Privacy & Information Security Round Table

For privacy officers, data officers and operational risk managers to discuss the impact of the GDPR, California Privacy law, pending India “GDPR” bill and related risk matters.

For pricing and registration, contact Sylwia Czajkowska at sczajkowska@rmahq.org.

Culture and Conduct Round Table

For the senior risk leaders to discuss frameworks for managing culture, conduct violations, conduct risk, and link to reputation.

For pricing and registration, contact Stacy Germano at sgermano@rmahq.org.

Incentive Compensation Round Table

For executives responsible for compensation and performance management. Discussions will focus on framework for managing incentive compensation, pool adjustments, and data gathering and score-carding.

For pricing and registration, contact Bernie Mason at bmason@rmahq.org.

Registration & Reception

Avoid the lines on Wednesday morning; pick up your conference materials and enjoy a refreshment compliments of SAI Global.

Registration & Breakfast

Welcome & Introductions

Opening Address

Spyro Karetsos, Chief Risk Officer, TD Ameritrade

Keynote Address

Edward P. Schreiber, Chief Risk Officer, Zions Bancorporation

Break

Break Out Session 1 

1. Review of Risk Appetite
   Join us for a review of the implementation of risk appetite at a bank and how the use of risk appetite has grown and matured.
   Kevin Storm, Deputy Chief Risk Officer, BB&T

2. Insurance as a Risk Management Tool
   Learn how to leverage operational risk information to optimize insurance programs.
   Erin Amerlan, SVP, Operational Risk & Insurance, Charles Schwab & Co., Inc.

3. Corporate Culture and the Art of Effective Escalation
   This session will explore the attributes of an ethical corporate culture as well as regulatory expectations for a financial institution’s risk culture. An important component of a healthy risk culture is effective escalation. Learn how employees can properly escalate (and receive) concerns.  
   David H. Wright, Senior Vice President, Director of Regulatory Services, U.S. Bank

4. The Why, How, and What of Effective Risk Reports
   Increases in corporate scandals across industries have signaled a need for effective risk management. Because of this, boards of directors are calling on risk professionals to show them where their companies stand. The challenge for practitioners is analyzing data across functions and levels, while portraying one comprehensive picture of risk. Join us to get answers on the most critical questions on risk analysis and reporting, and get current case studies and examples you can use in your next presentation.
   Steven Minsky, CEO, LogicManager

Break Out Session 2 

1. Framework for Challenge: Demonstrating Effective Challenge and Influencing Risk Management 

   Are you being asked to demonstrate “credible challenge”? Does your risk management team provide value in their oversight role as the second line of defense? This session will discuss creating a risk officer brand that includes expertise, diagnostic and influencing skills, and a challenge framework built on formal challenge, advisory challenge and joint risk reviews.

   Michael Abriatis, EVP, Chief Operational Risk Officer, PNC

2. Operational Resilience
   Recent FCA guidance requires large banks to take their operational risk management programs a step farther to think about critical business activities, set impact tolerances, and understand dependencies on internal operations centers, systems, and third parties. The large bank must then create scenarios of potential failures, and rank the scenarios, define mitigation plans, and demonstrate actions. Many organizations think about business continuity from an internal business process perspective, but most do not think about the external market impact of a process or legal entity failure. Find out how your organization can prepare for this new wave of enterprise risk management, both in terms of internal and external impacts.
   Brenda Boultwood, SVP Industry Solutions, MetricStream​

3. People Risk? What you need to know to take a strategic approach to understand, measure, and mitigate this risk type for your organization.
   People are touted as a company’s greatest asset; however people can also create significant risk for the organization if not understood, managed, and measured.  This session will provide a different way of thinking about people risk through culture, conduct, and the full employee lifecycle. 
   Jennifer Aydelott, SVP, HR Control Executive, Wells Fargo

4. How to Best Manage Nonfinancial Risk Across the Organization

   Risk management must be a core competency of all firms. Nonfinancial risks (operational risk, cyber risk and regulatory change management) are of growing importance but still not fully developed at many organizations today. This session will discuss the best practices for processes, tools and techniques for understanding non-financial risks, and the elements of risk management. By enabling trusted, aggregated and transparent risk data, we can make more informed, confident and effective business decisions.

