Podcasts about Operational risk

Episode 3 of Rethinking EHS, Season 3 focuses on the transformation of risk management in a rapidly changing global environment. The discussion highlights how modern risks now spread faster than ever through interconnected supply chains, social media, workforce pressures, and geopolitical instability.  The episode also explores how organisations are using leading indicators, management systems, and predictive approaches to identify operational risks earlier, while integrating EHS considerations into due diligence, procurement, sustainability, and organisational change processes. Ultimately, the episode underscores that resilience depends on organisations proactively understanding risk, improving communication, and embedding risk management into every level of business decision-making. Rethinking EHS is brought to you by the Inogen Alliance. Inogen Alliance is a global network of 70+ companies providing environment, health, safety, and sustainability services, working together to provide one point of contact to guide multinational organizations to meet their global commitments locally. Visit inogenalliance.com to learn more. *** Guest quotes: Alizabeth Smith: “The risk they hadn't controlled, the risk they hadn't looked at, was cultural.” Alizabeth Smith: “If you don't deal with communication and consistency, people start believing the program will change in six months anyway.” *** Timestamps: 00:00:00 – Introduction to cultural risk management  00:00:33 – Case study: when strong systems still failed  00:01:25 – Identifying cultural breakdowns and lack of trust  00:02:46 – Communication silos in large organisations  00:03:55 – Building a global risk register and consistent controls  00:05:00 – Why onboarding and training often fall short  00:06:09 – Wearables, micro-training, and new approaches to engagement  00:07:27 – Executive incentives and unintended reporting behaviours  00:09:39 – Leading indicators versus lagging indicators  00:11:44 – Case study: transforming culture in a global manufacturing company  00:15:04 – Developing future EHS leadership internally  00:15:51 – Closing reflections  Sponsor Copy Rethinking EHS is brought to you by the Inogen Alliance. Inogen Alliance is a global network of 70+ companies providing environment, health, safety, and sustainability services, working together to provide one point of contact to guide multinational organizations to meet their global commitments locally. Visit inogenalliance.com to learn more. Produced by Madcontent.co.nz *** Links  https://Inogenalliance.com/resources https://Inogenalliance.com/podcast Keith on LinkedIn: https://www.linkedin.com/in/keith-knoke-27587a7 Alizabeth on LinkedIn: https://www.linkedin.com/in/alizabeth-aramowicz-smith-61618615/ Chris on LinkedIn: https://www.linkedin.com/in/chris-trim-51637831/

Cyber and Operational Risk in the Quantum Era: Financial Stability amid Escalating Geopolitical ConflictThis panel took place at the 2026 International Monetary Fund and World Bank Group Spring Meetings.Financial stability is under fire as geopolitics and cyber risk collide. As global tensions intensify and technological capabilities accelerate, financial institutions face a rapidly evolving threat landscape where cyber operations, financial crime, and state-sponsored actors are increasingly intertwined. From ransomware campaigns and sanctions evasion to sophisticated cyber intrusions targeting critical infrastructure, adversaries are exploiting digital systems and global financial networks in new and complex ways.As these threats continue to evolve, the quantum horizon introduces an additional layer of strategic risk. This executive panel will examine how advances in quantum computing could reshape cyber and operational risk across the financial sector, while also considering the growing convergence between cyber-enabled crime, ransomware payments, sanctions evasion, and global illicit finance networks. Leaders from policy, finance, and technology will explore the implications of quantum-enabled decryption, the expanding links between cyber threats and illicit finance, and the operational vulnerabilities that could undermine confidence in critical financial infrastructure.The discussion focused on how institutions and regulators can strengthen resilience, enhance cross-border coordination, and prepare for a future in which emerging technologies, cyber conflict, ransomware, and financial crime increasingly intersect. The panel explored what these developments mean for international efforts to combat cyber-enabled financial crime and how global standards bodies, national authorities, and financial institutions can strengthen cooperation to protect the integrity and resilience of the international financial system.Opening Remarks:Cindy Termorshuizen, Deputy Minister of International Development, Government of CanadaPanelists:Giles Thomson, Director, Economic Crime and Sanctions, His Majesty's Treasury; Incoming President, FATFStefan Ingves, Chair, Toronto Centre; Former Governor, Sveriges RiksbankMichele Mosca, Professor, Institute for Quantum Computing, University of WaterlooModerator:Jennifer Elliott, Assistant Director, Monetary and Capital Markets, IMF; Board Member, Toronto CentreWatch the executive panel session here.Read the transcript here. Read their biographies here.

In this episode, host Kelsey Hipkin was LIVE on location at the Grey Eagle Event Centre in Calgary, AB, for AMTA's 88th Annual Conference, to introduce a very special episode.What separates the safest carriers from the rest? In this episode, recorded on the Grey Eagle Event Centre Stage, April 22, 2026, we explore what industry leaders are doing to prioritize Occupational Health and Safety (OHS), reduce workplace incidents, and maintain top safety ratings.Our panelists for this conversation are Jeff Rosnau, CEO of Whitecourt Transport; Kyle Pouliot, Director of Operations at Caneda Transport; and Matt Cook, Director, HSE & Operational Risk at Arrow Transportation Systems, with moderator Laura Lunt, Board Director at AMTA.If you have any questions for our guests from the Leading with Safety panel, sponsored by Tiger Calcium, or would like to learn more, please contact memberservices@amta.ca, and we will get you in touch with our panelists.As mentioned by Jeff, learn more about AMTA's Certificate of Recognition (COR) program on our website: https://amta.ca/cor/.As mentioned by Matt, visit our Micro-Learn library on our website: https://amta.ca/micro-learn/.If you have any questions or concerns about topics related to what was discussed in this episode, or commercial transportation and driver safety, please do not hesitate to contact our Member Services team at memberservices@amta.ca.Thank you to everyone who joined us for our 88th Annual Conference a few weeks ago. AMTA's 89th Annual Conference is already in production, and we look forward to seeing you all in Enoch, AB, at the River Cree Resort and Casino April 7-8, 2027.AMTA has secured our dates for our 2026 Safety Summits. Register now for Medicine Hat on May 14 and Whitecourt on September 30 - it's only $30!Driver and Volunteer registration is open now for AMTA's Professional Truck Driving Championship! (registration closes May 22)Please note registration for both Drivers and Volunteers goes quickly. Learn more about PTDC on our website: https://amta.ca/event/2026-professional-truck-driving-championship/.Are you interested in getting involved with the AMTA? Please contact membership@amta.ca for Membership opportunities and learn the value that AMTA can bring to you and your organization.AMTA seeks to represent our Members in all facets of the industry, but that only works if we hear from you on the issues affecting your day-to-day. We encourage everyone to reach out and share their thoughts and ideas. Please don't hesitate to contact us at memberservices@amta.ca. Do you have an idea for a future Steering Change series? Message us at marcom@amta.ca. Listeners, don't forget about the AMTA Mailbag! We want to hear from you with your industry queries. DM us with your questions, and we will answer via the AMTA Mailbag segment in future episodes or directly via our team of advisors.  Join the conversation at: Web: amta.caInstagram: amta_ca/Facebook: AlbertaMotorTransportAssociationLinkedIn: alberta-motor-transport-associationThank you for taking the time to listen. We encourage you to share this episode with those in your network who would receive value from our conversation. Make sure to hit that subscribe button and have a safe day! 

