Operational Resilience for

OSFI Guideline E-21

An End-to-End Examination of Requirements, Time Lines, Critical Terminology, Planning, Testing and Documentation

November 19 – 20  – Toronto

CPE – 11.25 hours

Register
Agenda to Circulate

Delegate Comments

“…provided a very good high level summary of the key impacts of IFRS to financial institutions.”

Associate Chief Accountant, Bank of Montreal

“Presentations were clear even though topics were complex.”

Chief Financial Officer, Société Générale

“Best conference I’ve ever attended.”

Senior Manager, Enterprise Hedge Accounting and Derivative Reporting, Royal Bank of Canada

“Suffice it to say that the conference delivered on my expectations…A lot has been taken away from this conference…$ well spent…”

V.P. Risk Management Advisory, New Brunswick Credit Union Stabilization Board

“Finally a course that communicates true technical knowledge”

Director, Operations Finance, NAV Canada

“This seminar was fantastic – very informative and has some extremely interesting and knowledgeable speakers.”

Manager, Corporate Accounting, Brascan Power

“Great balance between theory and practical application/issues. Perfect level of detail…”

Treasury Manager, CHC Helicopter Corporation

“Speakers were very knowledgeable, materials were current…examples and materials were relevant and well presented.”

Derivatives Accountant, Agrium Inc.

Operational Resilience For OSFI Guideline E-21

Program – November 19

9:00 a.m.  –  9:05 a.m.
Opening Remarks from the Chair

Adeline Cheng, Partner – Risk Consulting, EY LLP

9:05 a.m. – 10:00 a.m.
Impact of E-21 on Organizational Structure/Processes and Governance

Adeline Cheng, Partner – Risk Consulting, EY LLP
Harman Singh, Senior Manager, EY LLP

  • Understanding critical operations for Board oversight
  • Distinguishing between business continuity, disaster recovery and operational resilience
  • Defining objectives of the FRFI resilience strategy
    • what Boards need to review significant impact on financial stability
    • approval of impact tolerances
    • linking third party risk management to operational resilience
    • clarifying distinction between resilience and risk – level of expertise available
  • Assessing the efficacy of a corporate resilience-aware culture
  • Assuring Board knowledge of cyber, tech and operational resilience concepts and frameworks
  • What documents can Boards rely upon in fulfilling E-21 obligations?
  • Engagement in scenario testing and crisis simulations
  • Development and monitoring of resilience of KPI’s 

10:00 a.m. – 11:00 a.m.
Effective Timeline Management – Insights and Observations on Operationalization

Mark Barboza, Director – Risk Assurance Services, PwC LLP

  •  Understanding the scope, phases and tasks to achieve operational resilience
  • Cross-silo integration – OSFI expectations and establishing shared accountability
  • Mapping existing frameworks to Guideline E-21 and conducting gap assessments
  • Defining clear roles across all lines of defense
  • Lessons learned to date from implementation projects
    Who should conduct/be involved in the project?
  • Setting the scope for end-to-end mapping across business units, systems and third parties

11:00 a.m. – 11:15 a.m. – Morning Networking Break

11:15 a.m. – 12:15 p.m.
Operational Resilience (Guideline E-21) and DORA – Comparison and Lessons Learned
Sandeep Dani, Partner, KPMG LLP
Andrea McCausland, KPMG LLP

  • Identifying the purpose and scope of E-21
  • Key terms and concepts including
    • -definition of operational resilience
    • -critical operations and interdependencies
  • Regulatory interaction – B-10, B-13, B-15 and E-21
  • Gaps and convergence with DORA
  • Evaluating, and applying, lessons learned for DORA implementation
  • Implications for cross-border operation – US, UK, EU
     

12:15 p.m. – 1:15 p.m.  –  Luncheon

1:15 p.m. – 2:15 p.m.
Practical Discussion – Determining Critical Operations

Moderator: Nadia Naraine, Senior Manager, EY LLP
Insurance Representative
Banking Representative

  • What is “critical” – OSFI definition and examples
  • Identifying the implications of appropriate/inappropriate assessment of critical operations
  • Criteria for mapping critical services and confirming critical operations
  • Highlighting key risk categories and their implications for operational disruption
  • Information and documentation essential for setting critical operations
  • Assessing interdependencies across process, technology and third parties
  • Finalizing the critical operations map
  • Tips for testing conclusion during the mapping and identification process

