Courtesy of PTC India Financial Services Ltd's Ashish Nigam below is a transcript of his speaking session on 'Bringing intelligence on regulatory compliance and risk management' to Build a Thriving Enterprise that took place at the Business Transformation & Operational Excellence Summit in Financial Services Live.
-2.png?width=300&name=BLOGS%20COMPANY%20LOGO%20(75)-2.png)
Session Information:
Bringing intelligence on regulatory compliance and risk management
Session Transcript:
He is coming from Mill Valley inane, via directly to the world today and I'm talking about Ashish Nigam. Ashish if you could please turn on your camera. So that the audience can see. There we have I she, she is a chemical engineer, an MBA with more than 25 years of experience in business transformation for process re-engineering, Digital Innovation, and Management Strategist for infrastructure, financial, and government organizations. In his current role of CIO and CTO.
As she is responsible for operational excellence, for technology and digital innovation, besides performing the duties of IT strategy, cybersecurity, technology, deployment, and aligning that knowledge with business strategy. So, ladies and gentlemen here, in great hands here, actual, global leader of financial services technology, and implementation.
I'm gonna leave you with the capable hands of mister .... Thank you so much, ..., for sharing your expertise with our global audience today.
Thank you. Thank you for giving me such a nice introduction.
Seen all the technology rule that the CIOs clean the financial institutions are largely to, know, have the, have the systems in place in order for supporting the management and supporting the customers and the clients, and doing them in supporting the business that they do.
However, we have to actually understand that in the financial organization, the financial setup, we have various kinds of risks that the organization face.
And, um, this, uh, then, regulated environment because finance is the sector where regulators keep a very tight vigil on it.
That organizations not only face internal challenges, but also are obligated for the external regulatory environment.
It's also important to look at the convenience of the customers and the convenience of the stakeholders.
While you do this kind of IET set up IOT based performance, IOT based delivery, in a finance organization, particularly when you will be very large amount of money, when when you deal with very large ticket size, then this becomes multi multi fold.
I'm going to talk about how technology should be used for integrated risk management.
Lot of organization, I've seen an avoider interacted.
I've found that it is done in a very siloed manner when we say siloed manner.
It means that there's an IT department, they are busy doing the risks for the IT department, there's the Finance Department, the Fishery Department Department is a good monitoring departments or water. But they are, they could be, depending on the hierarchy and structure of the company.
It could be various departments, radius, location, data, geographies. Oh.
How many of them think that they should have integrated risk management?
They have humongous amount of data within the organization or in the ecosystem. How do you use that, Did it in an intelligent manner?
When I say integrated risk management, we actually talk about setup that there, that the organization should, should prepare for having this enterprise wide risk management.
So, I would like to actually tell you, the organizations are facing various kinds of risks. The ID Enterprise, third party, or the public sector, regulatory business. Resiliency.
All, it took multidimensional and, obviously, the rule of the financial institution is that, that they should confess, Enterprise Risk Management Framework, four, for all the Department, for all the areas.
If you, if you think that, OK, you are comfortable in managing on the silo level basis, you will always be dependent on people.
You will always be dependent on on some some kind of department organization who will will, perhaps, give their version.
And that will be presented to the management of maybe just some reports get data generated over to various technology solution, which could be there could be many, many solutions, you know, within the organization.
Depending on the depending on the type of organization. Financial type of organization it is.
So, how do you bring that intelligence? How do you bring that?
Um, that integrated approach is something the organization all over.
The financial sector.
Shrimp think about, this is something, which I see, that, that is, it is a great vacuum, at the moment, not many organization would actually have this kind of mindset, or then this strategy.
So, that is why, the, thus, the senior management, the top leadership should actually have a multi dilution strategy for the risk management.
Then, when you can actually move into this kind of framework. So, you can actually take this advantage.
Also, the resilience to the systems, the residue that comes from the integrated, and you can actually have your business outcomes in a much better manner, in the sense of how better you can prepare the organization, too.
two, manage the risk to see that, is, the perceived. That is.
Let the stakeholders also understand that kind of, uh, risk backbone.
So I wanted to talk about that data.
How do you bring that visibility?
Now, obviously, each department would prepare its own risk control.
