Operational and Cyber Resilience in Investment Management Forum 2023

Strengthening resilience in a changing world

Group discount: use the promotional code GROUP for 20% discount on bookings for five or more people.

In a rapidly changing technological and regulatory environment, strengthening operational resilience is a major ongoing challenge, but one that firms must meet head on.

In the UK, by the end of March 2025, in scope firms are expected to be able to remain within impact tolerances through a range of severe but plausible scenarios. At this stage of the implementation period, firms should be developing the sophistication of their mapping and scenario testing, as well as addressing any vulnerabilities that have been identified.

Similarly, in the EU, the Digital Operational Resilience Act (DORA) is now in force with an implementation deadline of 17 January 2025.

In addition, a new supervisory regime is in development to manage the risks posed by critical third party providers to the sector, such as cloud service providers and other technology vendors.

A key element of operational resilience is cyber resilience. The increasing volume and sophistication of cyber-attacks has brought into focus the importance of firms prioritising cyber resilience to protect themselves from internal and external threats. It is also a priority for regulators, too, with the FCA making clear their expectation that firms protect their critical information, detect attempts to breach these protective controls and respond quickly and effectively when compromised.

This half day event aims to challenge, inform, and better equip the industry through a series of panels and presentations by subject matter experts, both from within investment management and beyond.

Attending this event will provide you with:

• The latest thinking on how firms can build their operational resilience ahead of the final implementation deadline and beyond
• Insights into emerging cyber challenges and how firms can respond to them effectively
• Expected developments within the international regulatory environment
• Output from the IA’s Operational Resilience and Cyber Resilience committees

09:00-09:30 Registration, Refreshments and Networking

09:30-09:35 Welcome

Jonathan Lipkin, Director - Policy, Strategy and Innovation, The Investment Association

09:35-09:55 Operational Resilience Keynote

Suman Ziaullah, Financial Conduct Authority 

09:55-10:40 Operational Resilience Panel: Remaining resilient through disruption
Expert practitioners share their thoughts on collaborative multi-lateral scenario testing; critical third parties to the finance sector; how to build sophistication of mapping and testing ahead of the final UK operational resilience deadline; the lessons to learn from recent real life operational incidents; and the global proliferation of operational resilience rules.

Moderator: James King, Senior Policy Adviser, The Investment Association

• Michele Henry, Head of Operational Resilience, abrdn
• Fleur Elston, Vice President - EMEA Resilience, State Street
• Dean Berney, Head of Operational Resilience, Legal and General Investment Management
• Sandra Hislop, Independent Consultant

10:40-11:10 Operational Resilience Scenario Test Master Class
Grant Thornton leading experts will run a scenario test master class highlighting the key factors which go into designing and executing an effective scenario test. The session will focus on the more advanced methods of scenario testing that many firms are now starting to adopt while sharing practical insights.

• Priya Prakash, Associate Director, Business Continuity and Operational Resilience, Financial Services Group, Grant Thornton UK LLP
• Andy Tomkinson, Associate Director, Financial Services Group, Grant Thornton UK LLP

11:10-11:40 Networking Break

11:40-11:55 Cyber Resilience Keynote

Erika Lewis, Director, Cyber Security and Digital Identity, Department for Science, Innovation and Technology (DSIT)

11:55-12:10 Cyber Resilience Keynote

Scott C, Head of Private Sector Resilience, The National Cyber Security Centre (NCSC)

12:10-12:55 Cyber Resilience Panel: Emerging developments in cyber resilience
Leading industry practitioners discuss the current and future trends that are shaping cyber resilience, including: developments in the cyber insurance market, the cyber and information security implications presented by AI, what quantum computing means for cyber security and how the industry can better collaborate on threat intelligence sharing.

