oprisk north america advisory board cyber risk north ... › wp-content › uploads › 2018 › 05...
TRANSCRIPT
JOIN THE DISCUSSION THROUGHOUT THE DAY ON YOUR PHONES! JOIN THE DISCUSSION THROUGHOUT THE DAY ON YOUR PHONES!
www.slido.com #OPRISKNA2017 www.slido.com #CYBERNA2017
19th annual OpRisk North America 14-15 March 2017 Marriott Marquis, New York
OPRISK NORTH AMERICA ADVISORY BOARD Meet the OpRisk North America Advisory Board. These industry professionals have volunteered their time and effort to help develop our OpRisk North America conference. Their dedication is critical to the success of the event and ensuring high-level quality content is provided to attendees. Our esteemed advisors are:
Chair: Alexander Campbell, Divisional Content Editor, RISK.NET
Graeme Farrell, Global Head, Operational Risk Management Framework, JP MORGAN CHASE
Aengus Hallinan, Managing Director, Head of Operational Risk Management for the Americas and Global Markets, CREDIT SUISSE
Deborah Hrvatin, Managing Director, Head of Operational Risk Management Americas, DEUTSCHE BANK
Jodi Richard, Head of Op Risk, US BANK
Kathleen M Stack, SVP, Operational Risk, HSBC NORTH AMERICA
Lori Miller, Managing Director, Head of Operational Risk, Investments, AIG
3rd annual Cyber Risk North America 14-15 March 2017 Marriott Marquis, New York
CYBER RISK NORTH AMERICA ADVISORY BOARD Meet the Cyber Risk North America Advisory Board. These industry professionals have volunteered their time and effort to help develop our Cyber Risk North America conference. Their dedication is critical to the success of the event and ensuring high-level quality content is provided to attendees. Our esteemed advisors are:
Chair: Alexander Campbell, Divisional Content Editor, RISK.NET
Jack Freund, Senior Manager, Cyber Risk, TIAA-CREF
Henry Jiang, Chief Information Security Officer (CISO), OPPENHEIMER AND COMPANY
Michael Woodson, Former Information Systems Security Dir; Adjunct Professor, NORTHEASTERN UNIVERSITY
Peter Keenan, Chief Information Security Officer (CISO), LAZARD
JOIN THE DISCUSSION THROUGHOUT THE DAY ON YOUR PHONES! JOIN THE DISCUSSION THROUGHOUT THE DAY ON YOUR PHONES!
www.slido.com #OpRiskNA www.slido.com #CyberRiskNA
WORKSHOPS
Pre conference workshops: 13th March 2017
Post conference workshops: 16TH March 2017
Workshop 1: Future of operational risk modeling post AMA Sessions by: Marco Migueis, Principal economist- Banking Supervision and Regulation, FEDERAL RESERVE BOARD Robert Stewart, Economist, FEDERAL RESERVE BANK OF CHICAGO Dr. Gareth W. Peters, Assistant Professor- Department of Statistical Science, UNIVERSITY COLLEGE LONDON Ruben D. Cohen, Independent Consultant Diane R. Maurice, Techncial Advisor- Office of Technical Assistance - International Banking, US DEPARTMENT OF TREASURY
Workshop 3: Forecasting and minimizing operational risk losses Sessions by: Jitendra Rathod, Senior Examiner, FEDERAL DEPOSIT INSURANCE CORPORATION (FDIC) Richard Cech, Senior Bank Examiner, Operational Risk Governance, Financial Institution Supervision Group, FEDERAL RESERVE BANK OF NEW YORK Muffasir Badshah, FEDERAL RESERVE BANK OF CHICAGO Robert Stewart, Economist, FEDERAL RESERVE BANK OF CHICAGO Gus Ortega, Head of Corporate Operational Risk Management, AIG
Workshop 2: Conduct risk- Fixing the systems Sessions by: Rajat Baijal, Head of Enterprise Risk, CANTOR FITZGERALD Anne Searle, Lecturer, UNIVERSITY OF WASHINGTON
Workshop 4: CCAR - a powerful business and risk management tool Sessions by: Filippo Curti, Financial Economist, Quantitative Supervision and Research, FEDERAL RESERVE BANK OF RICHMOND Michael Barton, Director of Operational Risk Quantification and Scenario Analysis, CCAR/EC, AIG
JOIN THE DISCUSSION THROUGHOUT THE DAY ON YOUR PHONES! JOIN THE DISCUSSION THROUGHOUT THE DAY ON YOUR PHONES!
