Job Description

:#LI-DA1Purpose of the Role -

• Responsible for advisory and assurance to ensure the Division/Department maintains an adequate and effective first line of defense based on the compliance and operational risk management programs;
• Promote and support the Division/Department to ensure adherence with applicable banking laws, rules, regulations and internal policies, procedures and processes. Ensure action plans are developed by the Division/Department to address the risk and control issues;
• Enable the effective execution of the operational risk and compliance risk framework throughout the Division/Department, with respect to identifying, quantifying, reviewing, evaluating, and mitigating risk to ensure that all compliance and risk categories are identified and managed in accordance with regulatory, internal policies and procedures requirements.
• Be the first point of contact for the Management of the Division/Department in providing independent advice, support, and assurance for risk & compliance matters within the division/ department, integrating business, risk & compliance knowledge. In the event of operational risk and compliance matters beyond Line 1.5 (RCU Heads) purview, to escalate the Line 1\'s issues to to the Line jointly with Line 1.;

Scope of the Role -

• Responsible for management of operational risk and regulatory risk for the Division/Department across the legal entities or across the geography as stated in the appointment letter
• For external regulatory examination: the Risk and Control Unit Head is responsible to act as a liaison and address all concerns and requirements of regulators with respect to risks within their functional area of responsibility
• In the event of operational risk and compliance matters beyond Line 1.5 purview, Line 1\'s escalation to Line 2 should happen jointly with Line 1.5Consulted on the standard setting by Line 2, including providing division/department-specific inputs for frameworks, policies, procedures and risk appetite; Line 1.5 should not be expected to take a cross-divisional view, its mandate should only be within its own division/department

Key ResponsibilitiesStrategy

• Review and challenge the division/ department strategy from a risk and compliance perspective in alignment to the risk management framework and ensure implementation adheres to Group Operational Risk Management Framework, Policy and Standards.
• Support and facilitate the roll-out of the Group-wide risk frameworks, policies and procedures for the division/ department and provide advice, assurance and validation to ensure the risk management SOPs and divisional control frameworks, policies, and procedures are defined comprehensively and adhere to Group-level risk frameworks, policies and procedures
• Act as the first point of contact for Line 1 in providing advice, assurance and validation to the division/ department to ensure the risk management SOPs and divisional control frameworks, policies, and procedures are defined comprehensively and adhere to other Group-level risk frameworks, policies and procedures

Culture and Training

• Provide advice and assurance to the division/ department in monitoring, reporting and escalating any risk culture issues/ updates to ensure that they operate within the risk and compliance culture framework as well as escalation of any risk culture issues/ updates (including initiatives to address identified risk culture areas for improvement) to Line 2, management and/or relevant risk committees
• Promote risk and compliance culture and awareness within the division/ department to uplift outcomes through initiating and participating in relevant initiatives, including conducting division/ department -specific risk and compliance training/ workshops (e.g. for procedural guidance) and increased risk communication within the division/ department
• Monitor, report and escalate relevant risk culture items to Line 2, management and/or relevant risk committees

Risk Appetite

• Support in the providing oversight on the BUs\' setting of BU-level risk thresholds and other related metrics (e.g. limits, risk metrics tolerances), ensuring that they are within the Bank\'s / Group\'s risk appetite and Management Risk & Compliance Collective Scorecard
• Support in providing oversight on the BUs\' management of risk to ensure that they operate within the BU-level risk thresholds and Group-level risk appetite
• Provide advice and assurance to BUs to support development of remediation plans
• Provide input to Group risk appetite setting as required

Risk Governance (for NFRM)

• Attend, report to, and escalate where appropriate to the risk committees for division/ department related matters, based on the committees\' pre-determined function and role, reporting relationship (e.g. parent or delegated committees), frequency and composition
• Provide SME risk advice and assurance to the division/ department in the preparation and presentation of materials to relevant risk committees, including validating the materials to ensure quality, accuracy & thoroughness
• Liaise with Line 1 and 2 to cross-check division/ department and Group-level findings, insights, and analysis to ensure consistency and unified risk representation when presented to committees