Wow.
So doesn't mean that the organization do not have any kind of control mechanism.
Yes, they do get into a kind of platform or obtain the solution, or kind of strategy that you have. one framework.
Only once common framework. I get into the details and not covered it into the slide.
It was getting too difficult to put it in slides or something like that because I'm a person of doing things like making the PowerPoint presentation a lot of such kind of crafts or something like that.
So, so, this is something like that, OK, you consolidate the risk data from across the organization and use disk Analytics to provide a comprehensive and integrated picture of, this is something which is really missing.
In most of the organizations, international organizations, the banks, non banking, financial companies, PFCs, are, or may be the aggregators of finance sectors.
So, this is my, my point to you mentioned, over here, How do you actually, then, Then, then, to have this, then you would actually like to see that the organization should leverage this kind of a platform through efficiency.
When we talk about this, and they know improving efficiency, it is basically to streamline and automate a wide variety of governance, risk, and compliance processes.
Then you talk about governance.
Obviously, you have it.
Second vendor in the entire organization, spread across the organization.
You do.
You just map all those things into the responsibility areas, onto the, onto a kind of platform, the respect to the risk and compliance processes, but this is the most difficult part.
No, people want to, uh, take this exercise just because it does a fancy thing, or it is.
It does something that other organizations are also doing.
Must understand that, that most of the organizations have failed in getting into an enterprise risk management framework, most of the finance organization, because they may be very good in doing this financing part of maybe that due diligence, operation to the risk, credit risk or not.
But then you make a comprehensive, integrated favor then you plan what you will hope.
So all the risks of the compliances or the resistors probability of risk.
10:19
This is define into the system and given to the top management.
Are giving to the regulator in in fact, you can, uh, manage all it does for the photo.
But, then, good governance for the best practices.
So, then, obviously, then, you can actually have better decision making.
You need to accelerate and most of the times, whenever you have, then you face the risk, OK?
You also need to have the accountability for them.
When you say that you have to define the accountability, then the solution that you are actually liquid to you, lot of organizations will just talk about the solution of the organization will look on.
We will talk only about the IET, this solution as to be given the strategy, this defining of what what risks you need to cover, what are the registers that you that You need to me and what are the compliances that you have to actually adhere to internal policies of the regulator regulatory requirements.
So, the platform must be, it will do, enable the organization drive to do a strong culture of risk management across all the departments, across geographies.
Thank you, Eric, entrepreneurs, people, frontline.
Now, when we say that clear accountable, do frontline manager, it doesn't mean that they do not have any kind of front line. Then they all do, they all do in silos.
What it does not done in a platform, in an integrated manner. So that this is the visibility to the senior management level to the skateboarder. This is the will to the Board.
How the organization is taking care of these things?
So I would like to talk about these operational risk management over here.
At the same time, it is important to understand that.
Then, we, then, we talk about these operation and this risk management, then, basically what, I think, this screen this is post just pausing speech.
Screen sharing in no cost.
On the left side here, you can see the slide that says audit management and the third line, so, there's Enterprise and Operational Risk Management, third, party governance, and audit management.
Continue to see your preservation. Alright, alright, so you can you can see the screen, right?
Yep, we can.
OK, sure, I'm making And we're not able to see on this slide let me know and I'll give you feedback.
Is this screen visibility slide visible?
There. It says, like, Visible here. But, I don't know if you pause the presentation on your and if you did that on the interface, we would always see a single slide, no matter what you do, on your site. So, can you move your light for me, was just to make sure I can see her as like move.
Can you No, I was not able to. So, you must have pause the presentation on the interface.
So, if you could please go under the Sharing tab on the Go To Webinar interface, and hit the button that says Show which screen to pause your presentation, because right now, we do not see the updates on your slides.
Oh!
Oh, If you find it go to webinar interface, and they're sharing tablet, there is a big button there that says show screen.
Yeah, we can see that now, and if you can put on presentation mode, then go to the slide that you're at previously, um, yeah, that was the one that we last saw, perfect. Right.
This is OK.
I can't see it, but we are not able to see if you're moving the slide because, and I ended static.
