rma’s 12th annual -...

CONFERENCE PROGRAM

RMA’S 12TH ANNUAL GOVERNANCE, COMPLIANCE, AND OPERATIONAL RISK CONFERENCE

JOIN. ENGAGE. LEAD.

www.rmahq.org/GCORXII

DEVELOPED BY PRACTITIONERS FOR PRACTITIONERS.

TUESDAY APRIL 17, 2018

4:00 p.m. to 6:00 p.m. President’s Ballroom Foyer*Registration

Thank you for your attendance and enjoy the conference.

RMA is pleased to present this year’s Governance, Compliance, and Operational Risk Conference (GCOR), the only conference of its type developed by practitioners for practitioners.

Browse through this program to determine which sessions you would like to attend. Be sure to catch the keynote address by Vanessa Allen Sutherland, Chairperson, U.S. Chemical Safety Board, who will speak about root-cause analysis and control breakdowns. Linda Tuck Chapman, President, Ontala Performance Solutions and author of the upcoming RMA-published book, “Third-Party Risk Management: Driving Enterprise Value,” will also share insights on essential tools and frameworks for effective lifecycle management and governance and ideas for driving enterprise value and understanding the risks in third-party robotic process automation and intelligent automation.

This year’s panels and sessions feature these timely topics:

• End-to-end process reviews• Interconnection between strategic risk

and risk appetite• The role of operational risk in new

product development

• The linkage among culture, risk appetite, and incentive compensation

• Examining the new standardized approach for operational risk

*All meeting rooms are on the Lobby level of the hotel.

WELCOME TO GCOR XII!

2

DAY 1 - WEDNESDAY APRIL 18, 2018

7:30 a.m. to 8:30 a.m. President’s Ballroom Foyer Registration and BreakfastBreakfast Sponsored by:

8:30 a.m. to 8:45 a.m. President’s Ballroom Welcome and IntroductionsEdward J. DeMarco Jr., General Counsel & Director of Operational Risk, The Risk Management Association

8:45 a.m. to 9:30 a.m. President’s Ballroom Opening Address: Cracking the Code on Risk Appetite in Business and in LifeRisk appetite is not a new concept for the financial services industry, but remains a challenge to institutionalize in most organizations. Learn about how you can crack the code on risk appetite by simplifying industry taxonomy, integrating quantitative measurement with qualitative evaluation, and understanding actual exposure compared to desired risk taking.Spyro Karetsos, EVP & Head of Enterprise Risk Services, SunTrust Banks, Inc.

9:30 a.m. to 10:15 a.m. President’s Ballroom Keynote AddressVanessa Allen Sutherland, Chairperson, U.S. Chemical Safety Board

10:15 a.m. to 10:45 a.m. President’s Ballroom Foyer Break

10:45 a.m. to 11:30 a.m. Choose a track. Room

TRACK 1 – Risk Appetite and StrategyIntegrating strategic planning, strategic risk management, and risk appetite is an evolutionary process in most organizations. It generally begins with disparate approaches and eventually can advance to a cohesive, structured process. This session will focus on the key steps in advancing the integrated approach, pitfalls to avoid, and proven best practices.Jeremy B. Zierler, Head of Strategic Risk, Enterprise Risk Services, SunTrust Banks, Inc.

Paul Revere Room

TRACK 2 – Root Cause Analysis: Lessons NOT Learned from Recent Corporate Governance FailuresWhy do some corporations keep finding themselves in the news? They fail to identify the root cause of their original wrongdoings, and to ensure mitigation activities and governance processes are implemented to reflect systemic risk. This session will explore an effective risk identification strategy that focuses on root cause; provide an understanding of the root cause of scandals affecting Chipotle and other corporations; communicate the importance of addressing root cause over outcome; help you to realize the benefits of taking a root-cause approach to risk mitigation; and recognize the characteristics of effective root-cause risk assessments.Steven Minsky, CEO, LogicManager, Inc.

Thomas Paine Room


TRACK 3 – The Boundaries between Credit Risk and Operational RiskCredit Risk or Operational Risk or Both? This session poses questions about the boundaries between credit risk and operational risk. Join this session to learn why it’s important to break down silos, to create frameworks to raise awareness and accountability and to encourage dialogue across risk disciplines and to thoughtfully manage and report boundary losses.Lisa N. Murphy, SVP, Operational Risk and Corporate Insurance, First Horizon National Corporation Banks, Inc.

