Skip to main content

XLoD 2022 Agenda

XloD Londondates


XloD Londondates


XloD Londondates




Welcome to the XLoD Global 2022 interactive agenda.

XLoD Global London consists of a pre-event virtual day with interactive roundtables for participants on zoom, and two days in-person at etc. venues Houndsditch. To view roundtables for the virtual day click here. To explore the full agenda for the in-person day, use our interactive agenda below. Alternatively, you can download a full PDF agenda using the button on the right. 

XLoD Global 2022 In-Person Agenda - 16 & 17 November

  1. 60 mins
    • How well are banks managing the evolution and expansion of non-financial risks?
    • What are the challenges with building new or expanded risks into existing risk management frameworks?
    • Does the expanding mandate of risk and control functions require better collaboration between the 3 lines of defence?
    • How can risk and control practitioners leverage technology to streamline the operating model?
  1. 30 mins
    Sponsored by OneTick
  1. 40 mins
    • How can 1st Line Risk & Control functions effectively determine how many people they need to manage the key risks in the businesses they support?
    • Is there a natural tension between the evolving mandate of the 1st Line control function and the desire to right-size the function? How can this be justified to regulators?
    • How can banks balance the amount of regulatory remediation work in the 1st line in order to become an effective challenge function?
  2. 40 mins
    •  Do you expect the evolution of market abuse surveillance to be driven by regulation, internal cost drivers or demand for better risk management?
    • In which areas of surveillance do you see the greatest opportunity to increase the scope of coverage?
    • How can surveillance functions find the capacity to innovate whilst maintaining the BAU processes required to manage regulatory risks?
    • What are the greatest opportunities for surveillance functions to collaborate more effectively with other control functions?


  3. 40 mins
    • How can outcomes from investment into conduct and culture be measured accurately?
    • What are the tangible conduct and culture improvements that can be observed and measured?
    • How are financial institutions identifying cause, making use of lessons learned, and measuring trends?
    • Is there still work to do in the industry on culture and conduct?
  4. 40 mins
    • How should  financial institutions be thinking about risks associated with ESG?
    • What should the roles and responsibilities be within financial institution in relation to those risks, and particular, what is the role of Compliance?
    • What are the immediate priorities and how should financial institution go about mitigating the risks associated with ESG? What steps are required, and what needs to be implemented?  
    • What is the future state and key considerations for financial institutions going forward in relation to risk associated with ESG?
  1. 40 mins
    • With finite resources, how can banks develop to meet regulatory expectations including maintaining a high-quality, forward looking, evolving and BAU risk and control function – whilst delivering impactful initiatives to the business?
    • Is there a natural tension between increasing technological innovation and fulfilling BAU requirements?
    • How can risk & control functions better collaborate with technology teams to ensure successful delivery of controls change management?
    • When 1st line are being asked to do more, with less, why wouldn’t external transformation consultants or vendors be an effective resource for delivering impactful change management?
  2. 40 mins
    • What does risk based surveillance mean in practical terms?
    • Is it feasible for banks to cease their surveillance on low risk individuals?
    • What is the regulatory support for taking a risk-based approach?
  3. 40 mins
    • How should banks mitigate the risks of misconduct through voice channels when employees and clients are working from disparate locations?
    • What are the key metrics required to provide surveillance teams with effective risk based indicators?
    • What are the challenges of storing and using vast amounts of voice surveillance data with vast amounts of surveillance data still siloed?
    • How can automation be utilised to monitor and analyse larger percentages of populations’ communications to reduce the necessary levels of random sampling?
  4. 40 mins
    • How should control functions be collaborating better when thinking about their resilience planning?
    • To what extent should financial institutions be building resilience into systems and products from the outset and building resilience into the architecture of the institution?
    • Where should ownership and management of resilience lie in the organisation?
    • To what extent can resilience functions advise regulators about efficient and effective oversight programmes?
  1. 50 mins
    • How might regulation develop over the next five years? And how can regulators become more forward focussed and horizon scan for future risks?
    • Will Culture & Conduct remain the major focus for regulators?
    • What are the different approaches to thinking about culture and behavioural science in the US vs Netherlands and Europe? 

