Agenda

agenda

Day 1 - Wednesday 13th March 2019

08:30

Registration and refreshments

09:00

Non financial risk governance

  • Background – drivers of risk management, high levels of enforcement and fines
  • What are the regulators expectations and definitions for governance (FCA, PRA & corporate governance)
  • What are the differences for banks, asset management and/or insurance?
  • Risk appetite framework across industries 
  • Setting out building blocks for effective risk governance
    • Common language around risk
    • Risk management steering committees
    • Roles & responsibilities of board, senior management, support functions, internal audit and compliance, risk management etc.
  • Interconnectivity with liquidity risk and other risk functions
  • Is NFR the same as enterprise risk?

10:30

Morning break

11:00

Enterprise risk management

  • Value of ERM
  • Elements of an effective ERM framework
  • Integrating ERM with corporate strategy
  • Setting up a ERM framework
    • Defining scope
    • Mapping risk
    • Action plans
    • Automation
    • Monitoring and measuring
  • Risk insight and transparency

12:30

Lunch

13:30

Creating and implementing a NFR framework

  • Increasing awareness of NFR
  • Effective risk assessments – emerging vs strategic
  • Breaking down silos
  • Importance of risk culture and embedding culture throughout the business
  • Too complex to control
  • Creating an integrated approach to NFRM;
    • An enhanced governance framework
    • A set of enablers
    • Changes in the front office approach and mind set
  • Challenges and opportunities for NFR frameworks

15:00

Afternoon break

15:30

Risk taxonomy

  • Steps to establishing a risk taxonomy in your organisation
  • Creating taxonomies where none currently exist (process or risk driven?)
  • Basel risk taxonomy vs bespoke
  • Imbedding a set of methodological steps
  • Integrating risk taxonomy’s across the LOD’s
  • Are taxonomies limiting in some ways – is there an associated risk of ‘missing things’?
  • Mitigation approach
  • Policy framework supported by standards which drive the control environment
  • Identifying new risks and adding them to the taxonomy

Group activity: Where in your own taxonomy are challenging boundaries captured?

 

17:00

End of day one

Day 2 - Thursday 14th March 2019

08:30

Refreshments

09:00

 Operational resilience  

  • What is operational resilience?
  • Regulatory expectations
  • Governance arrangements and overall approach
  • Strengthening existing mitigating frameworks (e.g. BCP)
  • Outsourcing dependency
  • How can you ensure continuing resilience in a cost-cutting environment?
  • How can existing risk frameworks be used to manage resilience risk (e.g. KRIs for impact tolerances) - class to share experiences
  • How frequently and to what extent should resilience be tested?
  • Current status and next steps in the operational resilience roll out -class to share experiences

10:30

Morning break

11:00

Third-party vendor risk management

  • Gap analysis against regulatory requirements
  • Ensuring a clear policy and operating model is in place to review outsourcing and 3rd party arrangements
  • Setting lifecycles of contracts
  • Approaches to:
    • Third party ecosystem
    • Managing third party risk
    • Third party risk and performance
  • Engaging third parties in critical services and resilience
  • Risk managing vendor sub-contracting (fourth party risk)
  • Managing and assurance, repository in place?

12:30

Lunch

13:30

Cyber security and technology risk

  • FSB cyber lexicon
  • Who should own cyber risk within the organisation?
  • IT risk management framework, IT process, risk & control framework
  • IT and links to resilience
  • Complexity and growing vulnerability of underlying IT systems
  • AI & machine learning with links to reputation
  • Case study: customer data
  • Including technology in risk assessments
  • Where to invest? Specialist talent? Outsourced data? Internal systems? Other?

15:00

Afternoon break

15:30

Conduct risk and risk culture

  • Focus from regulators
  • Differentiating conduct risk from other risk types (operational, credit, market)

Group discussion: What is your firms highest conduct risk going forward?

  • Changing behaviour and increasing front-office accountability
  • Key business benefits of strengthening risk culture
  • Defining and assessing risk culture
  • Changing risk culture – effective methods for delivering messages in a meaningful way
  • Can you effectively measure risk culture?
  • Emerging regulatory risks
  • Trends – what is on the horizon?

17:00

End of course