agenda

This is an overall general preview of the 2017 conference agenda, curriculum and program, with inspiring Governance, Risk Management, Compliance and IT-Security (GRC) topics and issues during the plenum, parallel, workshop and breakout -sessions, at the 11th annual European GRC Summit on the 22nd-24th November 2017.

The annual GRC conferences are known for attendee participation, live, and productive debate and knowledge sharing. During the sessions, we will conduct a series of surveys with interactive voting for table discussions on the results.

The 11th annual European GRC Summit on the 22nd-24th November 2017 are known for an abundance of expert speakers, attendee dialogue and participation, productive debate and knowledge sharing. During the sessions, we will conduct a series of surveys with interactive voting on some GRC issues for table discussions on the spontaneous results

The two-day conference attracts the participation of governance, compliance, risk, audit, IT and legal executives from corporations around Europe Besides plenum and keynote speakers; we have concurrent panel discussions, workshops, parallel sessions and presentations that deliver high-quality GRC content to suit all trades

At the conference 30 + speakers will put their expertise on display and offer analysis, views and predictions on what might lie ahead for the enforcement and regulatory climate related to governance, risk management, compliance and IT security officers and their teams

Silo thinking

• How to avoid that each GRC activity, function or group performs its own activity in a silo

Dominant chief executive

• The Scots say that "the fish rots from the head", and so do companies
• How can a strong and challenging board, leash an overly ambitious or greedy CEO.

Length of chief executive tenure

• CEO exit schedules: A season to stay, a season to go

Leadership arrogance

• Confidence can be motivating and inspirational. Arrogance crosses the line of confidence

Pressure to meet the numbers/overambitious targets

• Evidence indicates that the No. 1 reason for ethical violations is the pressure to meet expectations, sometimes unrealistic expectations.

Lack of access to information

• The +4 billion cell phones prove that information networks exists from Indiana to India
• How to use the explosion of information with the demand quick access to relevant content that cuts through the clutter.

Low levels of engagement between leadership and employees

• It's the bottom line, and the stock price. Strike the balance between profitability and doing everything together to get the company moving

Lack of openness to challenge

• There is no one-size-fits-all solution to the challenges facing the corporate world.
• Issues need to be considered are design, planning, being well-connected to a powerful paradigm and an engine for integration and inclusivity.

Poor succession planning

• How to ensure that succession options are in force when a monarch CEO steps down

Lack of diversity

• Common sense tells us that this explosion of media sources should eliminate any concern over a lack of diversity of views in the marketplace and competition.

Brexit and the current negotiations with the EU Commission has a significant economic impact for all companies in the UK and the EU. The continued domination of the two primary factors are: the risk of a technical recession and significant uncertainty on a regulatory framework on the rules and conditions will apply for future corporate activities. At the 11th Annual European GRC Summit on the 22nd - 24th November 2017 in London, we have invited leading experts to guide companies to review the consequences and uncertainties:

• How will the outlines of the final agreement between Britain and the EU affect companies?
• The timeframe of the withdrawal effect; safeguards in the interim?
• Will the UK meet its obligations under the EU Treaty in the future?
• What is the content of the many bilateral agreements that Britain will negotiate with EU and outside the EU?
• Will the UK decide to maintain elements of EU law (Civil Law) as part of English law (Common Law)?

INTERCONNECT IT-GRC AND TECHNOLOGY PROGRAMS

• What are the major technology changes that affect business processes, oversight and disclosures
• How can communication in and out of the workplace ultimately distortion the message to stakeholders
• How to tailor the communications and training program; where and how employees 'including tech-savvy millennials' want to know and learn.

ASSESSING VULNERABILITIES IN CONNECTED DEVICES IN THE INTERNET OF THINGS (IOT)

• Performing penetration tests against IoT connected devices to identify vulnerabilities and lower IT risks
• How digital transformation and IoT has affected IT risk management
• Identifying Indications of Compromise (IOCs) in IoT.

