skip to Main Content


Latest information about 13th Annual Banking Operational Risk Management Summit

27 FEBRUARY 2020

Banking Risk Summits Are Over – Until the Next Annuals!

Two weeks ago, on 11th-13th February 2020, over 200 banking risk professionals gathered in the city centre of Vienna in order to participate at two recognised events organised by Allan Lloyds: 14th Annual Banking Operational Risk Management Summit and 13th Annual Banking Credit Risk Management Summit.

The success and high quality of these two events are every year attracting number of new experts that are keen to hear from the best companies on the market and at the same time, the number of returning attendees remains outstanding.

This year’s participants had an excellent opportunity to listen to the case studies presented by executives of Credit Suisse, Deutsche Bank, Danske Bank, Nordea, UBS, Intesa Sanpaolo, Raiffeisen International AG, Swedbank and many others. During two days, thanks to a very intensive programme and schedule, they have heard about numerous issues that are at the moment affecting practically all banks and financial institutions.

Operational risk specialists discussed various topics from outsourcing, reputational risk, conduct risk, the ever-challenging topic of 3 lines of defence, new technologies and advanced analytics to sustainability. In the other room, experts of credit risk dealt with tough matters of stress testing, IFRS9, risk appetite framework, counterparty credit risk, regulatory journey and of course they also touched how are new technologies, RPA, Big Data or machine learning impacting credit risk management.

Horst Schoeler from Deutsche Bank said about the event: “What I really like about this event is that it is up to date with the topics, we discuss what really drives the industry at the moment. And I have enjoyed interaction with my peers from UBS, Credit Suisse, ING, Citi bank and the opportunity to understand where they are standing, how they are approaching the topics and learn from them as well.”

The risk events might be over, but Allan Lloyds has in its portfolio many other banking events planned for this year! You can have a look at our website or stay updated regarding our upcoming events. Do not forget to follow us on LinkedIn and never miss any news!


Vice President Fraud Risk Oversight

Questions for Neha Sharma

How to improve fraud prevention in banks and financial companies?

There may not be one standardised approach to fraud prevention as banks and financial companies have diverse product offerings, customer profiles, oversight and governance styles, however a few aspects spring to mind:

  1. Given the constantly evolving external environment with new modus operandi and threat types, it is crucial to be aware of fraud events, be agile – act and learn from them and be accountable – help clients and implement incremental controls if gaps are identified
  2. Create a dynamic and forward looking fraud risk management model that for targeted efforts within defined boundaries can easily be embedded in business level operating procedures
  3. Monitor, test and challenge process level controls – what worked yesterday may not work tomorrow
  4. Invest in technology to keep ahead of fraudsters

Could artificial intelligence and machine learning prevent frauds?

As much as fraudsters find new ways to exploit technology, banks and financial institutions equally need to find ways to stay ahead of the game and so adopting pre-emptive analytical tools like artificial intelligence (AI) and machine learning (ML) would help in predicting, detecting and deterring fraudulent activity and inform decision-making early on in transactions. Machine learning has become more popular than traditional statistical methods as it provides better accuracy and can be applied to a wider data set to risk assess transactions and make decisions. Today only 13 percent of organisations use artificial intelligence (AI) and machine learning (ML) globally to detect and deter fraud, however 25 percent plan to adopt such technologies in the next year or two which is a positive trend aside an expected increase in other anti-fraud initiatives like the use of biometrics and data analysis techniques such as automated monitoring and exception reporting by 2021.

What trends can we expect in the near future when it comes to operational risk in banking and/or fraud management?

I believe the use of technology such as robotics, machine learning, behavioural biometrics and data analytics are forward looking tools that would guide decision making and help improve operational efficiencies and potentially reduce operational/fraud events. Having said that, traditional monitoring, vigilance and instituting a culture of high ethical standards would remain important parameters to calibrate business strategy to new risks as they unfold over time.

Neha Sharma is an experienced banker with 17 years of international banking with Citibank in Sales, Product, P&L and Risk control functions across diverse businesses lines – Consumer, Commercial and Institutional banking . She is currently based in Ireland (Dublin) and is responsible for Fraud Risk oversight at an Enterprise level and in EMEA with a key focus on Markets, Securities services and Trade Finance businesses. Neha is an MBA from the prestigious Symbiosis Institute of Management Studies (India) and holds a dual specialisation in Finance and Marketing.


Hasib HAQ

Head of Non-Financial Risk Management
ING Austria

Questions for Hasib Haq

How is technology shaping the operational risk management and how will it look in the future?

