Mastering Advanced Operational Risk by Storm-7 Consulting

MASTERING ADVANCED OPERATIONAL RISK

TRAINING PROGRAMME

THE COURSE OVERVIEW

Operational risk, or the risk of loss resulting from inadequate or failed internal processes, people, or systems, is one of the most important and crucial areas that banks and financial services firms (Firms) face today. In this modern era of cyber attacks, rogue traders, and technology failures, establishing robust and cutting-edge operational risk best practices is imperative for Firms operating around the world. This requires a systematic approach to the control of all operational risks and the establishment of an effective Enterprise Risk Management (ERM) culture. This superior and unique operational risk training course will provide Firms with training across a wide breadth of areas pertinent to operational risk management governance. Attendees will be trained in a wide range of areas such as developing new and cutting edge internal risk control functions, developing operational efficiencies, mitigation of enterprise-wide operational risk, support and control functions, and modern risk measurement and management techniques. The highly flexible and modular nature of the training course allows Firms to customise it according to their own specific internal needs. From a high level perspective the training course will set out key steps in developing an operational risk framework, defining the scope of business, developing a risk policy, documenting an Enterprise Risk Document, and the Three Lines of Defence.

WHAT ARE THE KEY BENEFITS? Advanced knowledge and understanding of the latest developments in operational risk analysis and monitoring tools, strategies, and technologies.

The Expert Trainers will provide you with unique and unparalleled real life experience in analysing major risk situations, and will provide a wide range of case study examples.

The Expert Trainers bring a wealth of experience amassed creating, developing, and improving operational risk frameworks at leading banks and financial services firms around the world.

You will feel significantly more confident in making crucial risk control decisions.

The participative nature of the training course will allow you develop a practical focus on how to apply operational risk frameworks within your firm, and how to effectively tackle line management issues.

WHO IS THE COURSE SUITABLE FOR? Back Office Function Compliance Managers Compliance Officers External Auditors Financial Services Consultants Front Office Function Heads of Compliance Heads of Operational Risk Heads of Operations Heads of Risk Internal Auditors Risk Managers

EXPERT TRAINERS BIOGRAPHY

OM CLARK is a senior and innovative Risk and Compliance Management

Expert. He was previously the Head of Operational Risk at OpenWealth – Citi, now Genpact where he was in charge of risk strategy and development and proactively monitoring the legal and regulatory environment. At Citi Tom worked with a team of legal, Compliance and Governance professionals to put in place operational & regulatory improvements in order to increase the effectiveness of the control environment within the business. He also played a key role in effectively managing and resolving complex compliance issues including CASS6 and CASS7 events. Tom was also the founder and owner of Tom J. Clark Consultancy Limited, an expert risk consultancy firm. Some of the firm’s key achievements include acquiring sign-off for a ‘non-standards’ approach to client money reconciliations, pioneering a new governance structure to negotiate and manage escalated issues from commercial clients, and establishing a new and innovative Operational Events (Breaches and Incidents) process. His previous roles include more than eighteen years of experience at the Royal Bank of Scotland during which he acquired an expert knowledge of the financial and banking systems. This included roles such as Financial Planning Consultant (1993-1998); Training and Development Manager (1998-2002); Private Banking Manager (2002-2005); Regulatory Risk Manager (2005-2007); Regulatory Monitoring Manager (2007-2011). As Compliance Manager at Aegon (20112012) he played an active role in key compliance projects covering the Retail Distribution Review (RDR), Regulatory Reporting, Pension Reform, and was also responsible for establishing a Compliance Risk Universe and helping set-up the Compliance Assurance team.

SKILLS

OM CLARK developed strong skills in Risk Management, Operational &

Regulatory Risk, AML and Client Money & Asset (CASS) regime, he also has a deep knowledge in Compliance, Banking, Investment, Assurance. He knows how to manage Enterprise Risk, Portfolios. His skills include also Retail Banking, Corporate Governance, Private Banking and Financial Planning.

ACCREDITATION

e has an Advanced Financial Planning Certificate from the Chartered Institute of Insurance (1998), an IPD Certificate in Training Practice from the Glasgow College of Commerce (2002), a Certificate of Mortgage Advice & Practice from the Institute of Financial Services (2004) and an Advanced Certificate in Regulatory Risk and Compliance from the Manchester Business School (2011).

