From GRC to regulatory compliance: best practices

In this interactive roundtable we will discuss how financial institutions can adopt a unified GRC framework for regulatory compliance and the latest approaches to optimise efficiency and cost saving.

In this interactive roundtable we will discuss how financial institutions can adopt a unified GRC framework for regulatory compliance and the latest approaches to optimise efficiency and cost saving.  

You will learn how to break the silos across different operational risks within banks that could range from IT, Data, resilience, fraud, third party, conduct, regulatory, organizational change, geopolitical to HR. Each of these operational risks has become more complex than ever and hence require attention within  the GRC framework, especially when it comes to regulatory compliance.    

Steven Low Weng Haw

Chief Risk Officer

Prince Bank

Mr. Steven brings with him more than 28 years working experience in the Financial Services Industry, encompassing Risk and Credit Management, Credit Evaluation, Account Management, Research and Data Analytics. He has served in both local and foreign banks as Chief Risk Officer.

Mr. Steven holds the professional qualification in ICSA from the Institute of Chartered Secretaries and Administrators, and a Diploma in Commerce (Business Management) from Universiti Tunku Abdul Rahman.

Thumbnail
Philip Woo

CRO

Tokio Marine Life Insurance Singapore

Philip Woo is the Chief Risk Officer and oversees corporate governance and risk management in Tokio Marine Life Insurance Singapore (TMLS). He has over 26 years of experience in the financial sector, and began his career at MAS before joining the insurance industry. Over the period, he has played leadership roles in Enterprise Risk Management (ERM), Business Continuity & Crisis Management, Outsourcing/Vendor Risk Management and Technology Risk Management (TRM). He currently chairs the Governance, Risk and Compliance Committee (GRCC) at TMLS, and oversees the managing of operational, financial and strategic risks in the company. In addition to risk management, Philip has a wealth of experience in strategic planning, financial technology and payment system matters.

Efe Cummings

Global Head of Operational Risk

Nomura

Executive Summary

  • Risk Manager with 15 years global and regional experience in Operational Risk Management, new business risk management and implementing and overseeing strategic and regulatory change initiatives. 
  • Experience in developing, implementing and overseeing global risk management frameworks, including leading several global transformation projects to enhance risk management frameworks, risk culture and governance.
  • Deep understanding of investment banking and wealth management businesses, products and inherent non-financial risks.
  • International experience with work experience US, EMEA and Asia markets and an ability to communicate, operate and influence across countries and cultures.
  • Strong communication skills with senior management, regulators, internal and external stakeholders.  Periodically prepared and deliver reports to Board and Executive level management as well as articulate approach and framework to multiple of regulators.
  • Track-record in establishing and communicating the value proposition and commercial relevance of a strong risk management framework to senior management and as a result drivin improved risk culture, awareness and embedding.                                                                                  

Professional Experience

Nomura Group

Global Head of Operational Risk, 2019 – present

  • Design, implement and oversee the operating effectiveness of the Operational Risk Management Framework in Nomura Group’s global businesses and subsidiaries.
  • Oversee global team of 50 in Japan, Asia, EMEA and Americas.
  • Provide an independent assessment of Operational Risk to Nomura Group Board and senior management, including forward looking view of top and emerging risks.
  • Developed the firm’s strategy and execution of a new Non-Financial Risk Framework.  Oversaw development and implementation of a new Non-Financial Risk Taxonomy, Risk Appetite Framework and roles and responsibilities across 3LOD.
  • Advise and challenge senior management on operational risk exposures in their business and corporate functions.
  • Develop systems, technologies and quantitative methods to improve management of Operational Risk globally.

Nomura International (Hong Kong) Limited, Hong Kong

Head of Operational Risk Management, Asia ex-Japan, 2015 – present

  • Oversee and manage the implementation of Nomura’s global Operational Risk Framework in Asia-ex Japan.  .
  • Oversee regional team of 7.
  • Provide senior management with overview of the Operational Risk profile for AEJ. 
  • Face-off to regional regulators such as HK SFC, Singapore MAS, Korea FSS and others.
  • Oversee and participate in internal investigations as member of the Internal Investigation Committee.  Conduct forensic deep-dives and interviews on varied cases such as potential fraud, whistle blowing, client complaints and market abuse.

Head of New Business, Asia ex-Japan, 2018 - 2019

  • Oversaw and managed the implementation of Nomura’s New Business Approval framework in Asia ex-Japan, including new product approval, significant transaction approval and reputational risk committees.
  • Managed team of 6 based in Hong Kong and Singapore.
  • Face-off to heads of business to challenge around key strategic risk and due diligence issues.
  • Managed development of Approved Product List for internal and regulatory use.

