From Challenge to Control: Leveraging Digital Innovation in Operational Risk October 14-15, 2025 London
20+
20+
150+ Sessions Speakers Attendees
Key themes 2025:
REGULATION
Shifting Standards: Basel III, DORA, NIST
2.0, EU AI Act and More
GOVERNANCE
Operational Risk in Agile & Tech
Environments: Governance and Collaboration
DEFENCE GAPS
Derisking Emerging Technologies: Aligning Cybersecurity with Innovation
EMERGING TECHNOLOGIES
The Next Frontier: Operational Risk
Implications of Quantum, DeFi, Tokenization and Agentic AI
RESILIENCE
Resilience by Design: Testing Operational Continuity in Complex Tech Ecosystems
Who’s Participating:
Dominic-Victor Masny Head of Operational Controls, Risk & Resilience Sompo
Faye Wilde Associate Director, Operational Risk & Compliance National Australia Bank Limited
Nitesh Kumar Managing Director, RISK ORM, Global Head - Cyber and Payment Systems Risk, Technical Testing & Automation Center BNP Paribas
David Bonavia Lead Operational Risk Framework Manager Metro Bank
Anthony Muhammad Deputy Head of U.S. Stress Testing, Capital, Scenarios, and Framework, Operational Risk Barclays
Agenda | Day 1 | October 14, 2025
8:00 REGISTRATION & BREAKFAST
8:50 CHAIR’S OPENING REMARKS
REGULATION – PANEL DISCUSSION
9:00 Navigating the Regulatory Horizon: Adapting Operational Risk to DORA, NIS2, 2024 UK Corporate Governance Code and the EU AI Act
• Understanding key compliance deadlines and cross-cutting implications of DORA, NIS2, and the EU AI Act across operational risk functions
• How DORA is reshaping ICT risk management, incident reporting protocols, and oversight of critical third-party providers
• Navigating dual regulatory obligations under NIS2 and overlapping frameworks like PSD2 and MiCA
• Addressing the new risk management and internal control requirements of the 2024 UK Corporate Governance Code
• AI Act implications: integrating model governance, explainability, and accountability into algorithmic decisioning
• How UK regulators are approaching tech risk and simplification under FSMA 2023 and the post-Brexit framework
David Bonavia, Lead Operational Risk Framework Manager, Metro Bank
Desmond Campbell, Regulatory Projects Delivery Lead, AJ Gallagher
GOVERNANCE
9:45 Operational Risk Governance in Agile and Tech-Driven Environments: Evolving Roles, Ownership and Collaboration
• Evolving the Three Lines of Defence model to meet the demands of digital transformation and agile delivery
• Clarifying ownership and accountability for operational risk in agile, cross-functional, and product-led teams
• Integrating operational risk governance into digital project lifecycles, DevOps pipelines, and AI-enabled innovation
• Aligning risk, compliance, and technology functions through embedded controls and early-stage collaboration
• Supporting rapid delivery cycles without compromising risk oversight or regulatory obligations
Dominic-Victor Masny, Head of Operational Controls, Risk & Resilience, Sompo
GEN AI - PANEL
10:20 GenAI and Risk Functions: Practical Use Cases and Responsible Oversight Using GenAI in Risk Functions
• Practical GenAI use cases across second-line risk functions, including regulatory interpretation and controls testing
• Applications in front office and trading risk: how GenAI supports decision-making and surveillance
• Challenges in adopting GenAI safely within existing risk frameworks Oversight and Responsible AI Governance
• Addressing data quality, lineage, and fairness in AI model development
• Ensuring effective AI assurance: from model validation to independent oversight and bias detection
• Building cross-functional collaboration between risk, compliance, data science, and model risk functions
Nassos Economopoulos, Head of Technology & Cyber Risk, Rothesay
Faye Wilde, Associate Director, Operational Risk & Compliance, National Australia Bank Limited
David Bonavia, Lead Operational Risk Framework Manager, Metro Bank
11:05 MORNING REFRESHMENT BREAK & NETWORKING
DEFENCE GAPS - PANEL
11:40 Derisking Innovation: Cybersecurity Strategies for Emerging Technologies
• Anticipating cyber threats and compliance challenges in AI, cloud computing, and digital identity systems
• Cybersecurity-by-design: How to embed secure architecture early in tech adoption
• Addressing third-party and privileged access risks unique to emerging technology ecosystems
• Building cyber capability: Hiring, upskilling, and structuring teams for innovation risk
• How will cybersecurity risks continue to evolve with the proliferation of AI and with quantum computing on the horizon
