Brian Kostek Managing Director Brian is a Managing Director with Protiviti and is part of the Regulatory Risk team with more than 16 years of experience in consulting financial services organisations. Brian focuses on solving clients' challenges in designing and implementing third party risk, compliance management, and operational risk management programs that enhance the risk management activities of an organisation while enabling business flexibility and growth. Brian’s experience and expertise focuses on third party vendor risk, regulatory compliance risk, operational risk, operational resilience and control optimisation. Additionally, Brian leads the Third Party Risk Management (TPRM) solution offering within the Risk and Compliance solution in the United States, and coordinates with Protiviti’s Business Performance Improvement and Technology Consulting Practices for our cross-solution TPRM offering. In 2019, Brian was named as a Rising Star of the Profession in Consulting Magazine, and in 2021, he was awarded the John B Thurston Outstanding Contributor award by the Institute of Internal Auditors. Major Projects Third Party Risk Management Program Development – Led several TPRM related program development projects across various industries and organisation complexities, ranging from program component enhancements to end-to-end program development and implementation. Third Party Technology Implementations – Led several software implementations supporting the third party risk management program. Projects required redesign of third party risk processes, documented business requirements for the software platform, and managed the implementation effort through go live. Projects resulted in a successfully implemented technology platform to support the third party risk management processes, enhanced assessments and monitoring activities, and more efficient and effective reporting. Third Party Assessments – Managed clients’ third party assessments specific to operational and compliance risks, including the development of work programs specific to third party services, and provided subject matter expertise feedback to the applicable business line personnel and compliance staff. Developed recommendations based on risks identified to ensure current gaps were remediated and ongoing oversight would be enhanced to ensure compliance with regulatory expectations moving forward. Third Party Regulatory Compliance – Managed the assessment of regulatory compliance requirements for third party vendors for a top ten US bank, including listing the required regulatory requirements for more than 250 vendors, and assisting the supplier managers in developing applicable controls to mitigate associated risks. Third Party Remediation – Oversaw multiple independent validations of the actions taken by a bank’s vendor who was identified as not providing the full extent of the services advertised to its customers, including a validation of the customer base requiring refunds, testing the associated refund processes, and partnering with bank management to ensure the actions taken met the requirements of the regulators. Compliance Risk Management – Led several CMS readiness assessments for financial services organisations, with resulting enhancement and implementation support to build Compliance Management Systems in alignment with organisation needs and regulatory requirements. Assessments resulted in detailed observations across each element of the Protiviti Compliance Framework, which aligns to the CFPB CMS examination procedures, and Protiviti developed prioritised recommendations, including a roadmap of actions the institutions could take prior to regulatory exam. Enhancement support has included but not limited to regulatory change management, compliance governance including roles and responsibilities, issue management, data and compliance analytics, monitoring and testing, and reporting. Monitoring and Testing Program Design – Managed the development and implementation of an enhanced Monitoring and Testing Framework for a leading Financial Technology company. The program focused on all domestic and international operations, including operational, compliance, information technology, and credit risks. The effort focused on leveraging available data to create efficiencies in the monitoring and testing approaches, developing new methodologies and testing templates, and prioritising key risk areas based on Key Risk Indicators and the supported Risk Appetite. International Compliance Risk Assessment – Managed a multi-year, international compliance risk assessment effort for a large multi-national financial institution. Provided subject matter expertise that supported the Compliance organisation in creating a detailed mapping of regulatory requirements to the client’s products, processes, legal entities, and third parties. Completed analysis and mapping of existing operational controls, policies and procedures, training, and monitoring and testing for specific business units, and provided oversight to other business process and control mapping teams for their mapping activities. The results of the enhancements to the compliance risk assessment methodology drove improvements to the organisation’s monitoring and testing program, compliance action plans, and the overall compliance governance framework. Risk and Control Mapping Support – Managed and provided subject matter support to several projects focused on mapping regulatory content to an organisations business processes, risks, and controls. Areas of Expertise Regulatory & Risk Consulting Third Party Management Operational Risk Credit Risk and Loan Review Banking Operations Regulatory Reporting Industry Expertise Banking Asset Management Education M.B.A. – Global Management, Thunderbird School of Global Management B.B.A. – Business Economics, University of North Dakota Professional Memberships and Certifications Certified Regulatory Compliance Manager (CRCM) Member, Global Association of Risk Professionals (GARP) Member, Association of Certified Anti-Money Laundering Specialists (ACAMS) Sustainability and Climate Risk (SCR) Certificate