    • How do we expect regulations in important areas such as ESG, resilience, and digital assets continue to grow?
    • How can regulators enable regulatory certainty, enabling banks to make multiyear risk management frameworks, whilst remaining dynamic to emerging risks?
  1. 30 mins
    These Roundtable Discussions are carefully managed interactive discussions on specific topics. These sessions must be booked in advance.
  2. 30 mins
    • How are banks able to identify upcoming new risks? Is a constant review of operational risk frameworks and RCSAs essential to identifying new risks?
    • How frequently should banks be conducting horizon scanning? How can banks ensure the results are actionable?
    • From a regulatory development perspective, who should own horizon scanning, 1st line or 2nd line? Or how should the two lines work closer to understand the potential development in regulations and how these affect risk & controls?
  3. 30 mins
    • Do banks need to do additional testing in the 1st Line?
    • How can banks avoid marking their own work? How can the 1st Line Risk & Control functions ensure they are independent assuring the business that controls work?
    • How should 1st line be building out testing and assurance work to make it complementary to 2nd and 3rd Line assurance? Wargaming, Scenario Analysis, Live testing
    • To what extent is the current 2nd line testing and assurance regime not evolved enough and just a QA process around the 1st line testing?
  4. 30 mins
    • How are banks developing industry best practice for the roles and responsibilities of the 1st & 2nd lines?
    • What is the regulatory and industry view regarding the 1st line taking more responsibility from the 2nd line?
    • Should banks be taking a top-down approach when defining the principles and expectations of the lines of defence?
    • To what extent is there currently an unrealistic accountability and expectation placed on the 1st line?
    • Should costs be cut in the 2nd and 3rd lines to compensate for 1st line’s increasing accountability?
  5. 30 mins
    • How can firms harmonise controls and redesign the processes to increase coverage, efficiency and effectiveness?
    • Does there need to be a regulatory imperative to drive control digitisation? And do ‘run the bank, change the bank’ conflicts lessen the desire to adopt further digitisation?
    • How are firms implementing advanced technology solutions that allow for ongoing risk monitoring in a BAU state?
    • To what extent has the adaption of legacy taxonomies to reflect today’s operational risk environment affected multiple downstream processes and control procedures?
  6. 30 mins
    • How should banks be reducing false positives by tuning/re-tuning parameters to balance risks?
    • Should surveillance recalibration follow more formal model risk governance processes?
    • To what extent is calibration, and re-calibration, more important than strategic initiatives such as implementation of a contextual model?
    • How often should calibration be conducted? And what tools can be used to ensure these are based on an ongoing monitoring of the scenarios’ effectiveness?
  7. 30 mins
    • How should banks be building capabilities to ensure that they are capturing, storing and indexing required communications data?
    • How can teams justify sufficient coverage to regulators and audit teams when adopting a risk-based approach?
    • How can financial institutions keep up with the expansion of new communication channels?
    • How do banks ensure all communications take place within official channels and are appropriately recorded?
  8. 30 mins
    • What’s on the near term horizon/what can be expected from advancements in voice tech in the coming years?
