Risk Control Specialist

Strategy

• Review and challenge the division/ department strategy from a risk and compliance perspective in alignment to the risk management framework and ensure implementation adheres to Group Operational Risk Management Framework, Policy and Standards.
• Support and facilitate the roll-out of the Group-wide risk frameworks, policies and procedures for the division/ department and provide advice, assurance and validation to ensure the risk management SOPs and divisional control frameworks, policies, and procedures are defined comprehensively and adhere to Group-level risk frameworks, policies and procedures
• Act as the first point of contact for Line 1 in providing advice, assurance and validation to the division/ department to ensure the risk management SOPs and divisional control frameworks, policies, and procedures are defined comprehensively and adhere to other Group-level risk frameworks, policies and procedures

Culture and Training

• Provide advice and assurance to the division/ department in monitoring, reporting and escalating any risk culture issues/ updates to ensure that they operate within the risk and compliance culture framework as well as escalation of any risk culture issues/ updates (including initiatives to address identified risk culture areas for improvement) to Line 2, management and/or relevant risk committees
• Promote risk and compliance culture and awareness within the division/ department to uplift outcomes through initiating and participating in relevant initiatives, including conducting division/ department -specific risk and compliance training/ workshops (e.g. for procedural guidance) and increased risk communication within the division/ department
• Monitor, report and escalate relevant risk culture items to Line 2, management and/or relevant risk committees

Risk Appetite

• Support in the providing oversight on the BUs' setting of BU-level risk thresholds and other related metrics (e.g. limits, risk metrics tolerances), ensuring that they are within the Bank's / Group's risk appetite and Management Risk & Compliance Collective Scorecard
• Support in providing oversight on the BUs' management of risk to ensure that they operate within the BU-level risk thresholds and Group-level risk appetite
• Provide advice and assurance to BUs to support development of remediation plans
• Provide input to Group risk appetite setting as required

Risk Governance (for NFRM)

• Attend, report to, and escalate where appropriate to the risk committees for division/ department related matters, based on the committees' pre-determined function and role, reporting relationship (e.g. parent or delegated committees), frequency and composition
• Provide SME risk advice and assurance to the division/ department in the preparation and presentation of materials to relevant risk committees, including validating the materials to ensure quality, accuracy & thoroughness
• Liaise with Line 1 and 2 to cross-check division/ department and Group-level findings, insights, and analysis to ensure consistency and unified risk representation when presented to committees

Risk identification and assessment

• Provide advisory and assurance that risks have been appropriately and thoroughly identified by division/department and correctly logged as part of RCSA, including challenging the Line 1 on whether all the material risks have been identified (e.g., verify the identified risks by Line 1 against the Group Risk Library, past LEDs & RCSAs, MRA exercise etc)
• Ensure risk identification and assessment is done in a complete, accurate and timely manner that conforms to the SOP and templates; includes verification for RCSA (e.g. verify inherent risk rating assignment by Line 1 based on their documented rationale / evidence)
• Provide advice and assurance to the division/ department by supporting it to
• Identify, assess, monitor and respond to emerging risks
• Verify relevant risks/controls impacted by regulatory change are accounted for and implement action plans to address the changes
• Provide assurance that risks have been appropriately and thoroughly identified by Line 1 and correctly logged as part of RCSA, including challenging Line 1 on whether all the material risks have been identified (e.g., verify the identified risks by Line 1 against the Group Risk Library, past LEDs & RCSAs, MRA exercise etc)
• Drive consistency of approach in the assessment and management of risks across the division/ department by ensuring Line 1's adherence to relevant risk assessment procedures (e.g. RCSA)
• Advise the division/ department to ensure timeliness and quality of risk identification, act as the first point of contact for Line 1 for any risk and compliance matters
• Provide advice and assurance to the division/ department to (a) Determine how changes in regulations will impact the business and control environment, and (b) Verify that the gap analysis performed is comprehensive (e.g., ensure all relevant risks / controls impacted by the regulatory change are accounted for (c) Design and implement action plan to address the changes

Controls definition, execution, & assurance

• Provide advice, assurance and validation to division/ department to
• ensure the respective division/department Control Framework, Policy & Procedures and SOPs are defined comprehensively as per risk and compliance requirements
• ensure that the division/ department adequately balances their needs with risk and compliance management requirements in terms of control design, implementation and operationalisation
• ensure the RCSA is completed in a timely and correct manner across risk identification and risk assessment; provide the first layer challenge to Line 1 for RCSA outputs that do not conform to requirements (including whether any material items are left out)
• Identify any controls that are not adequately covered within the Group Controls Library (incl. any flagged by Line 1) and escalate them to the Library owner
• Maintain a list of division/ department specific non-library controls, created by exception due to specific local regulatory, legal or business requirements (relevant once Group Controls Library has been implemented)

Monitoring and reporting

• Provide advice and assurance to the division/ departments in designing and implementing its monitoring activities and its compliance with regulatory and policy obligations, and monitors progress towards mitigating risks
• Perform periodic independent reviews (e.g. Line 1.5 Assurance as part of RCSA) to assess if there are deviations to key controls, and to flag them to Line 1 for remediation if found
• Provide SME risk expertise, input and advice to support the division/ departments in reporting to Line 2, management, Board, Regulators and other external stakeholders
• Provide advice and assurance to the division/ departments in identifying, assessing, escalating and remediating compliance breaches
• Provide support, advice, and assurance to support the division/ departments in making accurate regulatory attestations

Action and responses

• Provide advice and assurance to support Line 1 activities; with focus on:
• validating CIMs, LEDs before submission by Line 1 to ensure that they are submitted in a timely and correct manner
• supporting the division/ department in the tracking, monitoring, governance and reporting of regulatory commitments as well as identifying regulatory commitments at risk of falling overdue and escalate to relevant stakeholders
• Support RCU Head in substantiating the final decision on which stakeholder within the division/ department owns the compliance breach
• Act as an escalation point for the division/ department to Line 2, playing a key middleman role to facilitate communication between Lines 1 & 2
• Perform thematic incident cause and controls breakdown analysis at a division/ department level
• Monitor the implementation progress of the action plans against due dates and provide management reporting on the division/ department's management of the incidents
• Provide advice and assurance to the division/ departments in identifying, assessing, escalating and remediating compliance breaches

Employee Engagement and Development

• Monitor performance of the relevant RCU team and QA testers KPIs; including soliciting and incorporating performance feedback from Head of Group ORM and Head of Group Compliance
• Develop direct and indirect subordinates training needs and development goals to ensure each team member has the necessary skillsets to execute their functions and grow in their roles
• Comply with HR performance processes and meet internal KPIs
• Attract, develop and retain talent by ensuring constant engagement surrounding risk & compliance related agenda
• Actively work to create an environment for the team that encourages open and honest dialogue and escalation of issues