www.slido.com #OpRiskNA www.slido.com #CyberRiskNA
MAIN CONFERENCE PROGRAM
Day One: 14TH March 2017
8:00am Registration and refreshments
8:50am WELCOME REMARKS: Alexander Campbell, Divisional Content Editor, RISK.NET *Interactive Audience Poll via Sli.do Vote live to generate real time content #OpRiskNA
WELCOME REMARKS: Michael Woodson, Former Information Systems Security Dir; Adjunct Professor, NORTHEASTERN UNIVERSITY *Interactive Audience Poll via Sli.do Vote live to generate real time content #CyberRiskNA
8:55am
KEYNOTE ADDRESS: The U.S. Treasury CRO’s perspective on operational risk Ken Phelan, Chief Risk Officer, U.S. DEPARTMENT OF THE TREASURY
KEYNOTE ADDRESS: Cyber risk- a clear and present danger James Brenneman, Assistant to the Special Agent in Charge, US SECRET SERVICE
9:25am
SPOTLIGHT ON: Bank of the Year- UBS
Then and now
What are the benefits of merging operational risk and compliance functions? What were the obstacles faced?
How to establish a firm-wide risk taxonomy
The need to revamp risk and control assessments
Deterring internal misconduct and monitoring employee behaviour James Oates, Global Head of Compliance & Operational Risk Control, UBS
SPOTLIGHT ON: The buy-side perspective: Cyber security risk identification and management
Cyber security response protocols
Emerging cyber threats: evaluating their magnitude and complexity
How to reverse stress test for cyber security Robert Rupp, Executive Vice President and Chief Risk Officer, THE HARTFORD
9:55am
REGULATORY KEYNOTE ADDRESS: Operational risk at a crossroad- The regulator’s view REGULATORY KEYNOTE ADDRESS
JOIN THE DISCUSSION THROUGHOUT THE DAY ON YOUR PHONES! JOIN THE DISCUSSION THROUGHOUT THE DAY ON YOUR PHONES!
www.slido.com #OpRiskNA www.slido.com #CyberRiskNA
Thomas Ferlazzo, Senior Vice President, Supervision Group- Operational Risk, FEDERAL RESERVE BANK OF NEW YORK
10:25am
KEYNOTE PANEL: The changing operational risk function
How can operational risk add value to the front office? Has operational risk management moved to a decentralized model?
Defining and measuring your firms risk culture and looking at the role of supervisor
Delving into the SMA: What has changed? Why have the changes occurred? How has the industry responded?
Lisa Broomer, Global Head of Operational Risk, JP MORGAN CHASE Megumi Nishikawa, Director- Operational Risk, OFFICE OF THE SUPERINTENDENT OF FINANCIAL INSTITUTIONS (OSFI) CANADA Paulomi Shah, Head of Operational Risk, Global Banking and Markets, BANK OF AMERICA MERRILL LYNCH Neil Roth, Head of Operational Risk Governance for Combined U.S. Operations, RBC *Audience Q&A Submit your questions via sli.do
CISO PANEL: Preventing another Swift attack
How to avoid phishing and malware?
Which payments systems are likely to be targeted next and how to prepare for it
Regulatory probe into vulnerabilities, processes, encryption and technological controls
Evaluating remediation plans?
What metrics and data should be presented to the board and senior management?