Kishan Majithia, Executive Director, Cyber and Technology Controls, JP Morgan Chase
Nitesh Kumar, Managing Director, RISK ORM, Global Head - Cyber and Payment Systems Risk, Technical Testing & Automation Center, BNP Paribas
CYBER RISK
12:20 Modern Cyber Risk and Resilience: Real-Time Detection to Zero Trust
Using GenAI in Risk Functions
Implementing real-time, cross-domain monitoring—case studies from ION ransomware and M&S attacks
Addressing deepfake-enabled fraud targeting authorization and identity controls
Understanding rogue state cyber threats and their operational risk to financial infrastructure
Building integrated defenses: Zero Trust, endpoint detection, and coordinated incident response
• Reporting actionable metrics and evolving threat insights to the board
12:55 LUNCH BREAK AND NETWORKING
MONITORING
1:55 Operational Risk Monitoring - Using Patterns & Anomalies to Anticipate Control Failures
• Risk Management in the age of disruption from innovation to market preservation
• How pattern and anomaly detection uncover emerging risks when identifying hidden risk signals
• Advanced Monitoring Capabilities: How machine learning techniques and statistical models enable smarter and faster detection of outliers
Anthony Muhammad, Deputy Head of U.S. Stress Testing, Capital, Scenarios, and Framework, Operational Risk, Barclays
EMERGING TECHNOLOGIES - PANEL
2:30 The Next Frontier: Operational Risk Implications of Quantum, DeFi, Tokenization and Agentic AI
• Early signals of disruption from decentralized finance and smart contracts
• Tokenization of assets and custody risk considerations- Separating Tokenization from Crypto
• Potential impact of quantum computing on cryptography and system integrity
• Preparing risk teams for paradigm shifts in financial infrastructure
• Leveraging Agentic AI for autonomous detection, assessment, and response – what is the future risks and opportunities
Tin Lau, Chief Risk & Compliance Officer, Mirae Asset Securities
FUTURE OF OPRISK
3:15 The Future of Operational Risk Management
• Is Operational Risk disintegrating?
Building effective partnership between Operational Risk teams and specialist areas, such as TPRM, cyber and resilience Focus areas: value-adding, prioritization, emerging risk management
• How to standardize across the industry and bring Operational Risk into the Board and Executive Committee effectively
• Operational Risk of the future: how does effective risk management look like in 3, 5,10 years? What is the next big thing?
Elena Pykhova, Author, Operational Risk Management in Financial Services
3:45 AFTERNOON REFRESHMENT & NETWORKING
HUMAN RISK - PANEL
4:15 The Human Side of Risk: Adapting the Risk Professionals to a Changing Landscape
• How the roles and skillsets of risk professionals are evolving to meet new challenges
• Understanding the need to adapt quickly to increasing regulatory requirements and rapidly advancing technologies
• Examining the impact of organizational culture, managing stress, and building resilience
• Sharing real-world peer experiences and insights from the frontline of risk management
• The most important skills of risk professionals: now and in the future
Gary Savill, Head of Enterprise Risk Management, Risk & Compliance, Starr Companies UK
Elena Pykhova, Author, Operational Risk Management in Financial Services
Ayesha James, former Group Third Party Risk Steward & Europe Head of Operational & Resilience Risk
Philip White, Head of Operational Risk, Aldermore
TALENT - FIRESIDE CHAT
5:00 Nurturing the Next Generation: Building the Future Talent Pipeline for Operational Risk
• Identifying the evolving skillset for operational risk roles—data literacy, tech fluency, and strategic thinking in a digital-first environment
• Attracting professionals from non-traditional backgrounds such as cyber, data science, and behavioral risk
• Balancing automation with human oversight—how roles are shifting in response to AI, regulatory tech, and predictive analytics
Rebecca Urang, Head of Operational Risk, Mitsui Bussan Commodities, Ltd
Sean Titley, Deputy CRO, Bank of London
5:40 NETWORKING DRINK’S RECEPTION
Agenda | Day 2 | October 15, 2025
8:00 REGISTRATION & BREAKFAST
8:50 CHAIR’S OPENING REMARKS
RESILIENCE – PANEL DISCUSSION
9:00 Resilience by Design: Testing Operational Continuity in Complex Tech Ecosystems
• Designing rigorous testing frameworks using tabletop exercises, red teaming, and penetration testing to evaluate response readiness and system vulnerabilities
