skip to Main Content

NEWS

Hottest information about 14th Annual Banking Operational Risk Management Summit

MARTIN  BALL

Head Risk & Control Assessments Retail Banking
Deutsche Bank

Questions For Martin Ball

What are the challenges being faced across IT infrastructure and frameworks in complying with the regulation?

I see the following challenges:

  • Initially, lack of clarity in the regulatory requirements to implement them in IT, often with barely enough time to implement after this clarity is sufficiently available
  • Dependencies of different regulations among themselves, which often become apparent only in the course of the implementation
  • Sometimes too narrow perspective in the implementation of regulations, which overlooks also existing new business opportunities, e.g. by changed conditions in the market

How is the operational risk framework changing as digitalization and technological development are becoming embedded?

Availability of data in business and analysis capabilities are exponentially growing. The challenge is to combine the historically often separate data sources for risk management and business in order to leverage the full potential of one integrated data pool for the company.

What is the most efficient way how to fight against cyber-attacks?

Even in times of ever more sophisticated IT features for detection and handling the Cyberattacks, the most vulnerable part of a network is still the human factor. Thus, it is still all about shaping awareness amongst employees as well as vendors, e.g. by “mystery shopping” programs of the CISO department.

Martin Ball is a Senior Risk and Compliance professional in European Retail Banking with a broad experience in operationalising risk management frameworks. Delivery has included the rollout of the R&CA process as well as the implementation of a Key Risk Indicator Reporting in the retail business division. Previous roles covered Inhouse Consulting and Product Management areas.

BARBARA CAPOBIANCO

Head Operational Risk Management International Wealth Management
Credit Suisse

Questions For Barbara Capobianco

What are the challenges being faced across IT infrastructure and frameworks in complying with the regulation?

There are two possible views on that topic.

  1. The regulator is “only” mandating what corresponds to good practices in the first place, however, in some cases, regulators show very little tolerance to solutions that are not state of the art.
  2. As international institute, the firm has to deal with multiple regulators simultaneously, each one having different set of requirements not aligned with each other. The difficulty here is to deal with the sheer mass of requirements and changes, firstly by ensuring the correct interpretation and understanding of the requirement itself and secondly by the respective proper implementation.

How is the operational risk framework changing as digitalization and technological development are becoming embedded?

The operational risk framework already reflects digitalization and technological development well. For example, there are operational risk events directly related to digitalization and technological development. In addition, operational risk methodologies and toolset, for example, Risk Control Self-Assessment or Operational Risk Change Assessment, already build upon such risk events. With digitalization and technological development becoming more and more prevalent, this operational risk toolset allows the parties to engage in a sound risk dialogue in regard to these topics.

What is the most efficient way to fight against cyber-attacks?

Companies are more and more moving away from the perimeter-based security view (i.e. an attacker is either outside the company’s IT infrastructure or inside that infrastructure). Today, it is widely recognized that security is a process of multiple lines of defence rather than a product like a firewall. Best practices in security mandate for emerging threats and new security topics must be continuously evaluated and continuous investments into people and security technologies must be undertaken to keep up with the latest trends. From a technical point of view, security often encompasses multiple lines of defence model including a threat-intelligence that actively monitors malicious activities and threats “in the wild” before they actually knock onto the company’s or financial institution’s door.

Cyber Security continues rising up the policy-makers radars and in September the EC published a review including several measures to reinforce EU cybersecurity ranging from increasing public sector cooperation to boosting private sector capabilities and preparedness, and a proposal for cybersecurity certification.

Barbara Capobianco, almost 20 years of experience in international wealth management with different roles in COO areas, focusing on project management, market development, sales management, market management and Operational Risk Management (education: Lausanne University degree in Political and Social Sciences, International Master of European Business Communication)

  • Recognized strong leadership and coaching skills
  • A decision maker, result driven, dynamic, open-minded, and self-motivated
  • A proven change agent in various transformation processes, especially in international areas, with robust stakeholder management ability
  • Large experience in training delivery (especially Project Management / Lean Sigma Method Master Black Belt)

JAN PERSSON

Head of Global Security
SEB

Questions For Jan Persson

What are the challenges being faced across IT infrastructure and frameworks in complying with the regulation?

