IA Resilience Forum

Group discount: use the promotional code GROUP for 20% discount on bookings of five or more.

Please contact events@theia.org for event sponsorship opportunity enquiries.

If you are experiencing any problems with registering to our events, please message: events@theia.org

13:00 Networking lunch and registration

14:00 Welcome and opening remarks

• Jonathan Lipkin, Director of Strategy and Innovation, The Investment Association

14:10 Keynote Session: The view from the FCA

This session will cover the regulatory state of play and the key issues as we approach the final implementation deadline for the UK operational resilience rules on 31 March 2025. 

• Suman Ziaullah, Head of Technology, Resilience and Cyber, FCA

14:30 Panel 1: Operational resilience: to the deadline and beyond

Expert practitioners share their thoughts on collaborative multi-lateral scenario testing; critical third parties to the finance sector; what to focus on ahead of the final UK operational resilience deadline; recent trends in real life operational incidents; and how firms can manage the increasingly complicated global regulatory landscape. 

• Moderator: James King, Senior Policy Adviser, The Investment Association
• Catherine Williams, Business Resilience Lead, Royal London Asset Management
• Colm O'keeffe, Managing Director - Global Head of Business Resiliency, Risk Management, Barings
• Dean Berney, Global Head of Operational Resilience & GCOO Risk Management, LGIM
• Lisa Erasmus, Director, BDO Digital

15:15 Mapping: Everything Everywhere All At Once: Unlocking DORA and Operational Resilience value

Generally, operational resilience mapping still lacks depth.  This leads to a surface level Threats & Vulnerabilities Assessment and Resilience resource risk assessment and means that scenario testing is often focused on a high-risk scenario (e.g. cyber) but produces generic outcomes and responses by not targeting specific firm risks and vulnerabilities.

This lack of depth has a knock-on impact, i.e. a failure to identify and understand all risks and vulnerabilities and an unfocused remediation and investment plan.

This lack of depth compounds when firms consider the granularity of mapping required for DORA.   Applying the lessons learned and advice from the UK operational resilience programme, link that to the DORA regulation, will help firms to determine appropriate granularity for mapping across both operational resilience and DORA.

The discussion will present the objectives of mapping, the required granularity of mapping across both programmes, where the mapping differs from one programme to the next, where mapping can be leveraged from existing operational resilience and change programmes to DORA, and finally how quality mapping can enhance other risk domains, e.g. third-party and nth party risk management.

• Daniel Waltham, Director, Forthline
• Scott Bridgen, Vice President UK & Ireland, Corporater

15:45 Networking break

16:00 Keynote session: Cybersecurity in focus

Inspector Charlie Morrison of the City of London Police will comment on the current cyber threat landscape and how the financial services industry and law enforcement can better work together to address cyber threats. 

• Charlie Morrison, Head of Cyber Griffin, City of London Police

16:30 Panel 2: Cyber Resilience: navigating the threat landscape

Leading industry practitioners discuss the current and future trends that are shaping cyber resilience, including: ransomware, the evolving tactics of malicious actors,the cyber and information security implications presented by AI and what quantum computing means for cyber security. 

• Moderator: Shruti Deb, Policy Adviser, The Investment Association
• Hans Allnutt, Partner, DAC Beachcroft LLP
• Charlie Morrison, Head of Cyber Griffin, City of London Police
• Robin Bylenga, Digital Strategy & AI Security Lead, DWS
• James Arthur, Partner, Head of Cyber Consulting, Grant Thornton

17:15 Drinks reception

18:15 End of the event

Jonathan Lipkin, Director, Policy Strategy and Innovation, The Investment Association

Jonathan is Director of Policy, Strategy and Innovation at The Investment Association (IA) and a member of the IA management team. 
Jonathan’s policy role focuses on how the industry serves its customer markets. This includes areas such as products and competition; fund communications and governance; and the long-term savings and pensions regimes in the UK and internationally. He also works closely on the IA’s broader strategic positioning and leads its programme to support industry innovation.

Jonathan joined the IA in 2005, becoming Director of Public Policy and a member of the IA Executive Committee in 2012. Prior to 2005, he worked for a number of years at Oxford Analytica, an international consultancy. At OA, he led the European political and economic analysis serving a wide range of domestic and overseas clients, both corporate and governmental. 

Jonathan is a Board Member of the Cost Transparency Initiative, Chair of the EFAMA Pensions Group and is a member of the Advisory Board of the Centre for Asset Management Research at Bayes Business School. He writes and speaks regularly both in the UK and abroad on investment management and pensions issues.

Suman Ziaullah, Head of Technology, Resilience and Cyber, FCA
Suman Ziaullah is the Head of Technology, Resilience and Cyber at the FCA, leading the FCA’s work to minimise the impact of operational disruptions on financial services firms, markets and consumers. This includes testing firms’ operational and cyber resilience, leading the FCA’s response when firms are disrupted, and focusing our efforts on firms who do not meet our standards.

Suman is also a Non-Executive Director at UK Anti-Doping, and Chair of the Board People Committee. Prior to these roles, Suman spent 15 years in the UK Diplomatic Service and 3 years in the private sector. He has an extensive background and experience working on cyber, developing resilience against major national security threats, and responding to international crises.

James King, Senior Policy Adviser, The Investment Association
James King is the Senior Policy Adviser at the Investment Association responsible for operational resilience, cyber resilience and technology.