LEARNING THE LESSONS OF DIGITAL TRANSFORMATION

• How to align stakeholders in digital platforms that allow involvement to produce digital value, from co-creation of content, activities, ideas, to the management, governance, and gardening of the digital ecosystem.
• What are the traditional ways of achieving organisational objectives to designing the digital transformation?
• How is the IT and digital transformation platformed and decentralised for scale, agility and innovation?

THE CYBERSECURITY CHALLENGE

• How to operationalise the vague regulatory guidelines
• Which breaches and instances must be disclosed to the board or senior management?
• How do you stay aware and maintain policies in an area, which changes constantly?
• What is the optimal investment strategy in knowledge, technology and the latest developments?

UPDATING THE IT AND CYBER POLICIES ON RISKS AND RESPONSIBILITIES

• Changing circumstances - the developing IT threat scenario
• Different approaches towards planning, prioritisation and managing Cybersecurity activities.
• Is your Cyber security strategy sufficient?
• What are the proper corporate response to the complex IT and cyber security threats

UPDATING DATA SECURITY, DATA BREACHES AND SECURITY ALERTS

• How to ensure that adequate data security controls for crucial customer and business information are always protected.
• How to configure IT Risk-management programs with operating environments, multi-factor authentication for flexible controls and solutions.
• How to safeguard against the risks associated with groups that are either employed, associated or business partners that have access to data and systems.

A COMPLETE REVIEW OF UPDATED CONTROLS, USER ACCESS, SEPARATION OF SYSTEM INFRASTRUCTURE, LIMITS AND RESTRICTIONS AND PROACTIVE SYSTEM MONITORING

• How to monitor periodic risk assessments of information security programs.

DEVELOPING A STATE OF THE ART IT AND DATA MONITORING PROGRAM UNITES DATA ANALYTICS IN THE GRC PROGRAM

• What are the advantages of cloud, big data and Internet of things, allows you to take the data you collect from multiple sources, functions, and processes to monitor non-compliance, discrepancies, and red flags.
• How to use the data analytics to create an aggregated report for management and internal audit to achieve results in a graphic format that is understood by all.

GENERAL DATA PROTECTION REGULATION (GDPR) - THE IMPACT ON BUSINESS AND WHAT SHOULD I BE DOING NOW?

• The 'Fast Track' on GDPR– covering new concepts such as data portability, data protection by design and default and the one-stop shop mechanism to comply
• What are the derogations, myths and truths in the GDPR as they apply to the UK
• The ten practical steps that Data Officers should consider doing to comply by May 2018.

A CHANGING LANDSCAPE FOR THE AUDIT COMMITTEES - WHAT YOU NEED TO KNOW

• Trust and integrity in corporate reporting - What is the role of the audit committee?
• More than just an accounting change - Are you prepared?

HOW TO DEVELOP AND IMPLEMENT A SUCCESSFUL ANTI-CORRUPTION COMPLIANCE PROGRAM The workshop focus on practical steps compliance executives can follow when developing, implementing and refining anti-corruption programmes including how to:

• Gain buy-in for your anti-corruption plan from senior management
• Conduct effective risk assessments; design and implement a compliance plan that addresses the specific risks your organisation faces
• Create a cost-effective and efficient third-party due diligence program.

HOW TO DESIGN A USEFUL UKBA/FCPA COMPLIANCE TESTING AND MONITORING PROGRAM

• A crucial operational component and part of the internal control for UKBA/FCPA is regular monitoring and testing. What are the local or global jurisdiction in an ever-changing regulatory environment and the series of monitoring controls
• how to maintain, design and execute the UKBA/FCPA compliance tests, so that results are interpreted and tested for useful insights
• What are the program improvements that can match the complex UKBA/FCPA regulations?