How do leaders stay steady in the storm of tough choices? This week, I sit down with Jack Briggs, a retired major general with a 30-year career in the military who is also a highly seasoned, for a masterclass in pressure-tested decision making.The episode debunks the myth that high-stakes choices are unique to the military or boardroom. Instead, Jack argues, “pressure is pressure,” whether the risk is reputational, operational, or personal. The discussion highlights the three traits of the best decision makers: anchoring decisions in firm principles, seeking help with humility, and making the call… decisively, not reactively.Listeners will come away with four essential questions to use in any crisis and learn why reframing “crises” into a set of solvable problems is vital for calm, effective leadership. This conversation is a must for anyone seeking practical, repeatable strategies to lead well, even when the stakes—and the anxieties—are high.What You'll Learn- Anchor your decisions in principles.- Lead with humility and build your team.- Distinguish between problems and crises.- The power of a structured decision framework.- Be decisive and own the outcome.- Focus on your sphere of influence.Podcast Timestamps03:18 Jack's origin story: from the Thunderbirds to the Air Force Academy05:37 When leadership first appeared: Boy Scouts, the leadership laboratory, and the Eagle Scout07:37 The Air Force Academy as a leadership lab: authority vs. responsibility10:42 Being the snowplow: how to delegate without abandoning accountability14:11 Leadership is a science and an art: training the recipe, then adapting it16:41 Combat to boardroom: why pressure is pressure regardless of context19:19 Defending North America: leading at continental scale21:28 The three characteristics of the best decision makers23:24 The archer analogy: principles, input, decisiveness26:45 What leaders get wrong: fighting the fight they wish they had28:06 Mob rule, Moses, and principled decision-making32:11 Crisis vs. problem: why language matters under pressure33:10 Snowstorms and problem buckets: a real-world example35:26 The four questions for high-stress decisions40:01 Checklists that work: laminate it and they will keep it43:18 Humility plus decisiveness: being disagree-able45:36 Choosing the least worst option and owning it48:35 Final thoughts: stop chasing outcomes, start leading in your three feetKEYWORDSPositive Leadership, Decision Making, Decision Making Under Pressure, Humility, Air Force Career, Military Leadership, Air Force Academy, Leadership Lab, Principles-Based Decisions, Delegating Authority, Crisis Management, Operational Risk, Financial Risk, Reputational Risk, Pressure in Leadership, Crisis vs Problem, Crisis Communication, CEO Success

Cyber and Operational Risk in the Quantum Era: Financial Stability amid Escalating Geopolitical ConflictThis panel took place at the 2026 International Monetary Fund and World Bank Group Spring Meetings.Financial stability is under fire as geopolitics and cyber risk collide. As global tensions intensify and technological capabilities accelerate, financial institutions face a rapidly evolving threat landscape where cyber operations, financial crime, and state-sponsored actors are increasingly intertwined. From ransomware campaigns and sanctions evasion to sophisticated cyber intrusions targeting critical infrastructure, adversaries are exploiting digital systems and global financial networks in new and complex ways.As these threats continue to evolve, the quantum horizon introduces an additional layer of strategic risk. This executive panel will examine how advances in quantum computing could reshape cyber and operational risk across the financial sector, while also considering the growing convergence between cyber-enabled crime, ransomware payments, sanctions evasion, and global illicit finance networks. Leaders from policy, finance, and technology will explore the implications of quantum-enabled decryption, the expanding links between cyber threats and illicit finance, and the operational vulnerabilities that could undermine confidence in critical financial infrastructure.The discussion focused on how institutions and regulators can strengthen resilience, enhance cross-border coordination, and prepare for a future in which emerging technologies, cyber conflict, ransomware, and financial crime increasingly intersect. The panel explored what these developments mean for international efforts to combat cyber-enabled financial crime and how global standards bodies, national authorities, and financial institutions can strengthen cooperation to protect the integrity and resilience of the international financial system.Opening Remarks:Cindy Termorshuizen, Deputy Minister of International Development, Government of CanadaPanelists:Giles Thomson, Director, Economic Crime and Sanctions, His Majesty's Treasury; Incoming President, FATFStefan Ingves, Chair, Toronto Centre; Former Governor, Sveriges RiksbankMichele Mosca, Professor, Institute for Quantum Computing, University of WaterlooModerator:Jennifer Elliott, Assistant Director, Monetary and Capital Markets, IMF; Board Member, Toronto CentreWatch the executive panel session here.Read the transcript here. Read their biographies here.

If your team is burned out, your operation is already bleeding.You just haven't measured the loss yet.Burnout is a system failure.Not a personal weakness.Exhausted teams make poor decisions.They communicate less effectively.They disengage quietly.And quiet disengagement is the most dangerous kind.Because the work still “gets done.”Just not well.Follow-ups get missed.Residents feel it.Turnover starts creeping.Reputation takes hits in public, fast.Leaders who ignore burnout signals pay later.Team turnover.Resident turnover.Errors.Reputational harm.And reputational harm is expensive because it spreads instantly.Here's the operator question.What should I look for before burnout turns into a staffing crisis?Missed follow-ups.Low morale.Resident complaints that nobody has the energy to solve.Team members who clock in but mentally check out.You can feel it the moment you walk the property.I've used this analogy for years.Dirty socks or apple pie.You cross the threshold and you know which one it is.Tension or warmth.Stress or stability.That smell is real, even when nobody says a word.Adjusting workload, clarity, and recovery is preventive maintenance for people.Just like your preventive maintenance schedule protects assets, recovery protects performance.Burnout is expensive in turnover.It's expensive in quality.It's expensive in craftsmanship on turns and service requests.It's expensive at the front desk where customer service becomes robotic and cold.Bonus tip.Build solutions into the system.Clear roles.Workload pacing.Psychological recovery built into the cadence of the calendar.And here's a question that should make every leader uncomfortable.When was the last time your ops review included recovery as a KPI?Call to ActionThis week, do a burnout walk. Talk to the onsite team. Look for missed follow-ups and low energy. Then adjust one workload lever and schedule one recovery block. Preventive maintenance isn't just for equipment.MultifamilyCollective Blog: https://www.multifamilycollective.comThe Daily Collective Book: https://amzn.to/3YI6BDaHosted by: https://www.multifamilymedianetwork.com

Send me a messageIf your safety metrics are improving, are your people actually safer? Or are you just getting better at measuring the wrong things?In this episode of the Resilient Supply Chain Podcast, I'm joined by John Dony, CEO and co-founder of the What Works Institute, and Mike Swain, Technical Enablement Manager at Evotix, to unpack a stubborn problem hiding in plain sight: why serious injuries and fatalities remain frustratingly hard to reduce, even as traditional safety metrics appear to improve. In a world of tighter regulation, more fragile operating models, and rising scrutiny across global supply chains, this is a resilience issue, a risk issue, and very much a leadership issue.We dig into why lagging indicators can create a false sense of control, and why better reporting can actually be a sign that the truth is finally surfacing. You'll hear how Mike saw incident reporting jump by 800% after better systems were introduced, and why that was good news, not bad. We also break down why the classic safety triangle often fails to predict serious harm, especially in complex supply chains shaped by contractors, seasonal labour, handoffs, and fragmented accountability.We also explore where AI, data, visibility, and governance genuinely add value, and where hype still outruns reality. You might be surprised to learn that one of the sharpest lines in the episode is John's view that if organisations want AI to work, they need a time machine to go back and get their data right first.

Mid-market organizations are transitioning from pilot projects to operationalizing generative AI and agentic workflows, according to a TechEYE article and Tech Isle survey cited by Dave Sobel. This shift centers on outcome-driven automation but exposes providers to new liability concerns, mainly due to fragmented, unreliable data and shadow AI usage—employees employing unauthorized tools outside official controls. The primary risk is that MSPs may be blamed for incidents where contract boundaries and technical controls do not cover browser-based generative AI use, making forensic evidence and documented enforcement essential for defending accountability. Supporting data from Tech Isle found that over 5,000 companies are pursuing structured approaches to AI-enabled growth, but face persistent issues in data trust, governance, and user fatigue. Additionally, European investment in sovereign cloud infrastructure is projected to triple between 2025 and 2027, driven by regulatory demands and concerns about U.S. data sovereignty. MSPs managing split architectures—sovereign providers for regulated data and hyperscalers for everything else—encounter API mismatches, operational complexity, and margin pressure. The recommendation is to standardize policy enforcement, identity management, and residency mapping while prioritizing audit-ready reporting and exception handling. AI-driven cyberattacks have increased, with reports from Level Blue and Check Point Research highlighting a surge in both attack volume and sophistication. Only 53% of CISOs feel prepared for AI threats, despite 45% expecting to be impacted within a year. Browser-based generative AI use introduces visibility gaps, raising the risk of negligence claims when service providers cannot demonstrate governance or forensic readiness. Reauthorization of the Cybersecurity Information Sharing Act (CISA) underscores that voluntary data sharing is inadequate, with CIRCA now requiring mandatory 72-hour incident reporting for critical infrastructure. The key takeaways for MSPs and IT leaders are to proactively define AI coverage and governance in contracts, enforce acceptable use policies, and instrument monitoring to close visibility gaps. Providers who can deliver forensic-grade telemetry, managed compliance programs, and operational readiness for incident reporting will be better positioned to defend against penalties, retain higher-value accounts, and offer meaningful differentiation. These structural challenges—fragmented control planes, increased compliance costs, and permanent risk friction—necessitate a strategic shift toward governance-led service models.Three things to know today00:00 Midmarket Shifts to Agentic AI as Europe Triples Sovereign Cloud Spending by 202706:08 Most Security Chiefs Say They're Not Ready for AI-Powered Cyberattacks Coming This Year09:46 CISA 2015 Reauthorized Through 2026; CIRCIA Mandates Expose Voluntary Sharing Failure This is the Business of Tech.   Supported by:  TimeZest  IT Service Provider University

