Operational Risk and Permanent Control Officer for GMO & CLM Operations Permanent Control
BNP Paribas is a leading European bank with an international reach. It has a presence in 72 countries, with more than 202,000 Employees – including more than 154,000 in Europe and over 5,000 in Portugal alone.
BNP Paribas is present in Portugal since 1985, having been one of the first foreign banks to operate in the country. Today, BNP Paribas has several entities operating directly in this territory, offering a wide range of integrated financial solutions to support its clients and their businesses.
Worldwide, the Group has key positions in its three main activities: Domestic Markets and International Financial Services (whose retail-banking networks and financial services are covered by Retail Banking & Services) and Corporate & Institutional Banking, which serves two client franchises: corporate clients and institutional investors. The Group helps all its clients (individuals, community associations, entrepreneurs, SMEs, corporate and institutional clients) to realise their projects through solutions spanning financing, investment, savings and protection insurance.
BNP Paribas Internal Control framework is organized around 3 lines of defense, under the accountability of the management Body in its management function and the oversight of the management Body in its supervisory function ((DG0020 Internal Control Charter).
The first two layers are responsible for the permanent control framework, while the 3rd layer (LoD3) is responsible for the periodic control framework that is the verification and assessment function that operates according to a dedicated audit cycle.
The Functions embodied within the LoD2, are accountable, by delegation from the management Body in its management function, for the organization and the sound functioning of the risk monitoring framework and its compliance with laws and regulations over a whole set of domains.
The 1st Line of Defense is at CIB level (LoD1), whether it is directly related to the business (FO), a function (Finance, HR or IT) or accompanying the business (Operations).
ROLE AND RESPONSIBILITIES
The Permanent Control
Is an overall system set up to permanently control risks and monitor the execution of strategic actions. It is based on policies, procedures, processes and control plans and involves organizational measures, controls and governance
It consists in the continuous implementation of the risk management framework by the 1st and 2nd line of defense. (DG0020 Internal Control Charter)
The permanent control framework
Is the continuous risk management framework, embedded in operating processes and involving 1st and 2nd lines of defense, whereas the periodic control framework is an audit process, out of the current operating processes, run by the Inspection Générale. (RISK0327 –Organizational framework and governance for Operational risk management and Permanent control framework).
Defined as “The risk of loss resulting from the inadequacy or failure of internal processes or external events, whether deliberate, accidental or natural” (RISK0326 – Fundamental operational risk definitions)
Losses attributed to credit risk, market risk, and “break even” are not included in the operational risks, nor are consequences affecting the
Are entities running a business or delivering a service, such as Métiers, support functions i.e. organizational entity
First and foremost the mandate of the OPC is to support the Head of his operating entity in the management of her/his operational risk and to ensure Permanent Control pillars requirements are met, by:
- Identifying, assessing and mitigating Operational Risks:
Identify and assess the risk, Design Risk Cartography in line with the Risk & Control Self-Assessment (RCSA) Group approach
Collect and analyze Historical Incidents
Contribute to Regulatory Capital computation or monitoring through the determination of Potential Incidents (for AMA eligible entities)
Based on Risk Profile, implement relevant mitigating actions,
Participate to the governance of project impacting significantly the Operational Risks and Permanent Control framework.
Materializing, maintaining and improving the permanent control set-up, thus protecting the Bank:
Assessing the quality of his control framework and of its execution, i.e. monitor control execution and perform a posteriori control to test the quality of the framework (Key Surveillance Point, Quality review on control, control of controls etc.…)
Ensure regulatory mandatory duties are duly monitored by Control Plan at LoD1 level
Ensure and foster operational risk awareness vis a vis staff belonging to operating entities
Providing official opinions and advices on major decisions having an impact on the operational risk management and risk appetite of her/his operating entity notably related to outsourcing (internal and external) projects
Monitoring permanent control actions and recommendations and notably ensuring the relevance of implementation dates as well as the adequate ownership of recommendations issued by LoD2, LoD3, central supervisors and external audit
- Organizing, deploying and coordinating:
i. Provide an organized and overall vision of an entity in terms of Permanent Control
ii. Constitute an alarm and escalation level relative to recurring weaknesses
iii. Provide an analysis and decision-making collective body relative to these subjects
iv. Formalize the executive body’s involvement in the management of these issues and follow-up of the related actions.”
Relevant and up-to-date procedural framework
- IT tools
- CLM OPC are assessed on followings:
- His/her ability to Manage CLM Operational Risk taking into account the Regulatory, Compliance and LOD1 evolutions
- His/her ability to analyse & investigate a process/product/situation/Incident with an operational risk mindset and to provide with structured, written feedbacks
- His/her ability to organise himself/herself and coordinate with the OPC pairs
- His/her ability to alert when required
- Yearly objectives are defined with CLM OR& PC manager
- Experience in Operational risk Management, Audit or in Compliance area
- Knowledge of products and/or processes risk analysis and management
- Good Powerpoint skills
- Basic and OPC IT tools
- Ability to report
- Analytical skills
- Organizational skills
- Negotiation, conflict management, adaptability
- Any experience as a Project Manager is a plus
- Communication skills in influencing and leading
- Fluent in English (required)
Please note that only applications submitted in English will be considered.
In case you
are selected for this role, further documentation will be requested to support
your hiring process.