Moderator: James King, Senior Policy Adviser, The Investment Association

• Kate Brimsted, Partner, Bryan Cave Leighton Paisner (BCLP)
• John Harrison, Head of Information and Cyber Security, Charles Stanley
• Erika Lewis, Director, Cyber Security and Digital Identity, Department for Science, Innovation and Technology (DSIT)
• Bethany Thomas, Senior Underwriter for FI, Cyber & Commercial D&O, Spring Insure Limited

12:55-13:00 Closing Remarks

James King, Senior Policy Adviser, The Investment Association

13:00-14:00 Networking Lunch

In order of programme appearance:

Jonathan Lipkin, Director - Policy, Strategy and Innovation, The Investment Association

Jonathan is Director of Policy, Strategy and Innovation at The Investment Association (IA) and a member of the IA management team. 
Jonathan’s policy role focuses on how the industry serves its customer markets. This includes areas such as products and competition; fund communications and governance; and the long-term savings and pensions regimes in the UK and internationally. He also works closely on the IA’s broader strategic positioning and leads its programme to support industry innovation.

Jonathan joined the IA in 2005, becoming Director of Public Policy and a member of the IA Executive Committee in 2012. Prior to 2005, he worked for a number of years at Oxford Analytica, an international consultancy. At OA, he led the European political and economic analysis serving a wide range of domestic and overseas clients, both corporate and governmental. 

Jonathan is a Board Member of the Cost Transparency Initiative, Chair of the EFAMA Pensions Group and is a member of the Advisory Board of the Centre for Asset Management Research at Bayes Business School. He writes and speaks regularly both in the UK and abroad on investment management and pensions issues

Suman Ziaullah, Financial Conduct Authority

Suman Ziaullah leads the FCA’s work to minimise the impact of operational disruptions on financial services firms, markets and consumers. This includes testing firms’ operational and cyber resilience, leading the FCA’s response when firms are disrupted, and focusing our efforts on firms who do not meet our standards. Suman is also a Non-Executive Director at UK Anti-Doping, and Chair of the Board People Committee. Prior to these roles, Suman spent 15 years in the UK Diplomatic Service and 3 years in the private sector. He has long experience working on cyber, developing resilience against major national security threats, and responding to international crises.

Michele Henry, Head of Operational Resilience, abrdn

Michele was appointed Head of Operational Resilience for abrdn Investments in August 2022. She is responsible for driving the global footprint for Operational Resilience, which includes new regulatory requirements on resiliency alongside a well-established Business Continuity programme. She focuses on assurance within the organisation, and across critical third-party suppliers, to support key customer interests.

Her career began with 5 years in IT and has led to 15 years in Financial Services, including 10 years at Lloyds Banking Group. Her roles have spanned from compliance and risk management to delivery of strategic programmes in the UK, USA, Ireland, Germany, and India.

Dean Berney, Head of Operational Resilience, Legal and General Investment Management

Dean Berney is a highly accomplished Risk and Resilience practitioner with a proven history of success in pioneering framework enhancements, which has improved operational resilience and risk profiles across international jurisdictional.

With over 22 years of industry insight and a track record in building, running and enhancing resilience and risk within highly regulated environments, leveraging industry best practices and ensuring compliance with regulatory requirements globally. This is coupled with strong knowledge and experience of working with Investment Banking products (M&A, ECMG, DCMG, Equities & Fixed Income), Financial Market Infrastructure firms and IT (ISO 27001, NIST, COBIT).

Dean brings with him experience gained from leading financial institutions such as Royal Bank of Scotland, UBS Investment Bank, HSBC, London Stock Exchange / Clearing House, Euroclear and most recently Legal & General Investment Management. Beyond operational resilience, Dean also has experience in enterprise risk management, regulatory filings/licences, change management, vendor & outsourcing, business continuity and business/risk transformation.

Sandra Hislop, Independent Consultant

Driven, accountable and collaborative senior executive leader with extensive Financial Services experience Sandra is an established expert in Governance and Operational domains. A strategic thinker providing oversight and scrutiny for boards within complex, fast moving global environments. Sandra is an accomplished leader and is passionate about governance and oversight, helping to make organisations better, nimbler, and more resilient for their global investors. Previously holding senior roles in large Asset Managers, Sandra has in-depth, specialist knowledge of governance, risk and control, operational and compliance risk practices. Much of Sandra’s career has been spent engaging with senior executives/Boards about third party due diligence & oversight, implementing and reporting on regulations.

