Sold out for the past five years, RMA’s Governance, Compliance, and Operational Risk Conference (GCOR) is the only conference of its type developed by practitioners for practitioners. GCOR will feature a keynote address by Helga Houston, CRO of Huntington Bank, who will speak about the M&A and integration challenges posed by Huntington’s acquisition of First Merit from a risk perspective. Dean Yoost, a member of the Board of Directors of MUFG Union Bank and author of “A Director’s Guide to Risk Management” will also provide a keynote address.
GCOR features plenary panels and sessions designed to help you better understand emerging operational risks and best practices in governance and compliance.
Guarantee your seat at GCOR XI before the event sells out. You'll enjoy panels and sessions featuring timely topics such as:
Culture and conduct risk
Third party/vendor risk
The impact of the SMA
Registration & Breakfast
Welcome and Introductions
Edward J. DeMarco, Jr., General Counsel and Director of Operational Risk, The Risk Management Association
Spyro Karetsos, Director of Enterprise Risk Services, SunTrust Bank
Keynote: A Risk Perspective on M&A Transactions and Post-Merger Integration
Helga Houston, Chief Risk Officer, Huntington Bancshares Incorporated
10:45 a.m. to 11:35 a.m.
Choose a track.
TRACK 1 - Gaining Convergence: Developing and Implementing an ERM Risk Assessment Program
Learn why it is important to have alignment across risk disciplines regarding how risks are rated and escalated. Learn how to gain consensus across risk management teams, how to build a process that will fit multiple purposes, and how to create better firm-wide consistency and transparency around risk escalation and prioritization.
TRACK 2 - Risk Appetite: Risk Tolerance, Risk Targets, Risk Limits, Communication throughout the Organization
TRACK 3 - Cybersecurity Trends in 2017
The cybersecurity legal landscape continues to evolve, shaped by a number of forces this year. They include understanding the cybersecurity goals of the new administration, including plans for a cybersecurity executive order; new state-level cybersecurity regulations, like the ones that are expected to be issued in New York, tightening the security requirements for banks, insurance companies, and other financial services sector; the ways in which the new nominee for the Supreme Court could help shape the future of the law on surveillance, privacy, and cell phone tracking; the risk to in-house counsel from data breaches; the role of the Internet of Things; the direction of the FTC; and other trends and developments. Join us for this interactive discussion on the latest legal, regulatory, and policy shifts on the cybersecurity horizon.
11:40 a.m. to 12:25 p.m.
Choose a track.
TRACK 1 - A Quantitative Approach for Evaluating Cyber Risk
In this session, we will explore comprehensive techniques to measure systemic cyber risk and quantify the exposure in terms Risk Executives and Board Members will be able to understand and act upon. We will discuss the essential elements of a system that can address emerging regulatory requirements while simultaneously informing a roadmap for cyber resilience tied to risk consequence.
TRACK 2 - Three Lines of Defense: Defining Roles and Responsibilities; the Challenge Function
This session examines the roles and responsibilities across the three lines of defense model, and shares insights on operationalizing the model within operational risk management, including ensuring a robust and effective challenge function.
TRACK 3 - The Interplay of Cyber Risk and Third Party Risk Management
Third party risk management is a key component of a company’s cyber risk management program. This session will pose questions that you should consider as you manage cyber risks associated with third parties.
1:35 p.m. to 2:25 p.m.
Choose a track.
TRACK 1 - Panel Discussion: Risk Assessment and Control Testing Convergence – The Driving Imperative
Join to understand the drive toward convergence and the value/proposition/business case. Explore the building blocks to effective assessment, control testing, and convergence and the pitfalls and lessons learned. Hear about initiatives, success stories, and the road ahead.