William Dawes Room

11:35 a.m. to 12:20 p.m. Choose a track. Room

TRACK 1 – Three Line of Defense: Defining Roles and ResponsibilitiesThis session examines the roles and responsibilities across the three lines of defense model; and shares insights on executing the model within operational risk management. We will discuss challenges of implementation in particular across 1st and 2nd line risk and control functions. We will explore how integrated use of common risk platforms can have an impact on the model.Melinda L. Ball, Chief Operational Risk Officer, Huntington National Bank

Paul Revere Room

TRACK 2 – Culture and Conduct: Importance of Awareness, Measurement and Management

• Understanding the linkages between culture and conduct• Defining and sustaining culture as a strategic priority• Assessing risk culture and its impact on behaviors• Prioritizing awareness and measurement

Maria Teresa Tejada, Deputy Chief Risk Officer, KeyBank

Thomas Paine Room

TRACK 3 – Building an Operational Risk Framework in a Community Bank This session will focus on creating a sustainable framework for managing operational risks for community banks including guiding principles, key program components and even some lessons learned.Amy D. Swartwood, Director, Operational Risk Management, Enterprise Risk Management, Mutual of Omaha Bank

William Dawes Room

12:30 p.m. to 1:30 p.m. President’s Ballroom Lunch

4

1:35 p.m. to 2:25 p.m. Choose a track. Room

TRACK 1 – Innovation is the New Compliance Necessity: The Journey Towards Digital Risk ManagementRisk management and regulatory compliance remain a foremost concern for executives of banks and other financial institutions, and financial institutions will remain behind the curve, saddled by ineffective work orchestration systems and non-optimized procedures, until they equip themselves with modern digital capabilities and automation. Financial institutions need to embrace the transformation and also plan for risk emerging in the new digital ecosystem as well. The session highlights how digital prowess, technological leadership, and thoughtful collaborations provide better customer experience, cost efficiencies, enhanced productivity and greater regulatory preparedness in the digital era.Panelists: Jeffery Ingber, Financial Industry Consultant, Genpact; Dimitri Londos, Vice President, Genpact; Lauren Staudinger, Vice President, GenpactModerator: Satish Acharya, Vice President, Genpact

Paul Revere Room

TRACK 2 – Ethics Office Framework; Conduct Risk; Reporting and MonitoringThis session provides an overview of the key components to an effective Ethics function with a focus on Conduct Risk and the importance of effective reporting and monitoring. The discussion will include a review of a Conduct Risk Dashboard that “connects the dots” across different conduct metrics which helps identify potential concerning cultural or ethical patterns, trends, and themes of possible misconduct.Erin Straits, SVP and Chief Ethics Officer, FifthThird Bank

Thomas Paine Room

TRACK 3 – Role of Operational Risk in New Product DevelopmentOperational risk management’s role in product governance is in the development and oversight of policies and processes to manage the risks associated with products throughout their lifecycle, and regulatory agencies have increased interest in product governance and oversight for large financial institutions. This session will focus on TD Bank’s three lines of defense with regard to new product development; the importance of risk partners to the due diligence process for new activities; product risk assessments; the new product lifecycle; and TD Bank’s Product Review Program.Christopher Nestore, SVP and Head of Operational Risk Management, TD Bank

William Dawes Room



TRACK 1 – Risk Assessment and Continuous Monitoring • Overview of Risk Assessment Approaches• Convergence and Comprehensive Coverage• Risk-Based Monitoring and Testing• Data Analytics and Forward Looking Assessments

Panelists: Melinda L. Ball, Chief Operational Risk Officer, Huntington National Bank; Donald (Tripp) Rex, Senior Vice President, Director of Operational Risk Management, U.S. Bank; David W. Keenan, Managing Director, Morgan StanleyModerator: Jon Holland, Director, Enterprise Risk Governance Practice, KPMG