What if the IT industry stopped pretending everything is “fine”?In this Autonomous IT live show, Automox CEO Justin Talerico shares candid perspectives on the real state of IT as the industry heads into 2026 — where things are breaking down, why burnout is becoming an operational risk, and what actually needs to change.Topics include:-- Why many IT careers begin with curiosity and stall under constant operational pressure-- The operational risk created by manual work and hero-based infrastructure-- Why automation initiatives fail and why the root cause is rarely the tooling-- How IT leaders can rebuild trust in automation and autonomy-- What IT leaders will look back on and question about endpoint management in 2025The discussion concludes with a rapid-fire game:AI vs Human vs Hybrid, deciding where IT work belongs in 2026.This is not a product pitch.It is not a trend report.It is an honest conversation about how IT actually works today and how it needs to evolve.

www.marktreichel.comhttps://www.linkedin.com/in/mark-treichel/In this episode of With Flying Colors, Mark Treichel is joined by former NCUA senior leaders Todd Miller and Steve Farrar for a deep dive into NCUA's 2026 Supervisory Priorities Letter — and what it means in the real world for credit unions heading into the next exam cycle. Deep Dive on NCUA Priority Lett…With significant staffing reductions at the agency and a shift toward more “risk-based” supervision, the group discusses whether exam programs will truly become more tailored — or whether credit unions should expect more conservative ratings, more findings, and less dialogue.The conversation also explores what's emphasized, what's missing, and how operational realities inside NCUA may shape supervision more than policy statements.Key Topics Discussed

Rob Hughes — CISO at RSA and Champion of a Passwordless FutureNo Password Required Season 7:  Episode 1 - Rob HughesRob Hughes, the CISO at RSA, has more than 25 years of experience leading security and cloud infrastructure teams. In this episode, he reflects on his unconventional career path, from co-founding the original Geek.com and serving as its Chief Technologist during the early days of the internet, to leading security and systems design at Philips Home Monitoring.Jack Clabby of Carlton Fields, P.A. and Kayley Melton welcome Rob for a wide-ranging conversation on identity, leadership, and the realities of modern cybersecurity. Rob currently leads RSA's Security and Risk Office, overseeing cybersecurity, information security governance, and risk across both RSA's products and corporate environment.Rob explains his dream for a passwordless future. He unpacks why passwords remain one of the largest sources of cyber risk, how real-world incidents and password-spraying attacks have accelerated change, and why phishing-resistant technologies like passkeys may finally be reaching a tipping point.  The episode wraps with the Lifestyle Polygraph, where Rob lightens the conversation with stories about gaming with his kids, underrated horror films, and classic cars.Follow Rob on LinkedIn: https://www.linkedin.com/in/robert-hughes-816067a4/Chapters: 00:00 Introduction to No Password Required01:43 Meet Rob Hughes, CISO at RSA02:05 The Role of a CISO in a Security Company05:09 Transitioning to the CISO Role08:00 The Early Days of Geek.com12:14 Launching a Startup During the Dot Com Boom14:30 The Push for a Passwordless Future18:21 Tipping Point for Passwordless Adoption20:20 Ongoing Learning in Cybersecurity26:09 Managing Stress in High-Pressure Environments33:46 The Lifestyle Polygraph Begins34:15 Career Insights in Cybersecurity36:08 Dream Cars and Personal Preferences39:58 Underrated Horror Films41:19 Creating a Cybersecurity Monster

www.marktreichel.comhttps://www.linkedin.com/in/mark-treichel/In this special preview episode of With Flying Colors, Mark Treichel tees up an upcoming live, on-stage discussion from the Florida Q's Cruise with team members Steve Farr and Todd Miller.Just days before the cruise, NCUA released its 2026 Supervisory Priorities Letter, and as always, that letter gives us important clues about what examiners will be focused on in the year ahead — and just as importantly, what's driving examiner behavior behind the scenes.This episode serves as a primer for the deeper, post-cruise discussion, where we'll incorporate real-time feedback and questions from credit union leaders attending the cruise.

Send me a messageAI won't fix broken decisions. Capital markets are driving sustainability. And climate risk is already a safety issue.So why are EHS and sustainability still treated as separate systems?In this episode of the Resilient Supply Chain Podcast, I'm joined by Catryna Jackson, Global Environmental Health and Safety and Sustainability Advisor at Evotix, and Monique Parker, Chief Sustainability Officer at Elevra Lithium. Between them, they bring decades of frontline experience across EHS, sustainability, data, and operations. This matters now because climate disruption, regulatory pressure, and supply chain shocks are collapsing the gap between “operational risk” and “sustainability risk” whether companies are ready or not.In our conversation, you'll hear how sustainability momentum in the US has been driven less by regulation and more by investors and insurers. We break down why climate impacts like heat stress, flooding, and wildfires are no longer future scenarios but immediate safety and continuity risks. And you might be surprised to learn why throwing AI at messy ESG data only makes bad decisions faster.We also get practical. We talk about why EHS teams sit on a goldmine of data, how integrating safety and sustainability changes risk visibility at board level, and where most organisations go wrong when they try to “just start reporting”. From CSRD data overload to supply chain engagement failures, this episode cuts through the noise and focuses on decision architecture, not hype.

AI isn't going anywhere. But for small business owners, using it the wrong way can create financial blind spots, bad decisions, and long-term risk. This episode is about what happens when AI replaces judgment instead of supporting it, especially when it comes to your numbers. I'm joined by Carol Cox, founder of Speaking Your Brand and an early adopter of AI with a background in software development. We break down how small business owners can use AI to save time and reduce overwhelm without outsourcing financial leadership or losing clarity in decision-making. Carol explains: 04:39 Where AI helps small business owners and where it creates risk 07:17 How AI hallucinations lead to financial blind spots  14:21 How to use AI in operations, marketing, and revenue without losing control 28:58 What fear of AI reveals about CEO confidence and leadership If you're feeling overwhelmed by business finances, worried about making costly mistakes, or unsure how to use AI responsibly, this episode will help you make smarter decisions and protect your business financially. Featured Guest: Carol Cox,  Founder and CEO of Speaking Your Brand Sources:

AI isn't going anywhere. But for small business owners, using it the wrong way can create financial blind spots, bad decisions, and long-term risk. This episode is about what happens when AI replaces judgment instead of supporting it, especially when it comes to your numbers. I'm joined by Carol Cox, founder of Speaking Your Brand and an early adopter of AI with a background in software development. We break down how small business owners can use AI to save time and reduce overwhelm without outsourcing financial leadership or losing clarity in decision-making. Carol explains: 04:39 Where AI helps small business owners and where it creates risk 07:17 How AI hallucinations lead to financial blind spots  14:21 How to use AI in operations, marketing, and revenue without losing control 28:58 What fear of AI reveals about CEO confidence and leadership If you're feeling overwhelmed by business finances, worried about making costly mistakes, or unsure how to use AI responsibly, this episode will help you make smarter decisions and protect your business financially. Featured Guest: Carol Cox,  Founder and CEO of Speaking Your Brand Sources:

In this episode of AML Conversations, John Byrne sits down with Lisa Arquette, recently retired Deputy Director of Operational Risk at the FDIC, to reflect on her decades-long career in financial regulation. From the oil crisis in Texas to the 2008 financial meltdown and the evolving challenges of AML, sanctions, and fraud, Lisa shares her unique perspective on how banking has transformed—and what lies ahead. The conversation covers the Corporate Transparency Act, reputational risk, humanitarian banking access, and the implications of recent executive orders on fair banking. A must-listen for professionals navigating the intersection of compliance, policy, and innovation.

