Issue #67

Editor's Letter - A year we’ll never forget: Carrie Cook provides an overview of Issue #67 and introduces the new format for The Risk Universe.   Key business concerns for 2020 and beyond: As we move into a new decade, we not only carry the baggage of times past, including data privacy, cybercrime and ongoing regulatory change, we also face newer issues such as climate change, ESG and global economic uncertainty.   Office Life as We Know it: As the global pandemic appears to be coming under control, The Risk Universe takes a look at some of the issues around returning to the office.   The Operational Risks Inherent in LIBOR Transition: LIBOR is being phased out following widespread manipulation – but are the alternatives any less risky?   The Three Lines vs 3LoD. What's New?: A change in name, a move from explicit divides to principles, but do the IIA’s proposed revisions address the core criticisms of the three lines of defence model?   GDPR: The Next Challenge: The Risk Universe takes a look at some significant recent fines, as well as some of the anticipated issues around GDPR which firms will have to face.   AML: The regulatory Landscape: Following the FinCen Files report, several regulators have or are updating AML rules and requirements, raising new compliance concerns.   Banking Data and Brexit: Post-Brexit, the rules around data sharing between the EU/EEA and the UK all change, while Schrems II affects data sharing between the EU and the USA.

Issue #66

Editor's Letter - The end of an era: Operational risk is transitioning, but what does this mean for the discipline as we know it? asks editor Carrie Cook.   Publisher's Letter - Thank you: Publisher Mike Finlay takes stock of the amazing five-and-a-half years we’ve had at The Risk Universe.   News: Analysis of the major risk-related news stories of the past few weeks, including a detailed look at the Uber scandal and Holder report recommendations.   As operational risk management comes of age; does it have a future?: RiskBusiness’ Mike Finlay ponders the evolution of operational risk: its birth, its development and its potential fate.   Regulatory Update: A look at the latest regulatory developments, including an announcement from ESMA on relocation of UK firms after Brexit.   Human factors in risk management: Manoj Kulwal from RiskSpotlight, identifies some of the most common human-related factors that can influence risk assessments.   It makes you just WannaCry: Cyber expert Graeme McGowan explains the recent worldwide ransomware incident known as WannaCry.   If you ask me - Executives and risk: what your teams won’t tell you: Annie Searle on why risk managers should provide the missing link in boards’ understanding of risk.   A tale of two compliance officers: In this extract from her latest book, Kristy Grant-Hart looks at the pivotal role played by strategic thinking in career progression.   Dear CEO: Every month, an anonymous senior executive of a financial services firm writes a letter to the CEO about concerns they have always wanted to raise.

Issue #65

Editor's Letter - Good risk management is not a blame game: When it comes to IT risk management, placing blame doesn’t fix anything; it only serves to show how out of our depth we are when it comes to meeting the cyber challenge, says editor Carrie Cook.   News: Analysis of the major risk-related news stories of the past few weeks, including the WannaCry cyber attack, a report on banking regulation from Chatham House and the AON global risk survey.   Interview - No risk is an island: Carrie Cook catches up with Julia Graham, deputy CEO of Airmic, to learn more about its recent initiatives aimed at educating and empowering risk managers at all levels of the profession.   Regulatory Update: An update on recent regulatory developments, including new data from the FCA, the latest on Trump’s plans to simplify regulation and a new financial crime-beating initiative in Singapore.   Crime script analysis: a new ally against cyber crime: Gianluca Riglietti from the Business Continuity Institute looks at how risk managers can utilise crime script analysis to better understand and mitigate against cybercrime.   The change dynamic: operational risk management in technology change: Operational risk expert Ken Campbell takes us through the complexities associated with IT change and how risk management teams can ensure their influence is felt throughout a project’s lifespan.   Dimensions in risk measurement: Risk is most often calculated by multiplying the impact of an event by its probability. Here, Hernan Huwyler has a look at some alternatives and how they fit into the risk management framework.   How To... achieve risk integration across risk sub-types: RiskBusiness’ Mike Finlay provides a step-by-step guide on achieving true integration across the many risk sub-types often created under the operational risk catch-all.   Dear CEO: Every month, an anonymous senior executive of a financial services firm writes a letter to the CEO about concerns they have always wanted to raise.

Issue #64

Editor's letter - The untouchables: Editor Carrie Cook reflects on recent revelations about the role played by senior management and the Bank of England in the Libor manipulation scandal.   News: Analysis of the major risk-related news stories of the past few weeks, including Libor, Brexit preparations, Wells Fargo and Barclays’ whistleblowing debacle.   Getting qualified: The Risk Universe shortlists the best qualifications currently available for operational risk professionals and provides an overview of their main features and content in this handy guide.   Regulatory update: An update on recent regulatory developments, including the latest on MiFID II, a final report from ESMA on securities financing transaction regulations and a new appointment at the CFTC.   Doing the right thing: Companies need to get to grips with building an ethical culture based on integrity and honesty, or face the consequences, writes Danielle Rowland Lindahl from TRACE International.   Why risk management fails: Chizubel Egwudo examines the common underlying causes of failure in risk management and provides guidance on how to overcome these challenges within your organisation.   The infinite cyber perimeter: IT expert Chris Rivinus looks at the importance of soft skills and positive reinforcement in managing cyber risk in a world where perimeters are infinite and scare tactics have proven unsuccessful.   Arguing the case for cyber incident classification: RiskBusiness’ Mike Finlay explains the benefits of having a dedicated cyber incident classification element within your operational risk classification taxonomy.   Dear CEO: Every month, an anonymous senior executive of a financial services firm writes a letter to the CEO about concerns they have always wanted to raise.