    • What is the evolving skillset for effective voice surveillance?
    • How does your organisation mitigate the risks associated with unmonitored communications on personal mobile devices?
    • Is there a minimum sample size expectation for voice coverage?
  9. 30 mins
    • How are regulators globally moving towards establishing best practice for surveillance regulation?
    • Is it possible for banks to deploy a global, ‘golden standard’ across all regions?
    • How can you have confidence that the regional branches are doing everything they should?
    • What is the divergent regulatory expectation on the management, review, and escalation of false positives?
    • What does the future of surveillance regulation look like?
  10. 30 mins
    • To what extent are data issues the single biggest challenge to surveillance effectiveness?
    • Are banks capturing all the trade data and data from communications channels?
    • How can arrangements be made to ensure data quality, curation and access are adequately coordinated?
    • Are Buy v. Build decisions unduly affected by data quality issues?
  11. 30 mins
    • How can banks create consistent metrics while allowing for nuances across different trading businesses?
    • Can the industry create standardised Conduct Risk measurement in the same way as Market and Credit Risk metrics?
    • Should Conduct Risk be defined at a group or individual desk level?
    • How can key conduct management information and behaviour metrics enable a risk-based approach to conduct risk?
  12. 30 mins
    • Does what we measure directly correlate to overall cultural strength and weakness? Or are measurement metrics selected because they are more readily available?
    • How well do conduct dashboards highlight issues at sub-culture level? How can firms sufficiently map their cultures and sub-cultures?
    • What is good practice in identifying unacceptable sub-cultures and bringing them into acceptable norms?
  13. 30 mins
    • Who should be leading the banks conduct risk framework and agenda?
    • How have control functions across all 3 lines worked together to manage conduct risk during the unprecedented disruptions in recent years?
    • How can you measure the total cost of controls for the conduct risk programme, group wide?
    • What lessons have been learnt from the conduct programmes deployed to date and how should banks be looking at conduct risk over the next 3 years?
  14. 30 mins
    • What steps can internal audit functions take to effectively assess risk based controls?
    • To what extent will there always remain a requirement for sample based testing?
    • How can internal audit functions partner with 1st and 2nd line functions in order to effectively place assurance on risk based controls?
  15. 30 mins
    • How can firms ensure compliance with new global ESG-related standards, ensuring more credible corporate disclosures?
    • To what extent can banks turn net zero pledges into near-term action to reduce reputational risk?
    • What are the most important skills for practitioners working in ESG Risk? Is there a lack of controls expertise in ESG?
    • How can banks ensure ESG Risks are taken into account when establishing, implementing and maintaining effective reporting within the firm and with third parties?
  16. 30 mins
    • How can business heads retain oversight of critical services when so many data and infrastructure functions are outsourced?
    • Do banks really understand the risks created through their myriad of 3rd and 4th party relationships?
    • Can you effectively manage resilience and privacy risk exposure when information travels to 3rd parties and beyond?
  1. 15 mins