In this podcast episode, Dawn Tiura interviews Dina Ghobrial, founder and CEO of Halo AI, about her upcoming Summit session, "Operational Risk Intelligence: Designing Future-Ready Programs that Scale." Dina, along with Becky Newton of Ansys will discuss the importance of designing scalable risk programs that can adapt to rapidly evolving threats, the need for real-time data in risk management, and practical steps for procurement and compliance teams to enhance their risk assessment processes. To hear more, join us at the Global Executive Summit Omni Scottsdale Resort & Spa from October 6-8th!

In this special episode of the ORX Operational Risk Podcast, Steve Bishop (Research and Information Director, ORX) is joined by Luke Carrivick (ORX Executive Director) and Roland Kennett (Client Success Director, ORX) to share their highlights from LeadersConnect Live 2025. Recorded during the event in New York, this episode covers topics such as: The importance of communication for good operational risk management Takeaways from a Chief Risk Officer (CRO) panel Third party and an extended ecosystem Frameworks and governance For more highlights from the event, check out our blogs: Day 1: https://orx.org/blog/leadersconnect-live-2025-day-1-highlights Day 2: https://orx.org/blog/leadersconnect-live-2025-day-2-highlights About LeadersConnect Live LeadersConnect Live is our premier, in-person, invitation-only event for senior leaders from ORX member firms. It provides an opportunity for Heads of Operational Risk and Heads of Non-Financial Risk to discuss future of operational and non-financial risk (ONFR) and learn about important topics. The 2025 event took place in New York on 20-21 May. To find out more about LeadersConnect Live 2025, visit the event page: https://orx.org/events/leadersconnect-live-2025  

The Great Security Debate crew recorded a live episode at the GTS Security Summit in Detroit, Michigan with special guest, Zah Gonzalvo, SVP of Financial, Climate, and Operational Risk at Banco Popular. Tune in for a great discussion on risk, risk mitigation, risk prioritisation, and risk in context. Yep, it's all about risk!Takeaways: The evolution of security has shifted from a binary perspective to a more nuanced understanding of risk management, acknowledging the need for flexibility in addressing diverse security challenges. In contemporary discussions, it is increasingly evident that security must be integrated into business strategy, highlighting the imperative for security professionals to communicate effectively with stakeholders. The role of the Chief Information Security Officer (CISO) has transcended traditional technological boundaries, necessitating a comprehensive grasp of business risk and operational efficiency. Effective risk management within organizations requires a shared responsibility model, where every employee contributes to the overall security posture, thus reinforcing the concept that security is a collective endeavor. Scenario analysis is a potent tool in risk management, enabling organizations to anticipate potential threats and understand the implications of various risk scenarios on their operations. Engaging with business units to contextualize security risks in terms of operational impact and financial implications is vital for securing necessary budgets and resources for security initiatives.

In this episode, the ORX Research and Information Team explore the results from the recent ORX Operational Risk Horizon and Cyber Horizon surveys. These surveys were run with a group of global banks and insurers and look at the biggest risks facing financial services firms in the coming 1-3 years. Key themes discussed from the studies include: An increasingly connected risk landscape The dominance of digital, AI and geopolitical themes Cyber risk continuing to be the top risk The rise of third party and supply chain risk This episode features Steve Bishop, Research and Information Director, Simon Johnson, Head of Services, Emilie Odin, Senior Research Manager and Nikki Truss-West, Research Senior Manager. Download the full Operational Risk Horizon report (available to ORX members and ORX Lite subscribers): https://orx.org/resource/operational-risk-horizon-2025 Download a free summary report (available to anyone): https://orx.org/download/operational-horizon-risk-2025 Download the full Cyber Horizon report (available to ORX Cyber subscribers): https://orx.org/resource/cyber-horizon-2025 To find out more about ORX Membership, ORX Cyber and ORX Lite, visit our website: https://orx.org/

A series of dynamic conversations hosted by Simon Witney, sustainable finance specialist, joined by two expert guests. Simon meets with James Alexander, Chief Executive of The UK Sustainable Investment and Finance Association (UKSIF) and Sarah-Jane Denton, Director of our Operational Risk & Environment team to evaluate the need, benefits, and practicality of a implementing UK-specific green taxonomy versus adopting the current EU framework.The episode ends with a one-sentence answer from each expert guest to… does the UK need a green taxonomy?The Sustainability Exchange was first published in our Talking. Sustainability. podcast. Follow for latest episodes in your favourite podcast player: https://feeds.captivate.fm/travers-smith-talking-sustainability-esg/

In this episode Jo Shoppee, Head of Operational Risk - Technology at ANZ Bank, shares her unexpected journey into risk management, from a teller at ANZ to technology risk specialist. Jo discusses the challenges of balancing career and family, advocating for part-time roles for senior leaders. She emphasizes the importance of compassion and understanding in risk management, particularly in the three lines of defense model. She notes the shift towards data-driven risk management and the need to stay outcome-focused. She also discusses the top risks in the financial industry, including geopolitical risks, emerging technologies, and energy security. Jo Shoppee: Jo is a commercially focused risk executive with extensive technology and finance sector experience, deep expertise in technology risk management, and a track record for building effective and trusted relationships.  Jo worked extensively across Europe in her time with General Electric, and has recently returned to ANZ, where her technology career first started, where she is the head of operational risk management for the Group Technology Division. Jane Tumurbaatar: Jane is a Director at Protiviti with over 12 years' experience in professional services. She has broad expertise across first, second and third lines of defence of risk management in financial services, government, and corporate organisations. Her experience extends to risk transformation, change management and remediation. SHOW NOTES 02:14 Career Journey 05:05 Challenges and Achievements 08:39 Role of Compassion in Risk Management 11:05 Keeping Up with Technology in Risk Management 14:19 Changes in Risk Management Approaches 21:54 Leadership Style Evolution 33:41 Importance of Diversity in Decision Making Transcript and More GRC Content: https://www.riskywomen.org/2024/12/podcast-s7e8-driving-tech-innovation-in-risk-management-jo-shoppee/

Topics include:  DC and profession update   Talent pipeline   AI trends and impacts on critical infrastructure  Evolving technology trends across the profession   Key technical updates  Speakers:   Erik Asgeirsson, President and CEO, CPA.com  Lisa Simpson, VP, Firm Services, AICPA  Rachel Dresen, Senior Director, Congressional & Political Affairs, AICPA  Lexy Kessler, Vice Chairman, AICPA  Avani Desai, CEO, Schellman  Pascal Finette, Co-founder, be radical  

In this episode of What's New at CFI on FinPod,  we discuss operational risk management in banks, breaking down its four main dimensions: people, processes, systems, and external events. Operational risk stands apart from other risks like credit or market risk, affecting banks uniquely due to strict regulatory standards, particularly those outlined in the Basel Accord. We discuss why these risks are so significant for banks today and how failures in operational risk management often lead to high-profile fines and industry-wide consequences.Listeners will gain insights into why operational risk is one of the top challenges banks face and how our new course dives deep into real-world examples and strategies to manage these risks effectively. This episode is a must-listen for those curious about the complex landscape banks navigate, offering a clear understanding of operational risk and the tools needed to manage it.

Paul Benda, Senior Vice President of Operational Risk and Cybersecurity for the American Bankers Association, joins Megan Lynch and Tom Ackerman warning against scams targeting bank accounts. Their motto, "banks never ask that".

In this episode of the Risk Management Show poidcast, we welcome Michael Schank, a seasoned management consultant with over 25 years of experience in financial services. Michael discusses the limitations of traditional Enterprise Risk Management (ERM) programs and introduces the Process Inventory Framework, a methodology he developed to improve risk management, compliance, and strategic decision-making. Key Topics: Michael's Career Path: His journey in risk management and founding Process Inventory Advisors LLC. Why Traditional ERM Programs Fail: Blind spots, data quality issues, and confusion in operating models. The Process Inventory Framework: How it enhances risk management by integrating a detailed process inventory. Improving Data Quality in Risk Management: Addressing root causes and leveraging process taxonomy in GRC systems. Reducing Chaos and Increasing Accountability: Streamlining operations and improving risk management efficiency. Application Across Risk Types: Benefits for Operational Risk, Compliance Risk, Operational Resiliency, and Third-Party Risk Management.  

