Risk and Compliance Officer, SOLV Kenya at Standard Chartered Bank Kenya

The Role Responsibilities

• Incumbent will be responsible for supporting the CEO, SOLV Kenya as well as the SOLV senior management team in managing and leading the Risk and Compliance team in Kenya and aligning this to the vision and strategy of the function, the Enterprise Risk Management Framework (ERMF), and delegation of authority documents where relevant.
• Incumbent will have the second line responsibility for the implementation of the risk and compliance policies related to the SOLV Kenya Products have been identified, in line with the SOLV Group’s process universe as set out in the Risk Profile Document Risk Framework.
• In so far as they relate to conduct, financial crime and compliance, incumbent will also be responsible for providing details of developments giving rise to serious regulatory breaches or breaches of risk tolerances (as agreed by the Board from time to time) that may occur and notifying any such breaches to the relevant parties.
• Incumbent will be required to have an appreciation of the country specific nuances and in particular:
• The regulatory scrutiny on the SOLV Offering and its customers following high risk investigations conducted across the Fintech industry players including Solv Kenya and the various recommendations for enhanced compliance from various regulatory bodies; the risk of personal liability for decisions taken particularly in the Financial Crime space;
• The ambitious growth strategies to be employed by the business particularly after the launch of SOLV Kenya B2B platform and the real-time onboarding tools which are projected to see an exponential growth in client base.
• The strategic position of the SC Ventures Africa as an innovation hub for the SC Ventures Group with the pilot of various novel projects as well as the hosting of the SC Ventures hub for AME in Kenya and the conduct, compliance and Financial Crime Risk solution delivery in support of these initiatives and ventures;
• The FCC risk specific to Kenya as manifested in Group and Regional metrices
• The complex regulatory landscape and the need to ensure the business remains insulated from regulatory sanction while remaining vigilant to regulatory reform
• Define and implement risk management and risk assessment framework according to international standards like ISO and NIST.
• Define, review and update the information security policies and procedures on periodic basis.
• Research and Understand the applicable compliance and regulatory requirements to be met by the organization.
• Define compliance assessment framework based on all the regulatory and other international compliances to be met.
• Define KPI’s and KRI’s to measure, track and improve the overall security posture.
• Conduct risk assessments / compliance assessment as per the defined process, identify and report the gaps along with mitigation recommendations.
• Conduct gap / maturity assessment as per the regulatory cybersecurity frameworks.
• Report the findings from the assessments and explain the same to the relevant stakeholders along with clear recommendations to mitigate the identified risks.
• Work with / guide the relevant stakeholders in mitigating identified risks.
• Track and report the status of the identified risks on a periodic basis.
• Conduct regular sessions on building awareness about the organization’s information security polices and best practices to be followed.
• For the evaluation and assessment of the effectiveness of the Venture’s Conduct, Financial Crime and Compliance commitments and requirements relative to the specific business coverage.
• For proactively supporting and challenging the SC Ventures AME business and supporting other functions to exhibit appropriate conduct, comply with regulatory and compliance requirements and strive to achieve fair outcomes for the country’s clients.
• For maintaining independence, delivering timely responses, and timely escalation of risks and issues where the management tolerance of the firm is exceeded.
• For maintaining constructive and effective stakeholder relationships with the relevant business and supporting functions.
• For supporting the management of regulatory relationships with all relevant Kenyan regulators and such other regulators whose rules the Group is subject to.
• Drive high standards of regulatory compliance and deliver key priorities and initiatives, aligned to the Ventures performance scorecard

Strategy

• Assist the Venture Lead, Senior Management Team to set and implement the vision, strategy, direction and leadership in support of the Venture’s strategic direction and growth aspirations
• Support the Venture Lead and Senior Management Team to promote the culture and practice of compliance with Principal Risk Types mitigation (including conducting business within regulatory  and internal policies’ requirements, and to high ethical standards) within the Bank and embed a Here for good culture and the Group Code of Conduct.
• Assist the Venture Lead to establish close links with colleagues leading other Product segments and/or Product Groups to achieve common platforms and work plans, implementing a One Venture approach to covering all clients from the various arms.

Business

• Assist the Venture Lead and various Business Leads to develop a comprehensive understanding of the  business model and strategy in order to provide substantive oversight support and challenge with the intention of enabling appropriate and sustainable outcomes.
• Support to build and maintain an effective and constructive relationship with the various business heads and functional stakeholders that is based on trust, capability and integrity, providing timely, responsive and quality conduct, financial crime & compliance-related advice and guidance to enable the Venture business and functions to meet/ achieve their strategic tactical objectives.
• Provide advice, analysis (and challenge when appropriate) in relation to the Venture business including product design, new business initiatives, bespoke projects, remedial activities (including nature, scale and rigour of past business reviews), and transactional advice.
• Provide robust challenge to senior management and all relevant business stakeholders where activities are outside risk tolerance/ appetite, escalating as necessary, until appropriate oversight and ownership is achieved including actions and plans to address any remedial action needed to come back within risk tolerance/ appetite.
• Work closely with the Venture Lead and Business heads and its operational teams to provide timely advice to ensure compliance with all relevant laws, regulations and internal policies and support the transition to pro-active and pre-emptive risk mitigation.  
• Support the resolution of competing requirements between regulations specific to Venture business (i.e. between AML regulations and data privacy/bank secrecy or information security regulations.)
• Assist the Venture Lead and Business Heads to establish and maintain risk-based compliance frameworks and a programme for monitoring and assuring compliance that supports the transition to pro-active and pre-emptive compliance and conduct risk mitigation
• To support and promote the culture and practice of global standards to the business, while managing local requirements.