Paul Revere Room

TRACK 2 – Incentive Compensation Governance and Risk The discussion will focus on the principles of the Sound Incentive Compensation Policies and the evolution of regulatory oversight of incentive compensation at the large banks since 2010. Hear about emerging better practices in the area of incentive compensation governance, controls, and risk balancing. Get a brief overview of the current state of regulation and thoughts on the future.Mark S. Behnke, Partner & Co-lead of Global Reward Practice, Aon/McLagan;Gregory Camarco, Managing Director, Aon/McLagan

Thomas Paine Room

TRACK 3 – Changing The Conversation around Three Lines of Defense Why do the analysts and GRC Evangelists spend so much time preaching to the choir? The vast majority of Senior Managers have already read and accepted the Three Lines of Defense messages, it remains to be seen whether Executive Management and Board of Directors understand it, adopt it, and integrate it into their strategic plans. Join the discussion on the need to change the conversation about 3LOD to better educate C-Suites on focusing on Corporate Governance and Culture.Noah Gottesman, Senior Risk Advisor, SAI Global; Ben Heckman, Vanguard

William Dawes Room

3:25 p.m. to 3:55 p.m. President’s Ballroom Foyer Break

4:00 p.m. to 4:45 p.m. President’s Ballroom Emerging Operational Risks and TrendsPanelists: Michael J. Abraitis, EVP Chief Operational Risk Officer, PNC; Marty Blaauw, Managing Director/Op Risk Manager, MUFG Union Bank; Joseph A. Iraci, Managing Director, TD Ameritrade; Mary Kapferer, Chief Enterprise and Op Risk Officer, Key BankModerator: Glenn Hursh, Director, Enterprise Risk Governance Practice, KPMG

5:00 p.m. to 6:00 p.m. President’s Ballroom Foyer Networking Reception

6

DAY 2 - THURSDAY APRIL 19, 2018

7:00 a.m. to 8:30 a.m. President’s Ballroom Foyer Breakfast

7:30 a.m. to 8:15 a.m. William Dawes Room Innovation Session presented by: Iceberg NetworksBeyond Technology: Shift your Focus to Outcomes, Instead of FeaturesIn this session, Kirk will share successful strategies and tactics for achieving alignment, identifying outcomes, and prioritizing activities so that operational risk management groups can make impactful contributions to building and maintaining trust between organizations, customers, and regulators. He’ll also suggest ways to measure your organization’s progress towards these goals, and provide evidence that your risk posture is actually getting better. Kirk Hogan, Chief Operating Officer, Iceberg Networks

7:30 a.m. to 8:15 a.m. Thomas Paine Room Innovation Session presented by: Trust Exchange and CBIZCompliance in an Exponential World: The Role of Artificial Intelligence and Curated Crowdsourcing in the Future of ComplianceCompliance costs are soaring based on the growing volume and complexity of today’s business relationships, with Juniper Research predicting compliance costs skyrocketing from an estimated $10B globally to $76B by 2022. New approaches are required, and emerging technologies and approaches like Artificial Intelligence (AI), crowdsourcing, and blockchain will all play a role. Ed’s session will examine the strengths and limitations of AI and crowdsourcing approaches, and the role that they’re already playing at financial institutions to pave the path to the future of compliance. Ed Sullivan, Founder and CEO, Trust Exchange

8:30 a.m. to 9:15 a.m. President’s Ballroom Keynote Address: Third Party Risk Management: Driving Enterprise ValueThird parties directly affect your ability to meet the requirements and expectations of your customers, internal and external stakeholders, and employees. This keynote will address essential tools and frameworks for effective lifecycle management and governance; provide ideas for driving enterprise value, solving the “innovation conundrum,” and understanding the risks in third-party Robotic Process Automation (RPA) and Intelligent Automation (IA); and advise what’s happening across the sector and in peer banks.Linda Tuck Chapman, Author of “Third Party Risk Management: Driving Enterprise Value”

9:15 a.m. to 10:00 a.m. President’s Ballroom Keynote Address: Operational Risk Management Program from Capital Measurement to Risk ManagementHow to adjust your Operational Risk Management program from Capital Measurement to Risk Management. Jodi L. Richard, Chief Operational Risk Officer, U.S. Bank

10:00 a.m. to 10:30 a.m. President’s Ballroom Foyer Break


10:30 a.m. to 11:15 a.m. Choose a track. Room

TRACK 1 – The New Standardized Approach for Operational Risk Capital

• Description of standard• Discussion of the impact on US banks• Strengths and weaknesses of the approach