    How we're using AI/ML to predict and help prevent operational losses,  and understand when processes are likely to fail so we can target investment to drive the greatest financial and operational return.

  2. 15 mins
    How Theta Lake customers improve capture, record keeping, and compliant communication by turning UC features like video, chat and whiteboards on instead of off for their end users.
  3. 15 mins

    VoxSmart: Are the recent SEC fines transforming Wall Street’s WhatsApp policy?

    • A brief overview of the SEC fine, events leading up to and after
    • Examples of how our clients are handling WhatsApp use – perhaps a quick show of hands to see who in the room is monitoring WhatsApp
    • A quick look at how the market and regulation might evolve in the coming years

    Presenter: Oliver Blower, Group CEO, VoxSmart

  1. 40 mins
    • The importance for risk functions to develop and retain trust with business stakeholders
    • How should financial institutions create risk and control functions that act as business enablers?
    • What are the opportunities to create confident front office decision making through effective governance?
    • Aligning risk and control functions to support business decisions
    • The role of effective governance in building trust with disparate stakeholders
  2. 40 mins
    • Given the growing volume of trading venues, how can banks ensure they have complete governance over communications that occur on disparate venues?
    • How are banks ensuring coverage of communication channels which are routinely releasing updates with new functionality?
    • Can you ensure compliance whilst managing the evergrowing temptation to use social media and mobile devices?
    • How can banks ensure that their surveillance functions have a completeness of data across all venues? Who should have appropriate ownership and responsibility for completeness of data?
  3. 40 mins
    • What insights does behavioural science provide that can help financial institutions improve conduct?
    • How can behavioural science-based approaches help to effect behavioural change in organisations?
    • What are the key behavioural indicators which can be used to assess whether conduct programmes have had a lasting impact on an organisation?
  4. 40 mins
    • What are the opportunities for Internal Audit functions to leverage AI and data analytics technology for identifying trends?
    • How can Internal Audit functions move towards more Intelligent Risk Identification?
    • Should Internal Audit be championing the capture and visualisation of risk and control Data across the entire bank?
  1. 30 mins
    Sponsored by OneTick
  1. 40 mins
    • With the return to the office and recent regulatory action, are there heightened regulatory expectations around supervising teams?
    • How should banks be re-calibrating their controls in order to manage the return to traditional operating models?
    • How should banks be leveraging technology in order to ease the return to traditional operating models?
  2. 40 mins
    • What kind of hidden threats can banks identify through the integration of trading activity with client data?
    • Do these integration initiatives present technology budget savings or simply the better identification or risk?
    • Is integration possible in a meaningful way without leveraging machine learning or are the data sets too large?
  3. 40 mins
    • To what extent should banks extend their surveillance programs to non-Sales & Traders for potential misconduct? Particularly those with potential access to MNPI such as Legal and Compliance?
    • What are the regulatory expectations regarding surveillance of non-regulated individuals?
    • Where should banks be prioritising their surveillance coverage?
  4. 40 mins
    • What are the practical issues and challenges of auditing culture? And how do firms focus on what’s beneath the iceberg?
    • How do culture audits enable financial institutions to understand their conduct risks and why re-engineer them?
    • What are Internal Audit teams doing to encourage 1st Line ownership in strengthening culture and conduct?
    • What does Internal Audit see as key indicators of cultural strength/weakness?
  1. 40 mins
    • Does there need to be a regulatory imperative to drive control digitisation? And do ‘run the bank, change the bank’ conflicts lessened the desire to adopt further digitisation?
    • Are risk managers prepared to give up head count once control digitisation is delivered? • Is control digitisation a false efficiency, as regulators will require further independent assurance that controls are being effectively managed?
    • Should RPA be better utilised to automate highly manual jobs to create more interesting jobs for risk & control practitioners?
  1. 2nd Floor, Main Lobby
    85 mins
  1. 50 mins
    • How can financial institutions demonstrate to regulators that the correct culture, values and purpose is embedded in their organisations and metrics?
    • How can the 3 lines ensure incentivisation of proper staff behaviours leading to positive customer outcomes and high ethical standards?
    • What is the impact of digitisation on financial sector culture, and how has the pandemic-induced changes impacted culture & conduct?
    • Culture change is not a new phenomenon. Therefore is the culture change being championed by banks successfully changing conduct and improving control within the industry?
  1. 10 mins
  2. 10 mins
  3. 50 mins
    • How can banks integrate a more efficient operating model to manage risk data across the 3 lines of defence?
    • To what extent can banks better leverage cloud-based technology and drive more efficient data management?
    • What are the regulatory expectations for managing risk data across the 3 lines of defence?