Issue #63

Editor's Letter - Calling out the technophobe: Editor Carrie Cook discusses GCHQ’s request for technophobic board members to overcome their fear of all things cyber and up their game.   News: Analysis of the major risk-related news stories of the past few weeks, including Charlotte Hogg’s resignation, the latest on the ABB fraud scandal and much more.   GRC: Then, Now and the Future: Carrie Cook speaks to governance risk and compliance (GRC) experts about the challenges presented by choosing a GRC solution; what ‘GRC’ really means these days; and what the future looks like.   Regulatory Update: An update on recent regulatory developments including the latest on PPI, a new consultation on the Pillar 2A capital framework and a new corporate governance code for Singapore.   RCSAs: Three Key Questions for Risk Indentification: Helen Pykhova from The Oprisk Company shines a spotlight on the risk identification part of the RCSA process, looking at ways of creating an engaging and simple approach that satisfies both the RCSA and relevant stakeholders.   Business Continuity and Operational Risk: Building Continuity Together: Audit, ERM and compliance expert Tanmoy Sengupta looks at the overlapping principles in operational risk and business continuity.   Event Review: New Generation Operational Risk 2017: Carrie Cook heads to the third annual Next Generation Operational Risk event in London to hear from top industry experts.   If You Ask Me: Why didn’t we see this one coming?: Annie Searle shares her thoughts on how looking back at past risk events can pose more questions than it answers.   How To... Bring practicality to operational risk: Philip Martin explains why firms should be looking to trim their approach to operational risk to achieve added value.   What is DevOps and how can it reduce Operational Risk?: Software development expert Atif Syed explains the burgeoning area of ‘DevOps’ from an operational risk perspective.   Dear CEO: Every month, an anonymous senior executive of a financial services firm writes a letter to the CEO.

Issue #62

Editor's Letter - How quickly we forget: The short termism and lack of oversight which drove the financial crisis looks set to make a reappearance, at least in the context of the future of US banking regulation, writes Carrie Cook.   News: Analysis of the major risk-related news stories of the past few weeks, including the latest on RBS, the Rolls-Royce scandal, corporate governance developments and more.   If you ask me... Why do industry scandals keep happening?: Industry misconduct scandals are seemingly never ending and cost banks billions to resolve. We know what occurred in these risk events, but do we know why? Dr Patrick McConnell shares his views.   Spotlight - Cyber incident classification: RiskBusiness’ Mike Finlay explores the need for a separate classification taxonomy to accommodate the plethora of complex and evolving cyber incidents.   Regulatory Update: An update on recent regulatory developments including concerns about DLT, the CMA’s final order on Open Banking and a policy statement from the FCA and PRA on enforcement processes.   Three Lines: the good, the bad and the ugly: Jonathan Howitt offers a critical viewpoint on the Three Lines of Defence model for operational risk management.   Blockchain and risk management: all you need to know: Mark Elkommos from HSBC USA takes us through the potential benefits and pitfalls of the widespread adoption of blockchain technology in financial institutions.   Scenario analysis: challenges and quantitative techniques: Michael Grimwade on the challenges of undertaking scenario analysis, quantitative techniques for producing better estimates of impacts and likelihoods and how to objectively validate them.   Dear CEO: Every month, an anonymous senior executive of a financial services firm writes a letter to the CEO about concerns they have always wanted to raise.

Issue #61

Editor's Letter - Hindsight is a wonderful thing: Nobody understands the benefit of hindsight better than an operational risk manager, writes editor, Carrie Cook   News: Analysis of the major risk-related news stories of the past few weeks, including the latest on the Yahoo data breach, more RMBS fines and a summary of 2017’s risk predictions.   Risk collaboration is the key to success: Collaboration is the only way risk managers can really tackle issues such as cyber, reputational impact and business interruption, says Julia Graham, deputy CEO of Airmic.   Risk models: A general strategy: Operational risk expert Peter Mitic from Santander provides tips on comparing the suitability of risk models in light of recent proposals from BCBS.   Regtech: Tackling regulation with innovation: Everybody’s talking about fintech, but what about regtech? Jan-Maarten Mulder takes a look at how a wave of new companies are working to help address complex financial regulation with innovation.   How self-interest influences our decisions: In their new book, Risky Business, Anna and Mark Withers explain why we are frequently fooled by powerful unconscious biases. Here they look specifically at the overwhelming influence of self-interest on what are supposed to be completely independent and unbiased business decisions.   Case study: The end of the world’s oldest bank?: In a new regular feature slot, RiskBusiness’ Mike Finlay takes a detailed look at the many possible operational risk-related observations of the Banca Monte dei Paschi di Siena case.   If you ask me - 2016: the year political risk Trumped every other: Volatility and political risk may be an opportunity for the revenue side, but it’s a different story for operational risk, writes Howard Stein.   Dear CEO: Every month, an anonymous senior executive of a financial services firm writes a letter to the CEO about concerns they have always wanted to raise. This month: why 2017 should be the year of positive thinking.