Moderator: Michael Woodson, Former Information Systems Security Dir; Adjunct Professor, NORTHEASTERN UNIVERSITY Michael Leking, Business Information Security Officer, US BANK Sheldon Cuffie, CISSP, VP & Chief Information Security Officer, NORTHWESTERN MUTUAL Peter Keenan, Chief Information Security Officer (CISO), LAZARD Shelbi Rombout, Senior Vice President - Deputy Chief Information Security Officer, MASTERCARD
11:10am Morning coffee and networking break
STREAM 1: Regulation and compliance
STREAM 2: Practice and risk management
STREAM 3: Threats and risks
PANEL DISCUSSION: Quantifying cyber risk exposure
Using the standard Factor Analysis of Information Risk (FAIR) model for risk quantification and analysis
11:40am CHAIR'S OPENING REMARKS CHAIR'S OPENING REMARKS Joshua Kotok, CFE, CISA, Chief Risk and Compliance Officer, FIRST SAVINGS
CHAIR'S OPENING REMARKS Heyna Deepa Patel, Senior Vice President, Senior Segment Risk Manager, THE HUNTINGTON NATIONAL BANK
JOIN THE DISCUSSION THROUGHOUT THE DAY ON YOUR PHONES! JOIN THE DISCUSSION THROUGHOUT THE DAY ON YOUR PHONES!
www.slido.com #OpRiskNA www.slido.com #CyberRiskNA
11:45am
LIVE INTERVIEW: The road to better risk data governance-BCBS 239
The Fed’s approach of incorporating BCBS 239 into CCAR
How can banks use the regulation to gain a competitive advantage?
What BCBS 239 compliance challenges are IT infrastructure and frameworks facing?
Frederick Spencer CGEIT, ICBRR, US Chief Data Risk Officer, SOCIÉTÉ GÉNÉRALE Virginia Opacki, Director, BNY MELLON Philip Petrosky, Head of US Risk Data Governance, DEUTSCHE BANK
PRESENTATION: Building a holistic ORM program —including dynamic and insightful risk reporting
How to create a culture of collaboration across the lines-of-defense
Composing malleable and relevant risk taxonomies
Establishing influential data outcomes
Ladd Muzzy, Principal, NASDAQ BWISE
PRESENTATION: Assessing emerging risks and their impact on ORM
How do you identify emerging risks?
What are the tools and techniques used to gauge exposures and vulnerabilities?
Examining how to treat causes over symptoms
Brenda Boultwood, Senior Vice President of Industry Solutions, METRICSTREAM
Putting a price tag on enterprise-wide loss exposure
Justifying the value of cybersecurity to management and the board
Jack Freund, Senior Manager, Cyber Risk, TIAA-CREF Jack Jones, EVP Research & Development, RISKLENS Henry Jiang, Chief Information Security Officer (CISO), OPPENHEIMER AND COMPANY
5 min intermission allowing participants to change streams
12:20pm
PANEL DISCUSSION: Stress testing
How have banks faired on their stress tests on the three Fed-defined scenarios – baseline, adverse, and severely adverse?
PANEL DISCUSSION: Scenario analysis
How will the role of scenario analysis change in the quantification of operational risk under SMA?
PANEL DISCUSSION: Managing third party risk
How do firms approach third party risk?
What are the expectations around internal BCP for vendor outage?
Ensuring the first line of defence understands third
PANEL DISCUSSION: Measuring the impact of cyber security breach and managing cyber risk
The cost of business interruption
Reputational damage and legal costs associate with theft of customer information
The growing trend of cyber liability insurance
Building robust business continuity and disaster recovery plans
JOIN THE DISCUSSION THROUGHOUT THE DAY ON YOUR PHONES! JOIN THE DISCUSSION THROUGHOUT THE DAY ON YOUR PHONES!
www.slido.com #OpRiskNA www.slido.com #CyberRiskNA
How can banks mitigate qualitative objections for Comprehensive Capital Analysis and Review (CCAR)?
What is the impact of introducing SMA on CCAR/ICAAP?
Helping foreign banks prepare for 2017 CCAR submissions
How does CCAR become embedded in your risk management process? How foreign banks need to follow suit from US banks
Lourenco Miranda, Managing Director, Head of CCAR, SOCIÉTÉ GÉNÉRALE CORPORATE AND INVESTMENT BANKING Gordon G Liu, EVP US Head of Global Risk Analytics, HSBC NORTH AMERICA Kresimir Marusic, Managing Director, US Financial Planning and Stress Testing Lead, DEUTSCHE BANK
How can scenario analysis and data capture mitigate risk?