TRACK 2 - Third Party Risk Management: Monitoring and Oversight
This session will discuss in detail the Oversight and Monitoring Phase which focuses on expectations for ongoing monitoring of third party relationships to ensure: In October 2013, the OCC issued new guidance governing third party relationships to ensure that bank risk management practices keep up with the increasing complexities of third party relationships. The bulletin (2013-29) focuses on managing risk for specific components in 8 phases of a third-party lifecycle. Join us to learn about the Oversight and Monitoring Phase, which focuses on ensuring that 1) contractual obligations are met, 2) the third party is meeting the bank’s expectations, 3) risks are assessed on a defined frequency or an occurrence of an off-cycle trigger event, 4) activities and assessments are completed prior to pre-determined due date, 5) business reviews occur on a defined schedule, and 6) any identified issues are escalated to senior management, when appropriate.
TRACK 3 - Optimizing Cybersecurity Defenses through Risk-Based Governance
Many departments across your organization hold pieces of cybersecurity information. Unfortunately, most organizations lack the ability to put the full risk picture together. Too often, companies react to external threats by spending billions on technology solutions, without addressing the root-cause governance issue (like weak employee and vendor passwords). The governance of information security and technology is a tenet of risk management, and it is most effective when implemented with a holistic, cross-functional approach. This session will explore how to implement a successful cyber governance program that involves operationalizing defense policies, assigning clear accountability and responsibility, and monitoring the effectiveness of these processes.
2:30 p.m. to 3:20 p.m.
Choose a track.
TRACK 1 - Governance: Makeup of Committees; Charters; Goals
As a key part of the bank’s enterprise risk management program, the role of Risk Committees can be critical to establishing and enforcing risk tolerance levels, ensuring proper oversight, monitoring risk levels within the bank, and ensuring appropriate accountability. The key to success is ensuring that these are properly structured and managed. In this session we will discuss practical approaches to:
TRACK 2 - Independent Validation: Second Line Oversight of Operational Control Performance
The role of the second line is becoming increasingly important as the need for effective challenge increases. Business lines deal with an increasing number of requirements and expectations regarding their execution, customer impacts, product development, etc. While managing these risks is clearly a first line responsibility, having trusted advisors in the second line acts as an added layer of defense, helps to ensure the effectiveness of the control environment, and is critical to exceptional performance. Attend this session to explore the many ways effective challenge can occur in the second line (specifically, on control testing and validation) and see examples of solid business practices relative to testing key operational controls as documented through RCSAs or other similar processes.
TRACK 3 - The Business Value of including Cybersecurity and Vendor Risk Management in ERM
ERM leaders must bring visibility into and meaningful dialogue around the size, scale, and scope of the most urgent risks their organizations face. Programs that align directly with strategic objectives and address not only downside risks, but also opportunities to expand products, services, and competitive advantage, add tremendous value to the business. This session looks at how emerging risk around vendors and cybersecurity in the extended enterprise hit business value at its center and demand inclusion in ERM programs.
Keynote: A Director's Perspective on Risk Management: Governance; Heightened Expectations; Credible Challenges; Culture; IT, and Cybersecurity
Dean Yoost, Member of the Board of Directors of MUFG Union Bank and Pacific Life Insurance Company, Member of the Advisory Board of American Honea Finance Company
There was a time when a grasp of technology by a bank’s board of directors was not much of an issue; typically, IT was seen as nothing more than a support function. That time has passed. And while a board’s detailed understanding of underlying technologies is not required to ensure the appropriate management of data, directors still need more than a basic understanding of IT. Technology is just one subject addressed in this session. Regulators expect boards to provide a “credible challenge” to management, to help set a proper tone from the top, and to have a much better understanding of the financial services industry than many directors did before the crisis. Join us to explore these topics and the pressures on directors to find the balance between stepping up their game and encroaching on the duties of management.
