Head of RISK ORM, WM APAC

What is this position about?

RISK Operational Risk Management (RISK ORM), created early 2021 to oversee operational risks within the mandate of the RISK function, is organized, under the responsibility of the Group Chief Operational Risk Officer (Group CORO), around 3 Poles: RISK ORM Framework, RISK ORM Technology & Transversal Risks and RISK ORM Network. 

The Head of RISK ORM, WM APAC, whose missions align with the overall missions of RISK ORM, reports locally to the Chief Risk Officer (CRO), WM APAC and globally to the Head of RISK ORM, WM GAIM, while maintaining an effective collaborative link with the Head of RISK ORM, APAC Region. 

The Head of RISK ORM, WM APAC represents the 2nd line of defense for WM APAC entities, including WM ISPL, with regards to all operational risks within the mandate of the RISK Function in APAC, including but not limited to operational controls of major WM APAC IT & Operation processes, credit processes, the technological risks (e.g. fraud risks, outsourcing risks, cyber risks) and personal data protection risks, etc. 

To achieve his/her missions, the qualified incumbent also coordinates and collaborates with RISK ORM WM GAIM and RISK ORM APAC Region transversal experts (ICT, Third Party Risk Management, Fraud and Data Protection, etc.) to secure the best usage of resources depending on the topics and locations.

What would be your typical day at BNPP Paribas look like?

Primary Roles and Responsibilities

Under the authorities of the CRO WM APAC, the Head of RISK ORM, WM GAIM, and a close collaborative relationship with the Head of RISK ORM, APAC Region, the Head of RISK ORM, WM APAC has primarily the following responsibilities:

1) Supervise the deployment of the operational risk management framework of WM APAC (including WM ISPL). This includes in particular:

a. Pilot the change by putting in place the major transformation programs, especially those linked to a recommendation from the Supervisor or to compliance with a regulatory provision (e.g. Control Monitoring Program, Third Party Risk Management, operational resilience, Cyberfraud Program, Cyber Program, Data Leakage Protection Program);

b. Ensure that operational risk regulations, norms, guidelines and methodologies are understood and implemented over time within WM APAC (e.g., Risk and Control Self -Assessment [RCSA] and Incident check & challenge);

c. Carry out and supervise second line controls;

d. Carry out and supervise Independent analysis;

e. Entrench the use of Group operational risk management tools (e.g., 360 RiskOp) and related reporting;

f. Ensure, as far as operational risks are concerned, an appropriate ORO resources allocation across the Entities of the perimeter (including WM ISPL);

g. Implement the decisions taken in terms of operational risks by the CRO of WM APAC, the CRO of WM GAIM, the APAC CRO or the Head of OROs of WM GAIM;

h. Ensure that the decisions made by the CRO of WM APAC, the CRO of WM GAIM, the APAC CRO or the Head of OROs of WM GAIM in terms of operational risk are well-applied within the Entities (including WM ISPL);

i. Define and implement risks/stakes adapted information flow to inform the management, especially in regard to alerting the CRO of WM APAC, the APAC CRO the Head of OROs of WM

GAIM or the Head of the RISK ORM APAC on notable events and the related potential remediation actions;

j. Participate to the crisis management following an operational incident.

2) Build, in the framework of the associated Governance (e.g.: internal control committee of WM APAC in the presence of the CEO of WM APAC), to the attention of the CRO of WM APAC, the CEO of WM APAC, the Head of OROs of WM GAIM, and the Head of RISK ORM, APAC Region, a vision of the operational risk profile of WM APAC (containing technological risks and including WM ISPL) , including in particular:

a. An opinion, based notably on 2nd level controls and independent analysis carried out by the second line of defence, of the robustness of the system put in place by the first line of defence

(organization, procedural corpus, identification of processes and associated risks, robustness of the control framework put in place, incident management, feedback, taking into account

permanent control actions and general inspection recommendations, processing of exemptions, etc.), which may, if necessary, lead to permanent control actions;

b. A qualitative and quantitative monitoring of historical incidents, including in particular an analysis of the most important of them and supervision of the associated action plans, concerning the following risks:

- Fraud, including cyber-Fraud

- Safety of people and properties

- Deterioration of assets

- Outsourcing, including IT outsourcing

- Business continuity

- Technological risks: cyber-attacks, data integrity risks, ICT change risks (Projects and IT organisation, vulnerability management, identity & access management, …), risks linked

to Cloud, digital assets & emerging technologies, data leakage, …

- Personal Data Protection

- Processes errors execution;

c. A qualitative monitoring of events external to WM APAC that may impact the risk profile of WM APAC;

d. A quantitative and qualitative management of the remediation of the general inspection recommendations of WM APAC;

e. The WM APAC contribution to the OR&C Report. While coordinating with the other Control functions to guarantee the methodology, tooling, outputs and reporting consistency.

3) Animate, structure and align the OROs and risk managers community of WM APAC in association with the Heads of RISK ORM WM GAIM and RISK ORM APAC Region and with the consistent support from transversal RISK experts (e.g. TPRM, ICT, fraud, DPO) belonging to ORM WM GAIM and ORM APAC teams, to:

a. Guarantee a reliable and transparent information flow;

b. Organize best practices sharing, especially for the most important incidents or the key transformation programs (Ref. 1a), as well as the development of an operational risk and data protection culture;

c. Propose and implement industrialization and standardization actions.

