Interview with Xavier-Yves Zanota - Internal control and risk management: from theory to practice

September 1, 2025

With over twenty years' experience in regulation, governance and risk management, Xavier-Yves Zanota puts his expertise at the service of participants in the new ISFB Internal Control and Risk Management certificate. Using a pragmatic approach, experience sharing and directly applicable tools, he explains how to train professionals capable of meeting the challenges of a complex and constantly evolving environment.

Xavier-Yves Zanota, you are a lecturer at ISFB, where you teach the brand new ISFB Internal Control and Risk Management certificate. What are your expectations and what approach will you adopt as a lecturer?

My aim is to provide participants with practical tools and solid benchmarks, rooted in experience and international best practice. I expect them to participate actively, to share their own experiences and to challenge the ideas presented - it's in the exchange that we learn the most. My approach will be resolutely interactive: real-life case studies and critical discussions, to link concepts to concrete situations that participants encounter or will encounter in their professional environment.

Can you tell us about your academic and professional background?

After studying economics and law, I started out working on insurance market regulation, then as an auditor in an accounting firm before joining the Bank for International Settlements, where I contributed for almost ten years to the work of the Basel Committee on Banking Supervision. I then worked at UBS on public policy and governance issues, before heading the global operational risk management function at EFG Bank.

Throughout my career, I've had the opportunity to work in multicultural environments, teach at university, publish reference articles and speak at international conferences. This diversity of experience enables me to bring a global, pragmatic viewpoint rooted in the reality of financial institutions.

What do you see as the main challenges facing internal control and risk management today?

Today, internal control and risk management face three major challenges:

• Rapidly evolving risks: e.g. cyber threats, ESG risks, constantly changing regulatory frameworks, new technologies.
• Increased organizational complexity: global value chains, external service providers, digitalization.
• The need to create a risk culture: it's not just a question of applying rules, but of developing a genuine awareness of risk at all levels.

Success in this field requires a combination of technical rigor, adaptability and the ability to dialogue with all stakeholders, from the board of directors to the operational teams.

How can the ISFB program offer concrete solutions? What are its strengths and specific features?

This certificate is distinguished by its practice-oriented approach: it does not limit itself to presenting theoretical frameworks, but offers tools and methods that can be immediately applied in organizations.

Its strength also lies in the rich profiles of its contributors, who combine academic experience, regulatory expertise and operational experience.

Last but not least, ISFB offers a stimulating learning environment, where exchanges between participants enable them to compare perspectives and build a valuable professional network.

Xavier-Yves Zanota

Global Head of Operational Risk
(EFG Bank)

Member services related to the topics covered in this interview