8:50 Chair’s opening remarks

Moderated by: Rob MacPherson, COO, Phyton Consulting


9:00 Reviewing requirements for operational resilience and developing agile programs in a changing environment

Session details 

  • Identifying overlap between risk and IT processes
  • Evolution of resilience program post pandemic
  • Inclusion of political disruption within resiliency
  • Testing plans and recovery to limit disruption
  • Requirements for mapping processes and controls
  • Evaluating criticality in resilience requirements
  • Identifying resilience challenges across supply chain

Sabeena Liconte, Chief of Compliance, ICBC
Chris Harner, Managing Director, Cybersecurity, Sia Partners
Jack SpragueSVP, Operational and Resilience Risk, HSBC USA


9:45 Integrating third party risk with operational resiliency

Session details 

  • Session to come

Preety Tulsain, Head of Third-Party Risk US/ Enterprise Risk, Scotiabank
Gregory Vinton, Director, US Internal Controls, Third Party Risk, Scotiabank

10:20 Morning refreshment break and networking


10:50 Enhancing control environment across supply chains and managing exposure to vendor and third-party risks

Session details 

  • Enforcing proper processes for delivery
    • Mitigating introduction of additional risks
  • Monitoring access to data across organization boundaries
  • Developing adequate control mechanisms
    • Controls to address incidents firms are experiencing
  • Managing compliance of contracts
  • Communicating incidences in a timely manner
  • Managing instances that expose the firm to reputation risk
  • Corrective action and remediation steps in real time

Michael Steinhoefel, Director, Operational Risk Management, Barclays
Stuart Hoffman, Governance & Operational Risk Policy Analyst, OCC


11:35 Leveraging data as a tool to enhance operational risk controls and tailor customer experience

Session details 

  • Developing a data governance process
  • Impact of privacy on data programs
  • Data security practices across vendors
  • Managing data in an increasingly digital world
  • Operationalizing risk data
  • Developing for advanced and predictive analytics
  • Challenges with client reference data
    • Implications of having bad reference data at the source on consumers of data

Sanjay Pattni, Associate Partner & Head of Data Management, Phyton Consulting
Aron ElstonAssociate Partner/Head of Analytics, Phyton Consulting 


12:10 Organizational culture and operational risk - the interplay

Session details 

  • DEI and belonging – a business imperative
  • The role of leadership in creating the right environment
  • Learning opportunities
  • Sustaining strong operational risk management

Théa WatkinsFormer Head of Branch Management, Lloyds Banking Group

12:45 Lunch break and networking


1:45 Managing ICT outage risk across modern digital infrastructure environments

Session details 

  • Outage trends across modern financial sector infrastructure
  • Approaches to identifying and mitigate outage risks across cloud, SaaS and colocation and system integrator partners
  • Scoping and implementing risk monitoring and risk assessments programs
  • Embedding infrastructure risk mitigation process across LODs and operational resiliency teams to meet regulatory requirements
  • Working with ICT partners to address and mitigate risk

Ali Moinuddin, Managing Director, Europe, Uptime Institute


2:20 Continuous monitoring of fintech risk

Session details 

  • Regulatory guidance on partnerships between banks and fintechs
    • Impact to how fintechs are managed in banking
  • Developing fintech partnerships
    • Understanding capabilities and risks associated
  • Aggregating fintech data
  • Incorporating fintech data into ERM platforms for continuous monitoring

Hafsteinn Gislason, Director, Operational Risk, Silvergate Bank
Michael Glotz, Chief Executive Officer, Strategic Risk Associates
Al Palmer, Chief Risk & FinTech Officer, Strategic Risk Associates


Session details 

  • Disruption to existing products and processes
  • Developing algorithms to enhance efficiency
  • Leveraging technology capabilities as a tool to view risk holistically
  • Managing data requirements and ensuring accuracy of data sets
  • Managing end of life of a technology
    • Communicating to impacted businesses
  • Quantum computing
    • Changes to data encryption on the horizon

Rodney Campbell, Senior Vice President – Head of Third-Party Risk Management, Valley National Bank
Jonathan Lindhe, Head of Presales NA, Camms
Dushyant Sengar, Valuation & Capital Market Analysis Director, BDO USA. LLP

3:40 Afternoon refreshment break and networking


4:10 Inter-connecting operational risks across vertical business units and horizontally across the enterprise

Session details 

  • Managing interconnected nature of operational risk and reliance on other disciplines
  • Developing an effective enterprise risk management governance framework
    • Balancing vertical ownership vs. horizontal
  • Examples and approaches within third party risk management
  • Up and down side effects of different industry approaches

