About BNP Paribas India Solutions:
Established in 2005, BNP Paribas India Solutions is a wholly owned subsidiary of BNP Paribas SA, European Union’s leading bank with an international reach. With delivery centers located in Bengaluru, Chennai and Mumbai, we are a 24x7 global delivery center. India Solutions services three business lines: Corporate and Institutional Banking, Investment Solutions and Retail Banking for BNP Paribas across the Group. Driving innovation and growth, we are harnessing the potential of over 10000 employees, to provide support and develop best-in-class solutions.
About BNP Paribas Group:
BNP Paribas is the European Union’s leading bank and key player in international banking. It operates in 65 countries and has nearly 185,000 employees, including more than 145,000 in Europe. The Group has key positions in its three main fields of activity: Commercial, Personal Banking & Services for the Group’s commercial & personal banking and several specialised businesses including BNP Paribas Personal Finance and Arval; Investment & Protection Services for savings, investment, and protection solutions; and Corporate & Institutional Banking, focused on corporate and institutional clients. Based on its strong diversified and integrated model, the Group helps all its clients (individuals, community associations, entrepreneurs, SMEs, corporates and institutional clients) to realize their projects through solutions spanning financing, investment, savings and protection insurance. In Europe, BNP Paribas has four domestic markets: Belgium, France, Italy, and Luxembourg. The Group is rolling out its integrated commercial & personal banking model across several Mediterranean countries, Turkey, and Eastern Europe. As a key player in international banking, the Group has leading platforms and business lines in Europe, a strong presence in the Americas as well as a solid and fast-growing business in Asia-Pacific. BNP Paribas has implemented a Corporate Social Responsibility approach in all its activities, enabling it to contribute to the construction of a sustainable future, while ensuring the Group's performance and stability
Commitment to Diversity and Inclusion
At BNP Paribas, we passionately embrace diversity and are committed to fostering an inclusive workplace where all employees are valued, respected and can bring their authentic selves to work. We prohibit Discrimination and Harassment of any kind and our policies promote equal employment opportunity for all employees and applicants, irrespective of, but not limited to their gender, gender identity, sex, sexual orientation, ethnicity, race, colour, national origin, age, religion, social status, mental or physical disabilities, veteran status etc. As a global Bank, we truly believe that inclusion and diversity of our teams is key to our success in serving our clients and the communities we operate in.
About Business line/Function:
The Group RISK ORM Network Operational Risk Officer is part of the Group RISK Function within BNP Paribas. The department has responsibility for steering and reporting on the Group’s Operational Risk Management framework and status. It is the independent second line of defense on operational risk management activities of the Group, including on Information and Communication Technology risk management activities.
Job Title:
Operational Risk Officer- Outsourcing RISK
Date:
27-Jan -2025
Department:
Group RISK ORM
Location:
ISPL, Mumbai
Business Line / Function:
Group RISK ORM Network
Reports to:
(Direct)
Head of RISK ORM Network, India CoE
Grade:
(if applicable)
Sr. Associate/Asst. Manager/Manager
(Functional)
Group Head of ICT Controls Testing
Number of Direct Reports:
N/A
Directorship / Registration:
N/A
Position Purpose
RISK Operational Risk Management (RISK ORM), created early 2021 to oversee operational risks within the mandate of the RISK function, is organised, under the responsibility of the Group Chief Operational Risk Officer (Group CORO), around 3 Poles: RISK ORM Framework, RISK ORM Technology & Transversal Risks and RISK ORM Network.
Under the authority of the Pole’s Manager, RISK ORM Network is made up of all the Operational Risk Officers (OROs) acting as the second line of defence (LoD2) within the Group’s operational entities (Poles, Business Lines, Functions, Transversal Activities).
In this context, the Common Outsourcing Controls Execution Platform (COCEP), whose missions are presented below, reports hierarchically to the Group Head of ICT Controls Testing. He/she:
• Contributes to protect the Bank by securing the oversight of the completeness and quality of the outsourcing register (360 RiskOp Arrangement module) to guarantee an accurate oversight of outsourcing arrangements and their characteristics,
• Assures the accuracy and data quality of regulatory reporting (e.g., CASPER) and notifications (e.g., IMAS),
• Ensures the homogeneity, the robustness and effectiveness of the outsourcing controls executed by the LoD1 by implementing LoD2 controls execution platform across Poles and Functions,
• Facilitate and pilot outsourcing operational risk management framework.
Key success of the COCEP relies on building trusted partnerships with stakeholders and particularly with the RISK ORM Framework, TPRM and Network community and globally all entities of the Group.
Responsibilities
Direct Responsibilities
The COCEP Outsourcing Risk Officer contributes to identify and reduce risks on activities delegated to third-party service providers and thus improves the efficiency of the overall activities for the Bank.
Key missions of role - Outsourcing Risk (COCEP)
· Oversee the process of the outsourcing register data quality of regulatory reporting:
o Define the process to remediate data quality anomalies for CASPER regulatory reporting,
o Perform cross-business consistency analysis to identify inconsistencies or incorrect qualifications in the register,
o Identify any inconsistencies between the outsourcing register critical outsourcing arrangements data and IMAS portal,
o Build a process to ensure consistency between the outsourcing register and the exit strategy standard documentation (e.g., alignment between the exit plan and the outcome of assessment of the service provider’s substitutability, the substitutability modality, and the time-of-service provider’s substitutability).
