Business Continuity Planning and Operational Risk Management for

www.centralbanking.com/kualalumpur

Since 1999, Central Banking Publications has organised annual residential training courses/seminars, which have been attended by more than 4,500 central bankers and supervisors from over 140 countries.

Course Chairman Fot Chyi WongFormer Executive Director, Risk and Technology Office, Monetary Authority of Singapore

Series Advisor Charles GoodhartProfessor EmeritusLondon School of EconomicsFinancial Markets Group

2–4 December, Kuala Lumpur, Malaysia

Business Continuity Planning and Operational Risk Management for Central Banks

Business Continuity Planning and Operational Risk Management for Central Banks1. Delegate details: PLEASE WRITE IN CAPITALS

Mr/Mrs/Ms: Surname/Family name:

First name:

Job title:

Department:

Organisation:

Address:

Postcode:

Telephone:

Facsimile:

Email 1:

Email 2:

Please provide us with the direct email address of the delegate and an additional email address if possible. This is very important because all correspondence with delegates is by email.

Invoice: If you select this option an invoice will be sent to you by email and by post. If you would like to provide different details to the above for the invoice please notify us when sending back the booking form.

Credit card: please charge £2,300 to my Visa Mastercard American Express

Card No: Security Code:

Cardholder name: Expiry date:

Cardholder address (if different from above):

Signature: Date:

2. Payment details:

Course fee: £2,300

Terms & Conditions: A refund (less 10% administration fee) will be made if notice of cancellation is received in writing three weeks before the event. We regret that no refunds can be given after this period. In addition delegates are wholly responsible for obtaining any necessary entry visas and refunds cannot be given as a result of non-attendance arising from a failure to secure such visa. A substitute delegate is always welcome at no extra charge. The programme may change due to unforeseen circumstances, and Incisive Media reserves the right to alter the venue and/or speakers. Incisive Media accepts no responsibility for any loss or damage to property belonging to, nor for any personal injury incurred by, attendees at our conferences, whether within the conference venue or otherwise. Data protection: by registering for a Central Banking training course you will receive further information relating to this event. In addition we will send you information about our other relevant products and services which we believe will be of interest to you. If you do not wish to receive other relevant information from Incisive Media via a particular medium please click the following relevant boxes: mail phone fax email Incisive Media will also allow carefully selected third parties to contact you about their products and services. If you do not wish to receive information from third parties via any of the following media please tick the relevant boxes: mail phone . Please tick if you are happy to receive relevant information from carefully selected third parties by email and fax . Registered Office Haymarket House, 28 – 29 Haymarket, London, SW1Y 4RX UK. Registered in England and Wales number 4252091 VAT No. GB 756 9781 65P.

I have read and agree to the terms and conditions below.

Signature: Date:

04 Business Continuity Planning.indd 2-3 03/09/2014 17:00

Thursday 18 April

Targeting ‘Right’ Practice


Defining operational risk for central banksMa Regina Fajardo, Director and Chief Risk Officer, Central Bank of the Philippines Responsibility for financial stability and the integration of new departments are just two examples of an increasing array of new activities, covering a multitude of areas, that central banks find themselves performing in today’s uncertain world. These tasks not only strain already busy departments but expose central banks to a wide collection of financial and non-financial risks. Several of the latter, notably those related to reputation, have an importance that is difficult to overstate. The result is an elevated and changing operational risk profile. This session looks at how one central bank has constructed a framework for identifying, managing and mitigating operational risks. The speaker, who has extensive experience within risk management, will discuss how operational risk can be defined within the wider risk management framework at a central bank crossing, as it does, management and business lines.

Co-ordination with private sector institutions Asif Mahmood, BCP Coordinator, State Bank of Pakistan Central banks do their own business continuity planning, but they also typically have a responsibility for the financial sector as a whole. Whether this responsibility is explicit or implicit, it presents a number of challenges for the central bank, not least how broadly to define “the financial sector”. In this session, the speaker will outline how plans can be developed and tested within a central bank and how central bankers, financial institutions and other stakeholders in society can work together to identify and handle common operational risks. The speaker will also draw on their experience from their own institution where it has become required practice for banks and development finance institutions to submit certain information, including treasury activity arrangements, frequency of testing, details of desktop exercises and detailed information on where their BCP was required to be activated in a live situation.