• Enabling effective cross-functional coordination between IT, operational risk, compliance, and crisis response teams
• Conducting walkthroughs and scenario-based exercises that validate resilience planning, expose hidden gaps, and test stressed exits from critical third-party providers
• Building resilience design and testing protocols specifically for Generative AI tools and workflows
• Key insights from financial market infrastructure stress testing to improve institutional preparedness and systemic resilience
• Can resilience be outsourced? Evaluating the risks and opportunities of third-party continuity services and external crisis partner
Cem Osken, Head of Technology Risk, Lloyds Banking Group
Dominic-Victor Masny, Head of Operational Controls, Risk & Resilience, Sompo
INCIDENT RESPONSE
9:35 Enhancing Incident Response and Crisis Management Protocols
Equipping teams across functions with the knowledge and confidence to respond swiftly and effectively during high-stakes incidents
Ensuring stakeholder contact lists are current, accessible, and integrated into response plans
Strengthening crisis management capabilities through regular testing, simulations and tabletop exercises, in line with regulatory expectations such as Consultation Paper 24/28 on Operational Incident and ThirdParty Reporting
Leveraging business continuity frameworks to manage communication, safeguard customer trust, and mitigate reputational damage in the aftermath of disruption
Ayesha James, Former Group Third Party Risk Steward & Europe Head of Operational & Resilience Risk
THIRD- AND NTH-PARTY RISK - PANEL
10:20 Third-Party and Fourth-Party Risk: Beyond Due Diligence
• Enabling continuous monitoring and predictive risk scoring for third and fourth parties
• Using smarter onboarding tools to gain greater visibility into supplier and vendor risk profiles
• Managing subcontractor risk and exposures across complex software supply chain ecosystems
• Meeting regulatory expectations on TPRM under DORA, PRA and EBA Guidelines
Samikendra Gosh, Global Head of Third-Party Risk management, Howdens
Alex Dorlandt, Head of Supplier Risk Policy & Regulation, Internal & External Supplier Risk | CCOR Risk Function, Lloyds Banking Group
10:55 MORNING REFRESHMENT BREAK & NETWORKING
SUPPLY CHAIN
11:25 Supply Chain Disruption: Lessons from Recent Incidents
• Lessons from Microsoft/CrowdStrike outage, CDK Global ransomware, and other major incidents
• Leveraging technology-driven vendor assessments to strengthen operational readiness
• Mapping dependencies and services by identifying critical third-party links and single points of failure across the ecosystem
• Building early warning systems and crisis communication protocols to respond swiftly to disruption
TECHNOLOGY RISK
12:30 Technological Resilience/risk: Addressing Infrastructure Vulnerabilities and Single Points of Failure
• Identifying legacy infrastructure or system components whose failure could severely disrupt operations
• Leveraging diverse platforms, redundancies, and backup systems to prevent cascading service outages
• Enhancing real-time monitoring and telemetry to detect infrastructure stress points and early signs of failure
• Upgrading ageing technology stacks to support scalability, interoperability, and operational continuity
1:05 LUNCH BREAK AND NETWORKING
CHANGE RISK
2:05 Managing Change Risk in Large-Scale Digital Transformation Programs
• Governance frameworks for managing risk in large-scale transformation and IT change initiatives
• Common control failures during system migrations, upgrades, and agile development cycles
• Embedding risk ownership into DevOps pipelines and product delivery workflows
Maintaining assurance across release cycles and post-go-live phases
• Practical strategies for reducing systemic risk from software rollouts and platform transitions
DATA ETHICS - PANEL
2:40 Data Ethics and Operational Risk: Where Innovation Meets Exposure
• Navigating the ethical and reputational risks of data monetization, personalization tools, and algorithmic targeting
• Managing privacy, consent, and data ownership across conflicting global regulatory environments
• Exploring how poor data quality, lineage gaps, or biased datasets can lead to operational breakdowns
• Embedding ethical AI principles and responsible data frameworks into day-to-day risk governance and controls
Martin Blow, Data Expert
3:25 AFTERNOON REFRESHMENT & NETWORKING
ESG