2:15 p.m. – 3:15 p.m.
Cybersecurity and Technology Risk Management

Vivek Jassal, Partner – Cybersecurity, KPMG LLP

  • Identification of critical systems – risks and protection
  • Aligning E-21 with cybersecurity risk management best practices – finding the gaps
  • How to address mapping and protection of
    • legacy systems
    • third party dependencies
    • hybrid cloud environments
  • Integrating IT, cybersecurity and business continuity into the operational resilience strategy – OSFI objectives and expectations
  • Meeting the challenges of increasing sophistication and volume to cyber threats –
    • satisfying OSFI expectations vs business capacity and financial limitations
  • Tech and cybersecurity risks in third party arrangements – what to require and proof of compliance Unifying governance between cybersecurity and IT operations
  • Unifying governance between cybersecurity and IT operations
  • Covering off gaps in change risk management
  • Linking tech/cybersecurity resilience indicators and KRI/KPIs to critical operations

3:15 p.m. – 3:30 p.m.  – Afternoon Networking Break

3:30 p.m. – 4:30 p.m.
Third Party and Supply Chain Risk Management – Applying Guideline B-10

Jack Barrett, Senior Manager – Financial Services, Risk & Advisory, PwC LLP

  • Identifying third parties related to critical operations including fourth parties and beyond
  • Contract clauses addressing performance and resilience
  • Options to consider in the absence of negotiated terms – dominant and foreign vendors
  • Implementing risk-based tiering of third parties
  • Involving material third parties in operational testing
  • Dealing with transparency – beyond contracted parties=
  • Concentration and systemic risk – risk mitigation and absence of redundancy options
  • Issues to consider for performance and monitoring
  • Aligning OSFI B-10 and E-21

Program – November 20

9:00 a.m.  –  9:05 a.m.
Opening Remarks from the Chair

Adeline Cheng, Partner – Risk Consulting, EY LLP 

9:05 a.m. – 10:00 a.m.
Model and Data Risk Management

Sandeep Dani, Partner – Risk Consulting, KPMG LLP

  • Aligning E-23 and data risk management with OSFI E-21
    • changes in Draft Guideline E-24 – implications for operational resilience compliance
  • Identifying models and data assets, including related risks, supporting critical operations
  • What model and data risks would impact critical operations?
  • Conducting model risk assessments with a focus on resiliency
  • Model validation and validation for operational resilience
  • Incorporating data risk in business impact analysis for disruptions and recovery
  • Performance monitoring of critical models
  • Metrics and KRIs
  • Cross-silo simulation for model/data failures

10:15 a.m. – 10:30 a.m. – Morning Networking Break

10:00 a.m. – 11:00 a.m.
Scenario Testing – Designing and Executing

Katherine MacPherson KMR Consulting

  • Defining the objectives of scenario testing – OSFI and organizational
  • How many scenarios of varying disruptive events are required?
  • Establishing impact tolerances – each critical operation or entire FRFI?
  • Creating severe but plausible scenarios including compound scenarios
  • Ensuring cross-silo and third party dependencies are addressed
  • Execution issues – mapping out what and how the test will cover
  • Documenting critical elements occurring during the test for evaluation and reporting
  • Evaluating scenario test outcomes – anticipated results and gaps identified
  • Linking outcomes to risk appetite, internal controls and recovery plans
  • Validating scenario testing exercises
  • Resilience disclosure – must demonstrate testing and evidence, not just documentation
  • What to consider for ongoing testing and improvement

11:00 a.m. – 11:15 a.m. – Morning Networking Break

11:15 a.m. – 12:15 p.m.
CASE STUDY – Scenario Testing Beyond the Plan – Problems Encountered and What to Expect

EY LLP

12:15 p.m. – 1:15 p.m.   Luncheon

1:15 p.m. – 2:15 p.m.
Documentation Summary and Critical Highlights

TBD

  • Summary of regulatory requirements for operational resilience documentation
  • What needs to be reported and what needs to be available to regulators?
  • Main topics of documentation and key elements
    • policy and framework documents
    • methodology for identification of critical operations
    • mapping of dependencies
    • tolerance for disruption
      • impact tolerance statements
      • documentation of assumptions
      • evidence of alignment with risk appetite
    • scenario testing
      • testing methodology including framework for selecting scenarios
      • records of test planning, conduct and results
      • lessons learned including changes to processes and tolerance thresholds
    • third party risk management
    • incidence response and crisis management
  • Continuous review and testing

2:15 p.m. – 3:15 p.m.
Ongoing Monitoring and Managing of Resilience – Best Practices and Tools

Aaron Noronha, Senior Manager, EY LLP
Harman Singh/Celeste Duke, EY LLP

  • Establishing best practices for monitoring and maintenance of resilience
    • real-time dashboards reflecting resilience posture
    • automated processes to monitor status of predefined impact tolerance thresholds
    • ongoing scenario testing – reports and remediation
    • resilience metrics and KPIs
    • complete and automated audit trails
  • Technology tools for continuous monitoring
    • end-to-end service mapping tools
    • resilience monitoring platforms
    • scenario testing engines
    • automated incident management and response remediation
    • impact tolerance and service level agreement tools
  • Use of AI/ML and data
  • Profile of tools and best practices at work

3:15 p.m – End of Conference

Registration Options Before October 13, 2025 Before November 3, 2025 After November 3, 2025
Model Risk Mgmt $1,799.00 + HST $1,899.00 + HST $2,399.00 + HST

Our HST Number: R862562543

Group Discount: Fourth Delegate FREE!