If you would ask some years back what is the biggest risk in banking, obviously you would hear credit risk a lot. Since we live in a tech savvy environment, it is much easier to grab your phone and raise attention through social media, for operational or IT risk events which might lead to catastrophic reputational loss. So I would personally think twice about the question: “What is the biggest risk in banking?”

What is the first thing OpRisk professionals should have in mind when building strong risk culture?

Clear Governance is crucial for prudent risk management. I think we can only talk about “effective” risk management if we can integrate risks & controls end-to-end into processes.

What are the biggest challenges with following local regulations?

Local regulations are by definition not aligned with Group Policies, so the challenge is to translate local regulatory requirements and align them with Group Risk Appetite and its requirements.

Hasib Haq has worked in all 3-Lines-of-Defence and is currently Head of Non-Financial Risk Management at ING Austria. Since 2011 he has worked at ING and had various roles, from Sr. ORM/IRM Officer to Principal Product Manager, Client Coverage Sales and Project/Programme Manager at ING Group. Between 2010 and 2011 he worked as an NFR manager at ASR Bank/ABN AMRO in the Netherlands. He started his career in 2005 as a Chartered Accountant, specialised in Operational and IT Risk Audit & Advisory at PricewaterhouseCoopers.

27 JANUARY 2020


Head of Operational Risk Management CEMEA

Questions for Jacky Cumberland

How is technology shaping the operational risk management and how will it look in the future

I think there are huge opportunities to be gained with the development of technology in the management of operational risk.  The increase in automation and smarter trend analysis mean that changes in risk (as well as business opportunities) could be identified quickly, leading to better decision-making and more proactive management of operational risks.

The area of AI is an area of untapped opportunities – to be able to use data mining, machine learning and natural language processing alongside traditional analytics to recognise indicators of risk, known and unknown, is very exciting.  That said, operational risk management professionals need to keep up to date with their business areas and what is happening in the technology world.

What is the first thing OpRisk professionals should have in mind when optimising three lines of defence?

Communication.  There may be three lines of defence but you all are one company and therefore, one team. Work together to understand the purpose of what you all do, what you are trying to achieve, and agree on the working practices.  Don’t just send emails or make grand intranet announcements that no one is expecting.  Discuss and make the most of each other’s skills – the 1st line knows the business and its processes – the 2nd line knows the regulations and best practices for managing risk – and 3rd line has an overview of the whole group and can affirm and support best practices.

How to achieve an effective integrated risk and control management?

In short – do not lose sight of the purpose of the risk and control management.  Companies do it to identify potential problems before they occur so that the problems can be managed. Share the purpose of any requests to the 1st line, and the 1st line discusses changes and implementations with the 2nd line.  It is not just about doing something because the regulator says so; the regulator is saying it for a reason – find out what that is and work together as a team.

Jacky, has over 30 years’ experience in the financial services industry, the last 15 years as an operational risk professional in international banks gaining knowledge of business and risk management in the US, Canada, Australia, New Zealand, Singapore, Norway and the UK. She is the Head of Operational Risk (CEMEA region) for the Nordic bank DNB, and currently on secondment to DNB’s head office and the Group Operational Risk team in Oslo leveraging the experience gained throughout her career. She is a passionate advocate of educating on managing operational risk, a professional member of the Institute of Operational Risk, and when in London, she is an active member of ‘good practices’ networks.

23 JANUARY 2020

Agile Model Risk Management: A New Way Forward for Financial Services

The Business Case for Managing End User Computing

17 JANUARY 2020


Head of Group Operational Risk Officer

Questions For Johan Rosén

How is technology shaping the operational risk management and how will it look in the future?

Technology enables us to harvest, analyse and report risk datapoints in new and more effective ways but it also drives new operational risks. Remember that every new application adds risks and vulnerabilities in some way.

What is the first thing OpRisk professionals should have in mind when optimising three lines of defence?

Shared taxonomy including process universe.

How to achieve an effective integrated risk and control management?

Collaboration, collaboration, collaboration. Key components are: shared taxonomy, a common process universe and aligned assurance (combined assurance is a unicorn).

Johan Rosén has more than 15 years of experience from risk management in the financial sector in the Nordics, the Baltic region, Russia and Ukraine. He has been a credit officer and has worked hands-on with business area risk control, including fraud risk and security. Johan has also worked with corporate structural deals and acquisitions and divestments and with strategic corporate communication. Johan is currently the Head of Operational Risk at Swedbank with added responsibilities for crisis management and IT – and information security risks. Johan has an EMBA from the Stockholm School of Economics.

14 JANUARY 2020


Deputy Head of Operational Risk
Raiffeisen International AG

Questions For Plamen Dimitrov

How is technology shaping the operational risk management and how will it look in the future?

