Manager, Risk & Compliance - GCOO

1. Operational Risk Management 

• Assist and guide functional unit on the implementation of operational risk management framework, tools and activities:
• Identify, assess and report operational risks and adequacy of controls; including making recommendations to update minimum control standards.  
• Identify key controls and scope of as well as perform and report control testing. 
• Identify, establish and report Key Risk Indicators.  
• Review, verify and report loss events and amount. 

2. Governance, Risk and Compliance (GRC) Reporting
   • Monitor, track, escalate and validate governance, risk and compliance issues (e.g. governance, risk and compliance issues arising from audits and reviews) to ensure timely and proper closure.

3.  Advisory – Risk & Control / Compliance 

• Review  of  documentations  (frameworks,  policies,  procedures,  etc.)  specifically on assessment of risks and controls. 
• Review of new products and services, product variations and renewals and product documentations, particularly on identification and assessment of key risks and controls  associated with the products and services.  

4.  Compliance Management 

• Assist  and  guide  business/support  units  on  the  implementation  of  Group  Compliance  framework, policies, procedures and relevant regulatory requirements:  
• Act as the key liaison person between business/support units and Group Compliance  (GC) for any compliance related matters including regulatory audits and compliance  review. 
• Assist to expedite the submission of the required information from business/support units to Compliance Monitoring team.   

• Act as the key liaison person to discuss with the Compliance Monitoring team when there is a potential findings for further clarifications before the findings are finalized and presented to the business/support units. 

• Act as the key liaison person to discuss with the Compliance Monitoring team on the action plans and overall target completion timeline to achieve mutual agreements and understanding on the expectation for “Completed” issue to avoid delay / extension of timeline due to insufficient time for pre-validation and final validation.

• Ensure timely escalation of compliance breaches/issues to Group Head and Group Compliance and ensure adequacy of the corrective action plans, to ensure compliance to laws, regulations, standards, policies, procedure and internal framework.

• Coordinate and ensure proper dissemination all relevant regulatory or compliance bulletin/requests to business/support units and ensure satisfactory (i.e. review the adequacy of action plans) and timely completion of regulatory Gap Analysis (GA) for new / revised regulations (as and when requested) per GC’s Gap Analysis Process Guidelines.

• Perform validation of action plans arising from GA / Attestation of Compliance (AOC) or instruction from regulators

• Identify and develop key controls and assessment to address key regulatory requirements of new / revised / existing regulations with guidance from Group Compliance.

5. Training and Communications

• Perform training needs analysis for division and tailor training materials to operationalise business needs
• Conduct training session and train the trainer for division
• Responsible for communications that relates to risk and compliance

6. Promote risk and compliance awareness e.g. by facilitating and conducting briefing, organizing group discussions and other forms of communication.