Michael Barton, Director of Operational Risk Quantification and Scenario Analysis, CCAR/EC, AIG Patrick Naim, CEO, ELSEWARE Ni Kenney, Director - Operational Risk AMA Framework, Governance, Capital & CCAR, CAPITAL ONE
party risk, builds adequate monitoring and escalates out-of-tolerance metrics in a "standard" manner
How to evaluate country and economic risk for offshore vendors
How to detect vendor fraud?
Yakut Akman, Chief Third Party Management Officer, CITI Brian Neary, Vice President, Chief Operational Risk Officer, THE HARTFORD Joe Peddle, Third Party Risk Leader, SVP Operational Risk, GE CAPITAL Gayle Woodbury, CIA, CISA, CCSA, CTPRP, Managing Director, CROWE HORWATH
What type of data is needed for managing this risk?
Moderator: Alexander E. Abramov, Markets – Information Risk, THE BANK OF NEW YORK MELLON Henry K. Fu, MBA, CIA, CISA, CISM, FLMI, Director – Enterprise Risk Management, FIDELITY & GUARANTY LIFE Ryan E. Bateman, Director- Technology, SANDS CAPITAL MANAGEMENT
1:00pm Lunch and networking break
2:00pm
SPOTLIGHT ON: Integrating AMA models with other risk management goals
CASE STUDY: Effective operational risk management at
PRESENTATION: Managing operational risk losses
PRESENTATION: Risk in mobility
Insider Threat: Data exfiltration
Evaluating the risks associated with:
JOIN THE DISCUSSION THROUGHOUT THE DAY ON YOUR PHONES! JOIN THE DISCUSSION THROUGHOUT THE DAY ON YOUR PHONES!
www.slido.com #OpRiskNA www.slido.com #CyberRiskNA
How to use AMA to model individual events of greatest concerns?
Can AMA be used towards creating a sustainable RCSA?
Evaluating the future of operational risk modeling: Will banks be able to use current oprisk models? How will models evolve under the SMA framework?
With the AMA accommodating towards political upheaval, will the SMA follow suit and ease political risk for banks?
the Insurer of the Year- MassMutual
Then and now
Use of GRC tools and techniques to inform operational risk management
How to use your GRC tool across various business lines and to uniformly respond to regulators
The benefits of customising your risk register or taxonomy
Brad Hoffman, Senior Vice President - Enterprise Risk and Actuarial, MASSACHUSETTS MUTUAL LIFE INSURANCE
Lessons learnt from internal and external events
Importance of boundary events and how to identify them
o Bring your own device (BYOD) o Contingent workers
5 min intermission allowing participants to change streams
2:35pm
SPOTLIGHT ON Dimitris Bartzilas, Head of ORM Capital, CREDIT SUISSE
LIVE INTERVIEW: Financial crime- Convergence of AML and fraud to achieve greater effectiveness and efficiency
Examining the benefits of the convergence of fraud and AML and the main obstacles in the convergence
LIVE INTERVIEW: Terrorism and physical security- the impact on business continuity
How do banks adapt to terrorist attacks? How does crisis management in banks need to adapt?
How to ensure your people and operations are safe? Does physical
LIVE INTERVIEW: Cyber as a subset of operational risk
Can information security use the same op risk framework? Will existing taxonomies and risk registers used to classify op risk losses suffice?
