Risk & Compliance Manager at Tower Sacco

JOB PURPOSE

The Risk & Compliance Manager will be responsible for establishing and implementing an appropriate Operational & Compliance Risk Management framework in line with the Society’s Strategic Plan, the Risk Management Policy, established SACCO By- laws and regulations and best financial service industry practices.

The Risk & Compliance Manager who is a business supportive and risk disciplined individual is expected to provide oversight to the enterprise-wide risk management (ERM) strategy and framework that effectively translates the risk appetite framework into informed decisionmaking practices that support Tower SACCO’s unique business model and strategic plan.

JOB OBJECTIVES

• Develop and implement a risk management strategy and monitor implementation of the SACCO’s strategic plan to prevent, eliminate and mitigate operational risks.
• Maintain and periodically review Business Continuity plans.
• Identify emerging risks that present new regulatory, fraud, or money laundering risks. Such include risks associated with new products and services, customer types, geographies, and channels.
• Participate in development and Implementation of a Risk Monitoring and Reporting Framework.
• Provide assistance in developing and updating policies and procedures by enforcing document standards.
• Ensure that relevant Business policies are effectively embedded within business units.
• Develop training programs and conduct training on developments in the legal and regulatory framework.
• Ensure customer portfolio is effectively risk rated and the AML or general compliance Monitoring activity is in line with the risk.
• Transaction and customer screening for Anti-Money Laundering through daily reports and system generated alerts and subsequently close on all alerts generated with the assistance of AML Analysts.
• Maintain a risk register based on the identified applicable laws and regulations, fraud schemes, and Proceeds of Crime Act and Anti Money Laundering considerations.
• Liaise with the SACCO’s partners and counter parties in relation to all AML & KYC matters and questionnaires.
• Liaise with FRC on daily cash transaction returns, suspicious transactions, and carry out quarterly returns.
• Monitor compliance with Unclaimed Financial Assets Act (UFAA).
• Review the SACCO’s operations to ensure they meet all regulatory requirements set under the SASRA.
• Review satellites, Branches and head office departments’ operational, regulatory, credit risk and compliance risks.
• Ensure compliance on Data Protection.
• Conduct risk assessment for proposed and existing units.
• Track the progress of remediation of control weaknesses identified by Internal Audit, selftesting, or controls assessment.
• Any other duty that may be assigned by the C.E.O.

DESIRED QUALITIES

• A financial services background with compliance and risk management as a central component of your previous role.
• High analytical and problem-solving skills to be able to challenge status quo based on qualitative facts.
• Knowledge of the risk and governance standards such as COSO framework, Basel Corporate Governance Principles and SASRA Risk Management for SACCOs.
• A track record of delivering on targets and objectives within regulatory and non-regulatory deadlines.
• Strong analytical, communication and reporting skills.
• Training delivery experience.
• A proven ability to work on own initiative.
• High ethical standards, integrity, and professionalism.

PREFERRED QUALIFICATIONS

• A Bachelor’s degree in Business related field, Computer Science and ICT or related field from a recognized University.
• Possession of professional qualification such as CPA, ACCA, CISA, FRM CEH, CISSP, CRISC, CISA, CISM or other risk related field. Certification in ICT Security, Audit and Risk management and or other relevant training shall be an added advantage.
• A minimum of four (4) years working experience in an audit firm or a financial institution especially in Banking Operations, Audit, Risk Management and/or Compliance practices.
• Comprehensive knowledge of ERM concepts, operations, and ICT risk management concepts.
• Below 35 years of age.