ENFORCING ANTI-CORRUPTION POLICIES IN-HOUSE AND AMONG THIRD PARTIES

• How to design and develop a process to assess and uncover bribery and corruption risks
• Planning the assessment and collecting data to analyse the information and flagging UKBA/FCPA concerns for formal investigations.
• What are the compliance challenges e.g. documentation on remediation and communication with the authorities?
• What should happen when a UKBA/FCPA problem is discovered?
• What to do in between findings and before any final settlement is reached

Our deep-dive workshops will improve, refine and sharpen your hands-on capabilities on the data you need to address the GDPR challenges. You can participate in the 11th annual GRC and IT Security Summit or register for the GDPR Bootcamp separately.

This workshop will provide the techniques for implementing or updating the compliance program to fit your organisation. The primary components of the workshop are:

• IT Security and Data Breach
• How can we prevent abuse or misuse of personal data
• How do we address violations
• What are the remedies that we use to correct the faults and errors?
• Privacy by Design: Understanding the Mandates and The Practical Dimensions
• What are the legal basis of IT and cyber security compliance in the organisation
• How to ensure consistent consent from data subjects to secondary processing
• The review of the audit process for implementing change in processing personal data?
• Data Privacy Impact Assessments: The Full Picture
• How should regularly reviews of the data and process (regular data flow mapping, audits, risk assessments and reviews) to ensure the legal basis has not changed
• How is the personal information is collected and used?
• Do we use data exactly for the purpose it was collected
• Top Operational Responses to GDPR: What To Do and When
• We walk through a couple of step-by-step experiences.

The realities of data breach notification and responses require exceptional in-house communication (with information on what to do before, during, and after an incident occurs) to prepare the organisation for a violation, handle tricky multi jurisdictional legal notices.

Therefore, if you are uncertain that your team is ready for the biggest European data protection reform in 20 years, this workshop will help you prepare. The two experts together with an IT Security manager offer a practical, hands-on view of the essential assessment of the GDPR with knowledge about key concepts, scope of application, individual rights, core principles, compliance in practice, accountability, data protection impact assessments and more.

Key takeaways:

• The immediate actions to take when presented with a potential data breach
• How to handle cyber security and lower the risks and exposure to IT and data breaches
• Regulatory Developments; Info security, Trans-Border Data Flow,
• Learn practical techniques for implementation of a privacy program fitting your organisation
• Learn from two industry veterans who will help highlight the differences between the new regulation and earlier directives

Bootcamp moderators; Alan Calder, CEO IT Governance and Kersi Porbunderwalla Secretary general Copenhagen Compliance UK Ltd.

ESTABLISHING THE RIGHT REGULATORY GOVERNANCE OVERSIGHT STRUCTURE

• Can a healthy governance program achieve the dual goals of preventing regulatory process delinquency and at the same time promote a healthy corporate governance culture to respond to the oversight authorities' demands.
• How can a global governance program have both independence to perform and power to comply How to pool resources with multiple governance functions across the organisation and transaction.
• Explore the components to position the Regulatory governance and compliance oversight structure and goal

FINANCIAL SERVICES REGULATION - WHERE ARE WE ON THE HYPECYCLE?

• Do we know what to implement when? Complexity, delays, silos and the risk of regulatory change
• Whose responsibility is it anyway?
• New technology: blockchain, artificial intelligence, gamification - is this RegTech?

THE UPDATED GOVERNANCE MECHANISM OF ETHICS AND INTEGRITY AS A SUSTAINABLE VALUE PROPOSITION TO BOOST BUSINESS AND PROCESS ENHANCEMENTS

• The components to benchmark a global ethics and integrity program:
• Establishing a culture of Ethics & Integrity to benchmarking critical areas of training, policy management, and third party risk management
• How to identify blind spots in the core elements of ethics and integrity program
• How to relate and address the root-cause of conduct, ethics and integrity problems in a fragmented ownership and stewardship structure

