Manager, Governance and Control at Standard Chartered Bank

JOB SUMMARY

• Effective management of Operations Risk within the business unit including ensuring the proper functioning of embedded and periodic controls.
• Timely identification & escalation of Risk issues
• Escalation of Risk related KCSA exceptions / to BORC
• Establish the First Line of Assurance in the Business unit by implementing a program of Key Control Self Assessment/Control Sample Testing.
• Assist Business Unit Head and SORO in coordinating, driving and directing effective compliance and Operational risk management at the Business unit level.
• Implement controls within the Business unit to meet all regulatory and internal policy requirements
• Identifying Risk from KCSA exception, Key Risk Indicator, audit points, Operation Losses and near miss, then assessing the risk and ensuring appropriate mitigating action is implemented and monitoring progress.
• Ensure proper functioning of day-to-day controls, periodic monitoring activities and timely resolution of risk issues.

RESPONSIBILITIES
Strategy:

• Overall responsible for the preparation, communication, implementation, delivery and expansion of ITO OR plans, working in close cooperation with country (CIO, Legal & Compliance, local/regional Management Groups/Committees) and global (Group ITO Risk & Controls, and Group Operational Risk).
• Support the CIO as the Risk Owner (“RO”) of Technology, Vendor Management, and Data Protection and Data Security in accordance with the Risk Management Framework
• In collaboration with L&C, identify, communicate and expedite changes to comply with new and amended regulation across ITO
• Awareness on the TTO operations and risk activities

Process– Information, Technology and Operations Service Delivery

• Through the CIO and key stakeholders, ensure ITO platforms, services and processes are in line with Global and local OR and Data standards and requirements to support the business
• Handle requirements from country/regional stakeholders and provide constructive feedback and into ITO Risk & Controls teams, and relevant parties
• Ensure that material risk exposures for the country thresholds are reported to CORC, and risk exposures rated Medium and above based on Group materiality to Regional or Group ITO within an appropriate timeframe

Risk Governance and Management

• Support the CIO in the appointment as the Risk Owner (“RO”) of Technology, Vendor Management, and Data Protection and Data Security in accordance with the Risk Management Framework
• From the first line of defence, ensure all operational and technology controls are in place with respect to Technology, Vendor Management and Data Security and Protection
• Support and implement the global standards of risk and control; escalating risks rated medium and above based on Group materiality thresholds to the relevant risks committees
• Ensure there is a effective governance and risk management mechanism in place to manage and mitigate risks
• Ensure adequate change management process is in place to govern Technology Change Management as well as Project Change Management
• Create and maintain staff awareness of operational risk management through training (e.g. mandatory e-Learning) or accreditation.
• Maintain effective systems and controls to ensure proper supervision of ITO operations in conjunction with CIOs, Information, Technology and Operations Heads
• Proactive in seeing regular assurance that areas of responsibility are performing to an acceptable risk and control standard – maintain a level of independence from day to day processing
• Balance business performance delivery and cost management with risk and control matters to ensure that it does not materially threaten the Group remaining within risk appetite
• Ensure adherence to regulations, and coordinate country regulatory reviews. Ensure all findings are closed and communicated to the Regulator in full consultation, discussion and agreement with Country Compliance, and all open issues communicated to ITO Group. The country should adhere to ITO best practice standards in regulatory planning and execution

Risk identification and Assessment

• Validate and challenge the first line risk identification and assessment of gross and residual risks arising from its end to end processes and identify any gaps.
• Assess the control environment including, but not limited to, control design, control execution, control testing and control history.
• Recommend changes to the control environment or to business practice where necessary to reduce the level of operational risk exposure to within the agreed appetite.
• Assist in the design of effective process controls where there are material risks of process control failure
• Validate Business / Functions Controls - Regularly assess implementation of Business/functions Key Control Standards (“KCS”) to ensure cost effectiveness, efficiency and relevance.
• Identify Local Control Gaps - Regularly assess all key controls to monitor exceptions and identify gaps.
• Optimise portfolio of local controls - Regularly assess existing Local Key Control Standards, key risk indicators (“KRIs”) and key control indicators (“KCIs”) to ensure cost effectiveness, efficiency and relevance.
• Provide balanced, independent and informed assessment of operational risks arising from acquisitions and major change initiatives or country projects.