   Andrew Vesay, General Manager, US Operations, Iceberg Networks

Lunch

Keynote Address

Dean Yoost, author “Illuminating Data in the Boardroom” and Member of the Board of Directors MUFG Union Bank and Pacific Life Insurance Company

Break Out Session 3 

1. How to Defraud a Company in Three Easy Steps
   Kevin Sasser realized there was a problem in his company’s third-party risk management program just as soon as the FBI called him. With the increasing scrutiny on third-party vendor relationships, could you organization survive the fraudsters’ “three-step plan”?  Come hear Kevin’s first-hand account of how a fraudster defeated his team’s internal safeguards, created thousands in losses, and earned Kevin an invitation to the witness stand. In addition, hear the latest in industry trends, common mistakes, and what you can do to protect your organization.
   Kevin Sasser, Director of Sales and Strategic Initiatives, Argos Risk

2. Operational Risk Loss Events
   This session examines the governing idea of the capture and use of both internal and external loss events. We will discuss challenges of complete/accurate data capture; regulatory requirements; and risk management opportunities. We will explore how integrated use of common risk platforms can have an impact on quantitative analysis.
   Melinda L. (Mindy) Ball, Chief Operational Risk Officer, The Huntington National Bank

3. Reputation Risk

   Reputation risk is a derivative that is based on how a firm manages its overall risk profile. Culture and conduct are key elements that need to be in place to safeguard and enhance reputation risk, but it is equally important to have a values-based culture that all associates can align with to enhance performance. Each risk discipline should be positioned well to safeguard and enhance reputation. Learn why firms who do not pay attention to these inputs jeopardize their reputations.
   Joseph Iraci, Managing Director, Financial Risk Management, TD Ameritrade

4. Managing Payment Risks
   With the emergence of new payment channels, products, competitors and threats; the need has never been greater to make sure your payment-related risks are effectively managed.  We will explore ways to manage, monitor and assess the risks of payments from all channels including risks associated with emerging technologies.
   Mark Williams, Chief Operational Risk Officer, Zions Bancorporation

Break

Break Out Session 4 

1. GDPR Risk Management and Common Dilemmas
   This session will explore GDPR benchmarks and company risk concerns, including the recent McDermott-Ponemon GDPR study of U.S. and E.U. companies. We will review company risk perception in GDPR, priority steps, visible compliance, and common GDPR dilemmas. These include frequent questions of when GDPR applies to U.S. companies, the scope of GDPR coverage within the company, privacy notice choices, and criteria for appointment of a data protection officer and/or a representative in the E.U. We will also address data breach reporting in the E.U.
   Mark E. Schreiber, Co-Chair, Global Privacy and Cybersecurity Group, McDermott Will & Emery LLP

2. The Future of the RCSA: Going Above and Beyond
   With RCSAs now entering their 26th year in our industry, we will be discussing where we can go and how to best leverage what has become muscle memory for many of us in new and exciting ways.
   Alan Freeman, Director, Operational Risk Management, Discover

3. Managing Reputation using Technology​
   Reputational damage is caused by many things, both as a consequence of what the firm does and what it does not do. Warren Buffet said that “It takes 20 years to build a reputation and five minutes to ruin it. If you think about that, you’ll do things differently.”  This premise and the need for proactive risk management requires us increasingly to use technology to exploit vast lakes of data as quickly as possible to facilitate informed risk-based decisions and so preserve and enhance our reputation.
   Andy Smith, Chief Technology Officer, RiskBusiness

4. LIBOR Risk Management
   What could go wrong? A discussion of program readiness; customer impact risks and considerations; Impact assessment – how and where does LIBOR affect your business activities; contract management; operational risk – LIBOR impact to systems, operations, and models; and Accounting change considerations.
   Mark A. Twerdok, Partner, KPMG LLP, and Khuram Babar, Director, KPMG LLP

Emerging Risk Panel

Join us for a discussion on emerging operational risk exposures facing the industry including cyber and information security threats, resiliency challenges, increased reliance on third parties and fintech, model and LIBOR exposures, geopolitical concerns, increased market volatilities, and drivers for automation and efficiency.

Moderator: Phil Bray, Principal, KPMG

Panelists: Michael Abriatis EVP, Chief Operational Risk Officer PNC; Joe Iraci Head of Financial Risk Management TD Ameritrade; Lisa Hershey, Managing Director, Depository Trust & Clearing Corp

Networking Reception

Keynote Address: LIBOR Replacement – The Countdown Begins

Alice Wang, Managing Director, Global Head of CIB Operational Risk, JPMorgan Chase

Keynote Address: Cybersecurity – Lessons Learned from the Department of Defense

Katie C. Stewart, Senior Member, of the CERT® Division at the Software Engineering Institute, a unit of Carnegie Mellon University

Break

Break Out Session 5

1. E2E Process Risk Assessment: Challenges and Innovations
   Join us to learn about the exchange to exchange (E2E) risk assessment value proposition, current E2E practices and risk-based approaches, and key challenges and lessons learned. You will also hear about innovative tools, data, and the next steps.