A practical approach to enterprise risk management (ERM)Ma Regina Fajardo, Director and Chief Risk Officer, Central Bank of the Philippines An effective ERM system is one that is tailor-made for the organisational structure and culture. As such it provides an ideal way to align operational risk management and business continuity with the business itself. In this session, the speaker will describe how an effective ERM framework, charter and manual was developed and implemented in their central bank around four major pillars (paradigm, roles, methods and templates) to achieve a threefold objective: providing senior management with a comprehensive assessment of risks essential in formulating and prioritising of sound and prudent policy proposals to the board; promoting risk management consciousness in bank operations; and monitoring overall performance of enterprise risk management.

Tuesday 2 December

Identifying and Surveying the Risk Landscape


Dear Delegate,“Effective risk management provides an environment for calculated risk taking and innovation. Good risk management contributes to institutional success”.Geoff Bascand, Deputy Governor and Head of Operations, Reserve Bank of New Zealand, July 2014

The regular occurrence of natural and manmade disasters and cyber attacks repeatedly reminds us of the importance of ensuring effective business continuity and operational management.

The year 2014 has been no exception to this and once more central banks have been tested on their preparedness and, importantly, their ability to react in times of crisis.

The capacity to react effectively and efficiently presents one of the main challenges for central banks, as it brings into focus its position at the apex of the financial structure.

Looked to as a pillar for crisis response in times of an emergency, central banks must be prepared on two fronts. They must maintain security, flexibility and robustness in their own critical operations but they also bear a broader responsibility for operational risk and BCP arrangements in the financial sector. Striking the balance between these two fronts is one of adaptation and fluctuation.

This course, “Business Continuity Planning and Operational Risk Management for Central Banks” is designed to equip delegates with the tools to address this critical issue of operational risk and BCP. The course will highlight successful strategies for operational risk management, emerging trends in enterprise wide risk management, explore how central banks are taking a strong stance against the pressing issue of security threats and discuss what central banks’ work in the area of business continuity planning.

Key sessions consider:

• A practical approach to enterprise risk management (ERM)

• The co-ordination with private sector institutions

• New developments in the defence from cyber-attacks

• The security risks associated with off-site remote working

• Designing business recovery infrastructure• Developing business continuity plans

We are delighted to welcome back as chairman for the course Fot Chyi Wong, who brings a wealth of experience as a former Executive Director for Risk & Technology Management at the Monetary Authority of Singapore.

Speakers include:

• Ma Regina Fajardo, Director and Chief Risk Officer, Central Bank of the Philippines

• Hatem Ibrahim, Head of Risk, Central Bank of Egypt

• Edmund Chong, Departmental Head, Group BCM at United Overseas Bank (UOB), former deputy director Risk Management at Monetary Authority of Singapore (MAS)

Following the format of Central Banking’s world-renowned series, all discussions are held in roundtable format to encourage participants to share their experiences and debate the pressing issues in their field. Each session allows participants opportunities to question expert speakers and to benchmark themselves against good practice internationally.

This format, as more than 4,500 central bankers and regulators can attest, encourages delegates to quiz panellists, raise issues and discuss solutions to the specific challenges they face.

We look forward to welcoming you to Kuala Lumpur on December 2nd.

Yours sincerely,

Robert Pringle Chairman Central Banking Publications

A good course for operational risk practitioners, to share experiences and meet different cultures with diversified exposures Husseim El Nakeeb, Operational Risk, Assistant Manager, Central Bank of Egypt

About the course chairman:Fot Chyi Wong is an independent consultant and partner at Gryphon Advisors, which provides consultancy, training and advisory services on enterprise risk management, business continuity planning, financial market development, and macroeconomic management. Prior to his consultancy work, Fot Chyi was an executive director at the Monetary Authority of Singapore (MAS) with 24 years of experience in central banking. His career at the MAS included roles in the following central banking functions, the last seven years of which were as head of department: economic policy research, monetary and exchange rate policy formulation, money market operations, bond market development, macroeconomic surveillance, financial stability assessment, and central bank risk management. He is a CFA charter holder. He graduated with first class honours as a bachelor of engineering (Civil) from the National University of Singapore, and holds a masters in public affairs (MPA) from Princeton University.