In the interest of explaining these things, I can, I can lead to slide be there, I don't need to talk about, I can, I can just tell about, what is, what do I, what do I mean, are we?
Then we see these enterprises and Operational Risk Management.
See.
Yeah, beauty is kinda, is in the definition over here, I know Operational risk management is that the organization should not jump into any kind of solution down this addict's thinking without the strategic direction.
That's what, the first slide and the, and the first sentence said that, OK, this is the strategic direction, that the multi-stakeholder, a multi dimensional strategy, that the organization.
So, see? How do you have to go ahead from, from the silos of data, or silos of risk management, to an enterprise?
Now, this is something that all the organization should learn, and to obtain that, for all the departments, they should, cool talk about, talk to them, identify the critical process, or maybe the critical activities. I have been actually seeing your presentations, this is live, seminars, ...
today, and yesterday, I saw this, there's been a lot of focus on the processes, activities, and data, and all those things, Yes.
That's, that's the first thing that, the, that the, any financial organization should do about it.
But, you have critical view of all the activity's document them for each department. Identify how many departments have it.
Obviously, anybody, any of the any financial is good.
Doesn't isn't.
Let's say you, you started with the Treasury Department that's, let us say first apartment or maybe the second is the due diligence department. That card is the operation of this department and so on and so forth. Maybe the legal department or work.
Yes.
For each department just list down all the critical processes inactivated.
That is very simple, because the organization, the department know, what are the activities that they do, just this, all of them.
After doing that, for each of the activity, get into identification of what could disturb this, my activity, what could be the disruptive event.
This is something, again, you have to, to talk to or to discuss, and to write it, write about it.
So, this, this becomes a kind of preamble when you talk about the framework And this is what we are seeing over here, Enterprise and operational, Risk management bring to gather data from siloed risk repositories.
Siloed risk repositories is obviously when the finance department, we cannot assume in today's world when there's so much of fraud and all those things out there that they would not, it will surely.
What the point I'm saying is that, bring it into, into one common platform.
How do you do it?
Obviously, department.
Some department identifier is done on the business processes.
With each of the process isn't that the organization is doing one should document then go into identifying what destructive wounds.
There are various ways to do that, but then I don't I'm not getting into that further than that.
For each of this event, you can, you can get into a kind of shed perception.
What is the threat perception to this?
You can When you say that this is the, This is the threat, or what are the trends, there is something that, certain operating procedures are not being followed, even let us say for example.
Alright. So operating operating procedures are basically defined by the organization.
I'm going to be defined by abood defined by certain regions or whatever that's just a trick.
It may or may not be there go into the business of doing what is the likelihood.
Some reason it may do it, in a better manner, some, some reason may not do it in a better manner.
So, so, have your platform, this set features, then then you will get into the likelihood.
So, if something is happening, let us say, that the likelihood is very less.
But, the impact of that likelihood of that of that risk of that threat would be very high.
When you do then, you get into the business of getting the threat value. This is the most important part.
The organization should be able to derive this, when you do derive that OK. This is the threat value.
Now, I did you, I repeat over here, Trait value is something that is the product of threat, likelihood and threaten back.
Then, we say, threadlike yield. Then, you obviously, you have identified the threat to a disruptive event.
Just for the sake of repetition, you have noted down the Department, All the departments, new, go from department to Department B, You actually done on the critical processes. When I say processor, you mean the activities of whatever you may call it.
But, all of them, you will identify, for each of them, you will actually identify the event disruptive events that would be, from there, you move into the thread, bet. Likelihood that impact.
And third value, not this becomes the key thing we do, we are not looking at IET guys.
Percy, we are looking at the risk management or IT not only for the IT department, you use the technology, get into identification, not threat.
What we do in a finance organization, If I were to look at, I'm good.
I would say that there could be, there could be about one thousand, that value. I mean, one thousand disruptive events.
I mean, taking all the department or all the entire organization into into consideration.
Then you would get into the correct value for each of them.
No, All, are you taking control of that?
Are you doing the Recovery Mem model or you're doing a preventive model?
Are you looking into the detection mode?
So, now, here, it becomes important, that the organization should good, ah this should have visibility, the senior management that what is the way, What is the strategy to actually address, that, that threat, What are the controls that you have actually, kind of built-in controls are doing recovery of the event or detection.