If three individuals from one organization register at the same time, a fourth person may also be registered to attend free of charge. The free registration must be of equal or lesser value than the paid registrations. Please contact us to arrange for attendance of larger groups.

Your Registration Includes

Registration fees include all conference materials, continental breakfast, lunch and refreshments. Parking and accommodation are not included.

FREE CONFERENCE WORKBOOK

As a registered delegate, you will receive a complete digital set of conference materials. These materials will serve as an invaluable guide, both during and after the event.

Cancellation Policy

Substitutions may be made at any time. If you are unable to attend, please make cancellations in writing and fax to (416) 504-6978 or email to info@acumeninformation.com prior to 5:00 p.m. on November 18, 2025. A credit voucher will be issued to you for the full amount, redeemable against any other Acumen conference. If you prefer, you may request for a refund of fees paid less $250 administration fee. Registrants who cancel after above date will not be eligible to receive any credits or refunds and are liable for the entire registration fees.

Confirmed delegates who do not cancel before November 05, 2025, and fail to attend will be liable for the entire registration fees.

Acumen Information Services reserves the right to change the date, location and content for the event(s) offered herein without further notice and assumes no liability for such changes.

Register prior to October 27, 2025, and you will obtain the following additional savings:

Second delegate: $100 Discount
Third delegate: $150 Discount
Fourth delegate: FREE

Please indicate that you are eligible for this offer on the registration page or your registration form if you are mailing in your registration.

The conference will be held at a convenient location in downtown Toronto. Venue information and special conference accommodation pricing details will be provided upon confirmation of the venue.

Delegates can register at the Acumen service desk beginning at 8:00 a.m. on the morning of the first day of the conference. Registration fees do not include hotel accommodation or parking.

This conference has been specifically designed for, and in consultation with, financial services insurance experts specializing in model and data risk management, financial institutions regulations, regulatory reporting and operational risk management. The event has been developed with the professional responsibilities of our audience as our focus. As well, auditors, financial advisors, analysts, lawyers and other advisory professionals would benefit from staying current on the information provided at this timely event. In particular, our experience indicates that individuals in the following positions will mostly likely be in attendance:

  • Chief Financial Officers
  • Chief Risk Officers
  • Chief Actuaries
  • Chief Accounting Officers
  • VPs, Directors and Managers
    • Model and Data Managers
    • Model Risk and Data Risk Managers
    • Actuarial Risk
    • Financial and Regulatory Reporting
    • Finance
    • Regulatory Compliance
  • Risk Managers
  • Actuaries
  • Controllers
  • Internal Auditors
  • Audit Committee Members
  • Audit and Assurance Professionals
  • Industry Regulators and Standard Setters
  • Financial Services Regulatory Lawyers

Comments from Past Delegates to Acumen Conferences

“the topics were current and touched upon a variety of upcoming changes” 
AVP Finance – Definity Insurance

“Insightful conversation/presentations related to upcoming regulatory changes and standards”
V.P. Strategic Sourcing, Venor  & Facilities Management – Wawanesa

“…provided a very good high level summary of the key impacts of IFRS to financial institutions.”
Associate Chief Accountant, Bank of Montreal

“Presentations were clear even though topics were complex.”
Chief Financial Officer, Société Générale

“Best conference I’ve ever attended.”
Senior Manager, Enterprise Hedge Accounting and Derivative Reporting, Royal Bank of Canada

“Suffice it to say that the conference delivered on my expectations…A lot has been taken away from this conference…$ well spent…”
V.P. Risk Management Advisory, New Brunswick Credit Union Stabilization Board

“Finally a course that communicates true technical knowledge”
Director, Operations Finance, NAV Canada

“This seminar was fantastic – very informative and has some extremely interesting and knowledgeable speakers.”
Manager, Corporate Accounting, Brascan Power

“Great balance between theory and practical application/issues. Perfect level of detail…”
Treasury Manager CHC Helicopter Corporation

“Speakers were very knowledgeable, materials were current…examples and materials were relevant and well presented.”
Derivatives Accountant, Agrium Inc.

To submit questions to be answered at the conference, please send us an email at this address: info@acumeninformation.com

Limited sponsorship and exhibition options are available for this event, including

• Cocktail reception
• Luncheon sponsorship
• Breakfast sponsorship
• Booth/exhibit space

For more information, or to check availability,
please contact us by phone at (416) 504-6952
or by e-mail info@acumeninformation.com

SIGN UP FOR OUR MONTHLY NEWSLETTER

Sign Up Here