· Verify the compliance of outsourcing regulatory documentation:
o Build a process and perform the verification, with the related OROs, of the alignment between the draft record in IMAS portal and the content of the notification template submitted at the Validation Committee,
o Build a process and perform the verification, with the related OROs, that the exit strategy documentation is available and compliant with the Group format.
· Execute LoD2 controls on outsourcing GCL (RISK0418):
o Define a process to industrialise the LOD2 control reviews on outsourcing.
o Perform the defined LoD2 controls plan, share the results with the related OROs and ensure that the related potential permanent control actions plans are recorded in 360 RiskOp.
· Facilitate and pilot outsourcing operational risk management framework:
o Define a process to industrialise the periodic report analysing the outsourcing operational risk management including the data quality indicators improvements and the LoD2 controls results analysis,
o Monitor indicators results, and cascade as appropriate to ORO Poles and Functions,
o Define and produce operational reporting (link with RISK ORM COE ISPL reporting stream).
The COCEP Outsourcing Risk Officer reports to the Group Head of ICT Controls Testing, and locally to the Head of RISK ORM India CoE. He/she actively collaborates with RISK ORM Framework and Technology & Transversal risks teams and works with the operational risk officers (ORO), outsourcing coordinators, operational permanent controllers (OPC), and subject matter experts (SME).
Scope covered and organisation.
The scope applies to all entities for which RISK ORM acts as a second line of defence.
In addition to the elements of this document, the outsourcing framework, generic control libraries (GCL) and the operational role of the OROs, are notably described in the procedures, "Second line of defence’s roles and responsibilities on the operational risk management framework” (RISK0401), “LoD2 control activities on the LoD1 control framework” (RISK 0414), “Group Policy pertaining to Outsourcing Risk Management Framework” (RISK0417), “Generic Control Library relating to outsourcing risks” (RISK0418) and “ORO Role and Responsibilities in the outsourcing process” (ORM0005).
Lastly, the legal and regulatory requirements of third-party risk management are notably, EBA guidelines on Outsourcing Arrangements, EU DORA, UK PS7/21, UK SS2/21, Solvency II, US FDIC-OCC guidance on third party relationship risk management.
Contributing Responsibilities
· Collaboration at the India CoE level with Head of India CoE, including but not limited to the CoE level reporting requirements
· Effectively contribute to the CoE, RISK India Hub and ISPL on Group mandates, Objectives and priorities
· Help and contribute to build the CoE a positive place to work
Technical & Behavioral Competencies
SKILLS, EXPERIENCE AND COMPETENCIES
To meet the requirements of this position, the COCEP Outsourcing Risk Officer will be expected to have a good fluency in risk analysis and monitoring, acquired through professional experience in a team in charge of operational processes or executing operational risk activities in the first or second line of defence.
Moreover, general knowledge of LoD2 control management, third-party risk management, analysis and monitoring will be sought given the importance of technology in Group's business processes.
We expect the COCEP Outsourcing Risk Officer to have good relationship skills to efficiently work in a group / a team / a community, qualities of communication to be able to bring his/her interlocutors to decision-making and relay key messages, the ability to mobilise his/her direct and indirect network, and a good sense of responsibility and commitment.
Last, a good analytical skills, a solid critical mind, the capacity to synthesize / simplify, to communicate orally and in writing, to animate meetings and committees, to challenge the existing and propose solutions (change management), to be pragmatic in analysis and action, to work in collaborative mode in a changing environment with respect of the deadlines, to be rigorous, will allow the newcomers in the COCEP team to take on his/her new appointment in the best conditions.
Skills Preferred
- Has the proven ability to think outside of the box, challenge industry norms and adapt quickly to evolving requirements.
- Is self-aware, anticipates problems, adapts and meets them head on.
- Strong stakeholder management, relationship building, influencing, facilitating and presenting skills.
- Is solutions focused – measures their output on whether issues, problems or challenges are resolved as a criteria for success.
Conduct:
- Consider the implications of your actions on colleagues, partners and clients before making decisions, and escalate issues to your manager when unsure.
Specific Qualifications (if required)
University degree (technical), and/or certification on Risk Management
Skills Referential
Behavioural Skills: (Please select up to 4 skills)
Attention to detail / rigor
Ability to deliver / Results driven
Ability to synthetize / simplify
Ability to collaborate / Teamwork
Transversal Skills: (Please select up to 5 skills)
Ability to anticipate business / strategic evolution
Ability to develop and adapt a process
Ability to set up relevant performance indicators
Analytical Ability
Ability to develop and leverage networks
Education Level:
Bachelor Degree or equivalent
Experience Level
At least 3 years
Other/Specific Qualifications (if required)
- Professional qualifications/trainings relevant to technology and/or Outsourcing Risk, Risk Management ,Information Security, Operational Risk, Cloud Security)
