Blogs
MetricStream in Amsterdam: Key Takeaways from 3 Days of Conversations with GRC Experts
- GRC
- 04 October 23
7 min read
Introduction
I am delighted to have spent a wonderful three days in Amsterdam with our MetricStream customers, prospects, industry experts, consultants, and solutions providers, with a peer-to-peer round table session on Tuesday, the 26th of September, followed by two days at the #Risk Amsterdam event. Here is a recap of the important highlights and key insights from the sessions that were conducted over the three days.
Executive Roundtable Session
The executive round table session on Designing GRC Programs to Manage Risk and Enhance Operational Resilience saw cross-industry operational risk, legal, and compliance experts from banking and aviation to advanced medical suppliers. Confidentiality was assured through Chatham House rules, so I will not quote specific comments and details here but simply summarize the key challenges and discussion points that were raised and discussed in the following areas:
Compliance
- Challenges faced by dealing on a global basis in different jurisdictions
- Aligning and attempting to comply in a standard and consistent manner across the organization
- The need to string internal cooperation and alignment to address these issues
- The need to use tools such as the MetricStream platform to map your policies and processes to these regulations and standards and drive this standard unified approach.
- Fragmentation and complexity of global management
- No such thing as a zero-tolerance for regulatory compliance as in the real world, there is always cost pressure vs. full compliance
- Struggle with the volume and complexity as to where to focus given daily changing priorities
- Need to engage and align with regulators as appropriate to your industry
Culture
Aligning to the above discussion on international issues, challenges, and management, the attendees shared and reviewed the challenges around:
- The differing international and corporate cultures and the “Human” element of silos and differences; as above, a fragmented view in the current state
- The potential to have a different focus on risk vs. compliance by region
- The differing and ever-changing assessments of risk vs. likelihood
- The strong concern about human corruption and intellectual property rights protection
- The need to keep abreast and be agile with ever-changing sanctions and geopolitical risks
Volume Overload
All attendees agreed to the stated challenge from one of our guests around the simple challenge of dealing with ever-increasing volumes, including the:
- The increasing number of internal controls to test
- Limited resources and budget
- Increasing standards and regulations
- The need to increase efficiency and standardization
- The consistency and transparency required in evaluation
- The need to remove duplication of effort that persists
- The need to deliver and manage effective control execution across multiple divisions and silos of the organization
The Balancing Act of Aligning Goals and Costs
- The costs of managing the ever-increasing volume weighed up against investor pressure to reduce costs, yet also investor pressure for greater assurance and transparency
Operational Resilience and Data
- Multiple regulations and different jurisdictions with slightly different requirements
- Finding the synergy across the operational risk teams is seen as a challenge with operational resilience
- Data integration challenges and alignment are being experienced
- Managing to identify the critical business processes, systems, and assets across the entire organization still presents challenges for some of our attendee
Third-Party Risk and ESG
- Concern with gathering the right data
- Managing the quality of data
- Assessing the right cadence of testing and dealing with change
- What ESG data is being tracked, and how valid is it?
Workshop by Michael Rasmussen
The roundtable discussion was then followed by a workshop with GRC Pundit Michael Rasmussen, “The Father of GRC,” where he further reviewed the above topics with a special emphasis on the “Human Factor.” He discussed in depth:
- The nested supply chain issues of 4th and 5th parties and potential impacts
- The need for the human firewall, that policies need to be detailed, adhered to, and monitored over and over, and that we need to rely on more than just conduct
- The use of AI was reviewed and discussed in appropriate circumstances, and the risks of not using AI and Machine Learning technology
#Risk Amsterdam Event
Then, on Wednesday and Thursday, the 27th and 28th of September, we participated in the #Risk Amsterdam event, and not surprisingly, much the same topics seemed to be the subject of the presentations and conversations. Although we were anticipating a significant focus and questions around the pending Digital Operational Resilience Act (DORA), most of our conversations focused on some of the component elements rather than full DORA compliance and requirements as follows:
- Policy management and aligning policies to regulations and controls
- Financial & SOX controls testing and certification
- IT and Cyber Risk: quantification of cyber risk assessments using FAIR
- Quantification and scenario testing in operational risk management / non-financial risk
- Bow-Tie analysis
- Risk and loss events treatment and reporting
- Managing impact assessments with assets and processes across the organization
- Managing control frameworks, aligning to COBIT, and yet adding your own controls, such as ISO 27001 and NIST Frameworks
- Integrating third party related content feeds into the GRC platform, including Dow-Jones; BMC, Qualys, BitSight, EcoVadis, FinregE, Compliance.ai, Cube, Reg-Room, Sustainalytics, OFAC and Sanctions Lists, among many others
Panel Session on Risk Radar- Unveiling Critical Trends in Risk for 2024 and Beyond
On Thursday afternoon, I joined the panel moderated by Michael Rasmussen with representatives from ABN Amro, Just Eat, and Fiat Republic to share our feedback on the topic “Risk Radar- Unveiling Critical Trends in Risk for 2024 and Beyond.” The big topics discussed were:
- The impact of Environmental Risks such as the extreme European heatwave and forest fires, Libyan floods, and Moroccan earthquakes and the ability to be agile and manage the usually determined low likelihood but high impact events that seem to be seen as ever-more ‘likely.’
- The onward impact on supply chains, such as the Suez Canal blockage, brown-out power outages, and then the encompassing Geopolitical, Market, Economic, and Liquidity Risks arising from the likes of the Ukraine-Russia war and other cold war scenarios such as Taiwan and the potential impacts.
- The reputational loss/ consequence issues around non-compliance on the ‘S’ or Social in ESG with modern slavery, child labor and exploitation, and human rights violations outside Europe as another major risk to manage and contend with.
- IT & Cyber Risk continuing to remain a very high threat, and the focus extended to the requirements of DORA in the risk and ability to recover quickly from technology failures
- The risks around AI, along with the associated ethical concerns and the need to remove bias from algorithm-produced results, to derive fair and equitable solutions that do not infringe on human rights, diversity, and inclusion.
- The risks of AI and benefits of AI with Deep Fakes and criminal spoofing and phishing and the importance of KYC and KYS along with AML were fully reflected upon.
- Regulatory Compliance Risks are also considered a never-ending and growing challenge that is not going away. This significantly impacts the managing and complying of internal costs, with the risk of fines now being made more personal as in the UK through SMCR enforcements on individuals rather than just the corporate fines of the past being reviewed by other global regulators.
- The interconnectedness of these risks was reflected upon and how all these risks can fully impact the supply chain of not just the third party but extended 4th and 5th parties.
On the panel, we shared our views on the strategies to overcome these risks and how, when aligned with the MetricStream platform can provide:
- Clear and transparent reporting
- Drive long-term sustainable goals and implement associated clear policies
- Drive fast, accurate data on emerging risks across the organization
- Use technology to assist predictive analytics and aid human decision-making
- Use technology to manage the vast data requirements and flow
- Need for consistency and standardized taxonomies of data against which to make decisions or a “single-source-of-truth”
- Conduct from the top, human awareness, and training and policy attestations frequently reviewed and updated
- Engage with the regulators early and get involved in the consultation process wherever possible
- Manage risk vs. reward and why more scenario analysis and appropriate quantification in the right areas are required to best determine your risk treatment or adoption
- Regular review policy exceptions due to the changing environment
Needless to say, we on the panel ran out of time on these topics, but MetricStream, through our powerful, fully federated, and scalable data model, is well placed to assist in the improved efficiency, accuracy, alignment, consistency, and transparency of residual risks and managing mitigating actions against a quagmire of external risks that are costly and challenging across all global markets.