Marco Goncalves Migueis, Principal Economist, Division of Supervision and Regulation, Federal Reserve Board

Paul Revere Room

TRACK 2 – Exploring the Linkage among Cyber Risk, BCP and Third Party Risk Management Reliance on third parties adds another layer of threats to the consistent functioning of your operations. Third parties can be a conduit for cyber threats to your institution, fail to provide critical technology services, or even go out of business. A robust business continuity plan involves due diligence before hiring third parties, monitoring their performance, and having a recovery strategy that takes into account alternative providers and other factors should disaster occur. Erin Amerlan, Senior Vice President, Operational Risk & Insurance, Charles Schwab

Thomas Paine Room

TRACK 3 – The Attack of the Bots and Trolls: The Social Media Risks that are Destroying Public Confidence in Institutions How well enterprises manage public policy issues is as significant to business value as is financial management. However, many institutions do not engage on public policy issues until there are public demands for new rules or regulations. In the age of social media, anyone though can be a lobbyist, and regulators and politicians are being disintermediated as individuals and special interests take their issues directly to the institutions they want to influence. To avoid being engulfed in a social storm of fake news and trolls, and suffering brand and reputational value, financial institutions and other enterprises must take steps to engage on public policy issues early, and also must have crisis response capabilities in the event of social storms.French Caldwell, Chief Evangelist, MetricStream

William Dawes Room

8

11:20 a.m. to 12:05 p.m. Choose a track. Room

TRACK 1 – Material Risk IdentificationWith several years of work on Material Risk Identification (MRI) behind them, firms have settled on approaches, methods and reiteration. This panel will address those approaches, how material risk identification has evolved in a few short years, what particular nuances have been working, and what has been less effective. Beyond the regulatory requirements, the discussion will highlight some examples of effective integration into risk management programs. The panel will also share some themes that emerged from the Advanced Operational Risk Group’s (AORG) industry work in this area.AORG Panel: Nedim Baruh, Head of Operational Risk Capital Modeling, J.P. Morgan Chase Bank; Regina Desler, SVP/ Manager Corporate Operational Risk Analytics, Northern Trust Company; Kenneth J. Fuerst, Group Vice President, Corporate Operational Risk Management, M&T BankModerator: Doug Hoffman, Operational Risk Advisors LLC

Paul Revere Room

TRACK 2 – Implementing and Managing Third Party Governance Programs: a Case StudyNot renewing the service terms for a key service provider, caused more than 24 hours of downtime of a crucial customer facing service for this financial institution. In this hour we present:

• The third party lifecycle management risk and controls framework they adopted.

• Best practices and considerations for defining a third party governance program.

• Risk assessment and due diligence considerations at selection and transitions time.

• Numerous examples of measurements and KPIs for third party performance management.

• Finally how the comprehensive program reduced the compliance burden for them.

Shahed Khalili, Managing Director of Strategy and Performance Solutions, ACL

Thomas Paine Room

TRACK 3 – Developments In Cyber Risk Management and Insurance Cyber losses are off to a perilous start in 2018. Continued hacks, questions over the use of information kept on social media platforms, online theft, and the revelation that Russian spies have dangerously infiltrated U.S. infrastructure and transportation systems. After an overview of the attack vectors, this session will provide participants with the tools they need to purchase reliable insurance protection. Presenters will also deliver ten tips for avoiding coverage traps and increasing the chances that the coverage grant covers the actual cyber exposure. Cyber insurance coverage for evolving risks, time element losses, breach of contract claims, and data losses on cloud and third-party vendor systems will also be addressed.Joshua Gold, Esq., Chair of Anderson Kill Cyber Insurance Recovery Practice

William Dawes Room

12:15 p.m. to 1:15 p.m. President’s Ballroom Lunch



TRACK 1 – End-to-End Product and Service Risk AssessmentsHow to create an enterprise wide framework for assessing and managing the full range of operational risks across the end-to-end product and service life-cycle.Michael J. Abriatis, EVP Chief Operational Risk Officer, PNC Bank

