XLoD 2022 Agenda


The Future of Non-Financial Risk & Control across the 3 Lines of Defence

15 Nov 2022: Virtual Day      
16 - 17 Nov 2022: In-person Day, etc.venues, 133 Houndsditch, London

Welcome to the XLoD Global 2022 interactive agenda.  Please use the filter button to change the visibility of topics and types of features that were on offer each day.  To return to the full agenda, showing all streams please remove filters using the ‘x’ button.

More About XLoD Global                                                          Book your ticket.

    • Across the 3 Lines
    • How well are evolving non-financial risks being monitored and managed? And do boards have sufficient independent assurance?
    • What are the challenges with building evolving risks into enterprise risk management (ERM) frameworks?
    • With the expanding mandate of risk and control functions, how can the 3 lines of defence collaborate more efficiently in their risk and control management?
    • How can risk and control practitioners leverage technology to streamline the operating model?
    • 1st Line Risk & Control
    • Market Abuse Surveillance
    • Managing Conduct Risk
    • Emerging Risks
    • 1st Line Risk & Control
    • Market Abuse Surveillance
    • Managing Conduct Risk
    • Emerging Risks
    • 1st Line Risk & Control
    • How can 1st Line Risk & Control functions effectively determine how many people they need to manage the key risks in the businesses they support?
    • Is there a natural tension between the evolving mandate of the 1st Line control function and the desire to right-size the function? How can this be justified to regulators?
    • How can banks balance the amount of regulatory remediation work in the 1st line in order to become an effective challenge function?
    • Market Abuse Surveillance
    • What are the greatest opportunities for surveillance functions to collaborate more effectively with other control functions?
    • Which areas of surveillance do you see the greatest opportunity to increase the scope of coverage? 
    • How can surveillance functions find the capacity to innovate whilst maintaining the BAU processes required to manage regulatory risks? 
    • Do you expect the evolution of market abuse surveillance to be driven by regulation, internal cost drivers or a demand for better risk management?
    • Managing Conduct Risk
    • How can outcomes from investment into conduct and culture be measured accurately?
    • What are the tangible conduct and culture improvements that can be observed and measured?
    • How are financial institutions identifying cause, making use of lessons learned, and measuring trends?
    • Is there still work to do in the industry on culture and conduct?
    • Emerging Risks
    • How have unprecedented disruptions changed the way that financial institutions are thinking about ESG?
    • How do banks ensure that the operating model prioritises ESG as the lens though which all business decisions are made?
    • To what extent can culture frameworks be combined to incorporate ESG values, particularly the ‘S’ in ESG?
    • To what extent can financial institutions comply with international ESG guidelines whilst establishing a golden standard for ESG?
    • 1st Line Risk & Control
    • With finite resources, how can banks develop to meet regulatory expectations including maintaining a high-quality, forward looking, evolving and BAU risk and control function – whilst delivering impactful initiatives to the business?
    • Is there a natural tension between increasing technological innovation and fulfilling BAU requirements?
    • How can risk & control functions better collaborate with technology teams to ensure successful delivery of controls change management?
    • When 1st line are being asked to do more, with less, why wouldn’t external transformation consultants be an effective resource for delivering impactful change management?
    • Market Abuse Surveillance
    • What does risk based surveillance mean in practical terms?
    • Is it feasible for banks to cease their surveillance on low risk individuals?
    • What is the regulatory support for taking a risk-based approach?
    • Managing Conduct Risk
    • How should banks mitigate the risks of misconduct through voice channels when employees and clients are working from disparate locations?
    • What are the key metrics required to provide surveillance teams with effective risk based indicators?
    • What are the challenges of storing and using vast amounts of voice surveillance data with vast amounts of surveillance data still siloed?
    • How can automation be utilised to monitor and analyse larger percentages of populations’ communications to reduce the necessary levels of random sampling?
    • Emerging Risks
    • How should control functions be collaborating better when thinking about their resilience planning?
    • To what extent should financial institutions be building resilience into systems and products from the outset and building resilience into the architecture of the institution?
    • Where should ownership and management of resilience lie in the organisation?
    • To what extent can resilience functions advise regulators about efficient and effective oversight programmes?
    • Across the 3 Lines
    • How might regulation develop over the next five years? And how can regulators become more forward focussed and horizon scan for future risks?
    • Will Culture & Conduct remain the major focus for regulators?