Many regulations need to be satisfied simultaneously, which puts enormous stress on IT development. Incorporating security in business development needs to be formalized in a way that does not put the two perspectives at odds. We need to live with and accept the fact that enhanced regulations is a prerequisite for our businesses and we need to make sure that we have enough resources and competence to stay compliant at all times.

How is the operational risk framework changing as digitalization and technological development are becoming embedded?

There is a much higher focus on IT and information security today due to the rapid digitation that is changing the entire society today. Security needs to be a part of the business operations and not only a support function.

What is the most efficient way to fight against cyber-attacks?

First of all, it is about awareness: there are effective measures against cyberattacks, but people need to know them. We put a lot of effort within this area.

Communication: Response is less about saving money and more about saving face. So has a communication strategy that both talks to the broader market but also addresses specific cases.

Detection: The question is not whether nor when there will be any attacks as we are being attacked continuously. Therefore, the focus needs to be shifted from fraud prevention to fraud detection. We have taken a number of actions to improve our ability to detect fraud, i.e. real time monitoring in different systems.

Jan Persson has been a Head of Group Security at SEB since 2003, which is a leading North European business bank with around 16,000 employees and current operations in 20 countries. Before joining SEB, Jan had worked as a Head of Security at the Swedish telecom operator Tele2. He has a long background in the Swedish Security Service as well as a police officer at the Stockholm County Police. He has also served as an officer in the reserve forces of the Swedish Army, where he holds the rank of major.
Jan has a broad experience in the security field with a special focus on fraud prevention and risk management. In this field, he has supported foreign investors in the Baltics and the former Soviet Union for many years. He holds a Master’s Degree in Estonian and Economics.
In 2008, Jan was awarded the Annual Security Grant from the Swedish Confederation of Enterprise. Between 2011 and 2017, he was a board member and vice chairman of the International Banking Security Association, IBSA.

TODD CHENEY

Head of Conduct Risk, Framework, and Capital Switzerland
UBS

Questions For Todd Cheney

What are the challenges being faced across IT infrastructure and frameworks in complying with the regulation?

The challenges can be categorized into 3 areas:

  • The speed and volume of regulatory change and the agility of the IT function to react
  • The diversity and divergence of regulations across regions (if operating globally), despite regulators saying they strive for alignment
  • The costs of compliance and shrinking margins

How is the operational risk framework changing as digitalization and technological development are becoming embedded?

The frameworks are looking to leverage developments in artificial intelligence, machine learning, and automation. This is seen as an extension of physical employees and their capabilities rather than a replacement.

What is the most efficient way how to fight against cyber-attacks?

It is all about horizon scanning, protection, speed of detection and remediation, and then of course learning. It is impossible to have a perfect protection and the cost of building, maintaining, and adjusting, and the effectiveness are brought into question. Working with local and international authorities, other institutions, etc. is an important piece.

Todd Cheney is a Senior Risk and Compliance professional with experience covering various business divisions (Asset Management, Wealth Management, and Personal and Corporate Banking) and back office support functions, as well as both designing and implementing frameworks and supporting tools for Operational Risk and Conduct Risk across all divisions and regions. Six Sigma Black Belt certified (Aveta Business Institute) and certified Financial Risk Manager (GARP). Management experience with high competency in communicating to senior management and managing diverse stakeholders to deliver complex and high-level messages effectively and convincingly.

FOR MORE INFORMATION ABOUT
SPEAKERS AND CASE STUDIES

THANK YOU FOR YOUR CALL REQUEST

You will be contacted shortly.

Back To Top

RELATED EVENT

5th Annual Product Development Excellence in Banking MENA Summit
6th Annual Product Development Excellence in Banking Summit
13th Banking Credit Risk Management Summit