About the CISO Circuit SeriesSean Martin and Michael Piacente will join forces roughly once per month to discuss everything from looking for a new job, entering the field, finding the right work/life balance, examining the risks and rewards in the role, building and supporting your team, the value of the community, relevant newsworthy items, and so much more. Join us to help us understand the role of the CISO so that we can collectively find a path to Redefining CyberSecurity. If you have a topic idea or a comment on an episode, feel free to contact Sean Martin.____________________________Guest: Michael Piacente, Managing Partner and Cofounder of Hitch PartnersOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/michael-piacente____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode's SponsorsLevelBlue: https://itspm.ag/levelblue266f6cCoro: https://itspm.ag/coronet-30deSquareX: https://itspm.ag/sqrx-l91Britive: https://itspm.ag/britive-3fa6AppDome: https://itspm.ag/appdome-neuv___________________________Episode NotesIn the latest episode of the CISO Circuit Series on the Redefining CyberSecurity Podcast, Sean Martin and Michael Piacente join forces in Las Vegas during the Black Hat USA 2024 Conference to engage in an insightful conversation about the evolving role of the Field CISO. Sean Martin is joined by Michael Piacente, Managing Partner and Co-Founder at Hitch Partners, as they dissect the significance and responsibilities of Field CISOs in today's cybersecurity landscape.A primary focus of the episode is understanding what a Field CISO actually entails. Michael Piacente explains that the role of Field CISO varies widely across organizations, but it generally falls into two categories: customer engagement and sales enablement. Companies might hire Field CISOs to build operational risk assessments and customer relationships, or to drive the technical sales process. For instance, Field CISOs play a pivotal role in product companies by acting as trusted advisors who help communicate complex technical topics in a digestible manner to potential clients.Michael also highlights key attributes that make a Field CISO successful, such as genuine cybersecurity experience, deep technical knowledge, a reputable name in the community, and robust networking skills. Successful Field CISOs can seamlessly transition between discussing technical details and broader strategic goals with stakeholders. Their role often includes influencing product development by bringing practical insights from customers back to the engineering teams.One crucial point raised during the discussion is the integrity and trustworthiness required for a Field CISO. Sean and Michael emphasize that maintaining trust within the CISO community is paramount. Field CISOs should avoid crossing lines between promotional activities and genuine advisory roles. They assert that integrity and transparency remain foremost in these roles, as they are often looked to for unbiased, independent advice.Another topic discussed is how organizations should approach hiring for the Field CISO role. Michael Piacente points out the importance of setting clear expectations, understanding the balance between operational duties and sales enablement, and ensuring that the Field CISO is genuinely aligned with the company's mission and capable of maintaining community trust.Overall, this episode sheds light on the nuanced nature of the Field CISO role, providing valuable insights for both aspiring Field CISOs and organizations looking to hire one. As the role continues to evolve, Michael and Sean underscore the need for a thoughtful approach to defining responsibilities and fostering an environment where integrity and expertise thrive.____________________________Follow our Black Hat USA  2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegasOn YouTube:

About the CISO Circuit SeriesSean Martin and Michael Piacente will join forces roughly once per month to discuss everything from looking for a new job, entering the field, finding the right work/life balance, examining the risks and rewards in the role, building and supporting your team, the value of the community, relevant newsworthy items, and so much more. Join us to help us understand the role of the CISO so that we can collectively find a path to Redefining CyberSecurity. If you have a topic idea or a comment on an episode, feel free to contact Sean Martin.____________________________Guest: Michael Piacente, Managing Partner and Cofounder of Hitch PartnersOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/michael-piacente____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode's SponsorsLevelBlue: https://itspm.ag/levelblue266f6cCoro: https://itspm.ag/coronet-30deSquareX: https://itspm.ag/sqrx-l91Britive: https://itspm.ag/britive-3fa6AppDome: https://itspm.ag/appdome-neuv___________________________Episode NotesIn the latest episode of the CISO Circuit Series on the Redefining CyberSecurity Podcast, Sean Martin and Michael Piacente join forces in Las Vegas during the Black Hat USA 2024 Conference to engage in an insightful conversation about the evolving role of the Field CISO. Sean Martin is joined by Michael Piacente, Managing Partner and Co-Founder at Hitch Partners, as they dissect the significance and responsibilities of Field CISOs in today's cybersecurity landscape.A primary focus of the episode is understanding what a Field CISO actually entails. Michael Piacente explains that the role of Field CISO varies widely across organizations, but it generally falls into two categories: customer engagement and sales enablement. Companies might hire Field CISOs to build operational risk assessments and customer relationships, or to drive the technical sales process. For instance, Field CISOs play a pivotal role in product companies by acting as trusted advisors who help communicate complex technical topics in a digestible manner to potential clients.Michael also highlights key attributes that make a Field CISO successful, such as genuine cybersecurity experience, deep technical knowledge, a reputable name in the community, and robust networking skills. Successful Field CISOs can seamlessly transition between discussing technical details and broader strategic goals with stakeholders. Their role often includes influencing product development by bringing practical insights from customers back to the engineering teams.One crucial point raised during the discussion is the integrity and trustworthiness required for a Field CISO. Sean and Michael emphasize that maintaining trust within the CISO community is paramount. Field CISOs should avoid crossing lines between promotional activities and genuine advisory roles. They assert that integrity and transparency remain foremost in these roles, as they are often looked to for unbiased, independent advice.Another topic discussed is how organizations should approach hiring for the Field CISO role. Michael Piacente points out the importance of setting clear expectations, understanding the balance between operational duties and sales enablement, and ensuring that the Field CISO is genuinely aligned with the company's mission and capable of maintaining community trust.Overall, this episode sheds light on the nuanced nature of the Field CISO role, providing valuable insights for both aspiring Field CISOs and organizations looking to hire one. As the role continues to evolve, Michael and Sean underscore the need for a thoughtful approach to defining responsibilities and fostering an environment where integrity and expertise thrive.____________________________Follow our Black Hat USA  2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegasOn YouTube:

Gadalia Montoya Weinberg O'Bryan, CEO and founder at Dapple Security is our feature interview this week, interviewed by our own Frank Victory. News from Southwest Airlines, Alterra Mountain Company, Vail Resorts, Botdoc, Crowdstrike, LogRhythm, Red Canary, Lares, Webroot and a lot more. Support us on Patreon! Fun swag available - all proceeds will directly support the Colorado = Security infrastructure. Come join us on the new Colorado = Security Slack channel to meet old and new friends. Sign up for our mailing list on the main site to receive weekly updates - https://www.colorado-security.com/. If you have any questions or comments, or any organizations or events we should highlight, contact Alex and Robb at info@colorado-security.com This week's news: Join the Colorado = Security Slack channel Southwest breaks with 50-year tradition and will assign seats; profit falls at Southwest, American Denver-based ski giants to host Olympics events How the Colorado, New Mexico quantum industry plan to use its federal funding Colorado company strikes AI partnership for security at car dealerships Communications outages from CrowdStrike update cancel RTD trains, shut down Colorado DMVs, hinder first responders A Comparison of AI Regulatory Frameworks Merged Exabeam and LogRhythm cut jobs, face lawsuit Halting a hospital ransomware attack - Red Canary Enhancing Organizational Communication and Culture through Purple Team Testing 7 Tips on Keeping Your Data Private When Using AI - Webroot Blog Job Openings: Pax8 - GRC Analyst City & County of Denver - CISO Lumen - Vice President, Deputy Chief Security Officer CoBank - Director, Internal Controls and Operational Risk, IT Westerra Credit Union - Director of Information Security (Hybrid - must reside in CO Meta - Security Partner - Mergers & Acquisitions (M&A) Robinhood - Enterprise Risk Manager State of Colorado - Cyber Criminal Investigator IV Fastly - Senior Manager, Security Detection and Response Motion Recruitment - GRC Analyst The Trade Desk - Sr Staff Product Manager-Data Governance & Policy Applications - Trust & Safety Upcoming Events: This Week and Next: ISSA COS - August Meeting - 8/13 ISSA Denver - August Meeting, "Incident Response" - 8/14 Let's Talk Software Security - Vulnerability Remediation:Fixing Problems or Creating New Ones? - 8/14 ISSA COS - August Mini Seminar - 8/17 Colorado = Security & Colorado CSA Summer Picnic - 8/24 ISC2 Pikes Peak - August Meeting - 8/28 Denver ISSA - AI/ML Special Interest Group - 8/28 View our events page for a full list of upcoming events * Thanks to CJ Adams for our intro and exit! If you need any voiceover work, you can contact him here at carrrladams@gmail.com. Check out his other voice work here. * Intro and exit song: "The Language of Blame" by The Agrarians is licensed under CC BY 2.0

