GRC, GDPR, SBP, PCI-DSS

• Classification of Risks
• Main types of risk classes that banks face and have to cope with Salient characteristics of the main risk classes
• Fundamental concepts of each of the risk classes
• Introduction to ERM and its Frameworks
• Benefits and value of ERM deployment in and across an entity
• Key concepts of Enterprise Risk Management (ERM)
• Steps necessary to quantify ERM
• ERM frameworks
• Regulatory Landscape
• Major trends in the global regulatory landscape
• Key regulations that impact (transnational) finance institutions
• Key characteristics of the more recently announced holistic regulatory changes and new legislature
• Governance, Risk and Compliance – Demystified
• Overview of ‘governance’, ‘risk’ and ‘compliance’ (i.e., GRC)
• Principles and benefits associated to governance, risk and compliance
• GRC integrated approaches and their key enablers
• COSO and CobiT in Support of GRC Needs
• Key concepts to the COSO and CobiT frameworks for enterprise risk management
• Methods and capabilities defined by both, COSO and CobiT.
• Operational Risk Management – Primer
• The driving factors behind operational risk management
• Basel II approaches and key constructs for operational risk
• High level methods and capabilities of a staged implementation for operational risk

• Selective best practices from COSO, CobiT and Basel II operational risk management
• Advantages and limitation of certain aspects of ERM frameworks
• Regulatory expectations on listed companies in developed and leading countries
• Building an effective, holistic governance, risk and compliance model across an organization

The course will be delivered through a combination of lectures, discussions, case studies, and practical exercises. Course materials, including readings, slides, and handouts, will be made available through an online learning management system. The course will be offered over a period of 12 weeks, with 2-3 hours of study per week

Assessment will be based on participation in discussions, completion of practical exercises, and a final project that will require students to develop a GRC model for a hypothetical organization.