Head Operational Risk
The Arab Investment Company
مجموع سنوات الخبرة :18 years, 11 أشهر
Appointed to Set-up and Lead the Operational Risk Management unit in the Bank, responsible for the following:
• Develop and implement Operational Risk Management policies, along with associated standards, guidelines, including risk & control matrices
• Implement the Operational Risk Internal & External Loss databases. Perform detailed analysis of all reported events, and recommend suitable corrective actions, for control deficiencies
• Develop process flow charts / process landscape, for each departments, to identify potential inherent risks and mitigating controls, in respective processes
• Implement the Risk Coordinator model (as part of 3 Line of Defence), in 1st line business & support functions
• Conduct comprehensive Risk & Control Self-assessments (RCSA) exercise, on an annual basis, to formulate / review - both Bottom-up and Top-down RCSA registers
• Implement an effective Internal Control Testing Framework (ICTF) for periodic Test of Design (TOD) and Test of Operating Effectiveness (TOE), along with defining testing methodology / frequency, sampling process, etc.
• Perform independent thematic reviews and suggest mitigating measures where necessary
• Establish and periodically review / analyse, Bank-wide and Business Specific Key Risk indicators (KRIs)
• Develop a monthly Operational Risk Dashboard for Senior management, covering Top risks in terms of Annualised Loss expectancy (ALE), KRI breaches, Control failures, High prioiroty Open Issues, status of new product / outsourcing proposals.
• Establish an effective Vendor Risk Governance process, including Outsourcing risk review and due-diligence process
• Establish a comprehensive Product Review and Approval Process (PARP) and acts as the Gatekeeper for all new & modified products and services
• Conduct training & awareness sessions for Executive Management, Department Heads, 1st Line Risk coordinators, including Board members, to promote a strong Operational Risk management culture
Other Supporting Roles include, but not limited to, the following:
• Develop a Reputational Risk Policy and a Reputational Risk Scorecard for bank-wide risk assessment
Develop bank-wide Risk Appetite Statements (RAS), jointly with Head of Risk & Compliance, including monitoring, and periodic reporting to Board Risk Committee
• Act as the secretary / co-ordinator for the following committees, and minute the proceedings and resolutions of all the meetings held:
Fortnightly Executive Management Team (EMT) meetings
Monthly Asset and Liability Management committee (ALCO)
Quarterly Board Risk Management and Compliance Committee
• Conduct Bank-wide Stress Testing exercise on biannual basis, including periodic reporting to Board Risk Committee
• Review and ensure all Policies across the bank are updated and approved by Board including Credit, Market, Liquidity, Reputational, Business Continuity, Information Technology, Information Security, etc.
• Facilitate the Risk Control self-assessment workshops semi - annually and build / review Risk and Control registers
• Manage a core team of Operational Risk managers to drive various Operational Risk management projects / activities
• Instrumental in reviewing and approving the Digital banking wallets and savings account projects and thus gaining a strong understanding of the various nuances of Digital banking business
• Established the Retail & Digital Banking Risk management committees for approval of all critical Digi products and outsourcing proposals pertaining to alliance partners, co-branded wallets, standalone wallet, biometric authentication review, Algo partner review, etc.
• Conduct the India Operational risk committee (ORC) on a monthly basis chaired by the India CEO. Prepare all ORC presentations and back-papers
• Perform Outsourcing risk review & sign off all Third party and Intra group Outsourcing risk arrangements.
• Review all New and modified products & services in the bank in line with Group Product approval standards. This includes new and innovative / unique product propositions for Digital banking business line along with other Retail and Wholesale banking products
• Assist business in the identification and implementation of Generic and Business Specific Key risk indicators and also ensure yearly review is performed to ensure relevance
• Provide adequate support and guidance to 1st Line Risk managers on the Operational risk management system (ORMS), i.e. ROR (Reveluos Operational risk tool, Oracle).