Sandra is an active participant and influential speaker within industry bodies and conferences. More recently, Sandra has and is participating in industry conferences focused on providing industry insights on regulatory topics such as operational resilience and third-party outsourcing. A notable committee member with experience and accountability for large scale regulatory change programmes and third-party oversight, enabling growth and resilience within firms, Sandra has taken on committee and treasury roles in Edinburgh and is focused on establishing her INED career.
Passionate about talent management with strong interpersonal skills, Sandra is an active mentor and coach to emerging and seasoned talent and is a member of the Women on Boards UK.

Fleur Elston (née Robinson), Vice President - EMEA Resiliency, State Street

Fleur leads MI Reporting, transforming raw metrics from potential vulnerabilities to resilience risks. She is also integral to global Education & Awareness and methodologies for defining impact tolerance levels and scenario testing.
Previously, Fleur specialised in developing and running Business Resilience, Continuity & Crisis Management for FinTechs, Banking Groups, a Pensions Administrator, large University, and a Big 4.

Notably, Fleur is a survivor of the 1996 South Quay bombing, part of a large US Investment Bank’s crisis management team during 2005’s 7/7, ‘virtually’ managed a firm’s response to the 2013 Boston lock-down (from a motorway in France), and running c.50 CMTs during the 2015 Summer of GREXIT at an FMI.

Priya Prakash, Associate Director, Business Continuity and Operational Resilience, Financial Services Group, Grant Thornton UK LLP
Priya is a proven subject matter expert for operational resilience. She is a Certified Project Manager. Priya has created and led cohesive cross-geography teams across multiple clients to implement operational resilience regulatory requirements.

She is an expert in setting up customised resilience (third party assurance/ scenario testing/ BCP) programmes for large multinational firms to align with their wider risk requirements and meet their overall organisational goals. Priya is highly adaptable in various client environments with proven senior stakeholder engagement experience.

As part of the Lloyds Working Group and Forums, she analysed challenges faced by managing agents with respect to resilience. Priya provided guidance on interpreting regulatory statements and developing methodologies to carry out each phase.

She is a goal-driven and detail-oriented professional with extensive consulting experience in numerous other regulatory / business transformation programmes. This includes Sarbanes-Oxley audit, Brexit, GDPR and third-party outsourcing.

Andy Tomkinson, Associate Director, Financial Services Group, Grant Thornton UK LLP
Andy is an industry acknowledged subject matter expert in Cyber Incident Response, Business Continuity, Crisis Management, Disaster Recovery, Emergency Planning, Risk and Operational Resilience, who has conducted over 400 simulation exercises over the past 20 years.

Andy is an expert in designing, implementing, and establishing repeatable processes for security, privacy and business continuity plans and procedures and transferring skills for enduring emergency response, crisis management, business continuity and disaster recovery.

He is a qualified and experienced ISO22301 Lead Auditor by the British Standards Institute. ITDR networks, operations, governance, technology, and infrastructure. He has completed ISO22301 implementations for; Emergency Planning College, Ooredoo, Skynet, Oryx Gas to Liquids, Qatar Petroleum, QVC, Linklaters and DHL. He was the lead consultant for ISO22301 and ISO27001 for Ooredoo in Qatar gained in 2014.

Andy has participated in the development of national, European and international standards and recognised Good Practice Guides. Andy is Co-author of BC for Dummies published in 2012. In May 2022 he was presented Lifetime Achievement Award by the Business Continuity Institute of which he is a long-serving Fellow.

Erika Lewis, Director, Cyber Security and Digital Identity, Department for Science, Innovation and Technology (DSIT)
Erika Lewis was a founding member of London Government, moving from the voluntary sector to join the set-up team in the London Development Agency in April 2000. At the LDA she delivered regeneration programmes across London, in particular working with the Finsbury Park Partnership and on the Olympic Park delivery programme. Subsequently the Director of Strategy at the LDA, she was responsible for the development and delivery of the Mayor’s Economic Development Strategy.

In 2012, Erika became a Project Director at the Competition and Markets Authority where she delivered two merger investigations and led the Private Motor Insurance and Energy Market Investigation. Moving to the role of Director of Governance and Performance, Erika set up the CMA data, digital and tech team.

