skip to Main Content


Hottest information about 14th Annual Banking Operational Risk Management Summit

17 January 2020


Head of Group Operational Risk Officer

Questions For Johan Rosén

How is technology shaping the operational risk management and how will it look in the future?

Technology enables us to harvest, analyse and report risk datapoints in new and more effective ways but it also drives new operational risks. Remember that every new application adds risks and vulnerabilities in some way.

What is the first thing OpRisk professionals should have in mind when optimising three lines of defence?

Shared taxonomy including process universe.

How to achieve an effective integrated risk and control management?

Collaboration, collaboration, collaboration. Key components are: shared taxonomy, a common process universe and aligned assurance (combined assurance is a unicorn).

Johan Rosén has more than 15 years of experience from risk management in the financial sector in the Nordics, the Baltic region, Russia and Ukraine. He has been a credit officer and has worked hands-on with business area risk control, including fraud risk and security. Johan has also worked with corporate structural deals and acquisitions and divestments and with strategic corporate communication. Johan is currently the Head of Operational Risk at Swedbank with added responsibilities for crisis management and IT – and information security risks. Johan has an EMBA from the Stockholm School of Economics.

14 January 2020


Deputy Head of Operational Risk
Raiffeisen International AG

Questions For Plamen Dimitrov

How is technology shaping the operational risk management and how will it look in the future?

Technology is changing every industry and activity, reducing classical risks but at the same time opening possibilities for unexperienced new ones. OpRisk is no exception and the transformation of its management is inevitable. This process will lead to the acceleration and automation of all currently known time-consuming activities (such as risk identification, measurement, etc.) and will open a whole new world of analytical and control opportunities – not possible until now due to resource limitations. All this will give us the chance to simulate the OpRisk outcomes from strategic moves before they take place.

What is the first thing OpRisk professionals should have in mind when building strong risk culture?

People. Everyone needs to start from the people and build all tools around them. With the help of the current technology, bringing the message becomes much easier but having the risk-adjusted behaviour as a result is much more difficult and this is why knowing your people matters in the first place.

What are the biggest challenges connected with following local regulations?

Operating in a multinational environment but remaining compliant on a local jurisdiction level will always remain a challenge. The legal risk is mainly coming from the number of regulations and their modification speed with high volume of involved data and culture-specific interpretations. For most of these jurisdictions keeping the pace requires external local support and considerable resources. While questionable compliance/conduct related cases were known to be common in the US, recent years proved that they can be a challenge to spread fast in EU and surrounding countries, already costing billions to the industry.

Plamen Dimitrov is a skilled OpRisk professional with more than 16 years of experience. He is currently working in Integrated risk management department of Raiffeisen Bank International AG (Vienna, Austria). There is a variety of positions in Eastern European banks part of UniCredit Group and Piraeus Group amongst his previous experience.
Plamen has detailed knowledge in implementation of advanced OpRisk policies and frameworks, as well as performing second line oversight, which he acquired during the years as an AMA country responsible and project manager.
Along with his bank experience, he has been teaching OpRisk management at the University of Applied Science BFI Vienna and has been a guest speaker on risk management training courses on multiple occasions.
Plamen holds an MBA degree from Carlson Business School (USA) and WU Executive Academy (Austria).

13 January 2020

The MONITOR volume 1

  • Business Email Compromise Trends
  • Ryuk Ransomware and Cyber Hygiene
  • Boosting Your Insider Threat Program

The MONITOR volume 2

  • Understanding and Fighting Against Banking Trojans
  • Point-of-Sale (POS) Compromise and MID Refund Frauds
  • Web Application Compromise and E-commerce Exploits

5 January 2020


Head of Operational & Reputational Risk

Questions For Margot Mitterbacher-Schaffer

What are the challenges in implementation of the reputation risk management framework?

  • RepRisk framework needs to be defined properly as a large number of different stakeholders are engaged in protecting a company’s reputation
  • A large number of external stakeholders define the perception of a company’s reputation. The perception of these different stakeholders may even be adverse
  • Reputation is intangible and hard to define and to measure
  • Impact following a RepRisk event or even crisis is hard to identify
  • The perception of a financial institute’s reputation and thus the RepRisk management evolves over time as new challenges emerge (e.g. climate change, digitalisation)

Should reputational management be subsumed under operational risk or become an individual risk category?

Reputational management can be subsumed under operational risk but it has to be clear that the full package of RepRisk management cannot be performed solely by the OpRisk function..

How is the operational risk framework changing as digitalisation and technological development are becoming embedded?

OpRisk function has to develop new skills (respectively hire additional personnel) to be able to challenge the 1st line of defence given the digitalisation of banks. Other stakeholders in OpRisk management (e.g. Anti-Fraud Management) need to invest in machine learning to be able to detect fraud patterns. Cyber Security needs to evolve constantly to face the threat of cyberattacks. As digitalisation and technological development is not only fostered within the organisation but is as well outsourced, the outsourcing risk itself needs to be properly addressed. Specific risks stemming from recent regulations like these from open banking or instant payments need to be managed by Business/IT and challenged by 2nd LoD.

Margot Mitterbacher-Schaffer, born on June 5th 1979 in Styria, Austria, holds a degree in Business Administration of the Vienna University of Economics and Business Administration.

She has an experience of 17 years in the area of Operational & Reputational Risk, starting as a working student in UniCredit Bank Austria and taking over different responsibilities in risk management over the years. She was appointed team Head for CEE Operational Risk management, then taking over the Reputational risk team of UCBA. Since 2018 she is leading the Operational & Reputational risk function of UniCredit Bank Austria. She spends her spare time with her two children and enjoys running.



You will be contacted shortly.

Back To Top


5th Annual Product Development Excellence in Banking MENA Summit
6th Annual Product Development Excellence in Banking Summit
13th Banking Credit Risk Management Summit