Regional Head, Governance & Operation Risk/Regional Risk Control Officer

Purpose of the Role

• Responsible for ensuring the Division/Department maintains an adequate and effective first line of defence risk management program
• Promote and support Business and Support Management to ensure adherence with applicable banking laws, rules, regulations and internal policies, procedures and processes. Action plans should be developed to address the risk and control issues.
• Enable the effective execution of the operational risk and compliance throughout the Bank/Group, with respect to identifying, quantifying, reviewing, evaluating and measuring risk to ensure that all compliance and risk categories are identified and managed in accordance with regulatory, internal policies and procedures requirements.

Scope of the Role

• Responsible for management of operational risk and regulatory risk for the Division/Department across the legal entities or across the geography as stated in the appointment letter.
• For external regulatory examination: the Risk and Control Officer is responsible to act as a liaison and address all concerns and requirements of regulators with respect to risks within their functional area of responsibility.

Key Responsibilities

Drive strong Operational Risk Management practices

• Proactively manage the risk in the Division/Department to reduce the likelihood or impact of negative impact events.
• Risk management is through the proactive identification of risks facing the unit. Identification techniques range from the formal use of risk management tools (such as Risk Control Self-Assessment) through to the informal recognition of control weaknesses from day to day management of a unit. The role holder should ensure that the Division/Department has the appropriate level of knowledge and understanding to ensure that material risks are identified. The role holder also has the responsibility to ensure that identified risks are assessed to determine if they are unique to their area or have wider upstream or downstream implications for the group.
• Risks identified require measurement using the Group's methodology, rating each of the risks as High, Medium or Low. The role holder should provide guidance to staff who are rating risks to ensure risk ratings agree with definitions in the Group's methodology.
• Where residual risks require mitigation, action plans should be developed to address the risk permanently where possible. Role holder has the responsibility to ensure action plans are appropriate, prioritized, sustainable and that action plans are closed by the committed due date.
• Responsible to report risks to the Head of Division/Department in a timely manner so that Heads of Division/Department have a clear view of the overall control effectiveness of their unit.
• Execute the operational risk framework of the bank in a robust and disciplined manner so as to achieve sound risk management practices and reporting.
• Operational risk framework includes the following tools but not limited to:
• Risk Control Self-Assessment
• Operational Event and Loss Data Management
• Control Effectiveness Testing
• Control Issue Management
• New Product Approval
• Operational Risk Committees
• Key Risk Indicators
• Develop and maintain a robust process to ensure accuracy, completeness, timeliness and quality of data recorded in risk system of record
• Engage with second line subject matter experts to provide and/or coordinate training and awareness session within their area of responsibility
• Proactively partner and engage with the second line of defence to achieve an optimal outcome of risk management for the CIMB Group.
• Assist with the coordination of the second line of defence challenge activities
• Provide constructive feedback to the Operational Risk Department on improvements to the framework.

Promote and maintain regulatory Compliance

• Build and execute the compliance risk framework within the Division/ Department in a robust and discipline manner so as to achieve sound compliance risk management practices and reporting.
• Support and lead the Division/Department in relation to proactive identification and management of compliance risk.
• Engage with the business units on compliance and control initiatives with an objective of educating the business to proactively manage their risk and controls by leveraging on the compliance tools:
• Risk Control Self-Assessment
• Control Issue Management
• Loss Event Data Management
• Provide support and advice to the first line of defence in understanding and mitigating the expectation of the regulatory guidelines/circulars/notification
• Assist the first line of defense in formulating the compliance framework and all regulatory risk associated to the business e.g. to review new/amended regulatory guidelines
• Assist in identification of key risks and remediation of risks relative to new initiatives e.g. submission of proposals, review of marketing materials
• Proactively identify areas with ineffective controls and work with the relevant stakeholders to enhance overall control environment to mitigate compliance risks.
• Conduct gap analysis to identify business risk and control assessments to ensure compliance with applicable regulations
• Ensure efficient and effective compliance risk management practices are adhered to the required standards and processes e.g. timely reporting in the MSCR, analysis on the root cause of breaches
• Work together with all risk control functions to ensure emerging risks are appropriately addressed and captured in the Compliance Risk Framework
• Maintain tracking of remediation efforts related to review findings and other activities, as and when necessary.
• The Gatekeeper to maintain all request and approvals of the Confidential Information in accordance with the policies and procedures agreed between CIMB Group and PT Bank CIMB Niaga

Champion the risk culture

• Establish a reverence for strong risk management by applying knowledge and understanding of business products, services and processes
• Facilitate strong partnerships across various stakeholder groups, determine best methods of communication and establish escalation model
• To ensure an alignment of tasks between the 3 lines of defense to minimize overlap or gaps arising during execution of role and responsibilities
• Compile and analyse risk data for themes and trends; raise awareness of emerging risks in the industry and recommend mitigation measures
• Ensures that every business and support unit within the Division/Department has a DCORO and the appointment is properly executed via GHR
• Track and maintain an updated list of the DCOROs (onboarding and offboarding) within the Division/Department
• Facilitate all relevant training within the Division/Department and cascade relevant risk information or program updates to the DCOROs and respective business heads
• Provide guidance as needed to support DCOROs in their role

Employee Engagement & Development

• Monitor performance against the relevant DCORO KPIs; including soliciting and incorporating performance feedback from Head of Group ORM and Head of Group Compliance
• Develop direct and indirect subordinates ensuring each has a well thought through and executable action plan to help them achieve their development goals and needs
• Provide timely feedback to staff and complete appraisal processes in line with CIMB process
• Comply with HR performance processes and meet internal RCO KPIs
• Attract, develop and retain talent

Qualifications
Educational Qualifications
Bachelor Degree holder or equivalent
Professional Qualifications
Preference for professional or post graduate qualifications e.g. chartered accountant, CFA, MBA, LLB
Relevant Work Experience
Minimum 10 years work experience with relevant experience of a risk/audit/compliance/legal related role and of working within the relevant business/function preferred.

Core Competencies

• Excellent communication skills both, verbal and written.
• An understanding of risk drivers and ability to articulate risk to non-risk personnel.
• In depth knowledge of risk related to [business/function]
• Able to work autonomously
• Demonstrated managerial, leadership and facilitation skills
• Understanding of how a bank operates front to back
• Good presentational skills