Michael Steinhoefel, Director, Operational Risk Management, Barclays


4:45 Reviewing global regulatory requirements and expectations towards ESG and synchronization across regimes

Session details 

  • Vetting decisions on investments
  • Managing constantly changing global expectations
  • Building out new functions to manage ESG
  • Developing sustainability frameworks
  • Impact on operational risk practices
  • Increased business continuity processes
  • Monitoring products for green bonds
  • Profile/portfolio monitoring and transitioning

Cristiane Ronza, Environmental and Social Risk Management Lead, Inter-American Development Bank

5:20 Chair’s closing remarks

5:30 End of day one and networking drinks reception

8:50 Chair’s opening remarks

Moderated by: Matthew Moog, General Manager – Third Party Risk ManagementOneTrust


9:00 Leveraging scenario analysis and quantification methods to better identify impact of disruption

Session details 

  • Leveraging historical data to quantify damage
  • Quantifying reputation risk
  • Measuring business interruption
  • Capabilities to run additional scenario
  • Developing quantifiable stress scenarios
  • Developing scenarios applicable to business units
  • Regulatory expectations on scenarios
  • Identifying large scale impact scenarios

Jason Conn,  Managing Director – Head of Non-Financial Risk, Investment Banking and Americas, Credit Suisse
Craig Spielmann, Risk Intelligence Leader, CNM LLP


9:45 Risk quantification: It's not just math

Session details 

  • How risk quantification fits into your long-term risk management strategy
  • Methods to get moving in the right direction to incrementally bring value to the business through risk management
  • Practical approaches to improve how you communicate risk to leadership

Steve Schlarman, Integrated Risk Management Strategist, Archer

10:20 Morning refreshment break and networking


10:50 Trust-based TPRM: How to extract greater value from your TPRM program

Session details 

  • Understand enterprise trust and how it relates to third-party risk
  • Hear the latest third-party management trends 
  • Get actionable best practices for building a third-party management program based on trust 

Matt Moog, General Manager – Third Party Risk Management, OneTrust


11:25 Increasing the effectiveness of the RCSA

Session details 

  • The evolution of the RCSA
  • Best practices to improve the Process, Risk, & Control Data
  • The importance of the First and Second Line partnership
  • Next Steps on the transformational journey

David Box, Vice President, Single Family Operational Risk, Fannie Mae


11:45 Conducting impactful RCSAs to identify material risks

Session details 

  • Adopting a risk-based approach
  • Prioritizing critical processes to identify inherent risk
  • Identifying effectiveness of key controls to mitigate risk
  • Reviewing regulatory expectations

Javier Adolfo Ortiz, Chief, Financial Control & Operational Risk Management Unit, Inter-American Development Bank
Hafsteinn Gislason, Director, Operational Risk, Silvergate Bank
David Box, Vice President, Single Family Operational Risk, Fannie Mae

12:30 Lunch break and networking


1:30 Enhancing business continuity planning in a volatile global environment

Session details 

  • Lessons learnt from Covid-19
  • Uses of disaster recovery sites post pandemic
    • Move to WFH as DR site
  • Providing evidence of business continuity testing
  • Aligning with controls
  • Ongoing changes across the industry
  • Updating policies to reflect changes in working practices

Javier Adolfo Ortiz, Chief, Financial Control & Operational Risk Management Unit, Inter-American Development Bank


2:05 Setting risk appetites within the organization and setting firmwide expectations and monitoring metrics

Session details 

  • Making decisions based off of appetite
  • Leveraging systems data and people structure
  • Continuous monitoring of risks
  • Developing readily available data programs
  • Reliable and quantifiable data
  • Developing metrics for cyber risk

Stephen Woitsky, VP, Operational Risk Officer, Wells Fargo

2:40 Afternoon refreshment break and networking


3:10 Enhancing capabilities of operational risk through real time monitoring capabilities

Session details 

  • Designing processing systems to generate real time information
  • Developing tighter oversight
  • Leveraging as a tool to develop operational health
  • Real time risk identification
  • Identifying key metrics
  • Generating data streams more easily

Michael Reidy, Head of Risk Appetite and Reporting, Societe Generale


3:45 Managing the continuous evolution of model risk with increased digitalization

Session details 

  • Building blocks to digitalization
  • Innovation driving increased model complexity and use
  • AI/ML approaches generating operational risk consequences
  • Latest regulatory expectations regarding model risk across the risk appetite
  • Collaboration and integration with third party risk, change management & RCSA’s
  • Evolving operational risk programs

Chris Smigielski, Director of Model Risk Management, Arvest Bank

4:20 Chair’s closing remarks and end of Congress