THE FINANCIAL REPORTING COUNCIL, THE UK CORPORATE GOVERNANCE REGULATOR; THE UK CORPORATE CULTURE NEEDS SERIOUS WORK

• The Board has a responsibility to act where leaders do not deliver.
• How to support; the role of the board, determine the purpose of the company and ensure that the firm's values, strategy, and business model are aligned
• How to influence and shape the corporate culture, put values into practice
• How they can oversee, monitor, and assess behaviour in the organisation

DATA AND REPORTS FOR ADJUSTMENTS TO IMPROVE THE GLOBAL GOVERNANCE PROGRAM

• How to address the global issues related to conflicts, cultural differences and dedication.
• Recognise the value of culture as a valuable asset, a source of competitive advantage and vital to the creation and protection of long-term value.
• How to demonstrate leadership to embody the desired culture.
• How to be open and accountable and demonstrate the way the company conducts business and engages with and reports to stakeholders.
• How to embed and integrate the values, culture and behaviour about hr, internal audit, ethics, compliance, and risk functions align values and incentives
• How to assess, measure, and engage with indicators to measure, align the desired outcomes that are material to the business.
• How to exercise stewardship to participate in cultural issues, encourage better reporting and challenge the behaviour

A CASE STUDY IN CHANGE MANAGEMENT

• Addressing the challenge of corporate mergers, acquisitions, and reorganisations
• How to integrate the boardroom visions into post acquirement daily operations.
• Addressing the responsibilities from the unification of standard policies and procedures to automated IT systems.
• What are the stumbling blocks in the consolidation of the concerned staff to conflicting cultural values?
• Defining the standard GRC approaches to adjust the post-merger divestiture program
• How to avoid pitfalls and succeed in achieving the board vision for the alliance.

THE BEST CORRELATION BETWEEN TRUST, TRANSPARENCY ETHICS AND INTEGRITY TO GOOD GOVERNANCE

UPDATING THE ETHICS, INTEGRITY, GOVERNANCE AND COMPLIANCE TRAINING How do you ensure the corporate message is heard and performed by all. We explore the innovative techniques of ethical conduct and compliance training that inspire values thinking and increases engagement throughout the organisation.

• The need for inspiring & outstanding E&C training that encourages & promotes communication
• The Key components of strong ethics and compliance program
• Message received and understood by all

THE GRC OFFICERS ROLE BEFORE, WHEN, AND AFTER A CORPORATE MISCONDUCT HITS THE FAN The Board and Top Management are in a meeting to discuss the news on the headline that the is full of businesses is truly hurt due to a severe ethics and compliance misconduct that has gone public.

• The importance of the board and management in anticipating and preventing scandals and broadcast accurate information to the media
• The role & critical functions of the PR and Communications departments
• The significant crisis mode of the compliance and ethics officer
• The different angles in communicating with employees during and after an adverse event

ARE YOU IGNORING THE ETHICAL BLIND SPOTS, WHILE ADDRESSING THE RED FLAGS OF INTEGRITY ISSUES? How to avoid that the efforts designed to improve ethical behaviour often over promise but under deliver?

How to determine the gap between ehtival perceptions and actual behaviour?

Drawing on the growing field of behavioral ethics, the session will focus on the causes of these blind spots, including ethical illusions, ethical fading, vulnerable reward systems, and motivated blindness and will offer insights on how to overcome these obstacles.

RESULTS FROM THE 40 YEARS OF FCPA COMPLIANCE AND FOUR YEARS OF UKBA From the early enactment in 1977 and laying dormant until about 2008, FCPA is now in real time and has polished the enforcement during the last decade.

• What is the impact on multi jurisdictional anti-corruption laws around the globe
• Is the headline-making status or the cross-border law enforcement cooperation of its execution a different factor?
• What do companies need to know about the increasingly sophisticated understanding of UKBA and FCPA moving forward
• What are the key components of an effective BFC compliance program

BEYOND THE UKBA AND FCPA GLOBAL ANTI-CORRUPTION REGULATION AND ENFORCEMENT We review and assess the differences in FCPA as the primary driver for global corporate anti-corruption efforts, to the recent regulatory issues of the ever-changing anti-corruption space of UKBA, Sapin II, the Brazil Clean Company Act

• How to ensure a level playing field for all global companies in this multi jurisdictional mandate
• The issues related to global law enforcement cooperation and the disbarment process of the World Bank, EU, Sanctions
• The role emerging economies play in the global fight against corruption.