Chief Administrative Officer Risk Management, Asia ex-Japan, 2015 – 2019

  • Co-ordination and submission of annual budget and investment plans and monitoring spend against budget throughout the year. 
  • Identification and delivering of cost saving initiatives.
  • Preparation of presentations for AEJ CRO for regional town hall meetings, regulatory interactions and executive management. 
  • Oversaw key change projects including system implementation and remediation of control issues.

Nomura International plc, London, UK

Global New Business Division COO, 2012 – 2014

  • Developed the Group New Business Approval Policy covering Wholesale, Asset Management and Retail Divisions by working with group company executives such as Global CFO, CLO, CRO and business division management.   The policy was approved by the group Board and was the first group wide policy for new business approval for the firm.
  • Developed a new product and complex transaction approval process for the Global Wholesale business by working with business leadership in Global Markets and Investment Banking.  Created procedures, led IT development of a workflow tool and an approved product database and developed global training.  Resulted in a globally consistent approach to new product approval and increased efficiency in approval of cross-border business.

EMEA Head of New Business, 2011 – 2014

  • Implemented new product and transaction approval in the EMEA business, managing a team of 7 (1 ED, 3 VPs, 3 Associates). 
  • Improved efficiency and control around the approval processes by documenting procedures and reducing bureaucracy as measured by improved turn-around times, positive feedback from business lines and reduction in operational risk events or errors as a result of new product launches.
  • Led interaction with and managed regulatory audits conducted by Bank of England (PRA), UK Financial Conduct Authority, Bank of Japan and JFSA.  Successfully provided assurance to regulators of the robustness of new product approval process as measured by limited remediation points during a period when regulators were requesting external audits on all focus areas.
  • Improved oversight of risk and returns of new and complex products by developing product back-testing, whereby revenue generated by products were assessed after one year.  Presented findings to regional Board and business leadership, resulting in certain non-performing businesses lines being discontinued or altered.  As a result, management was provided assurance that business lines were accountable for introducing new products, processes and operational risks to the firm. 

Senior Risk Manager, Operational Risk Management, 2009 – 2011

  • Implemented the Operational Risk Framework in Global Markets and Investment Banking following acquisition of Lehman Brothers EMEA business. Worked with business line COOs and managed operational risk team of 3 individuals to develop the risk and control self-assessments by desk, implement key risk indicators and operational risk event investigation and reporting.  Operational Risk Framework was rolled-out to the businesses lines within 6 months of integration. 
  • Initiated and developed reporting for monthly risk and control meetings by regional business line which reviewed the operational risk profile front to back with representatives from all corporate departments, resulting in improved ownership of operational risk.  Expanded regional meetings to global product lines by working with Global Heads of Trading and corporate departments, coordinating with regional ORM and developing a cross-regional aggregated risk profile.  Meetings were led by head of business, demonstrating ownership of Operational Risk by first line of defense.
  • Created front-to-back trade process maps by aggregating information between IT, Operations, and trading.  Documented key controls and manual processes, which provided senior management with detailed view on infrastructure requirements.

Deloitte & Touche, London, UK

Manager, Financial Services Advisory, 2006 - 2009 

  • Advised clients on implementation of credit, market and operational risk management frameworks; advised clients on implementation of Basel II and CRD requirements.  Clients included leading universal banks, investment banks, asset managers, hedge funds and regulators.  
  • Advised on the integration of the operational risk management function with corporate security and technology risk for a leading European universal bank. Assisted in integrating Sarbanes-Oxley procedures into operational risk functions.  
  • Developed credit risk policies and procedures for a US bank starting a new deposit taking and lending institution in the UK.
  • Project managed implementation of transaction reporting tool for a leading Swiss investment bank.
  • Assisted a European brokerage in developing counterparty, operational and credit risk management around its margin lending business.
  • Developed and implemented the internal capital adequacy assessment process (ICAAP) for more than 10 banks, investment managers, securities brokers and asset managers.
  • Developed a post-merger target operating model and project plan for the integration of global Compliance functions of two leading banking groups.
  • Clients included UBS, Lloyds, ING, Barclays, RBS and various investment managers.

Export-Import Bank of the United States, Washington, DC, USA

International Business Development Office, 2002 - 2004                                                       

  • Conducted marketing and sales activities to increase Ex-Im Bank financing in southeast Europe.  Oversaw an increase in business activity by 90% and 75% in 2002 and 2003, year on year.
  • Arranged and structured and trade finance with banks, private companies, and governments.  Arranged balance sheet loans, letters of credit, secured lending, and project financing.
  • Analyzed financial statements and cash flow projections to determine creditworthiness of counterparties and projects.
Thumbnail
Stephen Fox

Head of IBM Risk Analytics Pre-Sales, Asia Pacific

IBM ASIA PACIFIC

Stephen leads IBM’s Risk Analytics pre sales team in Asia Pacific. His team manage the pre-sales activities for the financial and non financial risk solutions of the IBM portfolio. Stephen is an experienced risk and IT professional with over 15 years industry experience. He has a deep knowledge of the Governance Risk and Compliance (GRC) domain with a strong focus on Operational Risk and Compliance. Stephen has worked for both software vendor and client, which has given him a unique first hand experience of the challenges and business benefits of implementing risk solutions. Stephen has performed numerous risk engagements across South East Asia within Australia, Singapore and Malaysia.
Prior to joining IBM, Stephen was an Executive Risk Manager at Australia’s largest bank, CBA, where he supported the banks AMA accredited Operational Risk Model, Analytics framework and OpenPages implementation.