4) Moreover, given the growing level of technology in Group's operational processes and the need for technological risks, in full coordination with transversal experts from RISK ORM APAC Region and ORM WM GAIM, contributes to the reinforcement of the second line of defence in terms of technological risks, through points 1) and 2). This includes in particular:

a. Ensure that the Governance relating to the management of operational risks (e.g. internal control committee of WM APAC) includes technological risks;

b. Strengthen the involvement of the second line of defence in the preparation of the major projects committees (CGP) of WM APAC and ensure their follow-up (e.g. implementation of actions associated with identified risks);

c. Develop the supervision of the identification and assessment of technological risks by the first line of defence of WM APAC, including in particular:

i. WM APAC technological risk assessment exercises achievement;

ii. The identification of critical and vital IT assets, and the assessment of the impacts of the risks relating to these assets on the Business processes of WM APAC;

iii. The identification of critical “third parties”, and the assessment of the technological risks associated with their services as well as the impacts of the latter on the Business processes of WM APAC;

iv. The consideration of technological risks as part of the methodology adopted by the Group in terms of operational resilience, in particular with regard to activities vital to the Group;

d. Continuously improve the supervision of the collection of technological incidents within WM APAC, ensuring that they are correctly documented and filled in the corresponding tools;

e. Contribute to the implementation of second level controls in terms of technological risk within WM APAC;

f. Contribute to the development of Cyber and Operational Resilience communities.

5) Ensure productivity and monitoring of team performance. These include:

a. Piloting the activity of his/her team through the assignment and prioritization of topics related to the objectives of senior management;

b. Centralizing and reporting the results of controls, analyzing the operational activity indicators of his team from monitoring and reporting tools and proposing areas for improvement;

c. Being an actor in the continuous improvement of the team's functioning, homogenizing and disseminating good practices;

d. Managing the team's budget and deciding on the various assignments;

e. Ensuring transversality and sharing of expertise and knowledge within the team;

f. Sharing expertise on high stake-concerns and/or dealing with complex issues;

g. Representing the team, when appropriate, within cross-functional Group projects.

6) Support the development of employees and monitors HR needs. These include:

a. Leading your team around a common ambition, deploying a team’s culture and cohesion;

b. Participating in the recruitment and integration of new joiners into your team;

c. Defining objectives;

d. Ensuring the support and skills development of team members, contributing to Personal Development Plans, defining appropriate progression paths, in consultation with senior management;

e. Evaluating the performance of team members and giving them regular feedback;

f. Being in contact with HR teams to ensure business continuity (recruitment, training, organization, issues);

g. Being the privileged interlocutor of employees in the resolution of complex situations;

h. Deciding on the team's development plan (organization, development) in correlation with the Group strategy.

Scope covered and organization

The scope covered applies to all the operational risks to which WM APAC (including WM ISPL) is exposed, for which RISK acts as a second line of defence.

In addition to the elements of this document, the organizational framework, including the operational role of the OROs, is notably described in the procedures "Target Operating Model on Operational Risk and Permanent Control" (RISK0327) and "Second line of defence’s roles and responsibilities on the operational risk management framework” (RISK0401).

Role in governance of WM APAC operational risk management

The Head of RISK ORM, WM APAC contributes to the achievement of the WM APAC ’s OROs team missions.

In terms of governance, the Head of RISK ORM, WM APAC prepares, animates, and actively participates in the internal control committee of WM APAC (two meetings per year) in the presence of the CEO of WM APAC, as well as ensures the production of regular risk-management Dashboard.

What is required for you to succeed?

Key requirement, basic skills, and/or other requirements in education/certification/licenses:

• To meet the requirements of this position, he/she will be expected to have a good fluency in risk analysis and monitoring, acquired through past experience in a team in charge of operational processes

or managing operational risk in the first or second Line of Défense.

• In addition, a good mastery of the implementation and animation of Risk governance in an equivalent environment is essential.

• Moreover, general knowledge of technological risk will be sought given the importance of technology in WM APAC 's business processes.

• Then, validated managerial experience in a functional environment is required.

• We will expect from the Head of RISK ORM, WM APAC a good ability to animate a group / a team / a community, qualities of coach (mentoring) in order to be able to bring his/her interlocutors to decision making, the ability to mobilize his/her direct and indirect network, a good sense of responsibility and commitment, as well as the ability to develop a vision and share it to generate commitment.

• Last, a good analytical skills, a solid critical mind, the capacity to synthesize / simplify, to communicate orally and in writing, to animate meetings / committees, to challenge the existing and propose solutions (change management), to be pragmatic in analysis and action, to work in collaborative mode in a changing environment with respect of the deadlines, will allow the newcomer Head of RISK ORM, WM APAC to take on his/her new responsibilities in the best conditions.

• Fluency in English is also required.

• At least 10 years working experience

About BNP PARIBAS

As the leading European Union bank, and one of the world’s largest financial institutions with an uninterrupted presence in the region since 1860, BNP Paribas offers a wide range of financial services for corporate, institutional and private investors spanning corporate and institutional banking, wealth management, asset management and insurance.

We passionately embrace diversity and are committed to fostering an inclusive workplace where all employees are valued and encourage applicants of all backgrounds, including diversity of origin, age,

gender, sexual orientation, gender identity, religion applicants who may be living with a disability. We have a number of internal employee networks in place to empower our staff to act and challenge the status quo.

• BNP Paribas PRIDE is highly active in favour of the LGBTQIA+ community

• BNP Paribas MixCity which fosters better representation of women at all levels of the organization

• Ability, the mutual aid network for employees with a disability or a disabling or chronic illness

• BNP Paribas CulturAll which celebrates diverse backgrounds

BNP is committed to financing a carbon-neutral economy by 2050. The Group is a founding member ofbthe Net-Zero Banking Alliance and has set up its own Low Carbon Transition Group to support its clients through their energy transitions.

https://careers.apac.bnpparibas/

More information

BNP Paribas - Diversity & Inclusion Journey

BNP Paribas - The Bank Of Green Changes

Award Obtained

BNPP has won Top employer Europe award in a 10th consecutive year