Processes

• Act under delegation from the respective Risk Framework Owners for the principal risk types of Compliance, Financial Crime in discharging the responsibilities contained in the ERMF to the extent that  is appropriate.
• To develop, maintain and embed effective processes/DOIs (including training, advice and support) to address risks across venture business aligning with relevant group policies and regulatory requirements where relevant.
• Provide governance and oversight over the implementation of venture related policies and procedures relevant to the venture business model (to enable compliance with such policies and procedures).
• Provide support and challenge to the ventures senior management to ensure that they establish and monitor appropriate processes for compliance with policies, procedures and standards (including meeting regulatory obligations and maintaining high standards of conduct).

People and Talent

• Lead through example and build the appropriate culture and values. Set appropriate tone and expectations from Risk and Governance Team and work in collaboration with risk and control partners.
• Promote and embed a culture of openness, trust and risk awareness, where ethical, legal, regulatory and policy compliant conduct is the norm.
• Stimulate an environment where forward planning, prioritisation, deadline management and streamlined workflows and collaborative, inclusive yet effective and efficient work practices are the norm.
• Set and monitor job descriptions and objectives for direct reports and provide feedback and rewards in line with their performance against those responsibilities and objectives.
• Ensure the provision of ongoing training and development in order that team members are competent, suitably skilled and qualified for their roles, ensuring that they have effective supervision in place to mitigate any risks.
• Review team structure/capacity plan to ensure an effective  and efficient risk management framework
• Employ, engage and retain high quality people, with succession planning for critical roles
• Provide feedback at business, function, country and individual level as appropriate, on Risk and Governance matters which should have a bearing on remuneration pools or individual bonuses (for senior staff).
• Ensure regular and documented management meetings with the senior management team on Risk and Governance Reviews.

Risk Management

• In accordance with the Ventures Enterprise Risk Management Framework, act as second line Risk Owner for appropriate and relevant Venture processes.
• Collaborate with the other Risk and Compliance Team Members to anticipate horizon risks that may have a significant impact on the Ventures and develop effective strategies to mitigate such horizon risks including global standards for conduct of business.
• Collaborate with relevant senior managers to support a programme for conduct, financial crime and compliance monitoring, surveillance and/or assurance for the Solv business in Kenya
• In the event of serious regulatory breaches, or where risk tolerances have been breached, assist the Venture Lead to ensure senior management in the Venture and relevant regulators are informed and that actions are taken quickly to remediate and/or activities are ceased.
• Ensure proactive and timely identification, assessment, advice and dissemination of evolving regulatory changes/practices and associated risks, and proactive engagement in regulatory reform.
• Liaise with the internal audit function to ensure that any weakness identified by the internal audit function relating to the SOLV business in Kenya are appropriately followed up and closed in a timely manner.
• Provide reports to the relevant Country and Business risk and control committees and management teams on key conduct, financial crime and compliance risks and issues pertaining to the SOLV in Kenya
• Maintain adequate management MI / trackers across all aspects of coverage and responsibility to ensure all issues and matters relating to the SOLV business in Kenya are tracked, followed, regularly assessed and reported on, including oversight of risk acceptance and/or mitigating action plans, identification and management of high risk clients or specific country reviews relating to SOLV Kenya
• Provide advice on the application of risk management frameworks (e.g. ERMF) to relevant stakeholders on outcomes of risk identification and assessment methodologies.
• Maintain oversight of risk acceptance and/or mitigating action plans relating to SOLV business in Kenya
• Understand technical aspects of systems relevant to the SOLV Kenya
• Assess risks arising from products / segments / geographies / customers / transactions.
• Ensure global standards are understood and implemented across the region, with any identified exceptions, or need for more/less stringent standards escalated when appropriate.

Governance

• Attend relevant leadership meetings, and provide relevant reports to senior management and governance/risk committees
• Identification and escalation of potential risks and issues to senior management through appropriate governance channels and the Quality Assurance framework.
• Ensure appropriate product governance measures are in place so that product approval documents reflect all relevant requirements.
• Propose control effectiveness and efficiency improvements and simplifications where appropriate.
• Ensure the end-to-end life cycle of audit, assurance and regulatory reviews is managed appropriately, including tracking, remediation and preparing lessons learned from such reviews.
• Within the Group’s Enterprise Risk Management Framework, establish and maintain appropriate risk based framework for identifying, assessing, managing, monitoring, mitigating and reporting compliance (including regulatory and financial crime) risks across SOLV Kenya.

Project/Change management

• Lead key change programmes and projects for SOLV Kenya
• Maintain workplans specific to SOLV advisory projects/ initiatives, and communicate the same to stakeholders in a regular, timely fashion to inform and seek inputs.
• Support and Review new business requirements and provide solutions for the CPBB business in Kenya where required.
• Drive and stimulate an environment where forward planning, prioritisation and deadline management lead to efficient work practices and streamlined functional activities and processes.

Regulatory & Business Conduct

• Display exemplary conduct and live by the Group’s Values and Code of Conduct.
• Effectively and collaboratively identify, escalate, mitigate and resolve risk and CFCC matters.
• Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across SOLV Kenya. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct.

QUALIFICATIONS:

• Experience in Information Security Governance, Risk Assessment, creating customized Risk Assessment framework
• Experience in conducting risk assessments of hybrid environments, mix of cloud and on-premise applications and systems.
• Experience in Business Continuity Management and Information Security Incident Management will be an added advantage
• Experience with GRC automation tools will be an added advantage
• Experience of working in Agile development environment.
• Understanding of security risks associated with using AI, ML, NLP and blockchain technologies.
• 6+ years of experience in the relevant industry
• Bachelor’s or master’s degree in business administration/commerce/engineering/science
• ISO 27001 Lead Implementor certification is a must and other relevant certifications like CISA/CISM/CISSP will be an added advantage