Bridging the Gap: Measuring and Communicating Risk across the Enterprise
Ben Smith, Field Chief Technology Officer (Field CTO – U.S. East), RSA, a Dell Technologies business
Today, organizations of all sizes face serious and consequential risk management challenges. Technology is often presented as the ultimate solution to this problem, but in many cases, organizations are experiencing not just a technical challenge, but a language challenge when considering the risk management communications between various levels of the organization. Ultimately, our goal is to provide trusted, transparent and aggregated risk data in order to drive more informed, confident, and effective business decisions. Frequently, metrics serve as a foundation for how each group attempts to communicate business risk to the other.
But how do we translate operational measurements into meaningful risk metrics for the business? Doing so effectively is essential, because you can't manage what you don't measure. This session will discuss the following general questions: What are some best practices to keep in mind when selecting metrics? Does your audience dictate which metrics to select? What behaviors are you trying to influence with these metrics? How should you communicate those metrics internally within your organization for maximum impact?
Cyber Risk in M&A and other Enterprise Transitions
Bob Gardner, L3 Technologies
Consider the M&A activities of seeking acquisition targets, performing discovery and due diligence, negotiating buyout terms, and ultimately combining two dissimilar and highly information-processing worlds. The cybersecurity community has developed standards, best practices, and regulations to protect financial services’ critical infrastructure under normal operating conditions, however, there is little written and, virtually, nothing done to recognize and prevent the consequences of attacks perpetrated during changes attendant to enterprise information handling. Join this session to learn about five topics essential to preserving the integrity of M&As, IPOs, Cloud migrations, and other significant transitions: 1) level setting definitions of today’s cyber risk landscape, 2) which enterprise transitions are attractive targets for cyber attacks, 3) what vulnerabilities invite and enable cyber exploits, 4) new technologies available and emerging for adversaries and for us, and 5) what should be done prior to transitions to prepare and protect?
Industry Issues, Insights, and Trends
Mark D’Arcy, Chief Operational Risk Officer, Wells Fargo;
Michael J Abriatis, Executive Vice President, Chief Operational Risk Officer, PNC;
Joe Iraci, Managing Director, TD Ameritrade;
David Keenan, Managing Director, Morgan Stanley
Panel Discussion: Leveraging Data and Data Science for Enhanced Risk Management and Reporting
Moderator: Phil Bray, KPMG
Panelists: Mark D’Arcy, Chief Operational Risk Officer, Wells Fargo;
Beth Rudofker, Global Head of Operational Risk Management, Citi
Join us to hear how to build a foundation for effective data and data aggregation and how to apply data and analytics to manage exposures, monitor emerging risks, and forecast outcomes. You also will learn how to develop reporting that aligns exposures against business strategy, objectives and performance, and how to maintain effective data integrity, governance, and infrastructure for sustainable risk intelligence that supports decision making.
10:30 a.m. to 11:20 a.m.
Choose a track.
TRACK 1 - Panel Discussion: Scenario Analysis: AMA, ICAAP, and CCAR
How are firms aligning their scenario analysis program(s) in support of operational risk for AMA, ICAAP Pillar 2, and CCAR? Join us to learn how you can leverage common taxonomies, leverage workshops for one AMA, ICAAP, and CCAR, and if scenario analysis workshops be joined/combined.
TRACK 2 - Incentive Compensation Governance & Risk
The panel will focus on the principles of the Sound Incentive Compensation Policies and the evolution of regulatory oversight of incentive compensation at the large banks since 2010. Hear about lessons learned and better practices in the area of incentive compensation governance, controls, and risk balancing. And get a brief overview of the current state of regulation and thoughts on the future.
TRACK 3 - Role of Operational Risk in New Product Development
In order to successfully meet new opportunities in the financial industry, banks are expected to effectively research, analyze, and develop new products/services. These products/services must 1) align with the organization’s strategic goals, 2) maintain profitability and competitive advantage, and 3) allow the bank to serve its communities. Operational risk management’s role in this process is to develop and implement adequate risk management processes that effectively oversee the risks of the new activity. Join us for a look at the role of operational risk management in new product development and discover the roadmap for successful implementation in any organization.
