From Risk to Success Management: Five Main Points

NOTE: Preregistrants will get a copy of Norman Mark’s ebook: Risk Management for Success. The session will cover some essential principles for effective risk management that contributes to the success of the organization, including: If you only worry about failing, you will fail. Everyone's focus should be on achieving enterprise objectives. Success. Taking risk is what business is all about. But are you taking the right level of the right risks to achieve your objectives? Risk management should enable informed and intelligent decisions, both tactical and strategic. It should help you understand not only potential obstacles but also enablers for success. How do you know whether you are likely to achieve your objectives? Integrate risk and performance monitoring. Risk is a four-letter word. Is it dragging us back?

Norman Marks

Business Continuity Risk Management

Technology dependency is growing as banks simply can’t operate without resilient technology infrastructure. Consequently, emergency management remains a hot topic in banking as technology provides a ripe playground for business disruption. This session provides an overview of business continuity management, incident response, and pandemic preparedness so a foundation of business continuity risk management can be put in place. Policies are reviewed and best practices outlined to maintain continuity and achieve a successful IT examination in this important area.

Dr. Kevin Streff

Vendor Management Stablecoin Best Practices

With the enactment of the GENIUS Act and the integration of payment stablecoins into banking operations, regulators anticipate that financial institutions will exercise the same level of vendor oversight for stablecoin partners as they do for any critical third-party service providers. This 60-minute session offers a practical and regulator-friendly framework for performing due diligence on stablecoin service providers, including issuers, custodians, blockchain infrastructure providers, and on-chain analytics companies. Centered on the five-stage Interagency Third-Party Risk Management (TPRM) lifecycle, the presentation guides participants through the processes of planning, due diligence, contract negotiation, ongoing monitoring, and termination, with stablecoin-specific enhancements incorporated at each stage. Prior knowledge of blockchain technology is not necessary. The fundamental message is clear: the risks associated with stablecoins are essentially familiar risks presented in a new format, and the framework currently used by your institution is an appropriate starting point. Each participant will receive a supplementary due diligence toolkit comprising five independent documents ready for immediate use within their institutions. Due Diligence Checklist - features more than 145 elements organized into 26 categories of risk, structured by lifecycle phase and type of partner, along with criteria for acceptance and the reasons for regulatory compliance for each item. Risk Quantification Scorecard - is an engaging spreadsheet designed to evaluate inherent risks, the effectiveness of controls, and residual risks, generating narratives for board reports automatically. Examiner Narrative Templates - include five editable documents that address risk appetite declarations, compliance memos for different lifecycle stages, specific evaluations of stablecoins, alignment with the GENIUS Act, and summaries for continuous monitoring. Board Reporting Template - presents a quarterly dashboard layout featuring risk indicators, monitoring checklists, tracking for remediation efforts, and confirmation sign-offs. Executive Summary Handout - condenses the complete framework into a two-page guide for senior management, addressing the required actions for banks, expectations from examiners, and the distinctions between due diligence for stablecoins and traditional vendor management.

Scott Grow

Vendor Risk Automation - An Innovative Approach

Third party management is time consuming and expensive. So much of these vendor reviews are manual and it is difficult to keep track of everything. Join this session for the first reveal of the Compliance Alliance SPARC tool that provides the automation for your bank’s vendor management program. From vendor selection through management, documentation tracking to reporting, the SPARC platform provides intuitive wizard technology and remediation tracking to ensure efficiency in your third party management program.

Dr. Kevin Streff

Risk Management in Emerging Technology

Explore stablecoins and digital assets through a bank risk and regulatory lens. This session examines the evolving U.S. framework, including the GENIUS Act, CLARITY Act (proposed), and recent supervisory guidance, and translates regulatory expectations into actionable risk management practices. Attendees will explore governance models, control design, third-party oversight, liquidity and reserve considerations, operational resilience, and compliance integration. The focus is on building defensible, exam-ready programs that enable disciplined innovation while protecting balance sheets, customers, and institutional reputation.

Dana Lawrence, CIA, CRMA, CFSA, CAMS, CRVPM, CCA

Data Privacy Risk Management

Data privacy is the next big investment financial institutions need to make, including developing and implementing an Information Privacy Program (IPP). The foundation of that program is data management: what data do you have on a consumer, and what systems and processes it is used in. Without knowing this information, your institution cannot conduct a privacy assessment, determine incidents for the incident response plan, identify controls to look for in vendors, etc. Attend this session to understand what data management is and how to build a data management program. The session provides: Overview of data management Overview of an Information Privacy Program (IPP) Overview of data mapping tools Description on how to use the mapped data to feed privacy risk assessments Overview of how to build data maps Overview of how to risk rate your data

Dr. Bruce Upton

IT and Cyber Risk Management

IT Risk Assessment has long been problematic as understanding security threats, impacts, probabilities, and controls is an ever moving target. Further the Cybersecurity Assessment Tool (CAT) has been sunset, but cyber risks persist. Attend this session to understand the requirements, evaluate the options, and create an efficient, actionable IT and cyber risk plan for your bank. Special attention is paid to integrating the cybersecurity assessment into your bank’s IT risk assessment, creating even further efficiencies. Do not fall out of compliance and use this webinar as your definitive plan to move forward.

Dr. Kevin Streff

Panel

Dr. Kevin Streff

Amber Winthers

Scott Grow

Dr. Bruce Upton