Paul Revere Room

TRACK 2 – Third Party Risk Management: Vendor Oversight and Monitoring In October 2013, the OCC issued new guidance stating that bank risk management practices have not kept with the increasing complexities of third party relationships. This session will highlight Lifecycle 4, which focuses on expectations for ongoing monitoring of third- party relationships; third party is meeting the expectations for the bank; risk assessed is on a defined frequency or occurrence of an off-cycle trigger event; activities and assessments are completed prior to pre-determined due date; business reviews occur on a defined schedule; and any identified issues are escalated to senior management. Larry Salvati, Operational Risk Manager, Payments, Virtual Solutions, and Innovation, Corporate Risk, Deposit Products Group, Wells Fargo

Thomas Paine Room

TRACK 3 – Hardening the Chain: DLT and Operational Risk Management Financial institutions are investing in Blockchain and Distributed Ledger Technology (DLT). As projects transition from proof-of-concept to commercial implementation, managers will need to satisfy senior executives and regulators that they understand and are managing the operational risks. This session will introduce a framework for assessing, managing and controlling DLT risks.Jonathan Rosenoer, Master Inventor and Global Governance and Compliance Leader, IBM Blockchain & Digital Currency

William Dawes Room

2:05 p.m. to 2:20 p.m. President’s Ballroom Foyer Break


TRACK 1 – Examining the SMA: Will it Create the Level Playing Field Intended? The replacement of existing regulatory capital frameworks with a single standardized approach, the SMA, was touted by the Basel Committee as the solution to the very significant differences observed across jurisdictions. The loss of risk sensitivity, the argument went, was sacrificed at the altar of comparability. The release of the final Basel package in December 2017, however, hints at a different reality. We will discuss tweaks that were introduced which could potentially opened the door to a continued incoherent regulatory landscape and how operational risk management will be impacted by the introduction of the SMA.Evan Sekeris, Partner, Financial Services Practice, Oliver Wyman

Paul Revere Room

10

TRACK 2 – Linkage between Culture, CFPB Enforcement Actions, and Operational RiskThis session will provide an update on current CFPB issues and activities. The discussion will cover recently issued rulemakings, enforcement actions and litigation, and will highlight the Bureau’s recently issued Strategic Plan, revised mission statement, and new initiatives undertaken by direction of Acting Director Mulvaney.Edward J. DeMarco Jr., General Counsel, RMA; Bernard Mason, Regulatory Relations Liaison, RMA

Thomas Paine Room

TRACK 3 – Board and Senior Management ReportingRisk programs by default create a significant amount of information, and deciding what needs to be included in Board and executive reporting can be daunting. But in order for Risk Management to be truly meaningful to the bank, it is critical that information be presented to the Board and Senior Management in a way that is both informative and actionable. In this session we will explore different types of reports and examples of content which Board members find valuable. Topics will include:

• Aggregating information effectively• Focusing on what truly matters• Ensuring a common interpretation of key metrics

Eric C. Holmquist, Managing Director, Capco

William Dawes Room

3:15 p.m. to 4:00 p.m. President’s Ballroom Regulatory PanelLazaro Barreiro, Director for Governance Operational Risk Policy, Comptroller of the Currency;Donald Saxinger, IT Supervision Section, Chief; Marco Goncalves Migueis, Principal Economist, Division of Supervision and Regulation, Federal Reserve Board

Conference Ends

See you at GCOR XIII in Cambridge, MA

April 10-11, 2019.


www.kpmg.com

KPMG LLP, the audit, tax and advisory firm, is the U.S. member firm of KPMG International Cooperative (“KPMG International”). KPMG is a global network of professional services firms providing Audit, Tax and Advisory services. We operate in 154 countries and territories and have 200,000 people working in member firms around the world.

www.metricstream.com

MetricStream is simplifying Governance, Risk, and Compliance (GRC) for modern and digital enterprises. Our market-leading enterprise and cloud Apps for GRC enable organizations to strengthen risk management, regulatory compliance, vendor governance, and quality management while driving business performance.

Leading companies across industry verticals are benefiting from MetricStream’s simple and modular approach to GRC that is transforming risk management in a business environment that is increasingly mobile, social, global, and virtual. We have been consistently rated as a market leader by leading analysts, and have received several awards and recognitions for product innovation and customer success.

