Rohit Nag

Rohit currently leads KPMG’s Third Party Risk Management (‘TPRM’) service line for financial services, having joined KPMG in June 2018, based in London. He specializes in TPRM, Operational Resilience, and the prudential regulatory landscape. He has over 10 years experience of leading and delivering projects focused on assessing and building TPRM frameworks, processes, and capability.

Prior to joining KPMG, Rohit was leading the Prudential Regulatory Authority’s (‘PRA’) supervision of large custody banks, with particular focus on outsourcing risks, operational resilience, and technology risk.

Professional and industry experience

• Since joining KPMG, Rohit has been involved in leading and delivering TPRM program in multiple Tier 1 and Tier 2 financial institutions, involving gap analysis against regulatory expectations, and development of TPRM policies, standards and frameworks.
• Rohit is currently leading a large engagement on third party due diligence and control testing involving over 100 suppliers across UK and India and managing a team of 20 people. As part of this engagement, Rohit helped develop and implement the framework for third party due diligence and control testing, including governance, end-to-end processes, and reporting and MI. Rohit is also helping the client to develop their future TPRM operating model and segmentation methodology.
• Rohit is also actively involved in developing and maturing KPMG’s Operational Resilience service line. Rohit has helped a number of clients with framing their vision and strategy of Operational Resilience capability, assessing their maturity against themes derived from the Discussion Paper, and implementing operating model for Operational Resilience capability.
• While at the Bank of England, Rohit was extensively involved in shaping the PRA’s approach to regulating Third Party risks and Operational Resilience of banks. Rohit has also led and conducted regulatory reviews of outsourcing frameworks, especially with regards the Bank of England’s policy on Operational Continuity in Resolution (OCIR).
• As part of the prudential regulation work, Rohit led and conducted regulatory reviews and assessments of technology risks, operational resilience, capital and liquidity adequacy, and authorizations of new businesses and the approval of senior executives through the Senior Management Regime (‘SMR’).
• Throughout his regulatory career Rohit has regularly interacted with various C-level executives, from building and managing regulatory relationships, to challenging them in reviews, and interviewing executives for the SMR.
• Having experience and regulatory insights on Third Party risks, Operational Resilience, and OCIR, Rohit is able to provide expertise and a “well-rounded” view on key client challenges, regulatory expectations, and potential solutions in these areas.