    • How do we expect regulations in important areas such as ESG, resilience, and digital assets continue to grow?
    • How can regulators enable regulatory certainty, enabling banks to make multiyear risk management frameworks, whilst remaining dynamic to emerging risks?
    • 1st Line Risk & Control
    • Where is the industry in moving towards real-time risk identification and remediation?
    • Is there a business appetite to invest in the technology needed to provide supervisors with real time alerts?
    • Is there a regulatory expectation that bank move towards the real time identification & management of risk?
    • How can banks achieve the right scope and depth for RCSAs allowing firms to identify and assess the most material risk and controls?
    • Market Abuse Surveillance
    • Given the growing volume of trading venues, how can banks ensure they have complete governance over communications that occur on disparate venues?
    • How are banks ensuring coverage of communication channels which are routinely releasing updates with new functionality?
    • Can you ensure compliance whilst managing the evergrowing temptation to use social media and mobile devices?
    • How can banks ensure that their surveillance functions have a completeness of data across all venues? Who should have appropriate ownership and responsibility for completeness of data?
    • Managing Conduct Risk
    • What insights does behavioural science provide that can help financial institutions improve conduct?
    • How can behavioural science-based approaches help to effect behavioural change in organisations?
    • What are the key behavioural indicators which can be used to assess whether conduct programmes have had a lasting impact on an organisation?
    • Internal Audit
    • What are the opportunities for Internal Audit functions to leverage AI and data analytics technology for identifying trends?
    • How can Internal Audit functions move towards more Intelligent Risk Identification?
    • Should Internal Audit be championing the capture and visualisation of risk and control Data across the entire bank?
    • 1st Line Risk & Control
    • With the return to the office, are there heightened regulatory expectations around supervising teams?
    • How should banks be re-calibrating their controls in order to manage the return to traditional operating models?
    • How should banks be leveraging technology in order to ease the return to traditional operating models?
    • Market Abuse Surveillance
    • What kind of hidden threats can banks identify through the integration of trading activity with client data?
    • Do these integration initiatives present technology budget savings or simply the better identification or risk?
    • Is integration possible in a meaningful way without leveraging machine learning or are the data sets too large?
    • Managing Conduct Risk
    • To what extent should banks extend their surveillance programs to non-Sales & Traders for potential misconduct? Particularly those with potential access to MNPI such as Legal and Compliance?
    • What are the regulatory expectations regarding surveillance of non-regulated individuals?
    • Where should banks be prioritising their surveillance coverage?
    • Internal Audit
    • What are the practical issues and challenges of auditing culture? And how do firms focus on what’s beneath the iceberg?
    • How do culture audits enable financial institutions to understand their conduct risks and why re-engineer them?
    • What are Internal Audit teams doing to encourage 1st Line ownership in strengthening culture and conduct?
    • What does Internal Audit see as key indicators of cultural strength/weakness?
    • Across the 3 Lines
    • Does there need to be a regulatory imperative to drive control digitisation? And do ‘run the bank, change the bank’ conflicts lessened the desire to adopt further digitisation?
    • Are risk managers prepared to give up head count once control digitisation is delivered? • Is control digitisation a false efficiency, as regulators will require further independent assurance that controls are being effectively managed?
    • Should RPA be better utilised to automate highly manual jobs to create more interesting jobs for risk & control practitioners?
    • Across the 3 Lines
    • How can financial institutions demonstrate to regulators that the correct culture, values and purpose is embedded in their organisations and metrics?
    • How can the 3 lines ensure incentivisation of proper staff behaviours leading to positive customer outcomes and high ethical standards?
    • What is the impact of digitisation on financial sector culture, and how has the pandemic-induced changes impacted culture & conduct?
    • Culture change is not a new phenomenon. Therefore is the culture change being championed by banks successfully changing conduct and improving control within the industry?
    • 1st Line Risk & Control
    • How can banks ensure operational risk management retains the necessary independence to challenge risks when operational risk tasks are migrating to the 1st line?
    • To what extent does the changing definition of the roles of operational risk functions remain a challenge to conducting operational risk management?
    • What does the future of operational risk management look like?
    • How have technological advancements changed operational risk team’s ability to provide independent check and challenges to risks?