3:55 Integrating ESG into Operational Risk Management
• Practical steps for embedding ESG factors into operational risk frameworks, controls, and day-to-day processes
• Leveraging ESG data, advanced analytics, and enabling technologies to assess exposure and inform decision-making
• Using scenario analysis and stress testing to model environmental, social, and governance-related risk events
• Aligning ESG risk strategies with regulatory frameworks such as CSRD, TCFD, and ISSB to ensure compliance and transparency
Sean Miles, Head of Risk and Compliance, Buckinghamshire Building Society
RISK CULTURE - PANEL
3:55 Strengthening Risk Culture in a Digital and Automated World
• Embedding staff-wide understanding of cyber hygiene, phishing threats, and fraud prevention in daily practices
• Upskilling operational risk professionals to navigate digital tools, data automation, and AI-enabled environments
• Fostering ownership and ethical decision-making in automated and algorithm-supported processes
• Applying behavioral science, gamification, and design thinking to build an engaging and resilient risk culture
Sean Miles, Head of Risk and Compliance, Buckinghamshire Building Society
Sean Titley, Deputy CRO, Bank of London
5:15 CHAIR’S CLOSING REMARKS
5:25 END OF CONFERENCE
Why should you be attending these sessions?
Keep Ahead of Regulatory Disruption
• Gain clarity on how DORA, NIS2, the EU AI Act, and the 2024 UK Corporate Governance Code are driving change across operational risk and compliance functions
Understand how regulators are addressing digital transformation and what postBrexit frameworks mean for UK financial institutions
Strengthen Risk Governance in Agile Environments
• Learn how leading institutions are evolving the Three Lines of Defence model to align with agile delivery, cross-functional squads, and fast-paced product development
Discover governance strategies that embed risk controls into digital workflows, DevOps pipelines, and AI innovation
Build Cyber Resilience Against Next-Gen Threats
Hear case studies on deepfakeenabled fraud, state-sponsored cyber threats, and ransomware disruptions like the ION attack
• Take away practical strategies to implement Zero Trust, enhance endpoint detection, and build integrated cyber incident response capabilities
Discover the Real-World Impact of GenAI and Agentic AI
• Explore how risk teams are using GenAI for control testing, regulatory interpretation, and surveillance in trading environments
• Prepare for the future of autonomous AI systems by examining governance, model explainability, and risk-response automation
Prepare for Operational Risk in a Tokenized, Quantum-Enabled Future
• Examine how tokenized assets and DeFi are redefining custody models and infrastructure dependencies
• Understand the potential cryptographic risks posed by quantum computing and how to future-proof your systems
Translate Operational Risk Insights into Executive Action
• Understand how to communicate emerging threats and resilience metrics to boards and senior leadership
• See how peers are using risk intelligence and anomaly detection to drive strategic decision-making across the enterprise
Anticipate Infrastructure Failures Before They Happen
• Learn how to identify fragile legacy systems and build diverse platforms and telemetry that prevent cascading outages
• Get insight into scalable upgrades and redundancy planning to support operational continuity in complex environments
Shape the Future of the Operational Risk Function
• Be part of the conversation on what operational risk management will look like in 3, 5, and 10 years
• Discover how talent, culture, ethics, and data literacy are evolving—and what skills the next generation of risk professionals will need
Sponsorship & Partnerships
Thought leadership
Advance your expertise, knowledge, and experience with a presentation, a panelist, or a roundtable discussion. Why not enhance that with an article published in Connect Magazine and CeFPro® Connect?
Lead generation
Meet with key decision makers and senior professionals at CeFPro® events, roundtables, or at an invite-only dinner.
Branding and awareness
Want to advance your organization and/or your products or offerings? What better way than at a live in-person event where you will meet leading decision-makers, or online through CeFPro®’s market intelligence reports, Connect Magazine, or Connect member’s hub.
Networking
Whether over coffee, lunch, drinks reception, or dinner, expand your network connections in person.
