Head Operational Risk at Standard Chartered Bank Kenya

JOB SUMMARY

• To ensure that risks are properly assessed; that processes, roles and responsibilities are clearly understood; that all risk / return and control cost / benefit decisions are made transparently on the basis of a complete and proper assessment, and all controls are implemented in accordance with the Group’s standards and in line with the Risk Appetite.
• To ensure Enterprise Risk Management Framework, Operational Risk Framework and all associated policies and procedures are effectively embedded and communicated in country.
• To be the central point of contact for risks within the country arising within the processes, including being responsible for the evaluation of the design and operational effectiveness of all controls. To ensure risks of processing failure are being actively managed and monitored on an end-to-end basis  in-country; including providing regular control assessments of required controls and escalation in instances .

RESPONSIBILITIES

Implement ORTF in country

• Run Implementation Oversight Forum in country and track milestones to completion
• Critically assess local deviations from Group Standard Processes and drive the standardization agenda in country
• Ensure all local differences are documented in Country Addenda, approved by the relevant PGC and fully implemented in the ORTF
• Support in country training for ORTF implementation
• Deliver in country training on Operational Risk Platforms

Embed use of ORTF in country

• Embed Top Risks in metrics and ensure those risks are managed in country
• Ensure the completeness of the Operational Risk Profile at country level, including consideration of all risks which have been accepted by Group risk committees
• Table the Risk Information Report and risk management action plans at ERC/CNFRC
• Recommend and oversee implementation of business restrictions, process and/or control improvements where necessary
• Plan and deliver scenario analysis and stress tests where applicable to ERC/CNFRC
• Be the focal point for leading Fit for Growth reviews

Strategy

Inform the development of country business plans, exercising appropriate focus on the implementation of robust operating environments, within risk appetite, to support business aspirations.

Business

Ensure compliance with OR policies

• Ensure immediate escalation to Group of unsatisfactory operational risk events
• Drive comprehensive, high quality root cause analysis of unsatisfactory operational risk events and agree risk management action plans with Local Process Owners
• Ensure new activities, changes to processes and products conform with the Project Governance Policy and the Product Governance Policy
• Monthly oversight of gross and residual risk ratings and risks requiring escalation under the Risk Assessment and Acceptance Policy
• Embed new Operational Risk policies, ensuring first and second line are aware of and understand their responsibilities under them

Processes

Deliver second line assurance

• Assurance over integrity of country level ORTF metrics (KCIs, CSTs, KRIs) for all processes
• Monthly assurance of residual risk assessments using the Group Risk Assessment Matrix
• Ensure controls are operating effectively and defects are resolved or escalated according to the ORTF Hierarchy of Monitoring
• Identify differences in standards set by Country Risk Control Owners and escalate to the CRO-East Africa.
• Monthly assurance performed on identified processes and controls mapped under top risks in the country.
• Maintain end to end oversight of all risks which have been escalated to Group for acceptance and conditions and other feedback given to the country about them

Risk identification and Assessment

• Validate and challenge the first line risk identification and assessment of gross and residual risks arising within the end to end processes.  
• Assess the control environment including, but not limited to, control design, control execution, control testing and control history.
• Recommend changes to the control environment or to business practice where necessary to reduce the level of operational risk exposure to within the agreed appetite. Ensure such changes are agreed with global process owners and global OR Officer for that business/function prior to in country implementation.
• Review the design of effective process controls by first line to manage all material risks linked to the process control failure.
  • Identify Local Control Gaps - Regularly assess all key controls against the country risk profile to monitor exceptions and identify gaps.
  • Optimise portfolio of local controls - Regularly assess existing Local Key Control Standards, key risk indicators (KRIs) and key control indicators (KCIs) to ensure cost effectiveness, efficiency and relevance.
• Provide a balanced and informed assessment of all operational risks arising from acquisitions or major change initiatives or projects within the country.