    • How can banks ensure they have appropriate investment levels to effectively manage their risk data?
    • Does the current operating model of the 3 lines of defence have the correct skillsets for the management of risk data?
  1. 40 mins
    • How can banks ensure operational risk management retains the necessary independence to challenge risks when operational risk tasks are migrating to the 1st line?
    • To what extent does the changing definition of the roles of operational risk functions remain a challenge to conducting operational risk management?
    • What does the future of operational risk management look like?
    • How have technological advancements changed operational risk team’s ability to provide independent check and challenges to risks?
  2. 40 mins
    • In the wake of Market Watch 68, how should banks be re-examining their fixed-income surveillance programmes?
    • How significant is the risk of cross-market manipulation in fixed-income markets?
    • What are the solutions to the challenge of capturing disparate data from multiple trading venues?
    • Why are legacy surveillance capabilities inadequate for fixed-income products?
  1. 15 mins
    How OneTick customers create consolidated order book replay displays from venue provided RTS24 datasets.
  2. 15 mins
  1. 40 mins
    • Why are 1st line surveillance teams important and if so, what is the strategic advantage of some banks retaining all their surveillance capabilities in Compliance?
    • Is there a conflict of interest between surveillance in the 1st line and the compensation of 1st line control teams who report into the business?
    • How can banks ensure their market abuse training is effective and tailored to the risks associated with the desk, asset classes traded, client types, and other relevant factors?
    • How can the technology bridge a gap between the 1st line control and 2nd line surveillance functions?
  2. 40 mins
    • Why is trade reconstruction so challenging? And have the recent regulatory fines increased the regulatory expectations on reconstructing trades?
    • What is the scope of regulatory expectations globally for trade reconstruction?
    • Should banks be building dedicated trade reconstruction capabilities to capture, index and publish the required trading and communications data needed?
  3. 40 mins
    • Is having a clear corporate purpose and values important? Can these be made impactful rather than be seen as Corporate communications and virtue signalling?
    • Are there changing expectations from stakeholders, including employees, clients, investors and wider society that need to be considered? What are the risks and rewards of reflecting these?
    • What is the expectation of regulators around a firm’s purpose and values, and how can progress be demonstrated?
    • How are embedding purpose and values built into the activity of a firm, and what needs to change to ensure traction?
  4. 40 mins
    • How can financial institutions embed a strong data-led system for an effective risk and control framework?
    • To what extent is data still the most significant challenge facing ESG?
    • How can banks practically de-risk the supply chain from ethical, social and environmental factors? Has Scope 3 been factored into the risk and control frameworks?
  1. 30 mins
    These Roundtable Discussions are carefully managed interactive discussions on specific topics. These sessions must be booked in advance.
  2. 30 mins
    • Can 1st line teams be responsible for maintaining BAU controls and ad hoc projects & firefighting incident management?
    • How can banks strike the balance between centralising 1st line teams, whilst maintaining effective business partnerships?
    • Do current 1st line risk & control functions have sufficient resources and skill sets to manage nonfinancial risk?
    • Should 1st line control functions be creating bespoke dashboard tools or leveraging existing GRC technology?
  3. 30 mins
    • What are the best practices for alignment of 1LOD control functions to the enterprise GRC programme?
    • How should operational risk functions be engaging the 1LOD functions in the enterprise GRC programme without adding to workload of the business?
    • If the responsibility for effective GRC is moving to the 1st line, what is the role of operational risk?
  4. 30 mins
    • What are the key controls banks should build to govern their Electronic Trading businesses?
    • How do Algo’s operating in real time impact the effectiveness of model validation governance?
    • How can banks adapt and enhance their conduct risk frameworks to provide effective controls for algorithmic trading business?
  5. 30 mins
    • How can 1st line teams move away from being the control office and towards being a true non-financial risk challenge function?
    • In what ways can the 1st line shift from episodic risk evaluation to a more real-time risk management function?
    • To what extent has an annual review of risks failed in certain areas? How can a daily BAU assessment of risks help understand the growing complexity of the business?
    •  Should banks be working with other firms to create an industry platform that collates risk assessments and controls to ensure potentially known risks aren’t missed?
  6. 30 mins
    • Holistic become integrated become contextual - is the terminology a reflection of the dilution of ambition in the industry?
    • Is the comprehensive integration of communication and trade surveillance data a realistic technological possibility?
    • Can the integration of communications with trading data more accurately detect cases of market abuse?
    • How can banks effectively enrich their data to optimise the analysis of trading and communications activity?
  7. 30 mins