While we at MetricStream certainly can’t do everything, we can certainly help to drive consistency, efficiency, and improved management of your company’s Governance, Risk, and Compliance program by enabling the connectedness and providing rich 360-degree views of those connections, driving faster and better quality data and management of resulting treatments and actions to give you the tools to thrive on risk.
Interested to learn how MetricStream can help? Request a demo now!
The above blog is an edited version of an article published by the author on LinkedIn. Read the original version here.
Jump to Topic
Related Resources
Blogs
Elevate Your Experience: 2023 GRC Summit, London, Unwrapped
- GRC
- 27 September 23
5 min read
Introduction
The London edition of the 2023 GRC Summit is all set to take place on October 16th and 17th at the prestigious Royal Garden Hotel. Following the remarkable success of our 2023 Miami edition, where GRC industry experts and thought leaders convened to exchange knowledge and forge valuable connections, we are delighted now to offer you the same experience in London.
Now in its 11th year, the GRC Summit has been the cornerstone of the GRC community, serving as a platform for networking, knowledge-sharing, and the sharing of best practices. It continues to set the standard for the future of GRC. With the compelling theme, "Experience the Power of Connection," this year's Summit will discuss the latest trends and best practices in Connected GRC and the risks and opportunities of artificial intelligence (AI). Prepare to engage with a distinguished global community of risk, compliance, audit, cyber, and ESG professionals for an unmatched experience.
Here’s How to Amplify Your GRC Summit Experience
As we countdown to the Summit, we want to ensure that you have a truly extraordinary experience by providing you with invaluable insights on how to optimize your time. Here is the comprehensive Agenda for the Summit, along with a lineup of our esteemed Speakers. Additionally, we've handpicked a selection of must-attend sessions that promise to be both enlightening and transformative. Don't miss out on these exceptional opportunities.
Keynotes from Our Co-CEOs
The keynote speeches have consistently been a highlight of the past GRC Summits, and this year will be no different.Gaurav Kapoor, Co-Founder and Co-CEO, will share the opening keynote on Experience the Power of Connection, where he will dive deep into how ConnectedGRC is powering agility and resilience through connected, cognitive, and cloud-based risk management.
Prasad Sabbineni, Co-CEO, will share the Product Keynote on Cognitive, Continuous, and Cloud: The Future of GRC. Find out how automated workflows, AI-driven insights, and cloud adoption are revolutionizing decision-making, operational efficiency, adaptive compliance, and more.Expert Panels
We have multiple expert panels lined up, specifically tailored to tackle GRC challenges in today's increasingly interconnected risk landscape. Don’t miss out on:Driving Operational Resilience through Governance, Risk, Compliance, Cyber and Audit, with Chandrra Sekhaar, Chief Audit Executive (EMEA) - SMF 5, Mizuho, Nor Harliza Baharom, General Counsel, Compliance Strategy & Planning, Petroliam Nasional Berhad (PETRONAS) and Jacqui McDonald, CIO Group Finance, RFT Technology, Barclays.
The Changing Role of Internal Audit, with Brandon Wright, Head of Books & Records Audit, Bilfinger SE, Ivan Martinez, Chief Audit Executive, Banco Santander London Branch, and Despina Andreadou, Chief Audit Executive, Eurobank S.A.
The Three Cs of Modern Compliance: Connection, Collaboration, and Culture, with Peter Funck, Head of GRC, Swedish Road Administration, Sophie Dupre-Echeverria, Chief Risk & Compliance Officer, GIB Asset Management, Former – Schroders, Phil Crook, Head of Compliance, Nationwide Building Society, and Nael Kamil Nor Hisham, Senior Manager, Compliance Strategy & Planning, Petroliam Nasional Berhad (PETRONAS).
Ensuring Collaboration Across the Lines of Defense to Strengthen Internal Controls with Fazal Mohammed, Head of ORM - Asset Management, Phoenix Group, Dorothea Liebl, Head of Internal Control Governance, Siemens Energy AG, and Benjamin Rowsell, Head of Enterprise and Operational Risk, Nationwide Building Society.
Innovation and Risk: Encouraging a Risk-Taking Mindset for Business Growth with Philipp Herrmann, Head of Risk Management, Operations Department, Abu Dhabi Investment Authority, Petr Brezina, Head of Company Risk, KBC Asset Management and Sahil Bhardwaj, Group Head of Internal Audit & Risk, British Standards Institution.
Customer Case Studies
Presented by our customers, these real-life success stories provide deep insights into how organizations have successfully navigated the complex landscape of GRC challenges and offer a wealth of knowledge and motivation to propel your own GRC initiatives forward. Make sure to add the following sessions to your schedule.Customer Case Study: Nordea
Brian F. Sørensen, Chief Execution Leader - Group Risk Change Management, Nordea
Jacob Holmehave, Head of Group Risk Office, NordeaCustomer Case Study: Siemens Energy
Michael Gropp, IT Program Manager GRC, Siemens EnergyCustomer Case Study: Nationwide Building Society
Phil Crook, Head of Compliance, Nationwide Building Society
Sarah Harman, Leader - Operational Risk Framework and Systems, Nationwide Building SocietyProduct Sessions
Interested to learn more about the functionalities and benefits of MetricStream’s GRC products? Our product-focused sessions will provide comprehensive insights, empowering you to fully understand the capabilities and business benefits of our offerings. Be sure to be there for the following sessions:Power What’s Next in Enterprise & Operational Risk Management
Power What’s Next IT & Cyber Risk, Compliance Management
Digital Transformation and Operational Resilience: Adapting to New Technologies and Workflows
Digital Operational Resilience: Building Robust Strategies to Safeguard Business Continuity in the Face of Disruptions
Low Code No Code
- Workshop on Enterprise GRC by Design: Blueprint for an Effective, Efficient & Agile Enterprise GRC Management Program
Enterprise GRC is an integral part of an organization's operational framework. When implemented effectively, GRC permeates through every facet of the business, ensuring the consistent attainment of objectives, the management of uncertainties, and the adherence to ethical standards. This necessitates a comprehensive understanding of GRC within the broader context of the enterprise's strategy, objectives, architecture, and processes.
Attend this workshop on 16th October 2023 for comprehensive insights into taking an architectural approach to building your Enterprise GRC program. - Celebrate and Network with Your Peers
Whether it’s at the specially designated peer-to-peer sessions or during the networking breaks, the Summit gives you the opportunity to mingle with your peers and GRC industry experts. On 17th October 2023, join us as we recognize the key achievements of customers and partners in the field of governance, risk, and compliance management as we celebrate the GRC Journey Awards.
See you in London!
The highlighted list above offers just a glimpse of what awaits you. Check out our Agenda to know more. Delve deeper into the expertise of our esteemed speakers. Read: GRC Summit, London, 2023: Meet the Speakers.
If you haven't registered yet, don't miss out—secure your spot now! Register here.