Catherine Williams, Business Resilience Lead for Royal London Asset Management.
Catherine has worked in financial services for 11 years, spending the last four years specialising in Operational Resilience for retail banking and asset management. With a strong risk and control background, Catherine is passionate about the need to break down silos and share experience and best practice to enable firms to deliver successful resilience outcomes.

Dean Berney, Global Head of Operational Resilience and GCOO Risk Management, LGIM
Dean Berney joined LGIM in November 2020 with a specific aim to develop, implement and run Operational Resilience for LGIM at a global level which includes the implementation of all applicable regulatory requirements. In addition, Dean has been given the specific responsibility of managing 1st line Risk for the Global Chief Operating Officer.

With over 24 years of industry insight and a track record in building, running and enhancing risk and resilience within highly regulated environments, leveraging industry best practices and ensuring compliance with regulatory requirements globally. This is coupled with strong knowledge and experience of working with Investment Banking products (M&A, ECMG, DCMG, Equities & Fixed Income), Financial Market Infrastructure firms and IT (ISO 27001, NIST, COBIT).

Prior to joining LGIM, Dean brings with him experience gained from leading financial institutions such as Royal Bank of Scotland, UBS Investment Bank, HSBC, London Stock Exchange / Clearing House, Euroclear and most recently Legal & General Investment Management. Dean also has experience in enterprise risk management, regulatory filings/licences, change management, vendor & outsourcing, business continuity and business / risk transformation.

Scott Bridgen, VP UK & Ireland, Corporater
With over 25 years in Risk, Compliance and Ethics as both a practitioner and residing within the ivory towers of ‘Vendorland’, Scott is passionate & curious on all things GPRC.

Scott has experience working with customers of all sizes, from the beginning of their journey to mature strategic initiatives.

With extensive experience, he is an accomplished speaker, appearing on TV, Radio, Podcasts, and traditional forums enjoying topics surrounding risk quantification, the simplification of GPRC processes, architecting problems in to outcomes and making technology user experiences ‘line of business friendly’.

Dan Waltham, Director, FourthLine
Dan Waltham is a Director of FourthLine, a boutique risk and resilience consulting firm. Dan has over ten years experience leading on customer engagement; identifying, creating, and designing solutions to help our customers meet risk and regulatory challenges.

Dan oversees advisory and consulting projects for financial services firms across Operational Resilience, DORA Outsourcing and Third-Party Risk, Operational Risk, Business Continuity, and Crisis & Incident Management.

Shruti Deb, Policy Adviser, Innovation and Operations Unit at the Investment Association
As part of the Unit at the IA, Shruti works across a wide variety of projects that bring technology and finance together. Shruti has a keen interest in technology policy particularly where it impacts the investment management industry. Shruti supports the IA's work on cyber resilience and has a keen interest in exploring incidents, developments and mitigation measures for preventing cyber attacks. Additionally, Shruti also works on the tokenisation of funds workstream and leads IA's data strategy work.

Hans Allnutt, Partner, DAC Beachcroft LLP
Hans leads DAC Beachcroft's multi-award winning cyber risk and breach response team. He has responded to hundreds of breaches and cyber incidents, helping clients of all sizes, from SME to Global Corporates across all sectors. He is a true specialist and trusted advisor, guiding clients through their crisis and defending any regulatory investigation and privacy litigation that follows.

Hans has also advised on cyber and data protection compliance programmes, as well as responding to information rights requests (e.g. DSARs).

As a litigator, Hans advises on disputes and injunctive relief. His practice includes national and international litigation, arbitration and other forms of dispute resolution.

Charlie Morrison, Head of Cyber Griffin, City of London Police
Charlie Morrison is the head of Cyber Griffin team, a programme which makes up one arm of the City of London Police’s Cyber Crime Unit. In his career, Charlie has worked across intelligence and response policing directorates and for the last 5 years has helped develop the force’s Cyber Crime Unit. He holds specialisms in information security management systems, incident response and cyber maturity assessments. Charlie was the driving force behind Cyber Griffin which today is an NCSC and CPD® certified training programme. Supported by the Corporation of London, Cyber Griffin protects businesses from cyber criminality and assists the Square Mile in offering world-leading security to the nation’s centre of business.

James Arthur, Partner, Head of Cyber Consulting, Grant Thornton
James leads the cyber consulting team. He has over 20 years of experience in all aspects of cyber security, from organizational design and national training programs to specifying technical architectures, Security Operations Centres, and outsourcing security monitoring. He recently returned from five years in the Middle East, where he was responsible for setting up the national cyber defenses for several countries.

James has extensive experience working with a range of clients, identifying and tackling their cyber security challenges in a proportionate manner. He specializes in providing pragmatic, clear, and actionable advice to clients, allowing them to reduce their cyber risk profiles through prioritized and controlled programs of work.

James has advised multiple secure government organizations in the UK, Far East, and Middle East, and has advised companies in the oil and gas, telecoms, and banking sectors in the Middle East.

Principal Sponsor 

Corporater is a global software company that enables medium and large organizations worldwide to manage their business with integrated software solutions for governance, performance, risk, and compliance (GPRC) built on a single platform.

Corporater provides the world's leading Business Management Platform which offers 'One View, One Platform' for a holistic and complete overview of business. Our signature solutions include Integrated Risk Management, Enterprise Risk Management, Operational Risk Management, Business Continuity Management, Internal Audit Management, Operational Resilience, Regulatory and Organizational Compliance Management, Data Privacy Management, Project and Portfolio Management, Performance Management, Strategy Management, and others. All Corporater solutions can be used straight out of the box as point solutions, or in combination with other Corporater solutions to form a holistic GRC program.