So, uh, this is the key point, which I was actually telling because I've gone to this experience in my life of, the idea that, this is, this is something the organization of missing.
.png?width=742&name=Screenshot%20(4).png)
They are doing it in a very siloed level, Maybe only one department. They may be doing this for two departments.
But, this is not visible to Senior men.
Absolutely.
Nobody knows what, what is going on in the company within vendor than the entire describing.
So, finally, when you do this, then you also get to know what is your level of risk.
You see that you have done this, you will actually define maybe in lieu category very low I media moderate That depends on the organization how whichever way you want to define the this.
So this will actually come when you do this kind of trait value.
And then you get into this risk risk Levitt.
So, this, this layer will decide, the pollution of the organization, that, how, the leaves, in managing the enterprise wide risk.
I am not *******, That's why we are not, The focus has always be on the, on the enterprise disk, or maybe audit risk, or maybe at 80 days or whatever.
But this is what the organization should be talking about.
This is very difficult, but, unless you take a holistic view, unless you use the platform, you may have to think about what platform is, why you, you, you, you need this kind of stuff. And then environment.
Aye.
Wherever you go, in the industry, you're your dog, fellow IT guys or you even talk to various vendors.
Vendors will come, once, I have a nice solution, the solution may come, but what about the risks?
What about the identification of the risk? Where do you at the risk registers?
Do you have the likelihood of occurrence of this that you do have the impact of the risk?
You have the controls for it. Whether it is preventive detective or whichever way to.
This is nobody who talk, you talk about.
The greatest consultants are because of the world Liver, I'm not.
I don't want to named Joe, whoever.
That is why the organization at the top management should Dick holistic view that how this will be addressed.
I don't know what is happening to this slide, is ..., I mean, can be seen in dealing with things like desk, audit management at the very last one. So, it was, it was on that, on that one?
Yeah, now, I'm ready for risk and best practice approach.
Alright. So, it means the slides are moving, right? OK, so, ahh. So when I was saying that, that, OK, you have this enterprise and operational risk management, third party governance ordered men. And these are the three, most other organizations have more critical, role, critical, activities, outsource.
Then, then I have also the third party, Let's say, my, my credit card operations is, it's out to somebody else, or my my monitoring activity. This is outsourced to somebody else. So, these are third party.
Obviously, I'm not seeing the organizations all over the world, all the financial organization, the best, or that the organization will not have these control, but they are all siloed at all In.
um, with that, the head of the department, or maybe the region had liver.
It is, but, do you have a strategy that can bring on a common framework, or enterprise level thing.
This is, very few leaders do it.
This is something, view that leaders need to have.
And I wanted to say that the beat regularity and co-operate, ..., integrated risk management, the resiliency of the business as it into this really key.
This is, this, is what, I wanted to talk about it.
And, uh, when, when we see that done, that, this is it, when we see that, that the organizations need to have multi generational senior management enrollment, only then this enough, there are ways organizations will be lack of vision.
They will not me be keen to have an integrated approach.
This is it being the visual editors of any state or enterprise and operated, lot of the patterns, lot of geographies are branches.
Obviously, then, you have talked a lot in the public sector.
Your regulatory ...
does that trailer business, right?
So, this was all I wanted to talk about, and, uh, I would like to focus on, uh, that the IT department needs to actually shed its traditional rule of, you know, maybe managing the network or managing devices are the cellos operationalizing maybe something on the Cloud Dataflow, and all those thing.
These are some of the things that can we outsource.
Oh, what can not be outsourced your, uh, your management of this or identification.
So blue management, bring the inner risk based approach and technology.
And obviously the senior leadership, that's a strategic strategic intent to get, get all of them, make it a polygamist approach.
Great norm, not just 1%, and the other person or getting multi-party magic.
This is my, my.
Monitor or success in managing the US, Otherwise, you are just doing, just doing, and, uh, island based approach.
Each of them are doing.
Yeah, the fourth is the fun, in doing the integrated, because you can help organizations save.
Open it.
Because that may come from regulator, though the financial risk or the fraud, all those thing lot of people have been talking now.