11:25 a.m. to 12:15 p.m.
Choose a track.
TRACK 1 - Control Monitoring and Testing
A review of an integrated framework to substantiate the effectiveness of controls.
TRACK 2 - Measuring Culture
This session provides a high level overview of culture, along with some historical drivers. Challenges are referenced along with some framework ideas and regulatory background. Some of the many assessment methodologies are introduced. And finally a preview of an upcoming RMA culture article and working draft RMA model for culture. This interactive session will feature valuable input from our diverse attendee population.
TRACK 3 - Technology Risk and Innovation
Business demand for growth and efficiency have made technology and innovation key for first line management and thus important for many risk managers. This same demand has often caused these topics to become over-generalized and unspecific. This presentation will explore the characteristics, boundaries, and risk implications of technology and innovation with a mix of financial and nonfinancial examples.
1:30 p.m. to 2:20 p.m.
Choose a track.
TRACK 1 - Panel Discussion: Material/Emerging Risk Identification
Material Risks have represented an area of increasing emphasis in recent years, and have most recently been the focus of a newly-published regulatory definition. The panelists will share approaches to identification, along with both the existing and developing implications for taxonomies and subsequent measurement.
TRACK 2 - Effective Challenge within Operational Risk Management
Explore how Op Risk teams can effectively implement effective challenge across the different lines of defense.
TRACK 3 - Innovation Technologies: Artificial Intelligence and Blockchain
Artificial intelligence (AI) and blockchain are reshaping the way businesses and consumers interact. Blockchain, heralded as the single biggest breakthrough since the arrival of the Internet, is driving exciting innovation. Similarly, AI and machine learning are poised to have a momentous year in 2017. This session explores why and how AI/machine learning and blockchain are revolutionizing financial technology.
2:25 p.m. to 3:15 p.m.
Choose a track.
TRACK 1 - Panel Discussion: Linking Material Risks to Loss Forecasts
This session will build upon the Material/Emerging Risk Identification panel discussion (see Track 1, 1:30 p.m.) by exploring their impact on stress loss projections, including decisions about inclusion and exclusion, and the balance between data- and scenario-based quantification approaches.
TRACK 2 - Risk Culture and Conduct: Effective Practices
Explore the critical components of an effective risk culture and conduct program. Ask almost any financial institution and they will tell you how strong their risk culture and conduct is. They will tell you they are not like other firms, that they are special, that their employees really “do the right thing.” This is no longer enough. Going forward, every financial institution is going to have to prove it, which is no small task given the qualitative nature of risk culture and conduct.
TRACK 3 - CFPB Update
Bob Phelps, Director for Critical Infrastuctures Policy, OCC;
Donald Saxinger, Operational Risk, IT Supervision Section, Chief, FDIC
Associate Member: $1,500
Professional Member or Nonassociate from member institution: $1,700
Associate Member: $1,750
Professional Member or Nonassociate from member institution: $1,950
Associate Member: $2,000
Professional Member or Nonassociate from member institution: $2,300
Our conference hotel is the Hyatt Regency Cambridge, 575 Memorial Drive, Cambridge, MA 02139. Our group rate at the hotel is $259 single/double. For accommodations during the conference, please call the hotel at 1-402-592-6464 and identify yourself as an RMA registrant or make your hotel reservations using the link above. Reservations must be made by March 3, 2017 in order to ensure room and rate availability.
Situated along the scenic Charles River, our contemporary hotel in Cambridge, MA offers one of the most impressive meeting venues in the area. Featuring over 25,000 square feet of indoor and outdoor space, Hyatt Regency Cambridge, Overlooking Boston is the perfect place for hosting a conference, wedding, meeting or event that you want to make special. Business travelers will enjoy state-of-the-art meeting facilities, a 24-hour business center and easy access to downtown Boston, major highways, Logan Airport and The Hynes and BCEC Convention Centers.