    • To what extent is the development of surveillance capabilities too challenging for banks to develop in-house?
    • What are the key considerations to factor in to ‘Buy vs Build’ decisions across a technical control architecture?
    • How should banks best leverage vendor innovation and integrate external technology with legacy systems?
    • If using a third-party solution, how can banks be assured the alert parameters are tuned correctly?
  8. 30 mins
    • To what extent can workflows and visualisation tools ease the integration of sources to better uncover hidden relationships and identify potential risks?
    • What are the main challenges with developing workflow and visualisation tools?
    • By applying advanced analytics to data sources, does visualisation present opportunities to reduce false positives allowing for the prioritization of higher-risk alerts?
  9. 30 mins
    • Why should banks surveil for non-financial misconduct and culture issues?
    • What are the operating model considerations for this type of surveillance?
    • What other challenges exist with respect to monitoring for non-financial misconduct and culture issues?
    • How can banks best align surveillance strategy with corporate strategy
  10. 30 mins
    • To what extent are regulatory expectation for voice surveillance not as high as e-comms and trade surveillance?
    • Are banks who aren’t investing time and effort into voice surveillance missing indicators of market abuse, as people are less guarded on calls?
    • How can banks ensure adequate coverage of voice surveillance on disparate communications channels, such as Teams, WhatsApp and Signal?
    • What accuracy levels should be expected?
  11. 30 mins
    • Why do we need this capability?
    • How should banks be using behavioural insights within the business?
    • To what extent is the development of a behavioural insights capability too challenging for banks to develop in-house?
  12. 30 mins
    • What does good practice with respect to a culture change capability look like?
    • How do firms influence culture and are they doing it effectively today?
    • What is the role of leadership in driving culture and is it the most important factor?
  13. 30 mins
    • Why is cognitive diversity important with respect to conduct and why are the regulators interested in driving change in this area?
    • We have been talking about diversity in the banking industry for decades. Why is it still an issue?
    • What impact will this FCA’s sixth question have on financial services firms and how will it affect conduct risk management? (Is your management team diverse enough to provide adequate challenge and do you create the right environment in which people of all backgrounds can speak up?)
    • Is the lack of diversity approached differently in US, EMEA and the APAC regions?
    • Are senior leaders afraid to have conversations about race in the workplace?
  14. 30 mins
    • How can internal audit take an forward-looking and strategic approach to evolve ahead of the wider organisation to stay relevant and deliver insights?
    • To what extent is it possible for internal audit to be adaptive to technological progression, whilst maintaining assurance of BAU requirements?
    • Should internal audit be anticipating regulatory and legislative changes to understand their impact on the wider risk profile?
    • Can the industry agree on what a good internal audit function looks like? And do the current internal audit practices match up to that?
  15. 30 mins
    • How can firms successfully embed ESG into risk and control metrics?
    • To what extent are current operating models making ESG issues a core part of strategy and embedding ESG standards into internal processes?
    • Actively engaging with ESG goals to create a robust and resilient business 
    • How can banks ensure that ESG risks are a lens through which all decisions are made?
  16. 30 mins
    • Do businesses need to be more data literate to ensure data risks are effectively managed?
    • How can AI & ML help accelerate automation and efficiency?
    • To what extent can banks better leverage cloud-based technology and drive more efficient data management?
    • Are risk and control functions missing risks by not aggregating all relevant datasets?
  1. 40 mins
    • Is face-to-face contact still an expectation for supervisors and their teams?
    • To what extent can supervisors proactively mitigate emerging and evolving risks such as areas of climate-related risks?
    • How are supervisors managing the risks of unmonitored communications whilst employees are WFH in roles which historically would have been office based?
    • Can the industry converge on a minimum standard for 1st line supervisory metrics in the same way as exists across the industry for financial risk types? Is it up to third parties to benchmark the industry standard?
  2. 40 mins
    • Is the comprehensive integration of communication and trading activity data a realistic technological possibility?
    • Can the integration of communications with trading data more accurately detect cases of market abuse?
    • How can banks effectively enrich their data to optimise the analysis of trading and communications activity?
  3. 40 mins
    • Are existing governance frameworks, technologies and application controls sufficient for the challenges posed by digital assets?
    • How can banks navigate the fragmented regulatory landscape in order to establish a golden standard for digital asset risk frameworks?
    • To what extent is the current risk and control operating model adequate to manage risks for digital assets?
    • How can banks ensure they fully understand the necessary crypto risk management due diligence for clients, counterparties, and liquidity providers?