People & Talent 

The performance of the Head of Operational Risk will be measured by:

• Favourable external, internal and regulatory audit results e.g. absence of audit failures or audits rated ‘improvement required’, absence of near misses and only acceptable results at independent control sample testing.
• CNFRC, ERC and Board Risk Committee acknowledgement that controls have been made more efficient and effective and operational risks reduced and attestation to a complete country risk profile and awareness of emerging risks.

Risk Management

Risk Appetite

• Periodically assess the country operational risk profile to maintain alignment with the risk appetite. Redesign controls as required in response to internal and external factors.
• Review and challenge country strategy where this is not aligned with the risk appetite ;
• Maintain operational risk capability and a control environment which is in line with the operational risk

Risk Acceptance

• Review and approve risk record templates for acceptance of medium, high and very high country level risks.
• Accept the classification and accurate reporting of operational risk events and the appropriateness of mitigation actions.
• Challenge and constrain relevant Business/Function’s activities where risks are not aligned with control requirements or risk appetite.
• Sign off on new products on behalf of Operational Risk through the Country Addenda process. 

Governance 

The Head of Operational Risk, has delegated authority to:

• Accept the classification and accurate reporting of operational risk losses and events and to accept the appropriateness of mitigation actions. Validate the 1st line gross and residual risk assessments.
• Challenge and constrain relevant business/functions activities where risks are not aligned with the risk appetite of the business and the group; or controls have not been appropriately designed. 
• Sign off on new products introduced in the country on behalf of Operational Risk through the PPG and Country Addenda process as outlined in the Product Governance Handbook.

Regulatory & Business Conduct 

• Display exemplary conduct and live by the Group’s Values and Code of Conduct.
• Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across Standard Chartered Bank. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct.
• Lead the Operational Risk Function to achieve the outcomes set out in the Bank’s Conduct Principles
• Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matters.
• Exercise authorities delegated by the Board of Directors and act in accordance with Articles of Association

Key stakeholders

• Country Chief Executive Officer
• Country Heads of Operational Risk (within the Region and Globally)
• (Senior) Operational Risk Officers within the Region
• Country Business Heads
• Country Function Heads
• Group Operational Risk
• Country / Group Internal Audit Team
•  External Auditors and Regulators

Other Responsibilities

East Africa Cluster Responsibilities

• Ensuring that operational risks are properly assessed that risk / return and control cost / benefit decisions are made transparently on the basis of this proper assessment and are controlled in accordance with the Group’s standards and its Risk Appetite.
• Ensuring Operational Risk policies and procedures and the Operational & Technology Risk Type Framework (ORTF) issued under Enterprise Risk Management Framework (ERMF) are effectively embedded and communicated.
• Providing a focal point of contact over the aggregate level of operational risk that arises from end-to-end processes, including the design of effective controls and the systematic monitoring of process control effectiveness.
• Working with countries to ensure that they are meeting local regulatory requirements as they pertain to operational risk management.
• Representing Operational Risk in relevant Cluster Forums presenting an overview of Operational Risk as well as highlighting significant items that need escalation to the Regional Forum.
• Ensuring best practices in Operational Risk across the cluster.
• Providing practical implementation guidance to implement Group OR Policy/ Procedure prescriptions in an effective manner within the countries in the cluster.
• Engaging in two-way communication with Region/Group and Country OR teams to ensure that the country risks are rightly represented, and the specific actions are adequately executed
• Ensuring key risk metrics from Operational Risk Policy/ Procedures are continually tracked in countries. Escalate concerns, if any, identified through such tracking to appropriate bodies either in the Country or the Region or Group.

QUALIFICATIONS

• Business, Engineering/Analytical related degree and relevant professional qualifications
• At least 5 years of Risk management experience.
• Business/function experience.
• A clear understanding of the Bank’s approach to the management of operational risk, or equivalent experience gained in other organisations.
• Ability to leverage resources across the organisation to complete deliverables.
• Sound judgement and courage necessary to perform a control role and maintain effective working relationships.

Closing: 12 August 2022