Risk identification and assessment

• Provide advisory and assurance that risks have been appropriately and thoroughly identified by division/department and correctly logged as part of RCSA, including challenging the Line 1 on whether all the material risks have been identified (e.g., verify the identified risks by Line 1 against the Group Risk Library, past LEDs & RCSAs, MRA exercise etc)
• Ensure risk identification and assessment is done in a complete, accurate and timely manner that conforms to the SOP and templates; includes verification for RCSA (e.g. verify inherent risk rating assignment by Line 1 based on their documented rationale / evidence)
• Provide advice and assurance to the division/ department by supporting it to
• Identify, assess, monitor and respond to emerging risks
• Verify relevant risks/controls impacted by regulatory change are accounted for and implement action plans to address the changes
• Provide assurance that risks have been appropriately and thoroughly identified by Line 1 and correctly logged as part of RCSA, including challenging Line 1 on whether all the material risks have been identified (e.g., verify the identified risks by Line 1 against the Group Risk Library, past LEDs & RCSAs, MRA exercise etc)
• Drive consistency of approach in the assessment and management of risks across the division/ department by ensuring Line 1\'s adherence to relevant risk assessment procedures (e.g. RCSA)
• Advise the division/ department to ensure timeliness and quality of risk identification, act as the first point of contact for Line 1 for any risk and compliance matters
• Provide advice and assurance to the division/ department to (a) Determine how changes in regulations will impact the business and control environment, and (b) Verify that the gap analysis performed is comprehensive (e.g., ensure all relevant risks / controls impacted by the regulatory change are accounted for (c) Design and implement action plan to address the changes

Controls definition, execution, & assurance

• Provide advice, assurance and validation to division/ department to
• ensure the respective division/department Control Framework, Policy & Procedures and SOPs are defined comprehensively as per risk and compliance requirements
• ensure that the division/ department adequately balances their needs with risk and compliance management requirements in terms of control design, implementation and operationalisation
• ensure the RCSA is completed in a timely and correct manner across risk identification and risk assessment; provide the first layer challenge to Line 1 for RCSA outputs that do not conform to requirements (including whether any material items are left out)
• Identify any controls that are not adequately covered within the Group Controls Library (incl. any flagged by Line 1) and escalate them to the Library owner
• Maintain a list of division/ department specific non-library controls, created by exception due to specific local regulatory, legal or business requirements (relevant once Group Controls Library has been implemented)

Monitoring and reporting

• Provide advice and assurance to the division/ departments in designing and implementing its monitoring activities and its compliance with regulatory and policy obligations, and monitors progress towards mitigating risks
• Perform periodic independent reviews (e.g. Line 1.5 Assurance as part of RCSA) to assess if there are deviations to key controls, and to flag them to Line 1 for remediation if found
• Provide SME risk expertise, input and advice to support the division/ departments in reporting to Line 2, management, Board, Regulators and other external stakeholders
• Provide advice and assurance to the division/ departments in identifying, assessing, escalating and remediating compliance breaches
• Provide support, advice, and assurance to support the division/ departments in making accurate regulatory attestations

Action and responses

• Provide advice and assurance to support Line 1 activities; with focus on:
• validating CIMs, LEDs before submission by Line 1 to ensure that they are submitted in a timely and correct manner
• supporting the division/ department in the tracking, monitoring, governance and reporting of regulatory commitments as well as identifying regulatory commitments at risk of falling overdue and escalate to relevant stakeholders
• Support RCU Head in substantiating the final decision on which stakeholder within the division/ department owns the compliance breach
• Act as an escalation point for the division/ department to Line 2, playing a key middleman role to facilitate communication between Lines 1 & 2
• Perform thematic incident cause and controls breakdown analysis at a division/ department level
• Monitor the implementation progress of the action plans against due dates and provide management reporting on the division/ department\'s management of the incidents
• Provide advice and assurance to the division/ departments in identifying, assessing, escalating and remediating compliance breaches

Employee Engagement and Development

• Monitor performance of the relevant RCU team and QA testers KPIs; including soliciting and incorporating performance feedback from Head of Group ORM and Head of Group Compliance
• Develop direct and indirect subordinates training needs and development goals to ensure each team member has the necessary skillsets to execute their functions and grow in their roles
• Comply with HR performance processes and meet internal KPIs
• Attract, develop and retain talent by ensuring constant engagement surrounding risk & compliance related agenda
• Actively work to create an environment for the team that encourages open and honest dialogue and escalation of issues.

CIMB