A lot of excellent information was presented. Great resource material to follow up on. - Associate Vice-President, Financial Services
University of Saskatchewan
13th Annual Event!

Operational Risk Canada 2018

Advance Your Knowledge in Operational Risk Practices in the Current Regulatory Environment

October 16-17, 2018 · Optional Workshop: October 15, 2018 · Toronto, Ontario
PREVIOUS Day One Program Agenda: (2017)
8:00 - 9:00        Registration and Continental Breakfast
9:00 - 9:10
Welcome and Opening Remarks from the Chair
Andrew Richardson, VP, Enterprise and Operational Risk Management, Coast Capital Savings
9:10 - 9:55
Regulatory Developments in Operational Risk Policy
Megumi Nishikawa, Director Operational Risk Division, Office of the Superintendent of Financial Institutions Canada
  • Guideline E-21 and communicating supervisory expectations
  • Proposed regulatory changes
  • Ascending operational risks
  • Supervisory trends and focus
9:55 - 10:40
Risk Culture, Conduct and Accountability
James Nelson, VP and Head, Risk Governance, and Operational Risk, BMO (Chicago)
  • Key drivers of and challenges for managing conduct risk
  • Conduct as a lens into Culture,
  • Establishing conduct risk metrics
  • Developing culture and conduct benchmarks
10:40 - 10:55        Networking Break
10:55 - 11:40
Effective Strategies to Managing Cloud Security Risk
Julius Azarcon, Global Practice Leader, Risk Advisory, Scalar Decisions
  • Key principles for managing cloud cybersecurity risk
  • Common misconceptions and how to avoid them
  • The top 5 fundamental cloud security controls you should implement
11:40 - 12:15
Addressing the Interplay between the Fraud Function and other Counterparts in Risk
Ed Rosenberg, Chief Security Officer, BMO Financial Group
  • Interaction of a second line (fraud) function in the oversight of first line operations
  • Importance of collaboration and aggregation of information across multiple stakeholders
  • How can generalists challenge the specialists
12:15 - 1:30        Luncheon Break
Bill Dunnion, Director Cyber Security and Solutions, Calian
Andrew Richardson, Enterprise and Operational Risk Management, Coast Capital Savings
1:30 - 2:15
Case Study: Mitigating Third-Party Risk at Coast Capital Savings
Norman Hait, Manager, Vendor Management, Coast Capital Savings
  • OSFI B-10 requirements in practice
    • Definition of outsourcing vs. third party
    • Materiality assessment
    • Risk assessment
    • Contractual requirements (e.g. Audit Rights)
    • Sub-contracting
    • Monitoring / Due Diligence
  • Optimal Org Structure / R&R / 3LOD
  • Key Risk Indicators
  • Cloud computing risks
Cyber Risk Mitigation and Law Enforcement Engagement for Financial Services
Kenrick Bagnall, Detective Constable, Computer Cyber Crime, Toronto Police Services
  • Landscape of cyber from a law enforcement lens
  • Leveraging law enforcement for your risk mitigation and cyber breaches
  • Examples of incidents and outcomes
  • Assess the infrastructure dependencies and best practice responses
2:15 - 2:45        Networking Break
2:45 - 4:00
Interactive Workshop Session:
Best Practices for Third-Party Risk Management
Katherine Macpherson, National Leader, Operational Risk, Financial Services Advisory, EY
  • Third-Party risk management trends
  • Developing an effective end-to-end third party risk assessment framework over entire life-cycle
  • Developing a third-party risk appetite statement
  • Methods for managing and providing oversight of third-parties beyond vendors
  • Third-Party risk management tooling options
Interactive Workshop Session:
Developing your Cybersecurity Action Plan
Abhay Raman, Partner, Cyber Risk Leader, Canada, EY
  • The cyber landscape
  • Cyber security control framework: components, challenges, etc.
  • Evolution of the 2nd line function
  • Oversight of third-parties
  • Pros and cons of purchasing cyber insurance
  • Managing multiple regulatory cyber security frameworks
  • Board awareness and education
4:00 - 4:50
Managing Risk during Digital Transformation
Leon Punambolam, AVP Digital Transformation and Industry Leader, Cowan Insurance Group
  • Strategy, not technology, drives digital transformation
  • Beyond experimentation and into commitment
  • Acquiring capabilities
  • Becoming quicker and data driven
  • Enabling customer-centricity
  • Risks and opportunities
  • Commercializing data and business model innovation
4:50 - 5:00
Chairperson's Closing Remarks
Andrew Richardson, VP, Enterprise and Operational Risk Management, Group Risk Management Coast Capital Savings
5:00        End of Day One

5:15 - 6:30
Cocktail Reception Hosted by EY

Take advantage of networking opportunities to meet other risk management professionals at our cocktail reception.

Networking Opportunities - Who You Will Meet:
  • Risk Officers
  • Vice-Presidents and Directors of Risk Enterprise Risk
  • Operations Risk
  • Information Security
  • Enterprise Risk Management
  • Information Technology
  • Information Systems
  • Risk
  • Business Continuity
  • Outsourcing
  • New Initiatives and Change Management
  • Internal Audit



Operational and compliance risks have become more complex and entwined, increasing the potential for failed processes that govern control breakdowns. Silo mentality is in itself a risk and the operational risk leader is in a unique position to provide their enterprise with a holistic governance approach that brings together the entire risk portfolio. You need mitigate risks with an eye on the big picture. Cybersecurity ranks as the #1 priority for financial institutions today, permeating the breadth of every function across your organization. Many risk leaders without technical skills are overwhelmed by the scale of the potential threat.

Infonex's annual Operational Risk Canada will provide you with strategies to focus your cyber efforts. Canadian financial institutions, once immune to the scandals plaguing out of country, are now in the spotlight for their misconduct and mis-selling. Hear how you can improve conduct, culture, and customer experience; not in isolation, but combined to truly seize a competitive advantage. As big data drives the demand for financial institutions to be like tech companies, your risks under the technology umbrella, increase. You need best practises on how to keep up with the moving target of IT risk. Third-party risk management is an ongoing area of concern and we have thought leaders to address what is emerging on this front, into 2018.

Our Operational Risk Canada agenda provides something for early to advanced learners in ops risk, tokens of wisdom for various stages of OpRisk implementation, as well as focused areas for risk so your entire team will be engaged. As OpRisk Leaders, you have been honing the discipline of enterprise risk as a matter of practice. Your contributions to the strategic risk mitigation of your organization have never been more in focus.

As a leader with risk oversight you are in a constant need to strengthen your systems against dynamic, ever-changing risks. Join us in Toronto and get guidance on your most pressing operational risk challenges. Register today!

Telephone: 1.800.474.4829  |   360 Bay Street, Suite 900, Toronto, ON  M5H 2V6   |   Fax: 1.800.558.6520  |  Contact Us
© 2000-2018 INFONEX Inc.