   Moderator: David Stone, Director, Risk and Compliance, KPMG
   Panelists: Michael Abriatis, Executive Vice President/Chief Operational Risk Officer, PNC Bank; Michael J. Colasso, CPA, CFE | SVP, Head of Enterprise Operational Risk Management, SunTrust Bank; Nathan, Davis EVP/Non Financial RM, Regions Bank; Marty Blaauw, Managing Director, Operational Risk Management, MUFG Union Bank, N.A.

2. The Risk Management Implications of M&A Transactions
   Learn about the risk of M&A transactions from the buyer and seller side. Risk will be explored in the areas of deal valuation, due diligence, people, culture, and integration.  Explore the process for monitoring and addressing risks and the CRO’s (second line of defense) role and responsibilities for M&A risk management.
   Michael Glotz, Chief Executive Officer, Strategic Risk Associates

3. The Role of Operational Risk in New Product Development
   Christopher Nestore, SVP and Head of Operational Risk Management, TD Bank

4. Essential Features of Successful Machine Learning
   Learning algorithms are only a small piece of the machine learning value chain. In this non-technical session we will review the process of extracting value from data, specifically focusing on conditions that are ideal for optimum outcomes. Learn about hurdles that must be overcome to foster a data-centric organization and the drawbacks of not doing so.
   Chuck Fannin, CFA, Sr. Quantitative Risk Analyst, Modeling & Exposure Management, TD Ameritrade

Break Out Session 6

1. Third Party/Vendor Risk Management
   Third-party risk management (TPRM) continues to evolve and mature in today’s regulatory environment. The process of analyzing and controlling risks presented to your company, your data, your operations, and your finances by parties OTHER than your own company is extremely important and at times highly complex. Every organization needs to ensure their program identifies, monitors, and mitigates risk posed by third parties. Join us to learn about TPRM at the enterprise level and get effective steps to develop a new program. You will gain insight into the required core elements and program governance requirements of TPRM to ensure compliance with regulatory standards.
   Emily Nachlas, Executive Vice President, Director of Enterprise Risk Management, Iberia Bank

2. Proactive Management of Nonfinancial Risks
   With the changing business environment confronting financial institutions, nonfinancial risks such as cybersecurity, fraud, third party, and regulatory risks are an increasing concern for banks of all sizes. We will explore ways to increase awareness, knowledge, and ongoing identification of key nonfinancial risks by the first line of defense while also addressing how to create and govern ongoing action plans to actually do something about these risks before they are a problem (or a bigger problem) for the institution.
   Billy K. Murray, Global Risk Management, Director, US Non-Financial Risk, BBVA Compass

3. Agile Risk Management
   In the evolving world of digital transformation, agile techniques, and growth mindset approaches, how can a risk manager lean in and take advantage of these exciting new paradigms and apply them to the risk space? Philippa will share case studies including how agile sprints have been used to manage risk activities and how a risk function can embrace a growth mindset.
   Philippa Girling, Chief Risk Officer, Varomoney

4. Machine Learning and Model Risk Management
   Institutions of all sizes are expected to maintain a model risk management program commensurate with their size and level of complexity. For most institutions, this requires some level of periodic validation of key business models or systems to ensure the model’s accuracy, comprehensiveness, and suitability for the intended purpose. The majority of these systems are provided by third parties, many of which are beginning to incorporate machine learning (ML) or artificial intelligence (AI) capabilities. While this could lead to potential functional strengths or improvements, it may create challenges to systems that have been previously validated based on rules sets in place at the time. Ideally, institutions want to take advantage of all technological advancements, while not creating risks to their model governance framework. Learn practical approaches to working with system vendors to critically assess their actual or intended application of ML/AI capabilities, modeling governance and validation protocols which take in to account these advancements, and documenting models and validation activities in a way that will satisfy regulatory requirements.
   Eric Holmquist, Managing Principal, Capco

Lunch Keynote: Marijuana Policy and the Banking Industry

Aaron Klein, Fellow, Economic Studies & Policy Director, Center on Regulation and Markets, Brookings Institute