Operational Risk Issues Facing Public Entities During Freedom Of Speech

Guy Sereff, Partner at Michael Best is our feature interview this week. News from Arapahoe Community College, Guild, Katilyst, LogRhythm, Ping Identity, Red Canary and a lot more. Support us on Patreon! Fun swag available - all proceeds will directly support the Colorado = Security infrastructure. Come join us on the new Colorado = Security Slack channel to meet old and new friends. Sign up for our mailing list on the main site to receive weekly updates - https://www.colorado-security.com/. If you have any questions or comments, or any organizations or events we should highlight, contact Alex and Robb at info@colorado-security.com This week's news: Join the Colorado = Security Slack channel Denver Named Number One on List of Best U.S. Cities for Foodies Colorado Legislature Passes First-in-Nation Artificial Intelligence Bill Denver-area community college first to join Space Force effort to teach aerospace workers How Colorado organizations are preparing to fill quantum positions Denver tech firm Guild grew rapidly, now it is shrinking rapidly Katilyst - Out of Stealth and Ready to be Your Security Champion LogRhythm and Exabeam Announce Intent to Merge, Harnessing Collective Innovation Strengths to Lead the Future of AI-Driven Security Operations What Is Liveness Detection? How It Helps Fraud Prevention What to consider when evaluating EDR Job Openings: Pax8 - IAM Architect Bank of America - Azure - Senior Cloud Security Engineer State of CO - Senior Security Administrator (Audit) CoBank - Director, Internal Controls and Operational Risk, IT Maxar - Senior Information Security Specialist Gates Corp - Cybersecurity & DLP Specialist Quizlet - Staff Cloud Security Engineer Flexential - Manager, Security Architecture Western Union - Information Security Engineer Upcoming Events: This Week and Next: RMISC - 6/11-13 BSides Boulder - 6/14 Let's Talk Software Security - Quality Tests, Security Outcomes: Are We There Yet? - 6/20 CSA Colorado - June Meeting, "Modern AI Threats and Challenges" - 6/25 ISC2 Pikes Peak - June Meeting - 6/26 View our events page for a full list of upcoming events * Thanks to CJ Adams for our intro and exit! If you need any voiceover work, you can contact him here at carrrladams@gmail.com. Check out his other voice work here. * Intro and exit song: "The Language of Blame" by The Agrarians is licensed under CC BY 2.0

Join Scott Anchin, VP of Operational Risk and Payments Policy at the ICBA, as we discuss the taskforce the ICBA has put together on check fraud. Each of the sub-groups the committee has assembled are dedicated to addressing significant topics in the fight against this type of fraud.Presented by Remedy Consulting Technology Contract Negotiation & System Assessments, T&C Improvements, and FI Strategic Planning.For more information on BankTalk:BankTalk WebsiteSubscribe to BankTalk NewsRemedy Consulting WebsiteRemedy LinkedInTo speak on the BankTalk Podcast, please email us.

In this episode Mike Yarwood, Managing Director Loss Prevention and Josh Finch, Logistics Risk Manager, sat down to discuss how customer demands can impact logistics operations - posing threats that you may not immediately consider in your risk mitigation strategy. The two consider ways in which you can make your operations safer, more secure and more sustainable. If you would like to hear more advice on supply chain security, listen to our other episodes!

Colin Walsh of Varo Bank joins Nate to discuss Scaling Varo to $1B+, The Future of Banking, & Why the Biggest Opportunity in Fintech is Financial Inclusion. In this episode we cover: Entrepreneurship, Risk-Taking and Founding a Fintech Company Financial Innovation and Customer Needs in the Industry Financial Challenges and Technology Solutions Becoming a Bank and Offering Financial Products to Consumers AI's Impact on Financial Services, Operational Risk, and Productivity Guest Links: Twitter LinkedIn Varo The hosts of The Full Ratchet are Nick Moran and Nate Pierotti of New Stack Ventures, a venture capital firm committed to investing in founders outside of the Bay Area. Want to keep up to date with The Full Ratchet? Follow us on social. You can learn more about New Stack Ventures by visiting our LinkedIn and Twitter. Are you a founder looking for your next investor? Visit our free tool VC-Rank and we'll send a list of potential investors right to your inbox!

Guest: John Sapp , VP, Information Security & CISO at Texas Mutual Insurance Company [@texasmutual]On Linkedin | https://www.linkedin.com/in/johnbsappjr/On Twitter | https://www.twitter.com/czarofcyber____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode's SponsorsImperva | https://itspm.ag/imperva277117988Pentera | https://itspm.ag/penteri67a___________________________Episode NotesIn this episode of Redefining Cybersecurity, hosted by Sean Martin, listeners are invited to explore the complex landscape of cyber risk governance. John Sapp, a seasoned professional in risk management, emphasizes the importance of defining cyber risk from the perspective of various executives. The CIO, CFO, COO, and general counsel each own different aspects of risk within an organization, and understanding their perspectives is key to effective risk management.The conversation takes an intriguing turn as John introduces the concept of approaching cyber risk governance as a product. This involves understanding the desired outcomes, defining the requirements, and creating personas for different stakeholders. The aim is to develop a common pane of glass, a unified perspective through which each persona can access near real-time information to make informed decisions.John also underscores the importance of presenting information to various stakeholders, including the board and cyber insurance carriers, in a way that demonstrates the strength of the organization's cyber risk program. This approach has tangible benefits, such as a reduction in cyber insurance premiums based on the strength of the cyber risk program.The episode concludes with a discussion on the importance of collective decision-making in managing cyber risk. John emphasizes that it's not about presenting some information and giving somebody responsibility to make a decision, but rather about presenting information in different ways to all the different personas to spur a conversation so that the team can determine the best path forward.This episode is a must-listen for anyone interested in understanding how to approach cyber risk governance in a way that is both effective and efficient. It provides valuable insights into how to manage risk in an ever-evolving digital world.____________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

Guest: John Sapp , VP, Information Security & CISO at Texas Mutual Insurance Company [@texasmutual]On Linkedin | https://www.linkedin.com/in/johnbsappjr/On Twitter | https://www.twitter.com/czarofcyber____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode's SponsorsImperva | https://itspm.ag/imperva277117988Pentera | https://itspm.ag/penteri67a___________________________Episode NotesIn this episode of Redefining Cybersecurity, hosted by Sean Martin, listeners are invited to explore the complex landscape of cyber risk governance. John Sapp, a seasoned professional in risk management, emphasizes the importance of defining cyber risk from the perspective of various executives. The CIO, CFO, COO, and general counsel each own different aspects of risk within an organization, and understanding their perspectives is key to effective risk management.The conversation takes an intriguing turn as John introduces the concept of approaching cyber risk governance as a product. This involves understanding the desired outcomes, defining the requirements, and creating personas for different stakeholders. The aim is to develop a common pane of glass, a unified perspective through which each persona can access near real-time information to make informed decisions.John also underscores the importance of presenting information to various stakeholders, including the board and cyber insurance carriers, in a way that demonstrates the strength of the organization's cyber risk program. This approach has tangible benefits, such as a reduction in cyber insurance premiums based on the strength of the cyber risk program.The episode concludes with a discussion on the importance of collective decision-making in managing cyber risk. John emphasizes that it's not about presenting some information and giving somebody responsibility to make a decision, but rather about presenting information in different ways to all the different personas to spur a conversation so that the team can determine the best path forward.This episode is a must-listen for anyone interested in understanding how to approach cyber risk governance in a way that is both effective and efficient. It provides valuable insights into how to manage risk in an ever-evolving digital world.____________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

While the recent US Basel Endgame proposal will affect many elements of the capital rules, it will especially impact operational risk, a new category of capital charge for most banks. Midsize and larger US banking organizations will need to develop extensive loss-event tracking and quantification systems to comply with new operational risk requirements. Smaller banking organizations, while not required to hold capital for operational risk, should consider implementing tracking systems, given the 10-year lookback requirement, and its potential applicability in acquisitions. Please join Mayer Brown partners Jeffrey Taft and Matthew Bisanz for a discussion of the proposed operational risk requirements, and the key issues that banking organizations should consider during the comment period.