BIOGRAPHY

OHN THACKERAY is a Strategic Business Risk and Compliance Consultant and an Interim Executive Manager specialised in Risk Identification, Risk Frameworks, Governance and Compliance Programmes. He has over 16 years’ experience in Risk Management acquired through previous roles including Head of Equity Finance Risk at Deutsche Bank (2001-2004) where he developed portfolio stress testing and allowed the bank to win the First Award for recognition for Risk Leverage; Director of Cross Product Margining at CitiGroup (2004-2007); Chief Risk Officer at Penson Worldwide Holdings, a US Clearing and Futures Firm (2008-2009) where he managed to improve the risk culture of the Bank; Risk Consultant at HSBC (2010) where he executed and implemented new technology for risk and margin-based finance; Chief Risk Officer at SociétéGénérale (2010-2011) in charge of the design and framework of margin and risk; Operational Risk and Risk Identification Officer at Bank of The West (2014-2015) during which he developed Policies and Procedures for CCAR and was responsible for Risk Taxonomy for CCAR; Associate Director at RBC Capital Markets (2015-2016) where he was responsible for Model Validation CCAR, Risk Framework and Governance CCAR and Scenario Design & Stress Testing. John is also the founder and the owner of John Thackeray Consulting LLC, an expert risk consultancy firm, launched in 2010, that provides business risk and compliance consulting on an international platform. John has worked on numerous projects including the creation of different Prime Brokerage Platforms, the rebuilding of a Risk and Margin Platform (2010), the launching of two Risk Identification Programs (2015) for US Regional Bank for CCAR and for an IHC comprising a US Broker dealer and a US Regional Bank. As Chief Risk Officer, he also set up a Risk Radar (2011) for Société Générale to facilitate a warning system for US banks.

SKILLS

OHN THACKERAY is a specialist in Risk Management, Governance,

Operational Risk, Market Risk, Liquidity Risk and Risk Assessment. He also developed an expert knowledge covering Hedge Funds, Derivatives, Financial Institutions, Stress Testing. His skills include also Capital Management, Retail Banking, Treasury Management, Interest Rate Risk Management.

ACCREDITATION

ohn has a Diploma of Financial Studies (MBA, Top Fifty on completion UK) from the Chartered Institute of Banking (1996), a certification as Fraud Examiner from the Association of Certified Fraud Examiners (2014), an Associate’s Degree as Certified Anti-Money Launderer from the Association of Anti-Money Laundering Specialists (2014), an Associate’s Degree from the Association of Certified Financial Crime Specialists, an Associate’s Degree from the Association of Corporate Treasurers, an Associate’s Degree in Marketing from the Chartered Institute of Marketing, and an Associate’s Degree in Project Management from the Institute of Project Management (2007).

COURSE MODULES MODULE 1:

AML AND KYC FRAMEWORKS • Overview of Legal Frameworks (Proceeds of Crime Act 2002, Terrorism Act 2000, Money Laundering Regulations 2007). • Establishing Advanced ‘Detect and Control’ Fraud and Manipulation Frameworks, Risk Sensitive Customer Due Diligence (CDD) Requirements, and Risk Assessment Policies. • Overview of the Fourth Anti-Money Laundering Directive (2015/849) (AMLD). • Transforming Investigative Processes with New AML/KYC Technologies.

MODULE 3:

BASEL III OPERATIONAL RISK FRAMEWORKS • The Basel Accords and the Three Pillar Basel Framework. • Basel II Changes to Capital Adequacy, Market Liquidity Risk, Stress Testing, Capital Requirements, Countercyclical Capital Buffers, Capital Conservation Buffers. • Establishing Effective Liquidity Coverage Ratio (LCR), Net Stable Funding Ratio (NSFR) and Basel Operational Risk Frameworks.

MODULE 5:

ESTABLISHING OPERATIONAL RISK APPETITES • Identifying and Classifying Operational Risk Categories. • Identifying Operational Risk Appetite and Control Appetite (Methodologies). • Identifying Potential Direct Losses (Fines, Client Relationships, Reputational Damage). • Identifying the Drivers of Reputational Risks, the Media and Reputation, and Managing Reputational Risk.

MODULE 2:

BASEL II OPERATIONAL RISK FRAMEWORKS • Basel II Operational Risks (Internal Fraud, External Fraud, Employment Practices and Workplace Safety, Clients, Products and Business Practices, Physical Asset Damage, Business Disruption and System Failures, Delivery, Transaction, and Process Management. • Identifying Core Business Operational Vulnerabilities and Setting Key Risk Indicators (KRIs) (Prediction, Metrics, Benchmarking, Status Monitoring). • Analysing, Mapping, and Managing Operational Risks, Mapping Causes to Events to Effect.