Break Out Session 7

1. Interconnections of Cyber, Business Resiliency, and Third-Party Risk
   Learn about the harmonization required between third-party programs, cybersecurity frameworks, and regulatory expectations as organzations are confronted with a changing business landscape, increased cyber threats, and evolving third-party relationships.
   Mary M. Kapferer, Executive Vice President and Chief Enterprise and Operational Risk Officer, KeyCorp

2. HMDA, ML/AI/Big Data and Fair Lending Analytics

   This session will focus on the implications of recent changes to the reporting requirements and publication of newly collected data as required by the Home Mortgage Disclosure Act (HMDA) and its implementing regulation, Reg C. Learn about expanded coverage, new data points, and public disclosure that will provide regulators and the public with a wealth of information that can be used to evaluate mortgage lenders for potential fair lending risk. Hear about the increasing use of machine learning, big data, and alternative data in credit decisioning, with a focus on the Equal Credit and Opportunity Act (ECOA) and mitigating compliance risk.

   Bryce Stephens, PhD, Director, BLDS, LLC

3. Where is Blockchain headed?
   A discussion of developments including being able to run blockchain on premises and the interoperability of different blockchains (where the core may not be technology but the particular blockchain governance agreements) with the promise of transfer/exchange of assets across blockchains.
   Jonathan Rosenoer, Blockchain Strategic Partnership Leader, IBM

4. Operational Risk Management: A Business Line Perspective
   This session will discuss lines of defense (LoD) structure, oversight of risk, ownership evolution, escalation of risks, and emerging risks. Learn about the first LoD and where business unit managers fit in, who owns execution, and the ownership evolution (third party, technology risk, compliance risk). Learn about the escalation of risk through the first, second, and third lines of defense and emerging risks. What does 2019/2020 look like?
   David Diehl, SVP, Corporate & Institutional Bank Risk Manager, PNC-Certified Women’s Business Advocate, The PNC Financial Services Group

Break Out Session 8

1. Third Party Risk Management in the Cloud

   Cloud services create tremendous advantages for large organizations in terms of agility, cost savings, and reduced infrastructure complexity. However, distributing a wide range of services across a global cloud backbone while serving millions of customers and thousands of institutions dramatically increases the challenge of maintaining compliance relative to third party risk.  Large financial institutions are on an inexorable march to the cloud; yesterday’s disclosure and compliance processes don’t have a chance of effectively addressing compliance at cloud-scale for financial organizations of any size. This session will address these issues, and the future of compliance at cloud-scale.

   Jake McDonald, Director, CBIZ Credit Risk Advisory and Ed Sullivan, Founder and CEO, Trust Exchange

2. Faster, Better, and Risk Free or Not! Digitalization Roadmap: Merging Digitalization and Risk Mitigation

   Consider this roadmap before, during, and post implementation of digital services. In the industry the majority of financial institutions are looking for ways to speed up banking, provide a better customer experience, increase “stickiness,” and increase profits all while decreasing the cost related to servicing customers and staying in the good graces of regulators. This is a high bar for many institutions, especially given the regulatory environment and limited budgets. Join this session to get energized about identifying, measuring, and managing the risks. 

   Marianne Byrne, Esq*, Managing Principal, Community Bank Segment, Capco

   *Not representative of Capco corporate legal team.

3. Scenario Analysis: Implementing One Program for Multiple Uses
   A well-designed scenario analysis program should be integrated into the ORM framework and executed consistently to ensure that a single process can support many critical uses and risk management objectives. Join us to learn about program design considerations, uses, what is needed to ensure sustainability.
   Jay Newberry, Managing Director, Global Head of Operational Risk Management Framework, Citi - Retired

4. Partnering with Fintechs and Managing Third-Party Risk

   Financial services firms continue to partner with smaller, entrepreneurial fintechs to drive innovation and transformation in products and services in the financial services ecosystem. Learn how they find each other and partner and how financial services firms manage the third-party risks of their new fintech partners, which may have relatively immature risk, compliance, and governance practices.  

   Moderator: Mark duBose, Advisor/Mentor, MassChallenge FinTech
   Panelists: Devon Sherman, Founding Director, MassChallenge FinTec; Jay Leopold, Head, U.S. Investment Risk, Columbia Threadneedle; Tracie Kosakowski, General Counsel and Chief Compliance Officer, Radius Bank; Greg Hamilton, SVP, IT Vendor Oversight, Brown Brothers Harriman

Regulatory Panel

Nida Davis, Federal Reserve Board; Martin Henning, FDIC; Lazaro Barreiro, OCC