Grace Tan

Partner

KPMG

Grace is a Partner with the Regulatory Risk practice in KPMG Singapore with over 15 years of experience in the financial services industry, specializing in regulatory compliance reviews of financial institutions.

Prior to joining the Regulatory Risk practice, she was with the Audit Practice for 3 years, specializing in the audits of banks and financial institutions.  

Professional and Industry Experience
Grace has led various audits of banks and financial institutions, including SAS 70 audits, with key focus on consumer and corporate banking, as well as fund management services. She possesses extensive audit experience, spanning across various divisions covering the full spectrum from the front office to risk management, operations and accounting as well as regulatory compliance.

Grace has advised and supported various financial institutions in their licence applications with the Monetary Authority of Singapore (“MAS”). Such support included drafting/reviewing business plans to ensure they address key focus areas which MAS considers in reviewing the licence application, preparing relevant materials to facilitate the applicants’ discussions with the regulator, as well as reviewing existing key policies and procedures of their Head Office to evaluate whether they are in line with local regulatory requirements and fit-for-use by the proposed Singapore operations.

Most recently, she was the lead Partner supporting several digital bank and payment services licence applications with the MAS, including the development of strategy, business plan and financial projections, designing key risk management plans and exit strategies as well as drafting and reviewing of the full licence application submissions. 

Grace has also led numerous regulatory and compliance reviews of financial institutions, including those relating to anti-money laundering and counter-financing of terrorism. Her recent projects included the review of the risk and control frameworks of the private banking business of 2 foreign banks, where she focused on the processes and controls surrounding client and product suitability, sales surveillance, customer due diligence, head office governance and credit risk management.

In recent years, she has focused on the development of technology-enabled solutions to help financial institutions address regulatory risks and challenges. Notably, she co-led the development of KPMG Regulatory Integrated Solution (KRIS), an integrated end-to-end regulatory reporting solution which provides reporting, technical and operations support for the key suite of regulatory reports prescribed by the MAS. She has led the implementation of KRIS for several banks, including performing data gap analyses to evaluate the accuracy of existing data and identify new data required, carrying out data mapping documentation from data sources to KRIS data model as well as providing advisory support to the banks on reporting definitions and requirements. 

Another notable project which Grace was actively involved was a review of the transactional banking business of a foreign bank where the bank had intentions to expand its transactional banking business in Asia Pacific region. The review included the evaluation of all regulatory and operational implications arising from the introduction of transactional banking products and services, recommendation of appropriate actions to address those regulatory and operational considerations and provision of industry best practices and regulatory “hotspots”. 

Grace is also a frequent speaker at both KPMG public and in-house training seminars on topics relating to regulatory requirements, and also provides advisory support to KPMG’s financial services audit teams on regulatory matters

Discussion points

Discussion points will include:   

  • Compliance strategies to meet new regulatory environment- key challenges
  • Redesigning governance strategies for regulatory compliance
  • How to avoid letting complex tools of inconsistent capability burdened first line of defense
  • What should and can be done to improve compliance process with the firms?
  • How to identify statistical algorithmic within AI for regulatory compliance
     
Who should attend?

The event is designed for senior risk management and finance professionals. Job roles include, but are not limited to:

  • Risk Management
  • Compliance
  • Enterprise Risk
  • Liquidity Risk
  • Operational Risk
  • Regulation


While audience participation isn't required, we want this online session to be as interactive as possible and encourage attendees to ask questions and make comments.

About Risk.net think tanks

Risk.net think tanks are virtual roundtables designed exclusively for senior executives. These virtual events provide an intimate, board room style setting for executives to discuss a specific trend or challenge in order to develop the best course of action to address it. The discussion is conducted under Chatham House rules which means it is off the record hence participants can share their views openly, freely and anonymously.

Risk.net would welcome senior practitioners to take part to exchange idea with peers and to move forward together during uncertain times.

Register for this interactive roundtable

This interactive roundtable is reserved for senior level executives. You will be notified if your registration is successful.

While audience participation isn't required, we want this online session to be as interactive as possible and encourage attendees to ask questions and make comments.

Please contact us if you have any question or wish to book by email: