Share on twitter
Share on facebook
Share on linkedin
Share on whatsapp

CRO Wisdom Episode 1: Ivan Pooran, Head of Enterprise and Operational Risk, Guardian

Atul:

Hello, Ivan. Welcome to CRO Wisdom, the voice for risk leaders.

Ivan:

Good morning, Atul. Thank you very much for having me.

Atul:

Thank you, Ivan. Ivan, let’s start by telling the viewers a little bit about yourself, about your background.

Ivan:

Sure Atul. Thank you very much. Yeah. I’ve been in risk management for pretty much all my career. First line of defense. Second line of defense. Third line of defense. A little bit of a stint in the business as well. Managing a rather large business abroad from one of the companies I worked for. Currently at Guardian Life of America, managing the operational risk function, which includes, amongst other things, body risk, information security oversight, and business continuity oversight as well.

Atul:

One of the things people are always interested in Ivan, how do people start their career in risk management? How did you start your career in risk management?

Ivan:

Yeah, interesting. I was out of business school and they, it was a management joined Citigroup as a management associate training program. Six months into the training program with Citigroup down in Latin American Columbia specifically, they asked me, given my analytical skill set at that point, if I would be interested in, in joining risk management. And so it was a little bit of by luck, but I think it’s, it’s one of those leadership traits that they, they identified a gap in the business that they needed somebody who had that honor the code background and could help them develop a score, score cards. We were doing credit scoring back in the early 1990s at Citi, and that was one of the first things that I learned how to do algorithms for scoring, which is world is artificial intelligence on, on steroids. Right. So right? Interesting background there.

The key thing to do in risk management has been, always will be, but even more in today’s world, is looking around the corners… Anticipating what can go wrong, but at the same time, balancing our priorities… making sure that you’re leveraging those tools to look around the corner and make sure that you’re identifying key risks. It could be third-party risk, information security, it could be business continuity risk, climate risk, AI risk.

Atul:

Yeah, no, it’s very interesting. So Ivan, when you think about the current risk environment and think about 2021, what are your key priorities?

Ivan:

The, the key thing that we have to do in risk management has been, always will be, but even more in today’s world is looking around the corners, right? Anticipating what can go wrong, but at the same time, balancing our priorities, you can’t, you can’t put everything at the same level. You have to learn to prioritize, the big risks, what can bring down a company ready, focusing on leveraging the different tool sets and different engagements said that you have with external, but these networking, your technology, artificial intelligence, inclusive, and just making sure that you’re leveraging those tools to look around the corner and make sure that you’re identifying key risks. And those could be multiple risks, factors, right? It could be third-party risk. As we know, it could be information security, risk, it could be business continuity risk, climate risk, AI risk. So all of the different risk elements, being able to look, look around that corner.

In today’s world, it’s actually even more important, right? Because, you have to do it much faster. In the past, we had the technology wasn’t moving as, as, as fast, and as a result that we had a little bit more of a luxury of dealing with time, today’s you don’t have that luxury. You have to react very quickly.

Atul:

Ivan really interesting. You talked about all the different kinds of risks, and we’re definitely seeing that traditionally, a lot of companies focused too heavily on just finance or financial risk and cyber risk, and you just talked about a number of other risks. Can you expand on that then as you particularly start thinking about the future, other than kind of like AI risk and others technology risk, what are the risks you want to make sure that one ought to be monitoring?

Ivan:

That’s a very good question, Atul. I think that, what I, what I worry about… It’s, it’s, it’s something that, as a risk manager, the first thing I should say is that you don’t know everything. And if you recognize that, then you learn to be a better risk manager. And so with that, what I try to do is constantly challenge myself. It’s not only looking around the corners, what do you need to look for? And one of the things that I’ve learned is that, it’s, it’s an interesting organizational structure in any type of industry in any company that you work at, that everything is kind of functionally-driven, or a job-driven. Right? And what I sense a lot of times is that if you can connect the dots between functions, between people, between risks, you get a much more holistic picture of how to manage risk.

Ivan:

And I, I grew up as a credit officer at Citigroup made my way up the chain of command to be a senior credit officer at some point. And what I learned is that it’s not only about managing credit risk, it’s about managing the connectivity of all of these different risks that I just mentioned. If you do that, you become a much better risk manager. And that’s how I eventually evolved into operational risk because leveraging that skill set, I adapted to being a senior credit officer, I was able to move into more broader risk management very easily, but you have to, you have to constantly challenge yourself on that front. And so just learning about compliance risk and the connectivity with operational risk, and so forth and so forth makes you a better risk manager to be able to, as I said, to look around the corner.

Atul:

Ivan, you made a really interesting point about the dots, connecting the dots. You know, interestingly, a few years ago, I had the opportunity to meet with Tom Friedman, the famous author and columnist from New York Times, and he had just written a book on environmental, environmental issues, green, and I said to him, I said, you’ve always talked about globalization, and how, how have you kind of connected with outsourcing and green and others? And, literally what he said to me was Atul, one thing I realized very early on is this whole ability to connect the dots. And so, and so this ability to see patterns that others might not see now, of course, in today’s world, we have this tremendous opportunity to look… To leverage automation and AI tools to be able to connect those dots for sure.