Wednesday 3 December

Crisis Preparedness and ResponseThursday 4 December

Engaging the Institution

Kuala Lumpur, 2014 Business Continuity Planning and Operational Risk Management for Central Banks

Role of the audit and risk committee: involvement of internal and IT security Ludek Niedermayer, Member of European Parliament and former Vice Governor, Czech National BankFor risk managers, developing synergies with those in charge of internal audit and IT security can be highly beneficial. Internal audit is helpful in evaluating and giving assurance in risk management processes and in the reporting of key risks, as well as challenging management’s decisions on risk in general. However, in same measure, it is important to identify what roles internal auditors should not take on, such as setting the risk appetite of the institution and imposing risk management processes. In this session, the speaker who has extensive experience in audit, will outline how internal auditors and operational risk managers can work together in order to better manage business and reputational risks.

Communication, awareness and buy-inEdmund Chong, Dept. Head, Group BCM at United Overseas Bank (UOB), former deputy director Risk Management at Monetary Authority of Singapore (MAS)Crises are unpredictable and fast moving. How a central bank responds will be followed closely by markets, media and the public. At critical moments, the wrong message or tone can have the opposite of the desired effect: exacerbating a situation. To get the entire institution to adapt to a crisis situation in the desired way requires communication to be quick, clear and wide. This is difficult because crises by their very nature upset ordered activity, breaking existing communication channels, dislocating people and damaging infrastructure. This session will cover how central banks can strategically plan their internal communications, build communications capability, gain senior management buy-in and leverage internal communications channels and techniques in order to be able to act as one in the case of a crisis.

Course conclusionLed by the chairman, Fot Chyi WongThe day and the course will conclude with a session led by the chairman drawing in the main points of the course to highlight the main trends observed and to discuss where some of the examples heard can be applicable to the delegate’s organisations. Delegates will be encouraged to look at their top challenges and pool thoughts to prepare action points to take back to their home institutions.

Measuring and reporting key operational risk toolsHatem Ibrahim, Head of Risk, Central Bank of EgyptReporting to senior management and collecting information from across departments and functions are key for any operational risk manager. This requires capturing operational risk statistics and converting them into key risk indicators, and then presenting those indicators in an actionable operational risk report that will capture the attention and imagination of senior management. The speaker will set out how operational risks can be measured and quantified compared to financial risks, managed and reported. The session will then turn to the identification of new emerging risks through the use of control self-assessments, how to measure the severity of operational risk losses and their frequencies through scenario analysis and how to mitigate the key risks and focus on the key elements of an operational risk report.

Developing business continuity plansSpeaker from Bank Negara Malaysia A business continuity plan should provide a formal declaration of the preparedness of the central bank to ensure continuity, resumption and recovery of critical business processes to limit the impact of a disaster. Yet in producing such plans, it is easy for institutions to fall into the trap of over-prescription and over-specification. The resulting handbook, or series of handbooks, will look impressive on a shelf, but may prove less than effective as a tool to use in a crisis. In this session the speaker will outline the themes needed to design an effective BCP plan taking into account the fact that operational risk differs somewhat from other risks, in that it tends to cut across organisational units, operational accountabilities and policy mandates.

Cyber-attacks defence: new developments Don Randall, Chief Information Security Officer, Bank of England (invited)Recent years have seen several central banks targeted by cyber-attacks, including the European Central Bank, Norges Bank and the Reserve Bank of Australia. With the increase in digital software and the storage of large amounts of data, the threat has never been more significant. This session will draw on the speaker’s experience to examine the developments in central bank IT security and the anti-hacking defences employed at their institution. The speaker will discuss the launch of a new anti-hacking framework, CBEST, and the new steps that the Bank of England is taking in terms of cyber security.