Moving away from unsupported legacy systems to established taxonomies that bridge the gap between technology specialists and risk professionals
Robert J. Gerden, SVP, Risk & Compliance, Enterprise Global Services, WELLS FARGO
JOIN THE DISCUSSION THROUGHOUT THE DAY ON YOUR PHONES! JOIN THE DISCUSSION THROUGHOUT THE DAY ON YOUR PHONES!
www.slido.com #OpRiskNA www.slido.com #CyberRiskNA
How to successfully implement a unified case management system for both departments without necessarily combining the investigation teams
Crossing silos to centralise data collection to enable real-time analysis for AML and fraud without duplication
How to use flexible platforms that support different business models for AML and fraud co-existence to better understand a customer’s behaviour
McHenry Kane, Group Vice President, AML/BSA Strategies and Planning, SUNTRUST BANK Peter Warrack, Director AML FIU, BMO FINANCIAL GROUP Lester Joseph, SVP, Manager- Global Financial Crimes Intelligence Group, WELLS FARGO
security need to be revamped?
Janet Lerch, Chief Continuity and Technology Risk Officer, U.S. BANK Ihab Dana, CBCP, Head of Business Continuity Management US, RBC
Neil Datta, Director- Head of Operational Risk, OPTIMA FUND MANAGEMENT Derek Baumer, Managing Director, Enterprise Risk Management, STATE STREET
3:05pm Afternoon coffee and networking break
3:30pm
GUEST ADDRESS: Cross industry operational and cyber risk learnings
How is risk culture embedded in the organisation?
JOIN THE DISCUSSION THROUGHOUT THE DAY ON YOUR PHONES! JOIN THE DISCUSSION THROUGHOUT THE DAY ON YOUR PHONES!
www.slido.com #OpRiskNA www.slido.com #CyberRiskNA
What's your organisations approach for setting risk appetite?
What approach do you use to quantify operational/cyber risk?
Preventing reputational ruin Franklin Donahoe, Chief Information Security Officer- Global Information Security Office, MYLAN *Audience Q&A Submit your questions via sli.do
4:00pm
ALL-STAR PANEL: The “new normal”: Convergence of operational and cyber security risk
Expanding operational risk to include cyber security risks
Revamping the ERM strategy: How can aligning fraud, IT, cyber security and operational risk management help join the dots?
Updating the three lines of defence to align board-level risk appetite
Crossing silos to foster knowledge sharing and cooperation Moderator: Joshua Kotok, CFE, CISA, Chief Risk and Compliance Officer, FIRST SAVINGS Ted Bruntrager, Global Head of Operational Risk Management, MANULIFE Jodi Richard, Head of Op Risk, U.S BANK John J. Doherty, Partner, Information Technology Advisory Services, EY Randy Miskanic, Americas Regional Head, Group Information Security Office, UBS *Audience Q&A Submit your questions via sli.do
4:45pm
CHAMPAGNE ROUNDTABLES: Bring your questions, leave with your answers! From session to roundtable- Take the day’s most contentious issues and fully engage with your peers in small interactive roundtable discussions to drill down, share best practice and take away diverse approaches to the same challenge from your fellow industry peers.
Roundtable 1: Regulation
Roundtable 2: AML, CTF and sanctions compliance
Roundtable 3: Cyber risk and data security
Roundtable 4: Geopolitical risks
Roundtable 5: Outsourcing
Roundtable 6: Conduct risk
Roundtable 7: Organisational change
Roundtable 8: IT failure
JOIN THE DISCUSSION THROUGHOUT THE DAY ON YOUR PHONES! JOIN THE DISCUSSION THROUGHOUT THE DAY ON YOUR PHONES!
www.slido.com #OpRiskNA www.slido.com #CyberRiskNA
Roundtable 9: Fraud
Roundtable 10: Physical attack
Roundtable 11: Convergence of operational and cyber risk
Roundtable 12: The impact of fintech and innovation on operational risk
Roundtable 13: 3LODs
5:30pm CHAIR'S CLOSING REMARKS: Alexander Campbell, Divisional Content Editor, RISK.NET
5:35pm Networking drinks reception- Hosted by EY
7:00pm Private dinner- Invite only
Day Two: 15TH March 2017
VIP BREAKFAST BRIEFING: Hosted by IBM Invite only 07:30 Registration and refreshments
08:00 OPENING ADDRESS
08:10 ROUNDTABLE: Using cognitive computing to streamline regulatory compliance
The limitations of human resources in dealing with multiple regulatory compliance projects
The potential of cognitive computing to bring efficiencies to regulatory compliance
The challenges in gaining broader industry acceptance of the use of cognitive computing
Joseph W Lodato, Global Head of Compliance Technology and Surveillance, GUGGENHEIM PARTNERS Joshua Kotok, CFE, CISA, Chief Risk and Compliance Officer, FIRST SAVINGS John Sabath, Vice President, Regulatory & Operational Risk, GE CAPITAL Viktor Grinberg, Head of Compliance and Regulatory Technology, US, DEUTSCHE BANK
JOIN THE DISCUSSION THROUGHOUT THE DAY ON YOUR PHONES! JOIN THE DISCUSSION THROUGHOUT THE DAY ON YOUR PHONES!