Positioning in the industry
Whether you are the industry leader or a start-up, CeFPro® has opportunities to maintain, advance, or promote your standing among the risk community.
Targeted and one-on-one meetings
General promotion is no replacement for connecting with key decision-makers and C-suite professionals, whether at an event, a closed-door forum, a networking reception, or a VIP dinner.
Reach business buyers
Outside of marketing and promotion, CeFPro®’s extensive range of offerings can provide clients with opportunities to reach key decision-makers and buyers.
Would your organization like to partner with us on this event?
To discuss how we can deliver your thought-leadership at the event, help you generate leads, and provide you with unique networking and branding opportunities, please contact sales@cefpro.com or call us on (+1) 888 6777007 | +44 (0)207 164 6582 for more information.
Past sponsors
2025 Speaker Line-up
Martin Blow Data Expert
Alex Dorlandt Head of Supplier Risk Policy & Regulation, Internal & External Supplier Risk | CCOR Risk Function Lloyds Banking Group
Nitesh Kumar Managing Director, RISK ORM, Global Head - Cyber and Payment Systems Risk, Technical Testing & Automation Center BNP Paribas
Sean Miles Head of Risk and Compliance Buckinghamshire Building Society
Gary Savill Head of Enterprise Risk Management, Risk & Compliance Starr Companies UK
Philip White Head of Operational Risk Aldermore
David Bonavia Lead Operational Risk Framework Manager Metro Bank
Nassos Economopoulos Head of Technology & Cyber Risk Rothesay
Tin Lau Chief Risk & Compliance Officer Mirae Asset Securities
Desmond Campbell Regulatory Projects Delivery Lead AJ Gallagher
Samikendra Gosh Global Head of Third-Party Risk management Howdens
Kishan Majithia Executive Director, Cyber and Technology Controls JP Morgan Chase
Anthony Muhammad Deputy Head of U.S. Stress Testing, Capital, Scenarios, & Framework, Operational Risk Barclays
Sean Titley Deputy CRO Bank of London
Cem Osken Head of Technology Risk Lloyds Banking Group
Rebecca Urang Head of Operational Risk Mitsui Bussan Commodities, Ltd
To view the full Operational Risk & Technology Europe 2025 speaker biographies scan the QR code or click here
Ayesha James former Group Third Party Risk Steward & Europe Head of Operational & Resilience Risk
Dominic-Victor Masny Head of Operational Controls, Risk & Resilience Sompo
Elena Pykhova Author Operational Risk Management in Financial Services
Faye Wilde Associate Director, Operational Risk & Compliance National Australia Bank Limited
Convince your Boss
#1 What Your Boss Will Say: “What’s included within the ticket price?”
“For the price of my ticket, I’ll have full access to both days of CeFPro’s Operational Risk & Technology Summit, where we’ll explore critical topics such as regulatory change, cyber resilience, GenAI governance, cloud transformation, and the evolving nature of operational risk in digital-first environments. The agenda features expert-led sessions, fireside chats, and panel discussions designed to provide actionable insights we can bring back to the business. The event also offers structured networking opportunities with senior professionals from risk, compliance, audit, technology, and resilience teams, including breakfast and lunch on both days, and a dedicated drinks reception at the end of Day One.
In addition to the live experience, I’ll gain access to post-event resources and speaker slides to revisit and share key takeaways. I’ll also be able to explore further research, interviews, and insights through the CeFPro Connect platform, helping us stay ahead of evolving threats, technologies, and regulatory expectations impacting operational risk.”
#2 What Your
Boss Will Say: “Will you learn anything of value that we can integrate into our strategy?”
“The agenda for the Operational Risk & Technology Summit has been built through in-depth research with senior leaders across operational risk, technology, cyber resilience, and compliance functions. Every session is designed to tackle the current and emerging challenges facing financial institutions today.
Sessions will offer practical insights into aligning risk and tech teams, strengthening governance in digital environments, and adapting to the pace of regulatory change. We’ll also explore how to futureproof operational risk frameworks in the face of GenAI, cyber threats, and increasing third-party dependencies. We’ll return with forward-looking strategies and practical tools to enhance our own frameworks, improve resilience, and prepare for the next generation of operational risk.