Jump to Topic
Related Resources
Blogs
Unlock the Potential of Knowledge Graphs in GRC
- GRC
- 20 September 23
4 min read
Introduction
In today's dynamic business landscape, the effective management of Governance, Risk, and Compliance (GRC) has never been more critical. GRC challenges have increased as economic, geopolitical, social, healthcare, cybersecurity, and other systemic and internal risks escalate. Results from a joint survey on GRC readiness from global GRC think tank OCEG and MetricStream found that 67% of respondents highlighted the urgent need for integrated processes and technologies to improve their GRC performance.
To this end, knowledge graphs emerge as a sophisticated solution, shedding light on the intricate relationships between a multitude of entities. These structured representations of information span people, places, objects, events, and abstract concepts, offering a holistic view of the interconnected web of knowledge within an organization. So, how can knowledge graphs reshape the GRC landscape? Let's delve into the transformative power they hold.
Why Use Knowledge Graphs in GRC?
Knowledge graphs serve as a potent tool to fortify risk management practices in GRC, facilitating the identification, assessment, communication, management, and automation of risks, empowering organizations to build a robust GRC program through the following.
Identifying and Assessing Risks:
Knowledge graphs empower organizations to pinpoint and assess risks more effectively. Imagine a scenario where a knowledge graph is used to dissect potential risks associated with a specific supplier. By examining the supplier's web of connections, including customers, competitors, and regulatory bodies, organizations can identify nuanced risks such as supply chain disruptions, compliance issues, or even reputational concerns.
Transparent Risk Communication:
Effective risk communication is pivotal in decision-making. Knowledge graphs offer a visual storytelling platform. They enable organizations to convey complex risk profiles to stakeholders in a lucid and succinct manner. Visual representations of these graphs elucidate the connections between different risk factors, enhancing comprehension among both technical and non-technical stakeholders.
Risk Management:
Managing risks is an ongoing process. Knowledge graphs play a pivotal role in monitoring the status of mitigation plans and swiftly identifying emerging risks. Imagine a dynamic knowledge graph that tracks the evolving risk landscape, sending proactive alerts when anomalies or potential threats are detected. This proactive approach empowers organizations to stay one step ahead in risk management.
Automating GRC Processes:
Automation is the cornerstone of efficiency in modern organizations. Knowledge graphs are instrumental in streamlining GRC processes, such as risk assessment and compliance reporting. By automating these tasks, GRC professionals can allocate more time to strategic initiatives and value-added activities, reducing manual overhead.
Practical Applications of Knowledge Graphs in GRC
By seamlessly connecting disparate data, knowledge graphs offer unparalleled insights and efficiency in managing GRC across industry verticals. Here are a few illustrations:
Financial Services:
Picture a financial institution that employs a knowledge graph to unearth and evaluate risks associated with its customers. By capturing granular data on financial transactions, customer relationships, and affiliations with other entities such as banks, it identifies risks like money laundering, fraud, or credit risk. Moreover, the knowledge graph provides actionable insights, enabling personalized risk mitigation strategies and enhanced customer due diligence.
Healthcare:
In the realm of healthcare, precision is paramount. Here, a healthcare entity utilizes a knowledge graph to oversee risks linked to clinical trials. The knowledge graph captures a wealth of data, including details about trials, patient involvement, trial progress, and medical research outcomes. By connecting the dots within this expansive dataset, organizations can optimize patient safety, adhere to regulatory requirements, and expedite drug development processes.
Government:
Government agencies are entrusted with safeguarding citizens and upholding regulations. A government agency harnesses a knowledge graph to automate compliance reporting, which often is a labor-intensive and error-prone process. By consolidating data on regulations, legislative changes, and agency activities, the knowledge graph automatically generates compliance reports for pertinent stakeholders. Furthermore, it facilitates real-time monitoring of regulatory changes, enabling proactive adjustments to policies and procedures.
These examples underscore the versatility and transformative potential of knowledge graphs in GRC. As this technology evolves, we anticipate even more ground breaking applications, further elevating risk management practices. By harnessing the full power of knowledge graphs, organizations can navigate the complex GRC landscape with precision, agility, and foresight.
MetricStream’s AiSPIRE
Have you had the opportunity to witness MetricStream’s AiSPIRE in action yet? If not, don't miss out! AiSPIRE represents a game-changing advancement in the GRC landscape. It uses AI/ML, GRC ontology-based knowledge graphs, and more to transform the way you approach GRC.
AiSPIRE can empower your organization to:
- Remove redundant controls and reduce control tests and costs with AI
- Gain intelligent control insights and enhance processes for scheduling and prioritizing control tests
- Improve risk management by quickly identifying areas that need to be optimized and minimizing potential risks
- Gain insights by asking simple questions using a machine learning-based prompt intelligence
Connect with us to explore the future of GRC powered by AiSPIRE, and discover how it can drive efficiency, agility, and effectiveness in your organization's GRC endeavors.
Request a demo today.
Download Product Overview: MetricStream AiSPIRE
Jump to Topic
Related Resources
Blogs
GRC Summit, London, 2023: Meet the Speakers
- GRC
- 13 September 23
5 min read
Introduction
We are closing in on the big day! Just four weeks to go until the 2023 GRC Summit, to be held on the 16th and 17th of October at the Royal Garden Hotel in London.
During the past decade, MetricStream's flagship event, the GRC Summit, has consistently provided opportunities for the GRC community to connect, share insights, exchange best practices, and, most importantly, set the stage for what's next in GRC. Whether it's an emerging technology, a new process, or a regulation that's going to impact the way you do business, you'll learn about it here.
Now in our 11th year, and after an exciting edition of the GRC Summit in Miami this June, we will now be in London. The two-day event will bring together the most influential risk leaders to discuss the latest trends and best practices in Connected GRC and the risks and opportunities of artificial intelligence (AI). Our theme is "Experience the Power of Connection," empowering you to achieve more as you continue to thrive on risk!
Explore our Agenda.
Get to Know Our Esteemed Speakers
As the foremost thought-leadership event in the GRC space, the GRC Summit consistently showcases some of the most brilliant minds in the fields of risk assessment, compliance management, cyber risk, audit, and environmental, social, and governance (ESG). In the upcoming edition of the summit, we are thrilled to present a lineup of over 30 seasoned experts who will grace our stage to deliver compelling keynote addresses, offer invaluable insights, share best practices, and, most importantly, recount their own enriching GRC journeys.
Scroll down to explore the profiles of a few of our esteemed speakers and gain a deeper understanding of their areas of expertise.
Chandrra Sekhaar, Chief Audit Executive (EMEA) - SMF 5, Mizuho, is a Senior Audit Leader and pacesetter who initiates action and excitement in the controlled compliance and risk-driven environment and removes skepticism and obstacles to advance the business and capture excellence. A firm believer in strategic control impact and a transformational leader and coach, he promotes team values, builds collaboration, and secures buy-in for change.
Jacob Holmehave, Head of Group Risk Office, Nordea, is a former external consultant and keynote speaker within change management and transformation. Today, Jacob is the business owner of the development of Nordea’s new Integrated Risk Management Application (IRMA) – a large digital and cultural transformation that will change the way Nordea works with risk management and compliance within all three lines of defense.