www.slido.com #OpRiskNA www.slido.com #CyberRiskNA
8:30am Registration and refreshments
9:05am CHAIR'S OPENING REMARKS: Alexander Campbell, Divisional Content Editor, RISK.NET CHAIR'S OPENING REMARKS
9:15am
KEYNOTE ADDRESS: Supervision in a new era Maryann Hunter, Deputy Director- Division of Banking Supervision and Regulation, BOARD OF GOVERNORS OF THE FEDERAL RESERVE SYSTEM *Audience Q&A Submit your questions via sli.do
KEYNOTE ADDRESS *Audience Q&A Submit your questions via sli.do
9:50am
KEYNOTE PANEL: Digital disruption in the financial markets and its impact on operational risk
What's the Chief Operational Risk Officers view of fintech and innovation? Is it added complexity or added security?
Understanding how banks need to adapt oversight, processes and tools to support real time digital innovation
Digital disruption and innovation in banking- What are the emerging risks and how does it impact operational risks?
Deborah Hrvatin, Managing Director, Head of Operational Risk Management Americas, DEUTSCHE BANK Aengus Hallinan, Managing Director, Head of Operational Risk Management for the Americas and Global Markets, CREDIT SUISSE Beth Rudofker, Global Head of Operational Risk Management, CITI *Audience Q&A Submit your questions via sli.do
SPOTLIGHT ON: Emerging cyber regulation- A second and third line of defense perspective
More prescriptive guidance
New paradigm for risk management and audit
Enhanced board and executive management expectations
PART I
PRESENTATION
PART II
LIVE INTERVIEW Mahi Dontamsetti, SVP & Chief Technology Risk Officer (CTRO), STATE STREET CORPORATION Art Ackerman, SVP & Head of IT Audit, STATE STREET CORPORATION *Audience Q&A Submit your questions via sli.do
10:35am Morning coffee and networking break
JOIN THE DISCUSSION THROUGHOUT THE DAY ON YOUR PHONES! JOIN THE DISCUSSION THROUGHOUT THE DAY ON YOUR PHONES!
www.slido.com #OpRiskNA www.slido.com #CyberRiskNA
STREAM 1: OpRisk losses and modeling
STREAM 2: ORM STREAM 3: The future of OpRisk
PRESENTATION Nicole Eagan, CEO, DARKTRACE
11:05am CHAIR'S OPENING REMARKS CHAIR'S OPENING REMARKS Gus Ortega, Head of Corporate Operational Risk Management, AIG
CHAIR'S OPENING REMARKS
11:10am
PRESENTATION: Harnessing a healthy risk culture to prevent operational risk losses
Learning from the recent million dollar settlement
Setting controls in place to prevent customer identity theft and set up of ghost accounts
Deseeding poisonous bonus driven employee culture
PRESENTATION: The role of creativity in ORM
The evolving face of operational risk management
The role of creativity
Emerging risks or converging risks?
Aengus Hallinan, Managing Director, Head of Operational Risk Management for the Americas and Global Markets, CREDIT SUISSE
PRESENTATION: Big data-an emerging risk or opportunity?
How to keep up with the growing demands for quicker and more detailed risk intelligence, based on the processing of ever-growing volumes of data
How can data be controlled, efficiently delivered and kept transparent and auditable?
Why is big data being considered a threat to the industry?
