Mihai Liptak

Mihai a professional in KPMG’s Technology Risk Management practice, and the Solution Co-Lead for Risk Quantification services in the U.S. Mihai’s client base has been primarily made up of global financial institutions, where he assists them in responding to market and regulatory conditions centered around regulatory technology. Regulatory bodies interfaced with include: OCC, FED, SEC, CFTC, UK FCA, BaFin, HK SFC, Singapore MAS, primarily dealing with quantifying technology, and operational risks, IT risk strategy, global operations, trade processing and structured data and system soundness compliance.

Relevant Professional and Industry Experience

• Led the design, and assisted in the development of KPMG’s risk quantification engine, and auxiliary modules to allow for the quantification of broad technology and operational risks.
• Assisted a large financial services institution in quantifying their financial exposure to technology risk across the Americas, and across their entire technology stack and capital structure. Results were incorporated into ongoing reporting, and fundamentally used to change reporting to the executive committee.
• Assisted several large financial institutions respond to global regulators for a variety of matters as an SME, which included: Responding to the OCC and Federal Reserve in response to the creation and strengthening of an IT risk management function for both the first and second line of defense. This included restructuring identification of risk, assessment, calculation of risk, and executive reporting. The HKMA, FSA, MAS for data privacy and data governance risk associated with the offshoring of processes and data. This included end to end process design and review, facilitating global sponsorship, and leading a team in execution.
• Led the creation and implementation of a target operating model for IT risk across the Americas for a foreign banking organization. Primary deliverables included the interaction of the IT risk organization for the first line of defense against the second and third line, capabilities that are available against industry peers and a build out of critical functions across the first line. An implementation roadmap was provided to align capability building, a three year plan to continue implementation, and overall presentation and reporting to executive of the firm.
• Led in developing a regulatory compliant cloud based operating environment. Involved major stakeholders across compliance, legal, technology, operations and the business. Incorporated best industry practices from varying regulatory reviews internationally, and considerations that the regulation imposed for each of the respective domains (technology, SDLC, etc.) for the purpose of organizational Technology Assessments. Recommendations provided incorporated into the broader organization as a future target operating model for cloud computing.