When I've been hearing artificial intelligence, people have been talking about the machine learning now, what are they going to do with that machine?
Artificial intelligence.
Then, you do not have your own environment, Which can, which can all that data, use that date, two?
First things first.
First thing I wanted to talk about was that better strategy, high level strategy at the board level, on the senior leadership, the business live.
And then get going into identifying usual risk on a permanent platform.
When defining, you can have a wonderful.
Visuals, maybe at the Dashboard, 11, the organization need to prioritize and decide what kind of dashboard that they want and who will want to.
You can give it to the region head of the Department of Financial Aid, or maybe whoever then have this kind of complete visibility on a platform. It does not present with it.
It is not individually different, does the organization?
So, the big organization, Angular talk about that a day, perhaps.
Do not take this view, then they decide there this are the same, This is it!
So, so this is what I wanted to talk about and then no: using Indigence, you create your own data, and the repository from various silos.
And have the intelligence on the, on the, on all of the aspects this.
compliance and the governor.
And the life has top five organized sector.
So this is it.
Excellent, excellent Ashish. So we have some time we have about five minutes here for audience questions. I'm gonna ask you to stop showing your screen to the audience, so that I can come back with my camera.
Perfect, perfect, and that, there are a number of comments that have come up during our presentation and questions. The first one is related to governance. What does the governance for sound enterprise risk management look like? Specifically?
The question is not, as governance related to the implementation in the company, Sound Enterprise Risk Management process and program, like you described, what are the key roles and responsibilities? Look like? What type of governance is necessary for this approach to work well?
Good governance Allee here, is the, the senior leadership finding how they want to look Enterprise level risk.
But this cannot be done that just by wishing it OK, I want to see my risk in Asia region.
I want to see amount of risk and only one country, or maybe, but then 1, 1 department.
Uh, this needs to be prioritize and define. When you talk about that, OK, what is the level of limits?
The governance is including all the senior leaders, including all the regional regional heads, our department, it, let them prioritize. Let them define them, accept them.
Don't forward and say that we want this.
You say that we want this, you actually get going and defining on an integrated platform.
They all are happy, OK, This is good for me. I have these things.
I have all the consultants coming from now, Mackenzie's and all those guys. That's very good.
TJ, Enterprise. Right.
You're getting the point.
Absolutely. Absolutely. Now the other question that has come up, it has to do with the implementation of the systems. Is this Enterprise Risk Management Model.
Something that you are implementing ..., PTC financial services but also in recommending or supporting perhaps if your clients and infrastructure space give me a minute I just put in the surcharge it. All right.
OK?
All right.
And the next question is related to energy and infrastructure. So, this is a good segue here, does the approaches that you talk about here, something that you're using ... financial services, and also recommend to your clients. I know you do a lot of work with clients, and the energy and infrastructure stack for so curious about your recommendation, if you use this approach, is with clients and also internally in your organization.
See, uh, first thing first, we do it for the organization, but I will come, ah, my clients are basically my borrowers who may lend, if I'm a financial organization, to my clients are basically the borrower, whatever size they may be small to big bingo, that doesn't really matter.
For me, that's, That is not on, on this, This is a very internal look. Oh.
You can actually go into their systems and get data that the data, which, which we want to actually monitor the air, that's a venue.
She are giving certain loan, which is linked to their revenue, which will help them help them to repay buy back the debt that the day.
So that's a, that's a kind of monitoring ligands, That is that is the goal system that you'll be told to look at.
You could do monitoring, not the risk.
So, these are the risks which are internal external, compliance related operations. It is, and all those things.
You have to look at, the liquidity disposal.
Isn't that all those things is something?
First thing that we do for our own internal setup, and we don't recommend this.
We are being invented in the world.
But that is something that we do.
We would like to, some kind of mechanics that can monitor my, my clients, that is my, my board, for the purpose of E payment Capacity Very, very well Ashish. We are just on our time right now. I want to thank you, on behalf of our global audience, for discussing this important topic of bringing intelligence on regulatory compliance and risk management. I know how late it is right now in Delhi, It's like, 15 PM, Valley Time, and you're here with us, sharing your expertise. Thank you for your generosity, and sharing your expertise, or global audience today.