Bala Ayyar, Managing Director, Chief Data Officer - Americas, SOCIÉTÉ GÉNÉRALE
5 min intermission allowing participants to change streams
11:45am
PANEL DISCUSSION: Types of operational risk models
PANEL DISCUSSION: Risk appetite and KRIs
AUTHOR’S PANEL: The future of operational risk standards
PANEL DISCUSSION: Cloud security
Evaluating cloud security threats: Loss or theft of intellectual property, Loss of control over end user actions
JOIN THE DISCUSSION THROUGHOUT THE DAY ON YOUR PHONES! JOIN THE DISCUSSION THROUGHOUT THE DAY ON YOUR PHONES!
www.slido.com #OpRiskNA www.slido.com #CyberRiskNA
LDA, regression, scenario, and other models
Evaluating model adequacy
Integrating models with risk management and regulatory requirements
Marco Migueis, Principal economist- Banking Supervision and Regulation, FEDERAL RESERVE BOARD Tonia Durfee, Director ORM Capital, CREDIT SUISSE Filippo Curti, Financial Economist, Quantitative Supervision and Research, FEDERAL RESERVE BANK OF RICHMOND
Should the RAS be the first source of top-down KRIs?
Are resources that calculate op risk capital that's more quant related different than RCSA resources that's more qualitative?
Can the risk appetite level and the tolerance level be at the same point?
Operating outside of the appetite
Setting KRIs for reputational risk and conduct risk?
Moderator: Gus Ortega, Head of Corporate Operational Risk Management, AIG Richard Cech, Senior Bank Examiner, Operational Risk Governance, Financial Institution Supervision Group, FEDERAL RESERVE BANK OF NEW YORK Karthik Ramakrishnan, Senior Manager- Financial Services Risk Management, EY Graeme Farrell, Global Head, Operational Risk Management Framework, JP MORGAN CHASE
New Paradigm in Operational Risk Management
Shift in Risk Management Infrastructure
Links to operational risk and macroeconomic/macro-prudential management
FinTech and New Operational Risk Challenges - Beyond Cyber Protections
Moderator: Diane R. Maurice, Technical Advisor- Office of Technical Assistance - International Banking, US DEPARTMENT OF TREASURY Prasad Kodali, Head of Operational Risk, CIT GROUP Rajat Baijal, Head of Enterprise Risk, CANTOR FITZGERALD Jack Freund, Senior Manager, Cyber Risk, TIAA-CREF
Investigating the risk of cloud services
The insider threat of Bring Your Own Cloud (BYOC)
Moderator: Michael Woodson, Former Information Systems Security Dir; Adjunct Professor, NORTHEASTERN UNIVERSITY Peter Keenan, Chief Information Security Officer (CISO), LAZARD John Polis, Chief Operating & Technology Officer, STAR MOUNTAIN CAPITAL
12:30pm Lunch and networking break
JOIN THE DISCUSSION THROUGHOUT THE DAY ON YOUR PHONES! JOIN THE DISCUSSION THROUGHOUT THE DAY ON YOUR PHONES!
www.slido.com #OpRiskNA www.slido.com #CyberRiskNA
1:30pm
LIVE INTERVIEW: Preventing fraud
Moving away from the siloed approach to real time identification and prevention
Has insider fraud been trumped by online fraud?
Examining the interaction of internal and external fraud
How to data mine for internal and external fraud- what are the current trends and techniques?
The rise of application fraud
Moderator: Lori Miller, Managing Director, Head of Operational Risk, Investments, AIG Robert J. Gerden, SVP, Risk & Compliance, Enterprise Global Services, WELLS FARGO
LIVE INTERVIEW: Evaluating operational risk in buyside firms and banks
What kind of event type structure needed in each of these firms?
Will event and taxonomy structure look similar?
Integrated GRC programs for oprisk
LIVE INTERVIEW: Conduct risk
What are the drivers of conduct risk
Evaluating the way major banks approach conduct risk
What are the metrics used to monitor conduct exposures?