Below is a breakdown of the seniority of the speakers you’ll gain insights from:”
#3 What Your Boss Will Say: “What specific benefits will attending this event bring to our team?”
“This event is a great opportunity for professional development across risk, compliance, tech, and audit teams. The agenda covers the practical challenges we’re facing right now—like GenAI governance, digital transformation risks, regulatory compliance, and strengthening operational resilience.
Group discounts are available, so we could attend as a team to align on strategy and improve crossfunctional coordination. If I attend solo, I’ll share the post-event materials and insights with the wider team—and we’ll also have access to additional resources through CeFPro Connect.”
#4 What Your Boss Will Say: “What will we do with you out of the office for 2 days?”
“I’ll be fully reachable if needed as the venue has Wi-Fi, and there are regular breaks built into the agenda.
This is a rare chance to benchmark our operational risk strategy against peers from across financial services, learn how others are navigating new regulations like DORA and the AI Act, and bring back actionable insights for enhancing our frameworks. The time out of office will be more than made up for by the long-term value to our risk posture.”
#5 What Your Boss Will Say: “How will you share the knowledge and insights gained with the rest of the team?”
“I’ll take detailed notes during key sessions and can put together a short summary or presentation highlighting the most relevant insights and action points for our team.
We’ll also receive post-event materials—including speaker slides, interviews, and follow-up content— which I can share internally. This will help us apply the latest thinking on operational risk, cyber resilience, AI oversight, and regulatory change directly to our own frameworks.”
For further help in convincing your boss to let you attend, Scan the QR code or click here for access.
Venue & Location
Canary Wharf Shopping Centre
Discover a mix of high-end and high-street retail brands, along with excellent dining options, all just steps away from the venue.
Museum of London Docklands
Just a short walk away, this museum offers a fascinating look into London’s maritime and trading history.
Hilton London Canary Wharf, South Quay, Marsh Wall, London, E14 9SH, United Kingdom
Crossrail Place Roof Garden
A hidden oasis above the city, this lush garden features exotic plants and a peaceful setting, perfect for a quick break or some quiet reflection.
Nearby Hotels
Boisdale of Canary Wharf
A lively Scottish restaurant and jazz club offering fine dining, live music, and an extensive whisky collection— ideal for relaxed evening networking.
Booking a hotel at Hilton London Canary Wharf places you in the heart of one of London’s key financial districts, offering seamless access to CeFPro’s Operational Risk & Technology Summit. The hotel is wellconnected via the Jubilee Line and DLR, ensuring quick and easy transport across the city. Other nearby accommodation options include:
• Canary Riverside Plaza Hotel – A luxury stay with stunning river views and top-tier amenities.
• London Marriott Hotel Canary Wharf – A stylish option with modern comforts and easy access to the DLR.
• Novotel London Canary Wharf – A contemporary hotel featuring a rooftop bar with panoramic skyline views.
• Radisson Blu Edwardian New Providence Wharf – A sophisticated riverside hotel known for its elegant rooms and tranquil setting.
Registration
Launch Rate
July 17
Early Bird Rate
August 22
Standard Rate
After August 22
*For those representing a financial institution/government body
Group Rates
Seize the opportunity, bring the team to advance their professional development and knowledge with our group booking promotion.
50% OFF:
Purchase two tickets and receive the third registrant at 50% off the prevailing rate
Free Pass:
Don’t stop there, as the more people you register, the better the savings. With every four tickets bought, the fifth is on us, completely free!
Bringing your team not only enhances the overall experience, but also fosters significant team building among colleagues while allowing you to save on your registration.
What’s Included
Access to 20+ sessions
Networking: 7+ hours
Lunch + Refreshments
Networking cocktail reception
PPT slides/decks
Podcasts with industry experts
Videos and interviews from the event
Connect Magazine complimentary
CeFPro Connect membership
Community network and engagement
Market intelligence reports access
To register your place at the best rate possible, click here, or scan the QR code.
Topic Related Insights
Anticipating the Unthinkable: Strengthening Operational Resilience through Scenario Planning
Stefana Brown, Group Technology and Data Risk Director, L&G Legal & General
In an evolving risk landscape where non-financial threats such as cyberattacks, geopolitical instability, and technology failures loom large, scenario planning has become a cornerstone of effective resilience strategy.