Dorothea Liebl, Head of Internal Control Governance, Siemens Energy AG, has been with Siemens since 1999. She has also served as the Head of Risk and Internal Control at Siemens Global Services and Siemens Real Estate.
David Storey, Vice President - Health, Safety & Environment, dnata, is responsible for the development and implementation of dnata's global HSE strategy as part of the global management team. With over 20+ years of experience in airline, ground operations and safety, David has worked for more than two decades in the Middle East region for large international airlines. David holds an MSc in Aviation Safety and is a member of the Royal Aeronautical Society (MRAeS).
Phil Crook is Head of Compliance, Nationwide Building Society, whose current responsibilities include being the Accountable Executive for the implementation of their first Regulatory Change Management Tool, leading a business-as-usual team that focuses on Risk Insight, Regulatory Developments, Data Analytics, Prudential Compliance and Wholesale Conduct. He joined Nationwide in 2021 following 11 years at Lloyds Banking Group across the three lines of defense, with expertise across Regulatory Compliance, Operational Risk, Retail banking products and Wealth management.
Dr. Jenny J. Birdi, Head of Operational Risk and Risk Strategy UK, HSBC, has been with HSBC for over 25 years. She is currently the Head of Operational Risk and Risk Strategy for the UK ring-fenced bank, having been appointed to this double-hatted role in April 2018. She was previously the Head of Three Lines of Defense Execution for Operational Risk.
Philipp Herrmann, Head, Risk Management, Operations Department, Abu Dhabi Investment Authority (ADIA), is responsible for leading the Operational Risk Management practice for the Department and co-leading Enterprise Risk Management efforts. Joining ADIA in January 2016, Philipp plays a key role in shaping ADIA's risk landscape, including the development of Risk Policies, advancement of Risk Culture, and oversight of the MetricStream application.
Ivan Martinez, Chief Audit Executive, Banco Santander London Branch, is the Head of Internal Audit Santander CIB UK, and is responsible for designing and developing the annual audit plan covering all risks of the investment banking activities in the UK.
Peter Funck, as Head of GRC, Swedish Road Administration, helps the Swedish Transport Administration strengthen the GRC areas by developing and implementing a new department responsible for the management and coordination of the second-line activities as well as general governance and risk frameworks.
Brian Sorensen, Chief Execution Leader - Group Risk Change Management, Nordea, has 25+ years of experience within the banking industry, with a majority spent within project and program management and application implementation and the latest 8 years within non-financial risk management.
Sarah Harman, Leader - Operational Risk Framework and Systems, Nationwide Building Society, has over 20 years of financial services experience. Her responsibilities include being accountable for the setting of the Enterprise Risk Management framework and owning, developing, and maintaining the Societies’ Risk system.
Sophie Dupre-Echeverria, Chief Risk & Compliance Officer, GIB Asset Management, Former – Schroders, is responsible for driving an effective risk culture throughout the company, designing the risk and compliance frameworks, and overseeing risk management and regulatory compliance practices. Sophie joined GIB (UK) with extensive experience in the field, having previously served as Executive Director for Compliance and Operational Risk Control at UBS Asset Management.
Despina Andreadou, Chief Audit Executive, Eurobank S.A., is for the last 25 years the Group Chief Audit Executive of Eurobank S.A, a European banking organization offering universal banking across four countries. Being one of the four Systemic banks in Greece, Eurobank has a strong presence in Bulgaria, Romania, and Cyprus and offers Wealth Management services in Luxembourg and London.
Excited to hear and interact with our speakers? Register now.
Delve into our full lineup of speakers and explore their profiles.
Keynotes from our Co-CEOs
MetricStream leaders Gaurav Kapoor, Co-Founder and Co-CEO, and Prasad Sabbineni, Co-CEO, will also be sharing their insights at the London summit.
If you’re excited about attending – get your ticket now! Register now.
Watch this space for updated information on the speakers, workshops, agenda, and other key highlights of the London GRC Summit.
Jump to Topic
Related Resources
Blogs
Empowering GRC with AI: Unlocking Powerful Use Cases in Risk and Compliance
- GRC
- 18 July 23
7 min read
Introduction
Global businesses spend billions of dollars and allocate a significant percentage of their workforce toward GRC functions. They are also seeking new technologies to optimize and streamline their GRC programs. According to the MetricStream-OCEG market readiness survey, 18% of businesses intend to invest in GRC technologies in 2023, with 29% planning to do so in the next 3 years. However, companies are still finding it extremely challenging to handle the scale and complexity of various GRC requirements due to the constantly evolving regulatory compliance and risk landscapes, along with maintaining the efficiency of the internal audit processes. Additionally, organizations are increasingly seeking proactive ways to assess, predict, and protect against traditional risks as well as emerging ones such as global pandemics, war, calamities triggered by climate changes, etc.
From risk identification and assessment to compliance monitoring and reporting, AI offers a range of possibilities that can revolutionize the way organizations approach GRC. AI capabilities can provide preventive, predictive as well as diagnostic approaches to secure and empower the GRC processes enabling businesses to not only thrive but derive maximum benefits in the present volatile market conditions. AI tools can help forecast events, understand trends, and anticipate occurrences in near real-time by analyzing massive volumes of data to safeguard their business.
We would like to highlight the cutting-edge AI use cases that are reshaping GRC practices, augmenting and streamlining traditional GRC processes, and delivering unprecedented insights, efficiency, and effectiveness.
AI in Risk Management
Recent bank crises have raised concerns about the stability of the banking system and its impact on the global economy. It has highlighted the critical need for policymakers and business leaders to work together to find comprehensive solutions to the challenges faced by the industry.
AI technologies are revolutionizing the way financial organizations approach risk.
- AI technologies can empower financial institutions to mine enormous amounts of distributed data and quickly realize insights that can help them protect against losses and boost ROI for their customers.
- By leveraging large, complex data sets, banks, and financial institutions can develop risk models that are more accurate than those based on standard statistical analysis. AI-based risk management allows banks to predict, assess and mitigate risks more effectively. Also, the AI tool is used to identify patterns in risk events, and issues, and recommend effective controls to mitigate risks.
- Smart automated planning and scoping of risk assessments using historical data analysis and recommendation of risk and controls are the steps towards ensuring continuous risk management. Also, AI-based recommendation of risk treatment strategies makes the mitigation processes more evasive.
- AI models can be used to assess the risk associated with certain decisions or actions. For example, AI models can help businesses evaluate the potential risks associated with entering a new market or launching a new product. Also, an AI system can analyze financial data, customer behavior patterns, and market trends to identify potential credit risks for a lending institution.
AI in Regulatory Compliance Management
One of the key challenges in regulatory compliance is ensuring awareness of regulatory updates. On average, a large financial organization may receive around 200 regulatory alerts per day, often with stringent timelines for the business processes to adapt to the regulation. Traditional processes for regulatory change management cannot track these rapid changes, leading to slower adoption time, and resulting in huge regulatory fines and other compliance risks.
Artificial Intelligence and machine learning algorithms in regulatory compliance can improve data governance, enhance continuous control monitoring capabilities, and automate compliance checks—all of which can reduce the risk of non-compliance. AI-powered systems can provide real-time insights, proactive alerts, and predictive analytics to help compliance functions to identify and address compliance issues more effectively and efficiently.