FINRA's Risk Monitoring team is responsible for assessing financial, operational and business conduct risks that exist within individual member firms and across the industry. But they're also the day-to-day point of contact for firms for any questions they may have for FINRA. On today's episode, we're talking to Ornella Bergeron, Senior Vice President of Member Supervision's Risk Monitoring team, Brian Kowalski, Vice President of Diversified and Carrying & Clearing with the Risk Monitoring team, and Andrew McElduff, Vice President of Retail with Risk Monitoring learn more about the team's mandate and work and why they're such a resource for the member firms they work with.Resources mentioned in this episode:Reg Notice 22-25: FINRA Alerts Firms to Recent Trend in Small-Cap IPOsReg Notice 22-29: FINRA Alerts Firms to Increased Ransomware Risks15a-6 Chaperone Firms (from 2021 Exam and Risk Monitoring Report)Episode 90: Single Points of AccountabilityFINRA GatewayFINRA Examination and Risk Monitoring Programs

This episode features Mike Anderson leading a roundtable discussion with Ilona Simpson, Chief Information Officer EMEA at Netskope and David Fairman, Chief Information & Chief Security Officer APAC at Netskope.In this episode, Ilona and David share their predictions and resolutions for cybersecurity in 2023. You'll hear predictions about the industrial metaverse, confidential computing, quantified risk reduction plans, and convergence of priorities for security teams.-----------------“If you think about cybersecurity, we are just a subset of a broader operational risk. Operational risk actually has a much better approach or a little bit more maturity in being able to quantify operational risk in the organization. CISOs need to be able to stand toe-to-toe and be able to have a discussion at parity in regards to risk buydown for this subset of operational risk. And that's really where we are. I think as an industry, as a practice, as a profession, we need to get much smarter at figuring out how do we make this a much more quantitative conversation.” – David Fairman-----------------Episode Timestamps:*(02:47) - Prediction & Resolution: The Industrial Metaverse*(12:23) - Prediction & Resolution: Confidential Computing *(17:54) - Prediction & Resolution: Quantified Risk Reduction Plans*(25:27) - Prediction & Resolution: Convergence of Priorities as a Result of Transformation*(30:38) - Mike's Prediction: Vendor Consolidation-----------------Links:Connect with Ilona on LinkedInConnect with David on LinkedInConnect with Mike Anderson LinkedInwww.netskope.com

Hear from members of the UK's Climate Financial Risk Forum, as we dive into their brand-new publications on climate litigation and physical risk. Part 1 | Litigation Risk Underwriting Guide | 00:00:00–00:15:54 Part 2 | Physical Risk Underwriting Guide | 00:15.54–00:36:13 The Climate Financial Risk Forum (CFRF) was set up in 2019 by the UK's Prudential Regulation Authority (PRA) and the Financial Conduct Authority (FCA), to build capacity and share best practice across industry and the regulators to advance the sector's responses to the financial risks from climate change. In this special episode, we discuss the CFRF's Litigation Risk and Physical Risk Underwriting Guides, which are available from 9 December 2022. The guides focus on risks that are particularly pertinent to the insurance industry, but are highly relevant to many financial firms. The guests were all heavily involved in producing these publications, so they'll be sharing their thoughts and insights as a compliment to the papers themselves. For the litigation portion of this episode, we will discuss: Why climate litigation risk deserves special attention from insurers; How financial firms are reacting to the fast-changing litigation landscape; and Key recommendations for financial institutions trying to understand their exposure to this risk. And for the physical risk portion, we will discuss: The distribution of physical risks globally relative to the distribution of global insurance; The challenges of modelling complex hazards from climate change; and The capabilities that financial firms can build and the strategies they can adopt to deal with highly uncertain risks. Links from today's discussion: CFRF's Litigation Risk Underwriting Guide CFRF's Physical Risk Underwriting Guide Other CFRF 2022 publications Results of the 2021 Climate Biennial Exploratory Scenario (CBES) Nigel's previous appearances on the Climate Risk Podcast and the Climate Risk Webcast Grantham Institute's 2022 Global Climate Change Litigation Snapshot Geneva Association's 2021 Global Report on Climate Litigation UN's Net-Zero Insurance Alliance (NZIA) homepage Speaker's Bios Nigel Brook, Partner, Clyde & Co. Nigel has been a partner at Clyde & Co since 1985 and heads the firm's reinsurance team. An international insurance and reinsurance disputes specialist with over 30 years' experience, Nigel is considered by many to be one of the top insurance lawyers worldwide. He leads Clyde & Co's global campaign on Resilience and Climate Change Risk, building a body of know-how and raising awareness of climate-related legal duties and potential liabilities. He is a member of the Law, Regulation and Resilience Policies Working Group of the Insurance Development Forum – a public/private partnership seeking to optimise and extend the use of insurance and the industry's risk management capabilities to protect those most vulnerable to disasters. He co-authored the firm's 2018 Reports on Parametric Insurance and Inclusive Insurance – exploring the role of innovative risk transfer in closing the global protection gap – and has authored and edited Clyde & Co's 2018/19 series of reports on the rising tide of Climate Change liability and duties of care. Paul Barrett, Chief Risk Officer, AIG UK Paul is Chief Risk Officer for AIG UK. He is also the designated ‘Senior Manager' for Climate Change Risk. Paul reports jointly to the Board of AIG UK and Fabrice Brossart, CRO, GI International. Paul's team is responsible for the Risk Governance, ORSA, Stress Testing, Risk Register, Risk Appetite & Limits and Operational Risk processes. Paul also works closely with the Group in helping to develop AIG's Climate Strategy. Previously Paul was Assistant Director, Solvency II at the Association of British Insurers (ABI). Prior to that Paul worked in Policy at the Financial Services Authority. Shane Latchman, VP and Managing Director, Verisk As a vice president and the managing director of Verisk's Extreme Event Solutions team in London, Shane Latchman is involved in many of Verisk's extreme event models and Touchstone initiatives, such as the integration of third-party data and models, expanding Verisk's capabilities in marine and energy, climate change quantification, and the Next Generation Financial Module. He interacts frequently with rating agencies and regulators on topics such as stress tests, climate change, and the Solvency II directive on EU insurance regulation.  Shane joined Verisk after receiving his master's degree in 2008. Shane sits on and collaborates with various industry working groups, committees, and boards, including Bank of England, Open Data Standards, Insurance Development Forum, and Cass Business School. He writes and speaks frequently on topics related to catastrophe risk and climate change. Joss Matthewman, Senior Director of Climate Change Product Management & Strategy, RMS Joss rejoined RMS in 2020 as Senior Director of Climate Change Product Management. Prior to this Joss was Head of Catastrophe Exposure Management at Hiscox, responsible for natural catastrophe, war, terror and political violence exposure management and reporting across the group.  Before joining Hiscox, Joss spent seven years in model development at RMS where he worked on the North Atlantic Hurricane and Asia Typhoon models, before being appointed Head of Storm Surge Modelling. During this period Joss joined the PRA working group on climate change which he continues to engage with today. Prior to entering the insurance industry Joss obtained a PhD in Applied Mathematics from UCL and worked as a postdoctoral researcher in climate science at the University of California, Irvine. His published areas of research include stratospheric sudden warmings, and the impact of sea-ice on global atmospheric teleconnections.