Business recovery infrastructureEckart Koerner, Head of Financial Risk Management Services, KPMGOne back-up site? Two? Three? These are the practical questions facing risk managers charged with ensuring a central bank can maintain the systems and services it provides. Here, cost-benefit analysis can help but, although the chances of an outage are remote, the potential damage to a national economy and a central bank’s reputation from an extreme event is so great as to merit an “uneconomic” spend on BCP. This session will look in-depth at designing business recovery infrastructure and analyse the decision-making process involved. Lessons will be drawn out on what services, functions and facilities a central bank should prioritise.

Workshop: off-site IT securityLed by the chairman and Edmund Chong, Dept. Head, Group BCM at United Overseas Bank (UOB), former deputy director Risk Management, Monetary Authority of Singapore (MAS)The move by central banks to encourage flexible working schemes and the requirement of staff to travel more have raised the bar for off-site IT security. This workshop will challenge participants to share and critically assess their concerns and the concerns of their institutions in achieving a balance between flexible working and the security of sensitive information being accessed off-site. Delegates will also be able to hear and debate with a speaker who recently completed their industry wide exercise on the theme of cyber and info security and who will be able to share and debate the different approaches, outcomes and lessons learnt throughout the different institutions surveyed.

Past attendees include: Reserve Bank of Australia • National Bank of Austria • Central Bank of Bahrain • Central Bank of Brazil • Bank of Canada • Central Bank of Colombia • Czech National Bank • Bank of England • European Central Bank • Banque de France • Bank of Finland • Bank of Haiti • Hong Kong Monetary Authority • Bank of Italy • Reserve Bank of India • Bank Indonesia • Central Bank of Kenya • Bank of Korea • Central Bank of Kuwait • Central Bank of Lebanon • Bank Negara Malaysia • Bank of Mexico • Bank of Mozambique • Central Bank of Myanmar • Bank of Papua New Guinea • Federal Reserve Bank of New York • Central Bank of Nigeria • Central Bank of Oman • State Bank of Pakistan • Central Bank of the Philippines • Bank of Portugal • Central Bank of the Republic of China (Taiwan) • Central Bank of Russia • SAMA • Monetary Authority of Singapore • South African Reserve Bank • Central Bank of Sri Lanka • Central Bank of Sudan • Sveriges Riksbank • Bank of Thailand • Central Bank of Uruguay

Well experienced speakers, excellent presentations, relevant topics and materials, excellent seminar organisation management

Khalid Alzadjal, Vice President HRM, Central Bank of Oman


About Central Banking Events Booking Details


Course fee: £2,300 Course fee includes:Two nights’ accommodation, meals, refreshments, course documentation and a complimentary copy of the most recent issue of the Central Banking journal. Substitute delegates can be accepted should the registered delegate be unable to attend; please let us know prior to the event.

How to bookPlease use one of the following methods to book your place:

Online: www.centralbanking.com/kualalumpurCall: Caroline Law on +852 3411 4864Fax: Attention of Simon Murray to +44 (0)207 504 3730Email: [email protected]

Central Banking Publications’ events division is the leading independent organiser of public policy seminars/training courses for the official sector. Since 1999, CBP has hosted roundtable seminars and training courses for over 4,500 senior policymakers from central banks, ministries of finance and financial regulatory agencies around the world. Senior officials from more than 140 countries have attended these meetings over the past decade and a half.

The 2014 Central Banking Kuala Lumpur Training Seminar Series:

• Mobile Payments: Central Banks’ Role in Development and Oversight

• Business Continuity Planning and Operational Risk Management

• Basel III: Implementing the New Global Regulatory Framework

• Financial Inclusion and Education: Strategies and Policies

For more information on these courses visitwww.centralbanking.com/kualalumpur

The Venue

Cyberview Resort & Spa Persiaran Multimedia, 63000 Cyberjaya, Selangor, Malaysia

Cyberview Resort & Spa is a 5-star boutique resort set on 28.8 acre of award-winning landscaped gardens. The venue will offer Central Banking attendees world-class quality of service and unparalleled Malaysian hospitality during their stay for the training course.

T: +60 3-8312 7000

W: cyberviewresort.com


Documents

Business Continuity Planning and Operational Risk Management for