- Control management in large organizations where several thousand controls are tested is a very tedious and error-prone process. Controls are redundantly tested, leading to an inability to minimize risks proactively and maximize the efficacy of the controls. Control rationalization using AI algorithms evaluates and optimizes the effectiveness and efficiency of control activities within an organization's overall control framework and can provide insights into the effectiveness of controls by analyzing data and identifying trends. For example, AI tools can be used to identify trends in the number of control failures or to identify the controls that are most likely to fail, as well as detect the duplicate controls tested and save cost. AI algorithms can be used to automate the testing of controls to identify patterns in data that may indicate control weaknesses.
- Unsupervised learning algorithms, like clustering or anomaly detection, can identify unusual patterns or outliers in data that may indicate potential compliance issues and classify these issues accordingly.
- With the increasing volume and complexity of new and evolving regulations, it is challenging for organizations to identify specific rules and requirements within regulations that are relevant to their business. Manual processing of regulatory obligations has become untenable. AI tools can accurately identify obligation text from within regulations, extract that text for analysis, and enable human-in-the-loop review of individual obligations for applicability, relevance, and requirements. This empowers organizations to focus faster on the impact analysis and changes required to align their processes with the regulation. Natural Language Processing (NLP) algorithms are employed to process and analyze text-based data, such as regulatory documents. policies etc. It enables the extraction of relevant information, entity recognition, sentiment analysis, and topic modeling, supporting compliance professionals in understanding regulatory requirements, monitoring news for regulatory changes, or identifying potential compliance breaches in textual data.
AI in Cyber Risk and Compliance
AI is rapidly becoming a critical tool in Cyber GRC. In an era of the Metaverse, decentralized ecosystems, cloud instances, mobile, and billions of IOT devices spread worldwide, cyber threats have increased in frequency, complexity, and sophistication. AI-powered systems in cyber risk management can help organizations augment their cyber defense capabilities through advanced threat detection, predictive analytics, and real-time monitoring.
- AI models can be trained to detect anomalies in system behavior that may indicate potential cyber risks. This can be useful in identifying potential security breaches or operational failures.
- AI-powered threat intelligence can identify emerging threats and help to develop mitigation strategies. Simulation techniques like Monte Carlo can help a user to predict losses and their probability of occurrences.
- Continuous monitoring of regulations such as the General Data Protection Regulation (GDPR), and Payment Card Industry Data Security Standard (PCI DSS), can help to comply with IT regulations.
- AI tools bolster the capability of continuous control monitoring and reduce the costs of CCM by automating tasks and improving accuracy. Control mapping can be very accurate with AI algorithms.
AI in Audit Management
Audit management is a critical function for organizations to ensure compliance, identify risks, and drive operational excellence. With the advancement of AI, the audit landscape is undergoing a transformative shift.
- AI tools can bring efficiency and intelligence to the audit program. This can help auditors focus on high-risk areas and reduce the time and cost of audits.
- Recommendation of issues to highlight recurring items and action recommendations can bring efficiency to the operations.
- Fraud detection capabilities are faster with ML algorithms that traverse large datasets and identify irregularities or suspicious patterns, along with learning from historical fraud cases and applying that knowledge to detect similar patterns in new data. This can help auditors identify potential fraud risks and investigate them in a timely manner.
- AI tools can enable auditors to continuously refine their audit procedures and methodologies based on insights generated by AI systems.
Generative AI and LLMs in GRC
Lastly, coming to what’s being hailed as ‘the revolution of the year’—ChatGPT. Both ChatGPT and Bard, examples of generative AI based on LLM (Large Language Models), will also be game changers in the GRC world! LLMs can be employed in several areas—from generating reports and summarizing findings of risk assessment policies to generating ideas for new controls to mitigate the risk of fraud and, most obviously, acting as a guiding chatbot to end users.
MetricStream’s AiSPIRE: AI-Powered GRC to Augment Decision-Making, Prioritization, and Improve Efficiency
AiSPIRE, an industry-first, state-of-the-art cloud-based product offering from MetricStream, can empower your organization’s GRC functions with proactive intelligence backed by powerful AI- algorithms.
By leveraging large language models, GRC ontology-based knowledge graphs, and generative AI capabilities, AiSPIRE has the power to utilize the full potential of an organization’s existing GRC and transactional data. Unlike other GRC tools that rely on manually defined rules and workflows, AiSPIRE effectively utilizes your organization’s data to train advanced machine learning models and AI.
AiSPIRE can empower your organization to:
- Remove redundant controls and reduce control tests and costs with AI
- Gain intelligent control insights and enhance processes for scheduling and prioritizing control tests
- Improve risk management by quickly identifying areas that need to be optimized and minimizing potential risks
- Gain insights by asking simple questions using a machine learning-based prompt intelligence
Interested to know more? Request a demo today!
Download Product Overview: MetricStream AiSPIRE
Jump to Topic
Related Resources
Blogs
The Power of Connection: Reflections from the 2023 GRC Summit in Miami
- GRC
- 11 July 23
7 min read
Introduction
Just a few short weeks ago, on June 13-15, 250+ governance, risk, and compliance leaders braved the Miami heat for the event of the summer: The GRC Summit. I had the privilege of being the MC, and it was invigorating, given the breadth and depth of content, and being face-to-face with so many inspiring leaders.
For two and half days, MetricStream was privileged to host some of the leading minds in GRC – including 50+ speakers – who shared best practices, case studies, and insights on where leaders should focus and what they should prioritize and enjoyed the time to network with colleagues and celebrate as we announced the 2023 GRC Journey Awards winners.
I wanted to share a few highlights and key themes that I experienced. For video highlights and presentations, please visit the 2023 GRC Summit site.
The Power of AI and Automation
If there was one overall theme that surfaced in almost every discussion, it was how artificial intelligence presents an immense opportunity to gain even greater efficiency while at the same time introducing a whole new field of risks to manage and mitigate. Most panels focused on some element of AI – the possibilities to automate, make recommendations, and remediate, as well as the potential risks and rewards.
Of course, AI isn’t new. Many researchers point to British computer pioneer Alan Turing as the father of AI in the 1940s, and we’re all familiar with machine learning for processing vast amounts of data to make decisions easier. Some argue that the history of AI goes all the way back to Plato! (See this fun history from Tableau.)
But the explosion of generative AI with ChatGPT from Open.ai onto the scene last November has changed everything. Nearly every session at the Summit touched on AI in some way:
- How can AI help detect data breaches and protect my company from cyber risk? How can it be used by bad actors?
- Will AI itself be regulated, and how can I keep up with the evolving regulations to use AI in an ethical, governed way? What should I be thinking about now?
- How can I use AI to understand, manage, and gain insights from my vast amounts of GRC and control data – whether it’s internal or external data?
AI’s ability to automate processes like control monitoring, third-party risk evaluation, creation of a common view of risks across your enterprise, and so much more is groundbreaking. (See the discussion of MetricStream’s just-announced product AiSPIRE, below, for more on this aspect!)
Here are two quotes that sum up the depth of discussions around AI.
“We need GRC for AI, not just AI for GRC,” explained Gunjan Sinha, Co-Founder and Executive Chairman, MetricStream.
Prasad Sabbineni, Co-CEO, MetricStream, cautioned on over-regulation. “Use common sense to harness the power of AI before you over-regulate,” he said.