Ivan:

Definitely. Definitely.

Atul:

So, Ivan, when you talked about all those different kinds of risks, having a wide risk aperture, that’s important for future of risk management. You know, often we see in companies that many of these solutions are individuals. So you might have one of these being monitored, monitored by compliance something else by sourcing some as an operational risk, something somebody might be in some of the area of the company. So how do you think about managing this whole challenge and addressing this whole challenge of being able to provide an integrated view of risk to both your group, but also to the company?

Ivan:

It kind of goes back to the, I don’t know everything, but one thing I do know is that if I can bring people together in a formal governance structure, and we have conversations around what, how we connect, how… What are the risks, the intertwining of the different elements of success and failure, and those could be internal as well as external, right? Lessons learned, root cause that’s, I think how you, you start to develop a better risk practice. Again, it’s not always about paper-based exercises in risk and control self-assessments.

I’m a big fan of governance. I’ve always been, will always be and you and I in the early days in, in, into the pandemic we discussed some of the risks of, of, working remote, such as the video conference that we’re doing right now. I miss the human element. I miss sitting down with, with colleagues around the table, informally, formally, and having a discussion about what do you think about what’s happening in this particular industry? And it doesn’t always have to be in my case, insurance, we span different, our customer has multiple different angles. And likewise, our service providers and, and, and, and folks that we interact with on a day-to-day basis. So having those conversations on a periodic basis, sitting down at a table under a formal governance structure for me is they keep the connecting the dots and making sure that you have solid dialogue around risks.

Atul:

That’s a great point. A formal governance structure is one of the key elements, Ivan, when you think about all the challenges, particularly in 2020 with limitations on travel. So not being able to do risk assessments, and also very clearly the need for continuous monitoring became very obvious. So two-part question is how are you addressing the inability to do those physical assessment? And number two is how are you incorporating continuous monitoring in your future of risk management?

Ivan:

Yeah, it’s definitely a challenge, not being able to do these face-to-face assessments and going on site though where we have operations visiting India, where we have in the case of Guardian, we have back office operations in India, or going to our different sites and meeting with people, understanding their concerns. It’s definitely a challenge. The technology has helped significantly, and it doesn’t replace the human element, but I think you have to leverage it as much as possible. And, and so doing those, those phone calls, zoom meetings, having intelligent conversations, it’s not just checking in and say, “Well, how are things going?” But kind of prepping, let’s have a discussion on a particular risk, or a particular concern, or particular emerging topic. I think you have to already narrow in people’s attention on, on, on Zoom tends to wander off. Right? And so there’s a… I think there’s an art as well on how you do these zoom calls, how you have conversations.

Ivan:

Then the other thing is, as you mentioned Atul, leveraging technology, right? Technology, we were ready, leveraging external to get on that includes reaching out the different stakeholders, and suppliers who give us information on third parties, right? Or information security, threat management, the monitoring. Financial scores, a D&B for example, is one that we use amongst others, right? Without getting into specifics. But I think you have to, we have to learn to leverage as much information that’s out there. There’s a lot, sometimes it’s too much, and in some cases you get different information. In some cases you may overreact the information. So, like anything else you have to sift through what’s relevant and what’s not and make intelligent decisions.

If I can bring people together in a formal governance structure, and we have conversations around what, how we connect… What are the risks, the intertwining of the different elements of success and failure, and those could be internal as well as external, right? Lessons learned, root cause that’s, I think how you start to develop a better risk practice. Again, it’s not always about paper-based exercises in risk and control self-assessments.

Atul:

Right? Yeah. There’s definitely a tremendous amount of technologies out there today, both from a workload perspective and a risk intelligence, continuous monitoring perspective that one needs to think through and say, “How do I change my workflows and my governance to incorporate that?” Now for the fun question, recently Bloomberg risk manager to be a hard job. What do you think about that Ivan?

Ivan:

Okay. Yeah, I think it’s always been. It always will be, and we, we, human, human nature is we always go through crisis. Right? Ten years ago, we were also in the spotlight, if you recall, during the financial crisis, and before that it was the dotcom crisis, and before that it was the emerging debt crisis. So kind of like every 10 years at some sort of crisis the spotlight shines on risk management. I think if everyone would, as risk managers, we would understand the importance of our role in, in, in, in, in understanding what’s around the corner, understanding how we develop partnerships and connect the dots. You won’t only be in the spotlight when there’s a crisis. The, the objective is to avoid having to go through a crisis and manage it appropriately.

Ivan:

And so I kind of view my job as always being in the spotlight, and it’s our job to create that value added as risk managers for our businesses, leadership, the value add that they see that we’re always on the spotlight, that we always have a seat at the table that we always have an opinion, and that way you’re always in the spotlight, and not only in the spotlight, when there’s a crisis, that’s all I would view it. Now it’s always good to be in the spotlight when there’s a crisis, but I prefer not to be in… I try to avoid the crisis.

