effectively managing operational risk

NASDAQ – GOVERNANCE, RISK

MANAGEMENT, COMPLIANCE

CONTENTS

Masdaq GRC Strategy 2

Brief Introduction Managing Risk Framework • Conduct Risk

How can technology help manage (Conduct) Risk Lessons Learned in Implementations Conclusion

WHO WE ARE

IGNITE YOUR AMBITION 3

Nasdaq –BWise is a global leader in Enterprise Governance, Risk Management and Compliance (GRC) software.

NASDAQ TICKER SYMBOL: NDAQ MEMBER OF S&P 500

OUR MISSION >

To provide end-to-end solutions supporting an organization’s ability to understand, track, measure, and manage key organizational risks

OUR VISION > To help companies to truly be in control by balancing performance with their financial and reputational risks, improving corporate accountability and operating efficiencies

NASDAQ-BWISE AT A GLANCE

4

The journey to success

NASDAQ lists

3400 COMPANIES

$6 TRILLION MARKET CAP

10,000 NASDAQ customers

Gartner and Forrester recognize BWise as GRC

leader since 2006

>1 million GRC professionals

use BWise daily

NASDAQ BWISE CUSTOMERS

5

WHAT IS CONDUCT RISK?

CONDUCT RISK

Stra

tegi

c R

isk

Rep

ort

ing

Ris

k

Co

mp

lian

ce R

isk

Op

erat

ion

al R

isk

Internal fraud

External fraud

Employment practices & Workplace safety

Clients, products & business practices

Damage to physical assets

Business disruption and failures

Execution, delivery & process management

Conduct Risk

Co

nd

uct

Ris

k

CONDUCT RISK

Stra

tegi

c R

isk

Rep

ort

ing

Ris

k

Co

mp

lian

ce R

isk

Op

erat

ion

al R

isk

Internal fraud

External fraud

Employment practices & Workplace safety

Clients, products & business practices

Damage to physical assets

Business disruption and failures

Execution, delivery & process management

Financial Risk Dimension

Reputational Risk Dimension

Conduct Risk Dimension

ALL AREAS OF THE BUSINESS, BUT TYPICALLY … (EXAMPLE FOR FINANCIAL SERVICES)

Client-facing processes • Sales & Marketing Processes • Asset Management and Investment Advice • Complaints Management • Front Office Processes Back-office processes • Product Approval • Remuneration & Incentives Program IT assets & processes • IT Assets and IT Processes involved in all of the above processes

NASDAQ GRC

BWise Master Roadmap 10

NASDAQ VIEW OF THE GRC INDUSTRY MAIN AREAS OF GRC

Nasdaq GRC Strategy 11

Board-related categories

Operational Risk categories

Compliance Categories

Legal Risk Categories

Physical Categories

Financial Risk Categories

Enterprise Risk Management

Audit Management

Corporate Governance

Corporate Social Responsibility

Operational Risk Management

Financial Assurance &

Control IT GRC

3rd Party Management

Anti-corruption & Fraud

Ethics & Integrity Privacy

Management

Crisis Management

Legal Matter Management

Geo-Political Risk

Management

Global Trade & International

Dealings

Employment/ Labor

Physical Security Management

Quality Management

Environmental, Health & Safety Management

Treasury Risk Management

Insurance & Claims

Management

Credit Risk Management

Market Risk Management

Financial Crime Risk

Management

Business Continuity

Management

Social Reputation Risk Management

Regulatory Compliance

ELEMENTS OF CONDUCT RISK MAIN AREAS OF GRC






Physical Categories



Audit Management





Control IT GRC




Management

Crisis Management


Geo-Political Risk

Management


Dealings

Employment/ Labor


Quality Management



Insurance & Claims

Management




Management

Business Continuity

Management



ELEMENTS OF CONDUCT RISK MAIN AREAS OF GRC






Physical Categories



Audit Management





Control IT GRC




Management

Crisis Management


Geo-Political Risk

Management


Dealings

Employment/ Labor


Quality Management



Insurance & Claims

Management



Management

Business Continuity

Management




HOW CAN TECHNOLOGY HELP TO MANAGE RISK?

OPRISK CYCLE

Risk Identification

RCSA

Loss & Incident Management

Action Management Risk Framework

Capital Calculation Risk Reporting

KRI Management

COMPLIANCE & POLICY MANAGEMENT CYCLE

Regulatory

Requirements

Risk-based Scoping

Policy Creation

Gap Analysis

Policy Dissemination Policy Attestation

Compliance

Assessment

Regulatory Alerts

Remediation & Risk

Acceptance Enterprise Reporting

Monitoring

INTERNAL CONTROL CYCLE

THE AUDIT CYCLE

INTEGRATION – SINGLE RISK LANGUAGE

Internal Control Internal Audit

Compliance Risk Management

IMPLEMENTATION APPROACH 3 variants

IMPLEMENTATION FORMATS

1. RDS

BWise Best Practice

working system

Gap Analysis

design document

Configuration

Go-Live system

2. Spiral

Business Design

design document

System Design

design document

Configuration

Go-Live system

3. BCOE

BWise Training

trained team

Design & Configure

working system

configuration

Go-Live system

WHY NASDAQ OMX BWISE

WHY NASDAQ BWISE

27

Company

Product

Services

Long term focus on GRC Industry Leader since the start of the GRC market GRC is an instrumental part of company strategy

100% configurable by client, 100% upgradable Scalable, secure, east-to-use modern platform 100% integrated GRC functions

Global implementation partnerships, Transcendent Global implementation teams and support Long-term customer relationships and references

28

THANK YOU

effectively managing operational risk

Technology

risk framework conduct

conduct risk lessons

grc leader

nasdaq governance

grc professionals

nasdaq bwise customers

compliance grc software

ambition3 nasdaq bwise