    • Market Abuse Surveillance
    • In the wake of Market Watch 68, should banks be re-examining the effectiveness of surveillance programmes?
    • Is the susceptibility of cross market manipulation in Fixed Income markets the biggest risk of market abuse?
    • Catching disparate data from multiple venues
    • Why are legacy surveillance capabilities inadequate for Fixed Income products?
    • Managing Conduct Risk
    • When re-defining existing rules-based alerts, how can financial institutions ensure a range of contextual information is incorporated into the findings?
    • What kind of behavioural metrics are banks considering and how can those behaviours indicate the potential for market abuse?
    • How can firms apply a more risk-based approach to surveillance in order to reduce false positives? • Is innovation in understanding behavioural approaches to surveillance aimed at an individual level?
    • Emerging Risks
    • How can banks integrate a more efficient operating model to manage risk data across the 3 lines of defence?
    • To what extent can banks better leverage cloud-based technology and drive more efficient data management?
    • What are the regulatory expectations for managing risk data across the 3 lines of defence?
    • How can banks ensure they have appropriate investment levels to effectively manage their risk data?
    • Does the current operating model of the 3 lines of defence have the correct skillsets for the management of risk data?
    • 1st Line Risk & Control
    • Market Abuse Surveillance
    • Managing Conduct Risk
    • Emerging Risks
    • 1st Line Risk & Control
    • Market Abuse Surveillance
    • Managing Conduct Risk
    • Emerging Risks
    • 1st Line Risk & Control
    • Why are 1st line surveillance teams important and if so, what is the strategic advantage of some banks retaining all their surveillance capabilities in Compliance?
    • Is there a conflict of interest between surveillance in the 1st line and the compensation of 1st line control teams who report into the business?
    • How can banks ensure their market abuse training is effective and tailored to the risks associated with the desk, asset classes traded, client types, and other relevant factors?
    • How can the technology bridge a gap between the 1st line control and 2nd line surveillance functions?
    • Market Abuse Surveillance
    • Why is trade reconstruction so challenging? And have the recent regulatory fines increased the regulatory expectations on reconstructing trades?
    • What is the scope of regulatory expectations globally for trade reconstruction?
    • Should banks be building dedicated trade reconstruction capabilities to capture, index and publish the required trading and communications data needed?
    • Managing Conduct Risk
    • Defining purpose, purposefulness, and values
    • How can financial institutions demonstrate to regulators that the correct values are embedded in their organisations?
    • Unintended consequences - greenwashing, retaining talent, individual/team level, and the ‘S’ in ESG
    • To what extent can financial institutions link purpose to assessments, and what needs to change?
    • What is the link between Leadership and a purposeful culture?
    • Emerging Risks
    • How can financial institutions embed a strong data-led system for an effective risk and control framework?
    • To what extent is data still the most significant challenge facing ESG?
    • How can banks practically de-risk the supply chain from ethical, social and environmental factors? Has Scope 3 been factored into the risk and control frameworks?
    • 1st Line Risk & Control
    • Is face-to-face contact still an expectation for supervisors and their teams?
    • To what extent can supervisors proactively mitigate emerging and evolving risks such as areas of climate-related risks?
    • How are supervisors managing the risks of unmonitored communications whilst employees are WFH in roles which historically would have been office based?
    • Can the industry converge on a minimum standard for 1st line supervisory metrics in the same way as exists across the industry for financial risk types? Is it up to third parties to benchmark the industry standard?
    • Market Abuse Surveillance
    • Given lexicon-only approaches are point-in-time, how can financial institutions ensure evolving behaviours are not missed?
    • How important is the use of metadata to identify trends and patterns across the language used within communications?
    • Whilst NLP has progressed in recent years, can the technology accurately determine the relevance of a piece of ecomms to a particular set of trades?
    • Managing Conduct Risk
    • Is the comprehensive integration of communication and trading activity data a realistic technological possibility?
    • Can the integration of communications with trading data more accurately detect cases of market abuse?
    • How can banks effectively enrich their data to optimise the analysis of trading and communications activity?
    • Emerging Risks
    • How can banks navigate the fragmented regulatory landscape in order to establish a golden standard for digital asset risk frameworks?
    • To what extent is the current risk and control operating model adequate to manage risks for digital assets?
    • Are existing governance frameworks, technologies and application controls sufficient for the challenges posed by digital assets?