Technology is changing every industry and activity, reducing classical risks but at the same time opening possibilities for unexperienced new ones. OpRisk is no exception and the transformation of its management is inevitable. This process will lead to the acceleration and automation of all currently known time-consuming activities (such as risk identification, measurement, etc.) and will open a whole new world of analytical and control opportunities – not possible until now due to resource limitations. All this will give us the chance to simulate the OpRisk outcomes from strategic moves before they take place.

What is the first thing OpRisk professionals should have in mind when building strong risk culture?

People. Everyone needs to start from the people and build all tools around them. With the help of the current technology, bringing the message becomes much easier but having the risk-adjusted behaviour as a result is much more difficult and this is why knowing your people matters in the first place.

What are the biggest challenges connected with following local regulations?

Operating in a multinational environment but remaining compliant on a local jurisdiction level will always remain a challenge. The legal risk is mainly coming from the number of regulations and their modification speed with high volume of involved data and culture-specific interpretations. For most of these jurisdictions keeping the pace requires external local support and considerable resources. While questionable compliance/conduct related cases were known to be common in the US, recent years proved that they can be a challenge to spread fast in EU and surrounding countries, already costing billions to the industry.

Plamen Dimitrov is a skilled OpRisk professional with more than 16 years of experience. He is currently working in Integrated risk management department of Raiffeisen Bank International AG (Vienna, Austria). There is a variety of positions in Eastern European banks part of UniCredit Group and Piraeus Group amongst his previous experience.
Plamen has detailed knowledge in implementation of advanced OpRisk policies and frameworks, as well as performing second line oversight, which he acquired during the years as an AMA country responsible and project manager.
Along with his bank experience, he has been teaching OpRisk management at the University of Applied Science BFI Vienna and has been a guest speaker on risk management training courses on multiple occasions.
Plamen holds an MBA degree from Carlson Business School (USA) and WU Executive Academy (Austria).

13 JANUARY 2020

The MONITOR volume 1

  • Business Email Compromise Trends
  • Ryuk Ransomware and Cyber Hygiene
  • Boosting Your Insider Threat Program

The MONITOR volume 2

  • Understanding and Fighting Against Banking Trojans
  • Point-of-Sale (POS) Compromise and MID Refund Frauds
  • Web Application Compromise and E-commerce Exploits

5 JANUARY 2020


Head of Operational & Reputational Risk

Questions For Margot Mitterbacher-Schaffer

What are the challenges in implementation of the reputation risk management framework?

  • RepRisk framework needs to be defined properly as a large number of different stakeholders are engaged in protecting a company’s reputation
  • A large number of external stakeholders define the perception of a company’s reputation. The perception of these different stakeholders may even be adverse
  • Reputation is intangible and hard to define and to measure
  • Impact following a RepRisk event or even crisis is hard to identify
  • The perception of a financial institute’s reputation and thus the RepRisk management evolves over time as new challenges emerge (e.g. climate change, digitalisation)

Should reputational management be subsumed under operational risk or become an individual risk category?

Reputational management can be subsumed under operational risk but it has to be clear that the full package of RepRisk management cannot be performed solely by the OpRisk function..

How is the operational risk framework changing as digitalisation and technological development are becoming embedded?

OpRisk function has to develop new skills (respectively hire additional personnel) to be able to challenge the 1st line of defence given the digitalisation of banks. Other stakeholders in OpRisk management (e.g. Anti-Fraud Management) need to invest in machine learning to be able to detect fraud patterns. Cyber Security needs to evolve constantly to face the threat of cyberattacks. As digitalisation and technological development is not only fostered within the organisation but is as well outsourced, the outsourcing risk itself needs to be properly addressed. Specific risks stemming from recent regulations like these from open banking or instant payments need to be managed by Business/IT and challenged by 2nd LoD.

Margot Mitterbacher-Schaffer, born on June 5th 1979 in Styria, Austria, holds a degree in Business Administration of the Vienna University of Economics and Business Administration.

She has an experience of 17 years in the area of Operational & Reputational Risk, starting as a working student in UniCredit Bank Austria and taking over different responsibilities in risk management over the years. She was appointed team Head for CEE Operational Risk management, then taking over the Reputational risk team of UCBA. Since 2018 she is leading the Operational & Reputational risk function of UniCredit Bank Austria. She spends her spare time with her two children and enjoys running.

Back To Top


5th Annual Product Development Excellence in Banking MENA Summit
6th Annual Product Development Excellence in Banking Summit
13th Banking Credit Risk Management Summit