Mastering Risk: Insights and Successes from a Year of Controls Testing

Summary

With the implementation of the FINMA circular 2023/1 on January 1, 2024, controls testing requirements have been in force for over a year. This regulation mandates the regular assessment of both the design effectiveness and operating effectiveness of key controls, which must be performed and documented by an independent control body. Additionally, risk control function reports to management must include a summary overview of the independent effectiveness assessment of key controls.

We will have a look at what experience did banks find most valuable and where challenges remain.

In this event, we will cover the following topics:

• Implementation Strategies: Has it proven to be more appropriate to implement control tests across all different chains of processes (business processes) or rather more focused on results of outside expected outcomes (e.g., outliers, pending issues, breaks, excesses, shortcomings)?
• Conflict of Interest: Is it more efficient and effective to involve the second line of defense (Risk – Compliance) in the design of the controls as well as in the review and testing of these, or only in defining the testing framework?
• 2^nd LOD controls: What is a good practice in regard to allocating the responsibility for reviewing and testing the second line of defence’s controls?
• Assessment Criteria: What criteria has proven to be useful for assessing if the design and control execution are sufficient?
• Resource Allocation: What are examples of size and depth of controls testing plans? How much effort and resources are required for controls testing?
• Levels of Assurance: What experiences have been gathered with the different levels of assurance for design and/or operational effectiveness (e.g., testing, review, walk-through) look like? What are the ratios between the different levels?

In this event, three short speeches will give insight to specific areas of implementing the controls testing framework. This is complemented with the perceptions from an auditor’s / consultant’s point of view. The presentations will be followed by a panel discussion with industry experts Daniela Vorburger, Manuel Wendle, Daniel Plüss, Xavier-Yves Zanota and Alexandra Burns.

We look forward to discussing these topics and sharing further insights.

Presenters

• Daniela F. Vorburger, St. Galler Kantonalbank AG
  Daniela F. Vorburger is responsible for non-financial risks at the St. Galler Kantonalbank (SGKB). She has successfully restructured the bank’s risk management framework, the internal control system and the OpRisk-desk’s reporting to the board of directors. During her 22 years of professional career she has gained expertise, skills and knowhow as a senior manager in environments stretching from risk management in large hospitals to crisis management for the Swiss government. As an executive manager she has led a health care institution through the Corona crises. She holds among other degrees a Master in Policial Science & International Relations (University of Zurich) and an Executive MBA (University of St. Gallen and Toronto).
• Xavier-Yves Zanota, Global Head of Operational Risk at EFG Bank AG
  Xavier-Yves Zanota is the Global Head of Operational Risk at EFG Bank AG. He was previously an Executive Director at UBS (Group Compliance, Regulatory and Governance — Governmental Affairs) following his tenure at the Basel Committee on Banking Supervision, and previously at EY. He holds a double Master’s degree in law and economics from the University of Toulouse, France, a Certificate of Advanced Studies in cyber security from ETH Zurich and is a Certified Internal Auditor.
• Daniel Plüss, Senior Compliance Officer at Basler Kantonalbank 
  Daniel Plüss is a Senior Compliance Officer with over 25 years of experience in control frameworks across the 1st and 2nd Lines of Defense. He has an additional 8 years of expertise in assessing operational risks, including leading projects for the implementation of Bottom-Up (RCSA) and Top-Down risk assessments, as well as the corresponding tools. Currently, he is responsible for developing and managing the control framework (1st and 2nd Lines of Defense) and overseeing Compliance Risk Reporting for the Basler Kantonalbank Group.
• Manuel Wendle, Head of Credit and Operational Risk at Basler Kantonalbank
  Manuel Wendle manages the team responsible for Basler Kantonalbank’s Operational Risk Framework and control of operational risks. With 15 years of banking experience in customer relations, legal and compliance project management, and consulting in Asia, Manue has been leading Operational Risks for the BKB Group since July 1, 2024. He holds a Master of Business Administration degree with a focus on trust building and implementation of regulated tokenized forms of money.
• Moderation by Emanuel Hierl, Chapter Advisor of Non-Financial Risk, Swiss Risk Association and Manager at zeb-Switzerland
  Emanuel Hierl (CIA, CRMA) is Manager at zeb-Switzerland. He brings over 20 years of expertise in Finance and Riskmanagement as well as Audit and Advisory. Her previously held senior roles at different Swiss Banks e.g. at Basellandschaftliche Kantonalbank (BLKB), Raiffeisen Switzerland and Verwaltungs- und Privatbank (VPB). He is specialized in Governance Risk and Control.

Agenda

17:45 Arrival & Name Tag Collection
18:00 Welcome and Introduction
18:10 Presentations
18:40 Panel Discussion followed by Q&A
19:15 Closing Words ​
19:20 Networking Drinks (all)
20:30 End

Chapter Event

In our chapter events – access for members only – we present one or more speakers to share knowledge, updates and best practices on a specific risk topic. In small groups of risk professionals you can exchange thoughts and test ideas. More on SRA chapters. This event is hosted by the chapter Regulatory Development and Non-Financial Risk (NFR).