Dedicated Risk & Compliance Champion, Operations Division

Job Summary

The Dedicated Risk & Compliance Champion (DRCC) is responsible for managing Risk & Compliance matters within the Division. He/She acts as the point of contact to escalate matters relating to the division to Risk Management Division as well as Compliance Division be it on Operational Risk, Compliance and Regulatory control matters/breaches and incidents.

Job Responsibilities

Process & Governance

1. Provide advice and guidance to front line teams, as needed for existing or new regulations upon consulting 2nd Line of Defense.

2. Assist to facilitate the development and annual review of operating manuals or procedures belonging to the division, working with the departments within the division, as well as other stakeholders which have dependencies or interdependencies with your Division.

3. Act as a point of contact to escalate to division head on operational risks matters/breaches/incidents.

4. Assist to review any product and process documents arising from Product Risk Assessment and Process Risk and Control Assessment before submission to the Risk Management Division.

5. To validate existing process, initiate changes (if necessary), address the gap, monitor execution of the action plan, timely closure for the following:

- Consolidated departmental/LOB's operational risk profile

- Product Risk Assessment or Product Variation outstanding matters (to work with the Risk

Management Division).

- Process Risk and Control Assessment (to work with the Risk Management Division)

- Key Risk Indicator breaches

- Key Control Testing exception.

- Significant operational risk event/incident.

- Operational risk and regulatory control deficiencies highlighted by Compliance Assurance &

Shariah Review Department, Internal Audit Division (IAD), External Auditor (EA), Bank Negara

Malaysia (BNM), and other regulatory bodies - for timeline extension, to be duly approved by the

Management.

- Self-declared/identified operational gap.

6. Assist to coordinate system related matters and BCM role (BC Coordinator) i.e Business Impact Analysis (BIA), Business Continuity Plan as well as test and documentation of its results, Disaster Recovery Testing and documentation of its results and educating the division on the importance of all testings within BCM.

7. Assist to coordinate Outsourcing related matters i.e. completion of Outsourcing assessment, Due Diligence (including yearly) etc.

8. Act as point of contact for the Division in regard to reviews performed by Compliance Assurance & Shariah Review, and point of contact for coordinating/reviewing enquiries from regulators/industry associations as disseminated by Regulatory Compliance.

New Regulations, Policies, Guidelines applicable to the Division

1. Assist to identify, review, assess impact of new/ revised regulations/standards/guidelines issued by regulators/industry associations and policies or guidelines issued by AFS to the business.

2. Assist to conduct a gap analysis to ensure that OMs are updated and in-line. Where needed consult with the Compliance Management Division (CMD) to address any challenges to facilitate adherence.

Training

1. Identify training needs, gaps and areas where training is needed for the division, as well as training needed for the DRCC to equip themselves to perform the role effectively. Organise and ensure that training is carried out (including Train the Trainer programs, where the DRCC attends as well), working with HR Learning & Development and CMD as needed to calibrate the training curriculum.

• All training courses, whether classroom or e-learning must be tracked for participation and have a final assessment.
• Training must include dedicated training modules that address the gaps identified in the Division.
• Training related to applicable regulations and policies related to the business covered.

2. To arrange periodic awareness and training to disseminate key operational risk matters.

Controls & Testing

1. Evaluate and revise Key Risk Indicators (KRIs), Key Controls Testing (KCT) and execute Risk & Control Self-Assessment (RCSA) for all relevant regulations and procedures applicable to the division covered.
2. Establish and implement checks and controls, including RCSA sample testing for all relevant regulations, risks and processes applicable to the division covered.
3. To perform key control testing (KCT) to evaluate the execution and effectiveness of identified controls.
4. To validate and coordinate Operational Risk monthly KRI and quarterly/ semi-annual/ annual KCT report and submit to RMD.
5. To review and coordinate the annual and mid-year Risk & Control Self-Assessment (RCSA), KRI statements and KCT testing procedures and submit them to RMD.
6. To perform investigation on self incidents occurred within the Business within purview. When required, to perform Root Cause Analysis review and evaluate any control lapses and determine if the action plan mitigates the cause of the incident.
7. Monitor and ensure all action plans committed are implemented accordingly.

Other Areas

1. This would broadly include other activities related to

• people/ team management,
• engagement with team and stakeholders
• any cost management activities undertaken as per role of DRCC communication in, cascade of information and sharing of knowledge

2. The above line items are not exhaustive but serve as a guide to other areas that may come in context unique to DRCC roles & responsibilities.

Job Requirements

• Bachelor's degree in Law/Accounting/Finance/Business Administration or a related discipline.
• Minimum 5-7 years of relevant working experience in regulatory compliance roles, operational risk and/or audit, preferably within the same industry (banking) or a related sector.
• Strong knowledge of applicable laws, regulations, and industry standards, such as financial
• regulations, data privacy, consumer protection, RMiT etc.
• Possess good leadership skills with ability to lead and collaborate with team members in
• identifying operational and compliance risks.
• Be able to proactively identify weaknesses in Bank processes and activities, as well as the
• causes of the identified weakness and be able to provide lasting solutions and mitigations
• Strong communication and interpersonal skills to effectively collaborate with stakeholders at all levels.
• Detail-oriented with good analytical, communication, and writing skills.
• Ability to work independently and prioritise tasks to meet deadlines