From the vantage point of a senior risk leader responsible for technology and data risk across a major financial institution, CeFPro’s recent flagship Risk Evolve event enabled me to further reflect on how the practice of crisis simulation has matured – and where it must go next.
The regulatory shift in recent years has been significant. Once focused narrowly on identification and control, the emphasis has now decisively expanded to resilience, response and recovery.
Regulatory initiatives such as the UK’s operational resilience framework and the EU’s Digital Operational Resilience Act (DORA) are sharpening expectations.
These frameworks demand not just proof of continuity planning but also assurance that critical third-party dependencies are rigorously tested under extreme yet plausible scenarios.
Regulators are beginning to look beyond the institutions they supervise directly, aiming to assess systemic resilience across networks of suppliers and service providers.
In doing so, they are relying on firms to act as the first line of defense – a responsibility that cannot be fulfilled with paper-based exercises or outdated assumptions.
To respond to increased regulatory expectations, scenario planning today can no longer be a mere checkbox in a risk management playbook. It has become a dynamic tool to test the limits of organizational resilience under conditions that could fundamentally disrupt critical operations.
The message from supervisory bodies is clear: firms must be able to demonstrate not only how they would withstand a disruptive event, but also how quickly and effectively they can recover.
To continue reading click here, or scan the QR code.
A significant part of the responsibility now lies in ensuring that scenario planning reflects operational realities. In my experience as a risk leader, I have seen a shift change in how scenarios are designed and run,
Topic Related Insights
Why Spreadsheets Won’t Save Your Risk Strategy
Naresh Singhani, Director of Internal Audit Data Analytics, First Citizen Bank
For decades, Risk Control Self-Assessment (RCSA) has been a cornerstone for identifying and assessing risks and evaluating control effectiveness. Amidst cybersecurity threats, regulatory changes, and process evolution, are firms optimally using the latest technology to enhance RCSA processes?
RCSA is vital for identifying strategic, operational, financial, or compliance risks and assessing their likelihood and impact. Legal Entities (LEs) and Business Units (BUs) must perform RCSA periodically, yet stakeholders often find it tedious due to outdated tools like Excel. Upgrading to AIdriven tools with advanced GUIs can make RCSA more efficient and engaging.
Efficient documentation of assessment inputs and proper action plans are critical. Tools like Tableau and Alteryx enhance reporting and charting but often face data silos and restricted access issues. Overcoming these challenges with better data integration and transparency is essential.
RCSA’s periodic nature can lead to stakeholder fatigue, but Enterprise Risk Management (ERM) can address this by leveraging Robotic Process Automation (RPA) and AI. Real-time triggers and AI-based inputs can revolutionize the RCSA
process, enabling proactive mitigation of risks and higher efficiency.
Data collection challenges persist due to disparate systems and data quality (DQ) errors. AI can streamline data feeds and exception reporting, reshaping ERM frameworks. Large firms are already investing in AI and robotic tools to build Risk Language Models (RLMs), which can ingest and analyze enterprise risk data to improve decision-making.
Cybersecurity risks and regulatory compliance are top priorities. Integrating cybersecurity systems with RLMs via APIs enables real-time risk visualization. Similarly, RCSA helps identify regulatory compliance risks, such as AML violations, using data feeds from regulatory systems.
Deploying tools like RiskGPT, a ChatGPT-style interface, allows professionals to query risk data, identify weak controls, and generate reports or visualizations instantly. This innovation transforms RCSA and ERM into agile, data-driven systems, ensuring firms stay competitive and resilient. To continue reading click here, or scan the QR code.
Great minds think alike, but brilliant minds think differently.
Your New Personalized Gateway to the Latest Risk Intelligence has Arrived.
Join a community of industry leaders and the new generation of talent shaping the future of risk management.
For our global audience, Connect means access to exclusive, collaborative, high quality risk management insights and discussions, no matter where you are:
• Watch, listen, and read your way through our extensive library of resources
• Access exclusive interviews, presentations, thought-pieces, industry intelligence, and more
• Discuss the most talked about trending topics and share your perspective
• Collaborate with like-minded professionals and build new relationships
Embark on an exciting journey of discovery. Start exploring Connect today.