The Inspiration of AiSPIRE
A top highlight of the summit was the launch of MetricStream’s brand-new product AiSPIRE- an industry-first AI-powered, knowledge-centric GRC product designed to gather intelligence from an organization’s existing GRC and risk data to break down siloes and provide guidance to improve the effectiveness of existing programs.
What’s exciting about AiSPIRE is that it connects with any GRC platform, creating connected insights from underlying risk and control data, and providing recommendations to improve the performance of existing risk and control environments.
AiSPIRE stands apart from other GRC tools that rely on manually defined rules and workflows and works by leveraging your organization’s data to train advanced machine learning models and AI. It further can continuously and intelligently sense risk and control deficiencies, patterns of over-testing and under-testing of controls.
The result? AiSPIRE, powered by AI, enables you to anticipate risks with proactive planning and prioritization of risk assessments, control testing, issue, and action planning. We believe it’s a game-changer – and we invite you to learn more about MetricStream AiSPIRE today!
Cyber Risk Management – A Strategic Safeguard
Cyber risk was also a primary topic of focus. Now a critical concern for organizations across all industries – a top 10 risk according to the World Economic Forum, with a data breach cost at a global high of $4.4M according to thinktank the Ponemon Institute – cyber risk was on attendees’ minds. Discussions centered around various strategies to effectively manage it, including:
- Ensuring active risk management to reduce the risk of cyber breaches
- Using cyber risk quantification to measure risk exposure and prioritize cyber risks
- Implementing AI and automation for greater efficiency
- Leveraging continuous control monitoring for improved compliance and security, particularly in the cloud – featuring advice from our guest speakers from AWS
The Regulatory World is Getting More Complex
The current complexities in the regulatory environment, the pace of change along with cross-border compliance and compounding compliance costs was also top of mind.
My favorite quote came from Kellie Bickenbach, Head of Control Assurance, First Citizens Bank. During the session on Effectively Managing Operational Risks Through Control Rationalization for Improved Decision-Making, Kellie said, “I think of a control as hungry mouths that need to be fed. For every control there is care and feeding.”
This summed up the discussion well.
From Risk to Opportunity: Resilience Requires a Connected Approach
Managing risk effectively today has now become a vital asset in strengthening strategic foresight. Viewed through the lens of growth, it represents value and opportunity. But today, risks are interconnected. Viewed in isolation they can lead to hidden and potentially catastrophic consequences.
Gaurav Kapoor, Co-CEO and Co-Founder, best summarized it when he said. “On the surface, tidal islands are like risks. They appear to have no connection but under the water line, they are all connected.”
As organizations strive to attain a competitive edge in the market, a key differentiator will be their ability to implement a connected approach to risk management. This, along with the adoption of technologically advanced GRC tools, will help organizations strengthen their operational resiliency strategies.
The Collective Strength of the GRC Community
True to the theme The Power of Connection, the Summit was also notable for how it united the strengths of some of the best minds in GRC.
- Learning from Success in Action
Nothing excites the GRC community more than watching their peers recount real-life triumphs.
Several of our customers from diverse industries presented their success stories, which served as powerful demonstrations of how organizations have successfully navigated the complex landscape of GRC challenges.
Sessions from the National Credit Union Administration, Guidewire, Apple Bank, Blue Cross Blue Shield of Michigan, Autodesk, and American Fidelity Assurance saw candid conversations on how innovative strategies and continuous improvement helped build proactive approaches to audit, enterprise risk management, compliance, cyber risk management, and third-party risk management.
The showcasing of their achievements not just encouraged their peers, but the learnings will surely serve as a catalyst for the growth and advancement of the entire GRC community.
For example, Jonathan Ruf, First Vice President - Head of Cyber and Information Risk, Apple Bank, speaking about the importance of strong, well-defined processes for technology to perform at its optimal level made the important point that “Technology will only provide visibility to how bad your processes are,” while Michael Cover, Director, Blue Cross Blue Shield of Michigan, reiterated the importance of the frontline in risk management. “Frontline is the cornerstone of risk management. They have all the information and can provide the right intelligence,” he said.
- Awarding GRC Excellence
Another highlight of the Summit was the 2023 GRC Journey Awards. These awards recognize exceptional performance and progress from our customers and partners on their all-important GRC journeys. Outstanding GRC program leaders, visionaries, practice leaders, and partners who championed GRC programs, achieved superior business performance, and created high-value impact through GRC were awarded in four categories: GRC Journey Awards, GRC Visionary Awards, GRC Practice Leader Awards, and GRC Partner Awards.
We congratulate all the winners!
Learn more about the awards and winners.
Connecting with Peers
The Summit also served as a potent networking platform for promoting collective growth, fostering innovation, and driving the field of GRC forward. The sense of collaboration, connection, and community at the Summit amazed me: experts were quick to share how they solved their challenges and sign up to help each other moving forward. The connections did not stop at the Summit.Amidst the bustling atmosphere during networking sessions, GRC leaders and practitioners shared experiences, exchanged best practices, and discussed challenges. The multiple themes and threads of discussion also acted as a major source of encouragement for those who are about to embark on their own GRC journey.
Get Ready for the GRC Summit in London!
As we wrapped up our days in Miami, I heard a lot of “great conference” and “you hit our GRC questions on the head.” All credit goes to the event team for their organization and the superb presenters for sharing their GRC experiences and wisdom.
We’ll be doing it again in October in London! We hope to see you there! Register now.
Learn more on what was discussed at the GRC Summit: Download the presentations. Register to watch the videos.
Jump to Topic
Related Resources
Blogs
Unlock the Full Potential: Your Guide to Maximizing the GRC Summit 2023
- GRC
- 01 June 23
5 min read
Introduction
The GRC Summit 2023 is all set for June 14th and 15th at the Hyatt Regency in Miami. Building on the resounding success of our extremely successful in-person 2022 London Summit, we are thrilled to meet in person in the US after two years of the summit being held virtually,
For over a decade, the GRC Summit has been a beacon for the GRC community, enabling the fostering of connections, sharing of insights, and exchanging of best practices. It has continuously set the stage for what’s next in the world of GRC. Under the compelling theme of Experience the Power of Connection, this year's Summit promises to be our best yet. Prepare to join an esteemed global community of risk, compliance, audit, cyber, and ESG professionals for an unparalleled experience.
Here’s How to Amplify Your GRC Summit Experience
As we enter the exciting final week, we want to ensure that you have a truly exceptional experience with tips on how to make the most of your time. Here is the comprehensive Agenda for the Summit, along with a lineup of our esteemed Speakers. Additionally, we have highlighted some of the top must-attend sessions that you wouldn't want to miss out on.
Keynotes from our Co-CEOs and Co-Founder
The keynote speeches have always been a standout feature of the GRC Summit, and this year is no exception. The opening and closing keynotes on Days 1 and 2 will see MetricStream leaders Gaurav Kapoor, Co-Founder and Co-CEO, Prasad Sabbineni, Co-CEO, and Gunjan Sinha, Co-Founder, and Executive Chairman, sharing their insights along with other industry leaders.
C-level Panels
These are sessions you don’t want to miss! We have several C-level panels across the two days. Here are a few that focus on addressing GRC challenges in the modern interconnected risk landscape.