Thank you, thank you for your time, and thank you everybody, right?
Thank you, ladies and gentlemen that was ..., Chief Information Officer and the Technology Technology Officer for PGC, Financial Services, directly from Delhi, in India, to the world.
I am going to turn off your camera now Ashish.
So, if you, forgive me here for a moment.
Ah.
Perfect. So this brings us to our final presentation of day two of the beat, those financial services live. three day conference.
Tomorrow, we are going to wrap up with tremendous presentations from global leaders, cross industry leaders, financial services, excellence, innovation, culture, business, and digital transformations.
Are gonna kick off coming directly from the United Kingdom with Team widget Who is the head of performance for Accede.
A team has presented in our conferences before, he is, he provides an incredible amount of expertise on. And leadership. He is A, he was a Captain at the UK. Royal Marines before completing his MBA in Cape Town, South Africa. And he leads a performance improvement and innovation for cross industry organizations. there are going for meaningful transformations. And he's gonna share his expertise with us. tomorrow at the very first session team will be followed by another great leader of improvements and innovations in and focus on the financial services sector. And that's Rios apart from our vice-president of transformation integration Project Management and Continuous Improvement at Caesars Entertainment in Las Vegas, Nevada.
And ... is going to talk about enabling growth while protecting stakeholders, and we're gonna wrap up the day tomorrow with an incredible trail.
We're going to have three global leaders, gym, debriefs, Carol ..., and doctor Bill ..., may occur from talking about harnessing digital, artificial intelligence, infused operational excellence, operational excellence for financial services. So this will be a three-way presentation.
Bring in the perspectives of artificial intelligence and operational excellence for financial services.
Wonderful presentations with cross industry, global leaders who are practitioners of what they talk about, they are just didn't write a book on the theory.
They are practitioners on how it's done, so, in the meantime, if between today and one of the restart tomorrow, checkout the LinkedIn where we have questions and answers and commentary from our participants. Thank our speakers, our sponsors. Ask additional questions that have not been answered here live.
You can go and look for the LinkedIn announcement under my name on LinkedIn and you're gonna see the beat those financial services live boasting with the questions and answers, you know, on LinkedIn. So for now, whatever you are in the world, have a wonderful rest of your day, and I look forward to see you tomorrow here in the same channel for the final and third day of beat those financial services live.
Thank you, everyone.
About the Author
Ashish Nigam,
Chief Information Officer and Chief Technology Officer,
PTC India Financial Services Ltd (PFS).
Ashish Nigam is entrusted with responsibility of leading advisory services at PFS. He brings more than 20 years of experience in multiple domains catering to development of various sectors related to economic infrastructure such as cement, chemical, power, road transport, mines etc. and social infrastructures such as education, labour, women & child welfare, health etc.. he has served majorly for Central & State Governments and multilateral agencies (such as UNDP, The World Bank, GIZ, DfID etc). Ashish completed his Bachelors in Technology (Chemical) from Harcout Butler Technical University (formerly HBTI), Kanpur and Post Graduate Diploma in Business Management Studies from K. J. Somaiya Institute of Management Studies and Research, Mumbai. He has worked with Accenture, PricewaterhouseCoopers, Balmer Lawrie & Co Limited etc in his earlier stints and has experience of operational excellence, PPP modelling, technology and security consultancy for both private and public sector clients.
Having also worked in process reengineering and information systems audit related activities he is also equipped with Information Systems and IS Security domain. He is also the CIO / CTO of the Company
.png)
-1.png)
-2.png)
-2.png)
%20(1)%20(1).png?width=1410&name=Add%20a%20heading%20(8)%20(1)%20(1).png "Add a heading (8) (1) (1)")
.png "Access all 75 Award Finalist Entires")
-1.png?width=300&name=ATTENDEE%20-%20Proqis%20Digital%20Event%20Graphics%20(2)-1.png "ATTENDEE - Proqis Digital Event Graphics (2)-1")
-1.png?width=300&name=ATTENDEE%20-%20Proqis%20Digital%20Event%20Graphics%20(1)-1.png "ATTENDEE - Proqis Digital Event Graphics (1)-1")
