world’s largest global provider dedicated to banking and payments technologies. With FIS, Ken specialized in financial industry regulatory risk and compliance, mostly in the area of anti-money laundering and watchlist compliance. Nordea Bank leveraged Ken’s risk and compliance knowledge to build out the vendor management program for the New York branch, developing a program that would properly manage risk as well as gaining acceptance to the US regulators. The success of the US program is now being used to advise Nordea’s European branches on enhancements to its TPRM program. Ken is a graduate of Bucknell University and is a Certified Anti-Money Laundering Specialist.

About Stephen

Hands-on and results-driven Risk Management Executive with 25+ years of leadership expertise in internal audits, regulatory compliance, controls, and overall strategic audit planning/execution for companies such as CLS Bank, Credit Suisse and UBS and BNP Paribas.

Strong, energetic leader with forte in streamlining processes ensuring compliance with regulatory standards; extensive experience launching internal audit and risk management operations.

Trusted and active advisor in dissecting, analyzing and presenting key strategic financial solutions to executive leadership.

Active volunteer and board member with Bridges Outreach since 2015 focusing on feeding and servicing people in need in NJ and NYC,  providing input into the strategic planning process and doing fundraisers with local businesses and schools.

About Freek

Freek van Velsen is Head of ORM Retail and Private Banking since December 2016. In this role Freek is responsible for operational risk management for the Retail and Private Banking activities, including Retail subsidiaries and Private Bank international network. Prior to rejoining ABN Amro Bank, Freek was Chief Financial and Risk Officer of a local member bank at Rabobank where he was responsible for Finance, Risk Management and Corporate Recovery. Freek was previously the Audit Partner for Regional Markets Asia at Royal Bank of Scotland based in Singapore. Prior to joining RBS, Freek was the Regional Head of Audit Asia Pacific for ABN AMRO Bank. Before moving to Asia Freek was based at ABN AMRO’s Head Office responsible for the global audit coordination and reporting of various Investment Banking lines of businesses. Freek started his career as an officer at the Royal Netherlands Air Force. Freek graduated with a MSc in Business Economics from the University of Tilburg and an Executive Master of Finance and Control from the Erasmus University Rotterdam.

All of our research reports are freely available to CeFPro Members and account holders. To access any of our reports, make your free account here.

By the BitSight & CeFPro

A global survey to gather information about the future discipline and direction of Operational Risk and the practitioners who work within it. The results of the survey have been presented in an in-depth 16-page analytical report.

By RiskSpotlight and CeFPro

Conduct risk is one of most high priority risks on the radar for most financial services firms. This survey is an attempt to assess the current state of how organisations are managing conduct risks across various geographical regions.

By the Institute of Operational RiskCeFPro

A global survey to gather information about the future discipline and direction of Operational Risk and the practitioners who work within it. The results of the survey have been presented in an in-depth 16-page analytical report.

By Aravo and CeFPro 

An analytical and in-depth global survey report to help benchmark some of the key questions that can indicate the status and health of your third party risk/supplier risk/vendor risk program.

The Center for Financial Professionals (CeFPro) is an international research organization and the focal point for financial professionals. CeFPro is driven by high quality and reliable primary market research. It is this market research that allows us to provide an excellent portfolio of peer-to-peer conferences, live interactive webinars, industry led content and a membership area for the industry to connect.

The Center for Financial Professionals (CeFPro) would like to introduce ‘Operational and Emerging Risk Research’, a global research arm, impartial and based on end-user perspectives and feedback from key operational risk suppliers.

In 2018 we released a high-level operational risk report with the Institute of Operational Risk (IOR) titled ‘Perspectives on operational risk management and practice’ which published the results of our survey conducted with over 650 operational risk professionals. In Q1 2019 we published two specific reports, namely: ‘Emerging issues in third party cyber risk’ and the ‘Current state on conduct risk management’. We have now embarked on a global survey assessing software implementation for non-financial risks, take part here.

Center for Financial Professionals
Center for Financial Professionals

Connect with us | #EmergingOpRiskResearch





Stay Updated
Receive CeFPro’s news, magazine, webinars, research reports and more...
I agree to receive emails from CeFPro (no spam or third parties)
Subscribe Now!
I agree to receive emails from CeFPro (no spam or third parties)
Get 50% OFF
Join our newsletter and get 50% off your next purchase
Privacy Policy. This information will never be shared for third part
Subscribe Now!