• Perform scenario assessment, reputation risk assessment scorecard testing for the bank, periodically
• Undertake special projects, viz. replacing the GRC tool globally and revamp the Outsourcing risk review model
• Operate at a senior level and maintain effective relationship with the Business units, Operations, Technology teams & Group Heads of Wholesale banking business line
• Formulate the Operational Risk Management Planning & strategy along with Head of Operational Risk
• Work closely with Head of Operational Risk & CISO, in facilitating the High Level Risk Assessment (HLRA) annually to identify bank-wide risk (top down risks)
• Conduct the Wholesale banking - Operational Risk committee (ORC), each month, chaired by the Country Head of Wholesale banking & Deputy CEO. In addition, conduct the Financial Market Risk committee, each month, chaired by the Head of Financial Market / Head of Treasury
• Conceptualise, design and implement Operational Risk Management Frameworks, policies and minimum standard, viz. ORM framework, Control Risk policy, Incident management standard, etc.
• Developed the Bank Corporate Governance Framework which received a lot of appreciation from the Board
• Provide need-based training to both internal department staff and general awareness sessions for bank staff, periodically
• Develop the Risk control self-assessment (RCSA) registers for all Wholesale Banking Business & Operations
• Plan, design and implement the Key Control testing (KCT) frameworks in the Bank. Oversee the control testing execution by 1st line / 2nd line (as relevant) and report findings and control deficiencies to the MD & CEO and to the Risk management committee
• Operational Risk Incident investigation, analysis and ensure root cause analysis performed, wherever required
• Ensure Business specific key risk indicators (KRIs) are identified along with required tolerance levels
• Review and approve all Business Unit Process documents and bank circular for wholesale banking units
• Plan and facilitate Scenario Analysis workshop at the least once in a year
• Establish the Operational Risk Appetite for the bank and ensure Board approval is obtained
• Perform Annual Operational Risk Stress testing exercise together with Risk and Analytics team
• Communication / liaise with RBI on a need basis, during Annual Financial inspections (AFI), RBS (risk-based supervision), BASEL II disclosures on Operational Risk, quarterly update for ICAAP
• Support the Head of Operational Risk & CISO in preparing the Country Operational Risk committee presentations.
• Track / monitor Non-Audit and Audit issues for appropriate closure.
• Implementing higher approaches of Operational risk capital, viz. TSA (The Standardised Approach)
• Facilitate the yearly RCSA workshop thereby ensuring appropriate risk / issues and actions are identified and build the Top-down Risk and Control registers
• To implement the Internal Control testing framework consisting of more than 130 control objectives across the organization. The objective is to create a repository of controls and document any control deficiencies including undertaking gap analysis and remediation measures
• Identify Specific key risk indicators and Generic Key Risk Indicators
• To review all new process for efficacy and subsequently approve, prior to implementation
• To ensure adherence to the organization’s Outsourcing Policy guidelines, all new third-party Outsourcing arrangements are reviewed and signed off (as relevant) by Operational Risk together with Compliance and Legal to identify any key issues / risks etc. prior to implementation
• Work closely with the Fraud team and other Information security unit to ensure adherence to the Information security policies and procedures
• To take up any Ad-hoc projects as relevant, viz. Product review and approval process
• Risk Capital Committee Board reporting and Risk Management Committee Board reporting
• Operational Risk reporting and Financial Crime reporting (Internal & AEGON reporting)
Responsibilities and Accountabilities: Instrumental in transition of Operational Risk management activities from onshore to offshore business, being part of the Global Operational Risk and Control Team:
• To establish, monitor and report on the controls environment across Operations while ensuring appropriate policies and procedures are in place
• Conduct monthly review of risk registers and obtain sign offs from Departmental heads - both top down and bottom up / business unit risk registers
• Ensuring appropriate risk actions are put in place by management and tracking completion of those actions
• Facilitate Monthly Governance / oversight meetings with Operation Heads and onshore/offshore stakeholders to discuss the Operational Risk and Controls Report
• To discuss the KRI’s (Key Risk Indicators) with Operations and its impact on any existing or emerging risk
• To provide support and guidance on controls awareness to Senior Management, departmental staff and other business units
• Review and approve any relaxation of existing controls
• Gained sound knowledge in all UK regulations - FSA, tPR, DWP, DP (ICO), HMRC
• Conduct investigation into actual or suspended fraudulent activities
• Routine / Significant Breach and Incident reporting and analysis
Responsibilities and Accountabilities: Responsible for providing inbound customer service for a leading US Banking Operations, act as a mentor / trainer for new joinees.
(Honours in