MODULE 4:

BASEL IV OPERATIONAL RISK FRAMEWORKS • Basel 4 and the Single Standardised Approach to Operational Risk (Counterparty Risk, 2014; Market Risk, 2016, Interest Rate Risk, 2016), Standardised and Internal Model Based Approaches, and the Application of a Capital (‘Output’) Floor. • Higher Capital Requirements and Risk Weightings, Evolved Stress-Testing, and Macro-Prudential Tools.

MODULE 6:

BEST PRACTICES FOR OPERATIONAL RISK MANAGEMENT FRAMEWORKS • Identifying Major Risks, Operational Risk Management Setup, Identification Tools, Root Cause Analysis (RCA), Historical Incident Data (Internal, External), Governance, Events and Losses, KRIs, Key Performance Indicators (KPIs), and Key Control Indicators (KCIs). • Defining Materiality of Operational Risk Measures (Loss Amount, KRI Breach, Operational value-at risk (OpVaR), Red, Amber, Green Status (RAG)) in terms of Firm Business Objectives. • Identifying and Capturing Key Firm Risk Interdependencies. • Overview of Quantification Techniques (Scenario Analysis, Loss Distribution Approach, Scorecards).

MODULE 7:

MODELLING OPERATIONAL RISK • Capturing Risks within the Risk Management Process (Inherent Risk, Residual Risk, Expected Risk, Targeted Risk, Control Risk). • Stress Testing and Scenario Analysis, Combining Loss Data and Qualitative Data. • Capital Modelling Methodologies. • An Overview of Risk Control Self- Assessment (RCSA), Loss Event Recording, and Operational Risk Capital Calculation.

MODULE 9:

ADVANCED INTEGRATION OF RISK FRAMEWORKS • The Interaction of Operational Risk Management and Six Sigma and Lean. • Integration of Market Risk, Credit Risk, and Operational Risk Frameworks, Levels of Risk, Effectiveness of Controls Scale. • Developing Holistic Operational Risk and Compliance Frameworks (Integration of Governance, Risk and Compliance (GRC) Function with new Compliance Risk Sources (Customer, Product, Channels). • Aligning Risk Governance, Monitoring, and Testing approaches across existing Lines of Business.

MODULE 11:

IMPLEMENTING EFFECTIVE CYBER RISK AND DATA SECURITY OPERATIONAL FRAMEWORKS • Identifying and Mapping Operational Threats, Vulnerabilities, and Weaknesses (Data Theft, Cyber Fraud, DDOS Attack, Intellectual Property Loss). • Effective Integration of Cyber Resiliency Frameworks into Operational and Technology Frameworks. • Monitoring, Auditing, and Testing Cyber Risk and Data Security processes and Managing Cyber Event Outcomes. • Evaluating Third Party Professional Risk Technology Solutions.

MODULE 8:

RISK CONTROL SELF-ASSESSMENT (RSCA) • Identification, Recording, and Assessment of Potential Material Risks, and Identification and Assessment of Risk Controls. • Evaluating Internal Risk Appetite and Organisational Tolerance. • Mapping Areas of Risk and Developing a Risk Prioritisation Map. • Developing an Effective Internal RSCA Framework (Frequency, Risk Exposures, Risk Questionnaires, Risk Incidents, Review of External Information, Methodologies, Stakeholder Review).

MODULE 10:

OPERATIONAL RISK MANAGEMENT, CULTURE, AND CONDUCT RISK • Establishing Sound Internal Governance and Culture, the Financial Conduct Authority (FCA) Sources of Conduct Risk (Inherent, Environmental, Structures and Business Conduct). • Relationships with the Board and Senior Management, Proactive Board and Senior Management Oversight, Operational Risk Senior Management Information and Oversight Reports. • Managing Conduct Risk (Competitors, Conflict of Interest, Corporate Governance, Culture, External Economic Factors, Reputation, Sales Practices, Technological Influences). • Managing Reputation Risk and Damage, Assessment of Conduct Risk Technologies.

MODULE 12:

IMPLEMENTING EFFECTIVE RECOVERY AND RESOLUTION TECHNOLOGY FRAMEWORKS • Business Continuity Planning and Building and Effective Disaster Recovery Plan (Objectives, Capital Costs, Underlying Business Requirements). • The Decision to Outsource Disaster Recovery Plan Development and Key Considerations. • Evaluating Technology Solutions for Data Security and Protection. • Key Considerations in Developing Effective Business Continuity Plans.

Level 24/25 The Shard | 32 London Bridge Street | London SE1 9SG www.storm-7.com