Atul:

Yeah. Now you said a few things that it just wanted to reinforce, have had the insights, haven’t had an opinion engage the stakeholders. And so I think it’s, well-deserved that risk managers have been identified by Bloomberg as a hard job, because if you look at the last so many months, I think risk leaders have done an amazing job at ensuring resiliency across the world in so many corporations. So many agencies.

Ivan:

Absolutely.

Atul:

So Ivan talk to us about you, as a professional. What resources do you rely on to make yourself a better professional?

Ivan:

Yeah, I’m always a networking and I network primarily because as I said before, “I don’t know everything”. And hopefully, as a risk manager as any professional, I always challenge anyone that, that I interact with that you’re always learning no matter how much you know, no matter how old you are, and so wisdom evolves. And I think it’s, it’s always about networking intelligently meeting people who can complement what you know, who can give you insights into where, where certain things may be heading. It could be technology, it could be supply chains, it could be as we discussed pandemics, et cetera, et cetera. And I think that, that for me is one of the key things that I always attempted to. A lot of people view networking on a different scale, right? A lot of times it’s looking for your next job. That’s not working as in risk management, networking is sitting down with people like yourself Atul, and your colleagues at supply wisdom and having a new group and discussing, how they’re engaging with other stakeholders.

Ivan:

The external view is extremely important benchmarking externally because internally it’s kind of easy, right? I could sit down with our compliance, that I can sit now in my business qualities and we can have great conversations, but inward looking is always easier, the external part is where you get the insights of what, not only what others are doing, but what’s around that corner.

Atul:

Wonderful. So my, my final question Ivan, what advice would you give to future leaders, future leaders who are thinking about, or considering making a future in risk management?

Ivan:

Yeah. It’s a good question Atul. I’m, I’m, I’m not too sure if there’s a playbook, maybe when I retire, I’ll write a playbook on a book on, on that success story. I think resiliency is one of the key things. Being able to be flexible, knowing when to say no, knowing when to say yes, knowing how to prioritize, knowing how to leverage technology, knowing how to leverage governance, developing partnerships. There’s no one single thing. I just, just a shout-out five. And so how you balance those elements and skills in particular situations in particular cultures, right? Each organization that I’ve worked at has had a different culture, and they’ve been in different states of their maturity. One can expand on that and say, “If you work in a different geography, you have to have a completely different skill set”.

Ivan:

And so I think it’s not adaptability/resiliency, and ability to create partnerships, our ability to use technology, and make those right decisions, say yes, say no, balanced, and always managing the prioritize. That would be, I know it’s probably a recipe, but like any recipe, sometimes you put in a little bit more one ingredient, and sometimes you put in a little bit more than another ingredient. And it depends on the mood of the day. The recipe may come out better. I’m not a chef by the way.

Atul:

Sounded like one.

Ivan:

I did a good job, right? Probably hear the family cracking up in the background.

Atul:

Ivan, thank you so much for joining us today on this episode of CRO Wisdom, the voice for risk leaders and to the audience. If there’s a guest you have in mind that you want us to interview, that you would like to hear from, please send a nomination to info@riskboard.org. Thank you.

Ivan:

Thank you very much, Atul. Have a good afternoon.

Atul:

Thank you, Ivan.

Share on twitter
Share on facebook
Share on linkedin
Share on whatsapp

Speakers

Ivan Pooran


Head of Enterprise and Operational Risk

Guardian Life

Ivan Pooran has been with Guardian since March of 2017 and is the Vice President and Head of Operational Risk. He has responsibilities for Operational Risk, Vendor Risk and Business Continuity. Prior to his current role, he was Chief Operational Risk Officer - SVP at Santander US Holdings, managing the Operational Risk, Vendor Risk, Information Security and Business Continuity Programs. Before this he was Enterprise and Operational Risk Leader - Managing Director for GE Capital Americas. In this role, he had responsibility for Operational Risk, ERM, Fraud Strategies and Records/Information Management. Ivan was at Citigroup for close to 21 years in multiple roles. His most recent role before joining GE was Global Head of Operational Risk for the Consumer and Commercial bank.

Atul Vashistha


Chairman & CEO

Supply Wisdom

Atul Vashistha is recognized globally as a leading expert on globalization, governance, and risk. He has authored three best-selling books: The Offshore Nation, Globalization Wisdom and Outsourcing Wisdom. Atul pioneered the global sourcing advisory space in 1999 when he founded Neo Group and is also the founder and Chairman of Supply Wisdom. Founded in 2012 as an early warning service for business disruption risk, today, Supply Wisdom® is the market leading patented real-time and continuous risk intelligence and monitoring solution. Atul serves on the boards of the US Department of Defense Business Board (Vice Chair), IAOP, Shared Assessments, and Zemoga.

Recent Conversations

Stay Updated

We will notify you when a new conversation is posted

Recommend a Speaker