- Three Lines Model - Trends & Strategies to Drive Efficiency & Growth with Martin Froelick Senior Vice President - Risk Manager, First Citizens Bank, Michael Cover, Director, Blue Cross Blue Shield of Michigan, and Michelle Melendez, Vice President, Aon.
- Modernizing Governance, Risk, Compliance, Cyber, and Audit to Enable Resilience with Brian Fricke, Managing SVP, CISO, City National Bank, Marcelo Cruz, Managing Partner, Yacamy Advisors, and Eileen Fahey, Chief Risk Officer, Fitch Group.
- Building Agile Programs for Enterprise, Operational, and Cyber Resilience in Today's World with Manesh Shah, Vice President, Enterprise Risk Management, CBRE, and Cynthia Klimaszewski, Head of Technology Risk, Silicon Valley Bank, a division of First Citizens.
- Effectively Managing Operational Risks Through Control Rationalization for Improved Decision-Making, with Kellie Bickenbach, Head of Operational Risk Management, Silicon Valley Bank, Patricia Catharino, SVP, Head of Risk Management & Internal Controls, Itaύ U.S. and Caribbean, CCO, Nassau Branch and Varun Agarwal, Director - Enterprise Risk, Western Alliance Bank.
- How AI, Automation, and Emerging Technologies are Impacting Risks and Opportunities with Brian Fricke, Managing SVP, CISO, City National Bank of Florida and Alex Gacheche, Global Head of Information Security, Technology Infrastructure & Emerging Technology Audit, Meta.
- Reimagine Your Compliance Program with a Risk-Based Approach with Ramsey Kazem with Regional Compliance Officer - North America, Andritz, Hemma Lomax, VP, Compliance, Zendesk, and Maxim Soltanov Head of ESG Compliance, Norilsk Nickel USA.
- The Future of Internal Audit: Harnessing the Power of Continuous Automation and Analytics, with Christopher Geiger, Vice President of Internal Audit and Enterprise Risk, Lockheed Martin, Guillermo Finck, Sr. Vice President - Corporate Audit Services , Fiserv Ileana Canlas, CEO, COO – Canlas and Associates, YLIE LLC.
- Managing the 4 Cs of Compliance: Corporate, Culture, Conduct, and Communication, with Emily Wall, VP, Global Ethics & Compliance, Live Nation Entertainment, Carlos Pereira, Head of Governance & Policy, Meta, and Jerry Storey, Principal, Regulatory Compliance & Business Strategy, FedEx Logistics.
Customer Case Studies
These real-life stories, which serve as powerful demonstrations of how organizations have successfully navigated the complex landscape of GRC challenges, offer a wealth of knowledge and inspiration to drive your own GRC initiatives forward. Don’t miss out on:
- National Credit Union Administration Case Study: Designing Your GRC Program to Manage Interconnected Risks, Regulatory Changes, and Audit Requirements presented by Amber Gravius, Director, Office of Business Innovation, and Robert Foster, Chief Information Officer, from National Credit Union Administration.
- Guidewire Case Study: How to Build and Scale a Business Relevant Risk and Compliance Capability, presented by Grace Beason, Director Of Governance, Risk and Compliance, Guidewire Software.
- Apple Bank Case Study, presented by Jonathan Ruf, First Vice President - Head of Cyber and Information Risk, Apple Bank.
- Blue Cross Blue Shield of Michigan Case Study, presented by Nicholas Cannon, Manager of Technology and Operations, and Jason James, Senior Business Systems Analyst from Blue Cross Blue Shield of Michigan.
- Autodesk Case Study, presented by Clyde Tsai, Security GRC Lead, Autodesk.
- American Fidelity Assurance Case Study, presented by Tice Morgan, Sr. Manager, Governance and Compliance, American Fidelity Assurance.
Product Sessions
The Summit offers the opportunity to gain in-depth knowledge of our products. Our dedicated sessions will provide comprehensive insights, empowering you to fully understand the capabilities and benefits of our offerings. Make sure to attend:
- The Future of Connected GRC, presented by Prasad Sabbineni, Co-CEO, Raghuram Srinivas, SVP, Product Management, MS Innovations, and Joy Bhowmick, Head of Research and Development, from MetricStream.
- GRC Optimizer, presented by Raghuram Srinivas, SVP, Product Management, MS Innovations, MetricStream
- Power What's Next in Enterprise & Operational Risk Management, presented by Anand Hanchinamani, Senior Director Product Management, MetricStream.
- Power What's Next in IT & Cyber Risk, Compliance Management, presented by Anil Kumar, Senior Director, Product Manager - IT and Cyber Security, MetricStream.
- Low Code No Code, Kiran Kumar Nakhate, Senior Principal Product & Platform Development Manager, MetricStream
Deep-Dive Workshops
Mark your calendars for June 13th, 2023, as we have a power-packed lineup of three intensive pre-conference workshops led by industry-leading experts in the GRC space. This is an event you will want to attend!
- Enterprise GRC by Design Workshop: Blueprint for an Effective, Efficient & Agile Enterprise GRC Management Program conducted by Michael Rasmussen, GRC Analyst & Pundit · GRC 20/20 Research, LLC.
- GRC at an Inflection Point: Practical Strategies and Approaches to Modern Risk and Compliance, conducted by Chris Mandel, RIMS-CRMP, President and Managing Consultant, Excellence in Risk Management, LLC.
- What’s on Your Roadmap for a “Next Generation” Third Party Risk and Cyber Risk Management Program? Conducted by Linda Tuck Chapman, C3PRMP, CEO, Third Party Risk Institute Ltd.
See You in Miami!
The list above is just a part of what’s on our Agenda. Join us and deep dive into all things GRC! Get to know more about our esteemed speakers. Read: Meet our Speakers- Part 1 and Part 2. Not yet registered? Register now.
Jump to Topic
Related Resources
Blogs
GRC Summit 2023, Miami: Meet the Speakers-Part 2
- GRC
- 18 May 23
7 min read
Introduction
The countdown is getting closer every day! The GRC Summit 2023, to be held on June 14th and 15th at the Hyatt Regency, Miami, is just four weeks away, and we couldn’t be more excited to bring together the GRC community once again to connect and exchange ideas.
MetricStream's flagship event has been at the forefront of the GRC space for over a decade, and this year's summit promises to be no different. This event serves as the premier global platform where you can stay informed about emerging technologies, new processes, and important regulations that will shape your business.
Our theme for this year's event is Experience the Power of Connection, and we are thrilled to have more than 60+ experts lined up to deliver keynotes, provide valuable insights and best practices, and share their GRC journeys.
Get to Know More About our Speakers
Our previous blog highlighted some of the amazing speakers who will be speaking at the Summit. In part 2 of the series, we will be introducing you to a few more of our amazing speakers. So, buckle up and scroll down to learn more about the thought leaders and GRC experts who will be presenting on risk, compliance, cyber, audit, and ESG.
Emily Wall, VP – Global Ethics & Compliance, GRC Operations & Technology, Live Nation Entertainment, started her 24-year career with LNE on the Ticketmaster side, working in various roles and locations. Her current role includes Regulatory & Legal Compliance and Governance, Risk, Compliance Operations and Technology across LNE and its subsidiaries globally. She manages multiple teams across the US & abroad. Live Nation Entertainment (NYSE: LYV) is the world's leading live entertainment company comprised of global market leaders: Ticketmaster, Live Nation Concerts, and Live Nation Media & Sponsorship.