Denis Camilo, Risk and Compliance Director at Protiviti, talks with Lauren Munfa, Head of Americas Investment Bank C&ORC at UBS, about how much her parent management training translated to running a large compliance program. SHOW NOTES 00:51 Career Journey 03:58 Top Skills for Risk Management 08:05 The Importance of Immediate and Consistent Rewards 15:49 How to Give an Effective Command 21:26 How Root Cause Analysis Applies at Home and in the Office Transcripts and subscribe to newsletter: https://www.riskywomen.org/2022/11/podcast-s5e9-how-children-have-made-me-a-better-compliance-leader-lauren-munfa/

Kimberley Cole talks with Rupal Patel, Head of Data Insights & Risk Intelligence at Acin and Founder of Women in Risk and Control, about moving operational risk from a solely qualitative discipline to a data led one and why connection and networks are key! Show Notes 01:51 Career Journey 12:46 Biggest Risks 20:53 Women in Risk and Control 27:51 Acin & Op Risk Ahead 46:50 Rants & Revelations Transcripts and more: https://www.riskywomen.org/2022/11/podcast-s5e8-taking-control-rupal-patel/

Business executives leverage cybersecurity programs to understand residual risk. That helps them make informed decisions to mitigate risk to an acceptable level. This session provides guidance to improve program maturity in stages.Maturity Level 1.Minimal Compliance Development of an information security programshould begin with a reputable baseline such as the NIST Cybersecurity Framework.A framework communicates the minimum controls required to protect an organization. It is also necessary to include control requirements from applicablelaws, regulations and contractual obligations. Compliance with external requirements is also a minimalistic approach when designing a program. Maturity Level 2.Common Controls Control frameworks provide mid-level guidance and are not intended to be prescriptive. That is by design. This level of maturity addresses common security safeguards that are not specified in the control framework. It is necessary to identify and implement them. Gap analysis: Deploy controls based on proven methodologies such as the 20 CIS Controls. - Patching- Penetration testing- Web application firewallEstablish a risk-based approach for implementing controls.Maturity Level 3.Risk Management It is necessary to tailor controls to the organization and to adapt to changes in the threat landscape. We discuss 'Threat Landscape and Controls Analysis' and a Risk Register process. Maturity Level 4.Strong Risk management At this level the organization begins to demonstrate ownership of the cybersecurity program from an operational risk perspective. When management communicates low risk tolerance, that is synonymous with a commitment to strong risk management.- The cybersecurity program maintains controls specific to line of business products, services and assets - An operational risk management function maintains a risk scenarios inventory and conducts quantitative risk analysis - Incident response and business continuity exercises are conducted annually to include senior executives, lines of business leaders, information technology, legal, public relations and critical suppliersA multi-generational plan can be used to improve program maturity. Strong risk management pays dividends over time with low occurrence of harsh negative events. When incidents do occur, controls are in place to limit business impact. About the speaker: Gideon Rasmussen is a Cybersecurity Management Consultant with over 20 years of experience in corporate and military organizations. Gideon has designed and led programs including Information Security (CISO), PCI - Payment Card Security, Third Party Risk Management, Application Security and Information Risk Management. Has diverse cybersecurity industry experience within banking, insurance, pharmaceuticals, DoD/USAF, state government, advertising and talent management.Gideon has authored over 30 information security articles. He is a veteran of the United States Air Force, a graduate of the FBI Citizens Academy and a recipient of the Microsoft Most Valuable Professional award. Gideon has also completed the Bataan Memorial Death March (4 occurrences).

Business executives leverage cybersecurity programs to understand residual risk. That helps them make informed decisions to mitigate risk to an acceptable level. This session provides guidance to improve program maturity in stages. Maturity Level 1. Minimal Compliance Development of an information security programshould begin with a reputable baseline such as the NIST Cybersecurity Framework. A framework communicates the minimum controls required to protect an organization. It is also necessary to include control requirements from applicablelaws, regulations and contractual obligations. Compliance with external requirements is also a minimalistic approach when designing a program. Maturity Level 2. Common Controls Control frameworks provide mid-level guidance and are not intended to be prescriptive. That is by design. This level of maturity addresses common security safeguards that are not specified in the control framework. It is necessary to identify and implement them. Gap analysis: Deploy controls based on proven methodologies such as the 20 CIS Controls. - Patching - Penetration testing - Web application firewall Establish a risk-based approach for implementing controls. Maturity Level 3. Risk Management It is necessary to tailor controls to the organization and to adapt to changes in the threat landscape. We discuss 'Threat Landscape and Controls Analysis' and a Risk Register process. Maturity Level 4. Strong Risk management At this level the organization begins to demonstrate ownership of the cybersecurity program from an operational risk perspective. When management communicates low risk tolerance, that is synonymous with a commitment to strong risk management. - The cybersecurity program maintains controls specific to line of business products, services and assets - An operational risk management function maintains a risk scenarios inventory and conducts quantitative risk analysis - Incident response and business continuity exercises are conducted annually to include senior executives, lines of business leaders, information technology, legal, public relations and critical suppliers A multi-generational plan can be used to improve program maturity. Strong risk management pays dividends over time with low occurrence of harsh negative events. When incidents do occur, controls are in place to limit business impact.

Hear from Prof. Clifford Rossi as we examine some of today's biggest financial risk modeling challenges. Risk modelers have recently been befuddled by rare and powerful non-financial events, including the pandemic, geopolitical conflicts, radical weather happenings, and a supply-chain crisis. What are the characteristics and impacts of these unpredictable incidents? In this podcast, University of Maryland professor and GARP CRO Outlook columnist Clifford Rossi will address these issues, and also share his views on how financial institutions can better understand these risks and link them properly to financial losses.

Paul Benda, SVP, Operational Risk and Cybersecurity with the American Bankers Association joins Tom and Megan talking about #BanksNeverAskThat an Anti-Phishing campaign to empower consumers. 

In this episode we have another incredible subject matter expert from Freddie Mac, Terri Merlino. We have a conversation about risk management, specifically what Freddie Mac is actively doing to create affordable credit options for home buyers, how mortgage originators can use tools to create efficiency and productivity, as well as what a culture of risk awareness looks like.   Terri Merlino is Senior Vice-President & Chief Credit Officer for Freddie Mac's Single-Family Division. She leverages her broad-based knowledge of mortgage operations, sales, processing, underwriting, quality control and secondary marketing activities to substantially and positively impact Freddie Mac's mortgage credit risk management efforts, as well as our client experience.  Prior to Freddie Mac Terri held the roles of Chief Credit Officer and Chief Risk Officer at New Penn Financial and spent many years at PHH Mortgage as Senior Vice-President of Credit and Operational Risk, where she was responsible for fostering a risk-aware culture through her leadership of all aspects of credit and operational risk management.  Terri has served on several industry committees, including Fannie Mae's Risk Management Forum and Freddie Mac's Credit Advisory Board, and twice been named a HousingWire Women of Influence. She also holds a Bachelor of Business Administration in accounting from the University of Houston.  Connect with her on LinkedIn: https://www.linkedin.com/in/terrimerlino   Learn more: www.FreddieMac.com   If you are enjoying the MME podcast, please take a second and LEAVE US A REVIEW, and don't forget to connect with us on social media! 

#Cybersecurity has an ability now within the new CISO paradigm to lead and help maintain trust with an organization's customers. Video from CISOlife™ about how cybersecurity is treated as an operational risk within the business. --- Support this podcast: https://anchor.fm/cisolife/support

Brought to you by The Ontic Center for Protective IntelligenceProduced by AJ McKeonMusic by Brian Bristow and performed by Smokin' NovasContact us at podcast@ontic.co or visit ontic.co/center for more information.

Managing risks and strengthening controls associated with operations have become increasingly more complex for all organizations. Firms are expending significant time, money, and resources to implement required changes and prioritize operational risk management efforts. As costs continue to increase, it is clear that the overly manual, reactive, and siloed status quo is unsustainable.In this episode of Protiviti's Powerful Insight's “Future of Risk and Compliance” podcast series, Protiviti Risk and Compliance Director Bygie Dixon interviews Patrick Dillon, Executive Vice President and Head of Independent Testing and Validation at Wells Fargo. Bygie and Patrick share insights on successfully applying emerging technologies and leveraging an innovative mindset to reduce risks and strengthen controls. To learn more about Protiviti's Risk Transformation services, visit us at our website: www.protiviti.com/US-en/risk-compliance/risk-transformation. Transcriptions of Powerful Insights are available upon request from kevin.donahue@protiviti.com.