A SPECIAL THANKS TO OUR SPONSORS AND EXHIBITORS

SAPPHIRE

PLATINUM

12


www.acl.comACL is a global software company with innovative solutions to help risk professionals pinpoint risks and opportunities, unify their three lines of defense and protect their organization’s reputation. Through a unique combination of extreme ease-of-use, cloud delivery and the integration of industry standard risk analytics, ACL’s platform helps organizations manage risks and assure effective governance. Learn more at our booth and www.acl.com.

www.saiglobal.com

SAI’s Global banking software solutions include operational risk management, regulatory compliance and IT digital risk management. We help you proactively manage risk to achieve business excellence, growth and sustainability while providing risk visibility across your business.

GOLD

THANK YOU


www.genpact.com

Genpact (NYSE: G) is a global professional services firm that makes business transformation real. We drive digital-led innovation and digitally-enabled intelligent operations for our clients, guided by our experience running thousands of processes for hundreds of Global Fortune 500 companies. From New York to New Delhi and more than 20 countries in between, Genpact has the end-to-end expertise to connect every dot, reimagine every process, and reinvent companies’ ways of working. Transformation happens here.

www.icebergnetworks.com

Iceberg helps organizations plan, deploy and support successful implementations of Governance, Risk Management & Compliance (GRC) solutions, to drive more informed business decisions. We are also an authorized partner for North America’s leading GRC software platforms, offering a full lifecycle of GRC services, including executive workshops, implementation, and support.

SILVER

www.cbiz.com

The CBIZ Credit Risk Advisory Group is a national team of due diligence and risk experts that provides our clients with the information and knowledge to make the best possible business and financial decisions.


14

www.logicmanager.com

LogicManager believes performance is a result of effective risk management. LogicManager’s GRC software empowers organizations to uphold their reputation, anticipate what’s ahead, and improve business performance through strong governance. To learn more about LogicManager, visit www.logicmanager.com.

www.trustexchange.com

Trust Exchange is the leader in Collaborative Compliance. Trust Exchange is disrupting the $40B Business Information Services market by enabling companies to securely disclose and monitor key information about customers, vendors, and partners. Trust Exchange makes it easy for companies to automate critical compliance activities, build deeper trust with customers, vendors, and partners, and monitor their own company’s reputation performance over time. Today, Trust Exchange has tens of thousands of individual members as well as hundreds of customer institutions. Leaders like Nasa, Sodexo, Xerox, the Military and others count on Trust Exchange to streamline vendor management and compliance processes and deepen their trusted business relationships.

Program Sponsored by:

www.capco.com

Capco, is a global management consultancy with a focus in financial services including banking and payments, capital markets, and wealth and asset management, plus a dedicated energy division. We combine innovative thinking with unrivalled industry knowledge to deliver business consulting, digital, technology and transformational services. Our collaborative and efficient approach helps clients reduce costs, manage risk and regulatory change while increasing revenues.


At Capco, we combine innovative thinking with unrivaled industry and domain expertise to help clients meet regulatory requirements, manage risk and increase efficiency. Please contact the FRC team at [email protected] to find out how Capco can help transform your business.

© 2018 The Capital Markets Company NV. All rights reserved.

@CAPCOCAPCO.COM

CAPCO FINANCE, RISK & COMPLIANCEDoes your company have a plan to identify, prevent and manage adverse risk, compliance and cybersecurity issues? Capco offers a holistic suite of finance, risk and compliance (FRC) solutions that are scalable to match your institution’s risk profile. Let us help you mitigate risk to protect your assets, customers and reputation.

FINANCE & RISK CONVERGENCE CONSUMER FINANCE & FAIR BANKING

REGULATORY REPORTING FINANCIAL CRIME

ENTERPRISE RISK MANAGEMENT CYBERSECURITY & RESILIENCY

COMPLIANCE RISK MANAGEMENT REGULATORY INTELLIGENCE & TECHNOLOGY

PRACTICES:

CONSULTING

TECHNOLOGY ACCELERATORS

MANAGED SERVICES

SERVICES:

Capco_FRC_conference_halfpage_portrait.indd 1 29/03/2018 17:23

rma’s 12th annual -...

Documents