GLOBAL ANTI-CORRUPTION ENFORCEMENT AND THE WORLD BANK’S INTEGRITY PROGRAM The World Bank plays a central role and law enforcement when evidence of corruption and bribery is uncovered. It has sanctioned and debarred more than 80 individuals and 450 companies since 2006

• We review the implications if the recent cases of World Bank sanctions and enforcement
• Practical guidance on how companies can move forward if corruption is suspected.

INDICATORS AND BLIND SPOTS AND RED FLAGS TO IDENTIFY RISK AREAS OR INDIVIDUALS THAT COMMIT FRAUD Expensive and enormous resources are allocated in creating, testing and monitoring internal controls. According to the ACFE, the typical organisation loses 5% of its revenues to employee theft, embezzlement and fraud each year.

• What are the indirect factors that induce employees to commit this type of misconduct
• How to uncover and address the flaws in the control structure of the business
• How to identify and create perceptive processes and indicators to report human behaviour

THE COMPREHENSIVE ASSESSMENT OF AN INTERNAL INVESTIGATIONS Investigating allegations, suspicious misconduct from the hotline or a routine audit are some of the most challenging duties of a compliance officer.

• A review of the updated best practices for investigation systems from report to resolution.
• An updated review the basic principles, a compliance officer can use to build an investigations function
• How to analyse the jurisdictional directions to avoid pitfalls in conducting cross-border investigations.

HOW TO HANDLE SOCIAL MEDIA IN INTERNAL INVESTIGATIONS (Case Study) The communication in the social media can blur the line between professional and private issues when misconduct is alleged, and an investigation is launched.

• Can the compliance officer acquire access to an employee's social media or internet chats?
• How can the grape wine be contained on the web?
• Can the employee's actions on the social media be a determining factor

THE ROLE AND ENGAGEMENT OF THE EXTERNAL COUNSEL IN INTERNAL INVESTIGATIONS There is often the need for external experts to provide support during a high risk or multi-jurisdictional internal investigation that impact the work plan, staffing, and timing of a sensitive investigation

• What are the challenges of a management investigatory team with division of work, role and responsibilities
• How to best use the expensive expertise, maximize internal resources
• The use of technology to expedite reviews and the compliance concerns of data privacy laws

What Are The Major Components Of The Current Chinese Reality? A Warning Or An Unprecedented Opportunity China is currently placing tension in the world markets with fierce price declines, government regulation and restricted growth prospects. With the significant growth of China's household wealth, information management, and E-commerce and E-banking, there is the difference in the cultural context compared to the developed countries in the West. What are the various factors and techniques that could create a different future for business opportunities in China.

• How will the current decline in prices, housing, stocks and shares affect the Chinese market and consumer and allow China business and industry to flourish?
• How has the business and management methods evolved over time, and what factors and techniques in the Chinese context distinguish it from the West?
• How will the current Chinese problems create unique opportunities for growth in this new market?
• What kind of market and compliance regulations necessary to maintain sustainability and good governance practice in China?

Can Blockchain as a technology, have a general corporate, business and social impact on processes and applications as a disruptor or trade enabler?

• How can Blockchain impact the companies and industries?
• What is the role that blockchain technology has to play in enabling global trade?
• Can Blockchain address industry-specific sustainability issues (e.g. corruption, fraud and carbon data)

Global expert Jiri Kram explores the business potential of blockchain technology. Jiri highlights the mega trends and underlying principles of decentralised trust, accountability, transparency and new ways of collaborating through blockchain technology.

