Job Summary

The incumbent will be overall responsible for the adequacy and effectiveness of the operational risk management techniques/ processes. The incumbent will ensure independent and objective identification, assessment, measurement, monitoring, reporting and control of operational risk for the Subsidiary as a whole (encompassing conventional). The incumbent will be responsible for management and supervision of all operational risk types such as internal and external fraud, employment practices and workplace safety, clients, products, & business practice, damage to physical assets, business disruption & systems failures and execution, delivery, & process management for the whole Subsidiary and will ensure independent and objective analysis and monitoring of operational risk. The incumbent will participate in the formulation of operational risk policies/ procedures and assess adherence to established policies and procedures to minimize losses, and will determine operational risk and the accompanying mitigating factors. The incumbent will ensure that the Subsidiary’s interests are given utmost importance and will constantly research and seek to apply best practices in operational risk, including but not limited to Basel II pronouncements.

Main Responsibilities

A. Shareholder & Financial:

- Take pro-active steps to enable the Subsidiary to move to more sophisticated/ advanced methods for calculation/ measurement of operational risk and the related impact on the associated capital levels.

- Develop and implement Operational Risk Management Framework (ORMF) that covers the Subsidiary’s level of operational risk appetite and tolerance, including the extent of which, and manner in which, operational risk is transferred outside the Subsidiary.

- Prepare the Operational Risk Strategy that reflects the Subsidiary’s tolerance for risk and present it to the GM, CRO for discussion/ review.

- Create Key Performance Indicators (KPIs) for performance monitoring and quality measurement purposes for the Operational Risk management and monitor their achievement on periodic basis.

- Lead and guide the Operational Risk management Department’s including Policies and procedures, Operational risk framework, Internal control and anti-fraud, Information security and business continuity annual budgeting process.

B. Customer (Internal & External):

- Coordinate with Compliance to obtain updates on regulatory changes pertaining to operational risk to assess their impact on the Subsidiary’s operational risk profile.

- Finalize Service Level Agreements (SLAs) with internal departments/ units to achieve improvements in turnaround time, with respect to operational risk review processes and reviewing/ commenting upon policies and procedures submitted by relevant departments/ units.

- Build and maintain strong and effective relationship with the all other related departments and units to achieve the Subsidiary’s goals/ objectives.

- Enhance relationship with the relevant regulatory authority officials through continuous communications and follow up.

- Tracking and analysing banking trends in Operational Risk assessment techniques and standards and propose recommendations to the Chief Risk Officer.

C. Internal (Processes, Products, Regulatory):

- Review and provide comments on all Subsidiary policies and procedures submitted to the by relevant departments/ units.

- Review and revise the existing policies and procedures for the domestic and overseas business relevant to operational risk in light of changing market conditions based on Basel Committee recommendations/ other best practices and relevant regulatory authority regulations and guidelines to ensure that a sound environment for identifying, assessing, measuring, monitoring and controlling Operational Risk is in place.

- Develop and implement tools, for identification and assessment of operational risk such as Risk Self Assessment, Risk Mapping, Risk Indicators, construction/ maintenance of an Operational Loss Database etc. to facilitate consistency in monitoring and reporting of operational risks across the Subsidiary.

- Ensure the formal determination of accountability for the control of operational risk. Drive the establishment of a formal reporting process, which ensures that senior management (including the ERC) and the Board are informed of significant Operational risk issues on a timely basis together with the action being taken to resolve issues.

- Support the efforts to enable the Subsidiary to meet the requirements of operational risk management as specified by the Subsidiary Country Central Bank.

- Ensure collection and maintenance of comprehensive data (viz. amount, frequency, severity etc.) on operational losses including losses due to people, processes or systems and analyse data by reason, department, business etc. to comply with Basel II requirements.

- Ensure that Operational Risk processes cover all operational areas of the Subsidiary, including new products / process and system implementations.

- Drive the embedding of the Subsidiary Operational Risk Framework and promoting the integration of operational risk measurement into all risk reward decisions and general business management.

- Develop and implement appropriate internal and external fraud prevention and management strategies and tools to support the business in the proactive assessment and detection of fraud.

- In partnership with business management and Subsidiary Internal Audit, lead post incident reviews to identify and analyse root causes and learning and to ensure that any necessary remedial actions or control improvements are implemented to prevent future losses and events.

- Lead Information Security to promote awareness of/ compliance with all relevant Information Security Standards/ policies in line with ISACA/ COBIT pronouncements and other best practices to safeguard the information assets of the Subsidiary.

- Lead the Access Control & Physical Security to oversee the development and implementation of an effective physical security framework - including a risk assessment and monitoring programme across the Subsidiary entities to safeguard the physical knowledge assets of the Subsidiary against the risk of loss/ theft.

- Lead Business Continuity to promote the integrity of business continuity principles, methodology and strategy through the development, implementation and ongoing management of BCM, end-to-end.

- Ensure deployment of state-of-the-art tools/ systems to facilitate monitoring of the operational risk at product/ portfolio level.

- Supervise the implementation of departmental policies and procedures which will set out the principles, methodology and techniques to establish effective operational risk management.

- Introduce a mechanism for periodic reporting of the Subsidiary’s operational risk exposure to the relevant Board/ management level committees.

- Ensure the preparation of concise and informative risk information MIS reports and send them to the CRO for review.

- Strengthen internal control through more effective and efficient entity-level controls. Address/ facilitate correction of any weaknesses identified during assessments, audits or examinations.

- Act within the limits of the powers delegated to the incumbent and delegate authority to the respective departmental/ unit heads and monitor exercise of the same.

- Responsible for establishing and maintaining a sound internal control environment across the Department including but not limited to the establishment of an organizational structure that clearly assigns authority, responsibility, and reporting relationships and avoids conflict of interest situations/ inadequate segregation of duties.

D. Learning & Knowledge:

- Finalize the Department’s training plan based on inputs received from the incumbent’s direct reports and thereby develop/ enhance the skill sets of Departmental personnel and provide them with opportunities for career development.

- Possess superior knowledge of operational risk management techniques and methodologies.

- Hold meetings with direct reports and assess their performance. Also take decisive action to ensure speedy resolution of unresolved grievances or conflicts amongst Operational Risk Department personnel.

E. Other:

- Ensure high standards of confidentiality to safeguard commercially sensitive information.

Education and Experience Requirements

- Bachelor/ Masters Degree preferably in business, finance, economics or related subjects.

- Professional certification such as PRM, CPA, CFA, CIA etc. is a plus.

- Minimum of 7 years' experience in a major bank of which at least 2-3 years in bank in a managerial capacity in the operational risk function.