Conduct

• Provide leadership in country teams to comply with the highest standards of regulatory and business conduct and practices as defined by internal and external requirements. Understand and ensure compliance with, in letter and spirit, all applicable laws, regulations and guidelines including those governing securities activities, company law, anti-money laundering, terrorist financing and sanctions; the Group’s policies and procedures; and the Group Code of Conduct. Take personal responsibility for understanding the risk and compliance requirements of the role. Effectively and collaboratively identify, escalate, mitigate and resolve risk and compliance matters.
• Embed the Group’s Values and Group Code of Conduct to ensure adherence with the highest standards of ethics. Comply with relevant policies, processes and regulations, as part of the culture. Lead by example by displaying exemplary conduct behaviours and take personal responsibility for:
• The conduct of individuals in [country/business unit/function/team] ensuring behaviours set out in the Group Code of Conduct is followed.
• [business/country/function] achieving the outcomes set out in the Conduct Principals and Pillars.
• Both direct and indirect/dotted line managers are individually accountable to proactively communicate, collaborate and agree on the conduct ratings of employees.

Local regulator prescribed responsibilities

• Sustainability Agenda
• Demonstrate the Bank’s promise to be Here for Good and drive team engagement through ITO-led Corporate Social Responsibilities (“CSR”) and Diversity and Inclusion (“D&I”) activities organised in the country/region

Risk Monitoring

• Ascertain and confirm that country/Group ITO risk registers, KRIs, KCIs, and control sample testing are effectively implemented
• Periodically review operational risk assessments to ensure these appropriately reflect changes in environment, mitigating controls and the progress of treatment plans.
• Systematically monitor process control effectiveness where there are material risks of process control failure.
• Review and approve first line risk treatment plans.
• Monitor treatment plans to ensure they are implemented accordingly.
• Work with local business representatives to receive control and risk metrics in order to monitor KRIs and KCIs.
• Identify and escalate any thematic risks in ITO beyond the reporting unit/function
• Review and update annual key control testing plans

Risk & Loss Reporting

• Approve the classification and accurate reporting of operational risk losses.
• Report and escalate significant operational risk events (SORE).
• Deliver Root Cause Analysis (RCA) reports for relevant events.
• Provide risk information/updates to Country Operational Risk as appropriate.
• Ensure use of all Group risk and regulatory systems

Strategy & Planning

• Inform the development of business plans, exercising appropriate focus on the implementation of robust operating environments, within risk appetite, to support business aspirations.

Corporate Governance and Compliance

• Provide timely and relevant information to the CIO and Country ITO Management Group on significant and material OR issues, business developments with OR-related impacts, etc
• Ensure ITO function in adherence according to the highest standards of regulatory and compliance practises, in full compliance with all regulations and controls as set by the Bank and external authorities; which includes compliance with local banking laws and anti-money laundering regulations and guidelines
• Embed the OR policies and procedures as well as Group RMF in ITO country to ensure that adherence with the highest standards of ethics, and compliance with relevant policies, processes and regulations among employees form part of the culture
• Support the CIO in the execution of a Country Data Management Committee to ensure data quality governance
• Support the CIO in the end-to-end management of regulatory audit/inspections on Information, Technology and Operations teams in country/region as well as in offshore service centres
• Support the CIO in execution of monitoring and governance for Vendor, Procurement and Outsourcing controls, both internal and with respect to 3rd parties
• Support the CIO through sharing of best practises from across OR network and review across country ITO

People and Talent

• Develop and embed a high performance culture and organisational mindset to effectively embed and communicate ITO policies and procedures in-country/region
• Develop ongoing training, communications and development programs for Information, Technology and Operations personnel to ensure minimum standards in RnC awareness and embedment of RnC responsibilities in respective areas of work and adherence with the highest standards of ethics, and compliance with relevant policies, processes and regulations among employees form part of the culture
• Ensure that the relevant staff understand and accept their responsibilities in relation to risks, governance and controls
• Ensure that direct reports are suitably skilled and qualified for their roles ensuring that they have effective supervision in place to mitigate any risks.
• Oversee all Entities operating in the country, including acting as the designated Governance Head of Risk & Control for all Group Entities and relevant Associated Entities incorporated in the country

Key Stakeholders
Internal

• Country Chief Risk Officers
• Country Head, Legal and Compliance
• Group/Country Head, Internal Audit
• Country Head, Change Management Ghana & West Africa
• Country Head of Retail Banking Operations
• Country Head, CIB & CB Operations
• Country Head of CSG
• Country Head of Country Technology Management
• Regional Head, TTO Risk & Controls
• Group Head, TTO, Risk & Controls
• Global Head, TTO, Product Risk Management
• Global Head, TTO, Strategic Risk Projects
• Global Head, TTO, Governance
• Group TTO Technology Services
• GBS counterparts
• Group Risk and Controls teams
• Supply Chain Management
• Group Functions counterparts

External

• Auditors
• Regulators and other government departments/officials
• Industry partners, Banking Associations, etc

Qualification

• Education Bachelor’s / University degree
• Certifications Experience in Risk, Control & Governance or Operations function is an advantage, Good understanding of operation and technology
• Languages English

Role Specific Technical Competencies

• Spot Opportunities
• Solve Problems
• Take the Lead
• Build Resilience
• Collaborate
• Communicate
• Deliver Sustainably