WHY DO THE ADOPTION AND IMPLEMENTATION OF ENTERPRISE RISK MANAGEMENT OFTEN FAIL? (CASE STUDY)

• Measuring the adoption of an Enterprise Risk Management system.
• Addressing the performance issues and gaps between the implemented and the adopted Enterprise Risk Management system.
• What are the lessons learned from the case study of a big player in the energy industry.

REVIEW OF THE PRINCIPLES OF A PROFESSIONAL JUDGEMENT FRAMEWORK IN FINANCIAL REPORTING

• We examine some of the redefined standards e.g. revenue recognition
• What are the new uncertainties that the new standards create for the auditor, investor and the response to the oversight authorities
• Addressing the pressure from capital markets to use risk intelligence and other models in the reporting framework
• How to exercise and defend a good judgment in all financial reporting processes and disclosures.

REVIEW OF THE COMPLEXITIES ON THE USE OF JUDGEMENTS IN THE MODERN FINANCIAL REPORTING PROCESS

• How van compliance, audit and financial teams work together and navigate in these multiple upstream disclosure channels,
• What are the questions the accountants/auditors need to address and be capable of to exercise professional judgement?

Is Your Compliance Policy Defective Because it Does Not Encourage Whistleblowers?

• What can we learn from the financial disasters at Volkswagen A.G., Olympus Corp., General Motors, Lehman Brothers, GlaxoSmithKline, and Enron?
• How to change employee culture
• How to encourage internal and external whistleblowers.

NON-FINANCIAL REPORTING: THE IMPACT AND RELATION BETWEEN THE BOARD OF DIRECTORS, MANAGEMENT AND THE INTERNAL AND EXTERNAL AUDITORS AND STAKEHOLDERS

• Throughout the world, CFO's are rearranging disclosures to comply with the many directives on Non-Financial Reporting
• How to increase transparency and performance on the environment and social matters.
• How to comply with the disclosure of non-financial information, taking into account current best practice, international developments and related global initiatives.
• How to develop and disclose concisely, useful and necessary information to provide an understanding of the organisation's development, performance, position and its impact on the activities.
• In this session, we provide a methodology and an IT Tool to facilitate the disclosure of comparable non-financial information and to provide stakeholders to exchange views by illustrating some of best practices.

PERSONAL ACCOUNTABILITY AND COLLECTIVE RESPONSIBILITY IN FINANCIAL SERVICES

• How the Senior Managers Regime will be introduced in the UK and rolled out in other jurisdictions

THE AUDIT REGULATION AND DIRECTIVE – LEGAL AND REGULATORY REFORM TO SUPPORT STAKEHOLDER CONFIDENCE: THE UK FRC’S EXPERIENCE

• What it means for audit?
• What it means for oversight and inspection?
• What it means for audit committees?

TRANSFORMATION AND TRANSITION IN THE RAPIDLY CHANGING REGULATORY LANDSCAPE ON ANTI-FINANCIAL CRIME
Workshop and intensive learning on how to respond to the changing regulatory landscape about AML, CTF, bribery and corruption and tax evasion

• Develop practical strategic measures for the efficient transformation of existing anti-financial crime policies, procedures and controls across all three lines of defense in your organisation.
  • Gain practical insight into the evolution of regulatory landscape for global anti-financial crime with general focus on Europe and specific focus on the Nordics
• Components that strengthen change management and project coordination skills needed for the effective implementation of new and evolving regulatory requirements
  • Spotlight on overcoming the challenges in balancing compliance with data protection/privacy requirements with AML regulatory standards
• How to design efficient and appropriate operating compliance reviews as part of the three lines of defense
  • How to prepare for the transitional steps needed to implement both the 4AMLD requirements, associated Directive measures designed to combat AML, CTF, bribery/corruption and tax evasion

The Financial services workshop will be led by David Gyori, CEO at Banking Reports: FinTech Training for Bankers with participation from The International RegTech Association, Lloyds Banking Group, Starling Bank, Barclays UK, The Retail Banking Academy and more.

---