Carlos Pereira, Head of Global Governance and Policy, Meta, brings an unprecedented understanding and knowledge of Governance, Risk Management, Oversight Management, Enterprise Risk Management, Operational Risk, Vendor Risk, and IT Risk. He has over 25 years of industry and risk consulting experience working with Fortune 100 companies. Carlos continues to lead by example in the development of the governance and risk management industries through practitioner excellence. He has several risk management certifications, an MBA degree and is multilingual.
Guillermo Finck, Sr. Vice President - Corporate Audit Services, Fiserv is currently responsible for the Cyber and Tech audit portfolio in Fiserv. Globally, he joined the Corporate Audit Services group in July 2020 to lead the Audit Program for Business Operations, Finance and Shared Services. Previously he has held several leadership roles, including the Head of the Revenue Assurance, Billing, and Reconciliation group at First Data, the Control Officer for Shared Services at the General Counsel’s Office and the Strategy Group, the Managing Director of Compliance at JP Morgan Chase Asset and the Head of Controls for Borrowers Assistance overseeing all controls for loan modifications within the Mortgage Bank among others.
Hemma Lomax, VP, Associate General Counsel, Compliance, Zendesk, leads the Global Integrity and Compliance function. Prior to Zendesk she served as a senior corporate counsel in the Integrity & Compliance team at Snap, Inc. and as a Director in the Global Ethics and Compliance Management team at the Walt Disney Company. Hemma has also served for just over a decade prosecuting financial fraud and corruption with the United States Securities and Exchange Commission (SEC). Hemma is also a British-trained barrister (trial attorney) and has previously worked as Parliamentary Counsel for the UK government and as an advisor at the United Nations for the government of Guyana. Hemma has a Ph.D. in human rights and the laws of war.
Ramsey Kazem, Regional Compliance Officer - North America, Andritz, is Certified Compliance and Ethics Professional and an accomplished attorney. Ramsey present role has a broad range of responsibilities, including preparing risk assessments, implementing program improvements, investigating claims of misconduct, and managing third-party risk. His expertise includes designing, assessing, and implementing compliance programs using a risk-based approach. Prior to his work in compliance, Ramsey was a practicing attorney in Atlanta, Georgia. His legal practice focused on construction law, government contracts, and commercial litigation. During this time, he gained extensive experience assisting businesses with risk management, claims avoidance, and dispute resolution.
Arindam Majumdar, Deputy Chief Risk Officer, Bank OZK, has been instrumental in establishing the Enterprise Risk function at Bank OZK, a $29 BN Commercial Bank headquartered in Little Rock, AR. His current responsibilities include managing the Bank’s Operational, Market, Liquidity, Model and Data Risk and Risk Appetite functions at the Bank. Prior to Bank OZK, Mr. Majumdar was also instrumental in establishing the Enterprise Risk function at Discover Financial Services. Mr. Majumdar has 20+ years in banking experience, having worked in India, Japan and the US. He has previously also worked on Wall Street for JP Morgan’s derivatives trading group.
Jerry Storey, Principal, Regulatory Compliance & Business Strategy, FedEx Logistics, Inc. is responsible for developing programs to foster & measure compliance with the laws and regulations governing the company's activities worldwide. He also represents FedEx Logistics interests before multiple governmental agencies and participates in select trade associations. These include Air Forwarders Association, Express Association of America, and the National Industrial Transportation League. Jerry has worked for multiple major freight forwarders including Expeditors Int’l, Danzas, and DHL Global Forwarding. He has also worked for several of the top 100 importers into the USA such as Woolworth/Foot Locker and Fonterra LTD.
Sanjiv Sharma, Vice President and Chief Audit Executive (CAE), Wolfspeed Inc., takes care of Enterprise Risk Management, Internal Audit, and SOX Compliance. Sanjiv is a Certified Public Accountant (CPA), Certified Internal Auditor (CIA), and Certified Information Systems Auditor (CISA). Prior to joining Wolfspeed, Sanjiv worked with NXP Semiconductor, Freescale, and Motorola in various leadership roles in Finance, Internal Audit, SOX Compliance, and Pricing in the US, Malaysia, China, and India. He comes with wide knowledge and experience in review of the design and implementation of Environment, Social, and Governance (ESG) framework, Third-party Risk Management, and Cybersecurity frameworks and leveraging Enterprise Risk Management (ERM) for optimization.
Amber Gravius, Director, Office of Business Innovation, National Credit Union Administration, is the NCUA’s Director of the Office of Business Innovation and Chief Data Officer. In this role, she is responsible for working with stakeholders to deliver improved business processes with secure, innovative, and reliable technology solutions and data to support the NCUA mission. She has also served as Acting Business Innovation Director and as a Supervisory Special Assistant for Business Innovation, representing stakeholders in the development of NCUA’s new Modern Examination and Risk Identification Tool or MERIT. She joined NCUA in 1999 as a credit union examiner and served as a Supervision Analyst, Risk Management Officer, Loss Risk Analysis Officer, and Supervisory Examiner before joining the Office of Business Innovation.
Rodney Campbell, Senior Vice President – Head of Third-Party Risk Management, Valley National Bank, is a recognized industry leader in Third-Party Risk Management (TPRM), Enterprise Risk Management (ERM), Global Strategy & Business Operations. He is a keen business champion dedicated to empowering organizations and business leaders with industry insights and best practices to ensure both regulatory compliance and operational success. Experienced in developing global programs, processes, and cross-functional teams from the ground up and leading projects spanning Asia-Pacific, Latin America, United Kingdom, and North America regions, Rodney creates a high-impact, collaborative environment that eliminates silos and cross borders.
Paul Shotton, CEO, Tachyon Aerospace, holds a Ph.D. in Physics along with more than 30 years of practice in financial market risk analytics and executive leadership. His current roles include CEO of Tachyon Aerospace, an aerospace technology company, and chairman and CEO of White Diamond Risk Advisory, which advises CEOs, boards, and startup companies in the finance and technology sectors. Paul developed his knowledge of markets and honed his insights in high-level trading and risk management positions at financial institutions in major metropolitan hubs, first in fixed-income trading positions at Goldman Sachs and Deutsche Bank in London, and subsequently, in New York, as global head of market risk management at Lehman Brothers and deputy head of group risk control and methodology at UBS.
Hear from Top Analysts and from our Co-CEOs and Executive Chairman
Alla Valente, Senior Analyst, Forrester, and Michael Rasmussen, GRC Analyst & Pundit, GRC 20/20 Research, will be participating in sessions.
MetricStream leaders Gaurav Kapoor, Co-Founder and Co-CEO, Prasad Sabbineni, Co-CEO, and Gunjan Sinha, Co-Founder, and Executive Chairman, will also be sharing their insights in the keynote addresses and panel discussions.
Yet Another Reason to Register!
The Compliance Certification Board (CCB)® has approved the GRC Summit allowing you to earn up to 15.6 live Compliance Certification Board (CCB) Continuing Education Units (CEUs). Learn more.
Get in quickly and grab your ticket! Register now.
Watch this space for updated information on the speakers and other key highlights of the GRC Summit.
Jump to Topic