Fenton Aylmer, MD, Head of Operational Risk, CITI Jitendra Rathod, Senior Examiner, FEDERAL DEPOSIT INSURANCE CORPORATION (FDIC) Vincent R. Pinelli, Managing Director, COO & Head of Audit OPS, MUFG UNION BANK
WAR GAMES: Responding to a cyber security breach Simulation of 3 cyber breaches: phishing, malware and insider threat
Hierarchy of response- who are the 1st and 2nd responders?
How will C-level executives report back to the board?
The role of cyber risk practitioners to patch up the breach
Op risk managers and getting systems and servers back up
Evaluating reputational damage
Handling PR communications
5 min intermission allowing participants to change streams
2:10pm
SPOTLIGHT ON: Risks and opportunities in 2017 from a front office perspective
PRESENTATION: The invisible ORM
PRESENTATION: Thinking beyond conventional GRC
PRESENTATION: Cyber risk and its impact on business continuity
Evaluating communications role in BCP: internal and external
JOIN THE DISCUSSION THROUGHOUT THE DAY ON YOUR PHONES! JOIN THE DISCUSSION THROUGHOUT THE DAY ON YOUR PHONES!
www.slido.com #OpRiskNA www.slido.com #CyberRiskNA
2017 is shaping up to be a year of many changes and much uncertainty. This keynote address will delve into several risks that front offices will likely be exposed to in the New Year and the business and investment opportunities that may exist as a result.
Market risks
Geopolitical risks
Tweet risks
Regulation risks
Technology risks
Cybersecurity risks Kevin D. Mahn, President & Chief Investment Officer, HENNION & WALSH ASSET MANAGEMENT
How can ORM embed itself in existing business processes?
What kind of information/ metrics are required from the ORM function, other than loss reporting data?
Should ORM test controls to determine effectiveness or should this solely be the job of Audit and/or Compliance?
Daniel McKinney, Partner, Financial Services Organization, EY
Examining the significance for GRC in today’s business
Why should firms invest on next-generation GRC technology?
What are the trends in GRC technology and key drivers for GRC in the market?
Integrating policy management, vulnerability risk management and content library
Marshall Toburen, GRC Strategist, RSA
Inviting vendors into the BCP exercises
Testing third party BCPs
Involving op risk on the BCP event board
2:35pm Afternoon coffee and networking break
3.05pm
ALL-STAR PANEL: Redefining the 3 LODs across op risk and cyber risk
If 2LOD is supposed to be the police within the organization, is the 3LOD the judge?
How best should the 1LOD demonstrate their value to the businesses they support?
Ensuring the 1LOD and 2LOD safeguard information security
How to address the potential redundancy of testing across the 3LOD?
How much controls testing does the 2LOD execute? Does it vary for IT vs other control types?
How to enhance the communication between the 1st and the 2LOD for more effective op risk and cyber risk management?
Is it common to have a "1.5" LOD that links the risk management activities in the 1LOD with the 2LOD?
Do we need a 4LOD? Carrie M. Barranca, Head of Audit, Operational Risk, STANDARD CHARTERED Bob Agan, SVP, Director of Enterprise Risk Management, OPPENHEIMERFUNDS Kathleen M Stack, SVP, Operational Risk, HSBC NORTH AMERICA Glenn H. Hursh, Managing Director, KPMG
JOIN THE DISCUSSION THROUGHOUT THE DAY ON YOUR PHONES! JOIN THE DISCUSSION THROUGHOUT THE DAY ON YOUR PHONES!
www.slido.com #OpRiskNA www.slido.com #CyberRiskNA
*Audience Q&A Submit your questions via sli.do
3:50pm
GUEST ADDRESS: The FBI on Wall Street - The 1LOD perspective for compliance and operational risk The inside story of “Tipper X” - how a former hedge fund analyst became one of the most prolific FBI informants in securities fraud history Tom Hardin (Tipper X), The FBI's most productive cooperating witness in Operation Perfect Hedge *Audience Q&A Submit your questions via sli.do
4:20pm CHAIR'S CLOSING REMARKS: Alexander Campbell, Divisional Content Editor, RISK.NET
4:30pm End of conference