Erika joined DCMS in 2018 to deliver the National Data Strategy, in addition she was responsible for Data Policy and Ethics. After leading the Brexit preparedness data team, she moved in October 2019 to the role of Director, Cyber Security and Digital Identity where she leads on the economic support for the cyber sector, the development of security approaches for consumer IoT, the government work on Secure Connected Places and Digital Identity in the economy. In 2020 she also led for DCMS on the Covid-19 response package for the Voluntary Sector.

James King, Senior Policy Adviser, The Investment Association

James King is the Senior Policy Adviser at the Investment Association responsible for operational resilience, cyber resilience and technology.

Kate Brimsted, Partner, Bryan Cave Leighton Paisner (BCLP)

Kate Brimsted is the UK Data Privacy and Security Partner Lead at international law firm BCLP and advises clients on all aspects of law associated with “data” in particular the UK GDPR and EU GDPR. Cyber security and personal data breaches are also part of her practice. Over some 25 years in the field, Kate has built a reputation as a “go to” person for strategic and pragmatic data privacy advice on complex projects and issues in a range of sectors including technology, financial services, manufacturing and energy. Her consistent aim is to focus on the issues that really matter for her clients and to work collaboratively with them to arrive at clear and practical solutions. Kate is recognised as a Leading Individual for Data Protection & Information Law by Chambers & Partners UK, a Global Leader for Data Privacy in Who’s Who Legal 2022, in Best Lawyers (UK) 2022, in Best of the Best (Global) 2021 and Privacy and Data Protection 2021 by Expert Guides.

Clients have also recognised Kate’s expertise, stating in Chambers UK that "Kate is very solid and knowledgeable in relation to data protection matters” and "has knowledge of our business and therefore she's able to provide legal assistance which is tailor-made and specific." Legal 500 states “Under the leadership of GDPR specialist Kate Brimsted, Bryan Cave Leighton Paisner LLP's team offers 'practical and sensible solutions' to data protection, privacy and cybersecurity issues.”

John Harrison. Head of Information and Cyber Security, Charles Stanley

John has over thirty years’ experience within Financial Services. He joined Charles Stanley to manage the IT Service Desk and subsequently built a business facing IT service team. As the emphasis on information and cyber security grew, John became increasingly involved with this work before electing to pursue it as his chosen career, setting up a new information and cyber security function. John is an active cyber security leader, collaborating with professional bodies and external agencies. He also raises awareness of cyber security by presenting to colleagues, clients, and the wider community.

Bethany Thomas, Senior Underwriter for FI, Cyber & Commercial D&O, Spring Insure Limited
Bethany joined the insurance industry after graduating from Churchill College, University of Cambridge in 2008. Since, she has amassed over 14 years’ experience arranging insurance programmes for commercial and financial services business at some of Lloyd’s leading broker firms.

Bethany was awarded “Insurance Broker of the Year” at the Women in Insurance Awards 2022.

In July 2022, she switched discipline and moved to a senior underwriting role at a specialist insurance provider where she has continued to use her insurance knowledge and broker background to deliver positive outcomes for brokers and policyholders.

Her specialisms are Professional Indemnity (PI), Directors’ & Officers’ (D&O), Crime and Cyber Liability insurances. Bethany is a training advocate, constantly developing herself and the teams that she has managed in her career. She has contributed to various Wellness and Diversity & Inclusion initiatives in the industry.

Interested in partnering with us on this event? Get in touch

Kindly hosted by

Bryan Cave Leighton Paisner is recognised as one of the market leaders in investment funds. We act for several of the most active fund managers and have well-established capabilities across a variety of alternative investment sectors, including hedge, private equity, real estate, credit and venture capital funds as well as mutual funds (and their boards of directors), series trusts and other open-ended and closed-ended alternative investment vehicles. We act on unregulated and regulated funds, offshore and onshore structures, private and listed vehicles.

Our experience spans a wide variety of structures, supporting clients from the inception and structuring of investment funds to capital raising, operation, regulatory compliance, restructuring and exit strategies.