Operation Risk Analyst

The Basel II Committee defines operational risk as: "The risk of loss resulting from inadequate or failed internal processes, people and systems or from external events.

The SG Kleinwort Hambros First Line Operational Risk team (ORS) report into the COO function. Within Kleinwort Hambros, the Head of Level 1 Control and Operational Risks (CORO) oversees the implementation, coordination, steering, challenge (in substance and form) and the animation of the Level 1 control framework and the control of operational risk of its BU/ SU or Entity. This role requires close collaboration with the operational managers of the perimeter, who are ultimately responsible for the quality of the permanent level 1 control framework's performance on their activities. The mission of the CORO is to deploy and monitor the Operational Risk Management and Permanent Level 1 Control Framework on its scope of responsibility.

The CORO has a holistic approach, ensuring that risks are identified and qualified, that the operational risk management framework is deployed, that Level 1 controls are deployed and carried out, that losses and incidents are analysed and reported; by reporting the situation in the committees planned for this purpose (ICCC, SICCC and other instances dealing with operational risk matters), with a view to a continuous improvement of the overall framework.

Description of the Business Line or Department

LOD 1 Operational Risk Supervision

The Basel II Committee defines operational risk as: "The risk of loss resulting from inadequate or failed internal processes, people and systems or from external events.

The SG Kleinwort Hambros First Line Operational Risk team (ORS) report into the COO function. Within Kleinwort Hambros, the Head of Level 1 Control and Operational Risks (CORO) oversees the implementation, coordination, steering, challenge (in substance and form) and the animation of the Level 1 control framework and the control of operational risk of its BU/ SU or Entity. This role requires close collaboration with the operational managers of the perimeter, who are ultimately responsible for the quality of the permanent level 1 control framework's performance on their activities. The mission of the CORO is to deploy and monitor the Operational Risk Management and Permanent Level 1 Control Framework on its scope of responsibility.

The CORO has a holistic approach, ensuring that risks are identified and qualified, that the operational risk management framework is deployed, that Level 1 controls are deployed and carried out, that losses and incidents are analysed and reported; by reporting the situation in the committees planned for this purpose (ICCC, SICCC and other instances dealing with operational risk matters), with a view to a continuous improvement of the overall framework.

The CORO oversees monitoring the following operational risk management's exercises:

• • The assessment of operational risks (through the Group's campaigns but also daily)
  • The deployment and steering of the Level 1 permanent control framework
  • The collection and analysis of losses and incidents
  • The review of risk indicators
  • Controlling operational risks for:
    • Managing outsourced service providers
    • Analysis of new products (if applicable)
    • Scenario analysis (if applicable)
    • Business continuity (if applicable)

To carry out this mission, the CORO relies on the risk management experts of its BU/SU (operational risk managers, compliance managers, information systems security managers (RSSI), process owners and data manager (CDO)) as well as on its relays in business lines and/or subsidiaries, branches of its perimeter of responsibility.

Thus, the CORO has a role of expertise and advice to raise awareness and train its BU/SU, a challenge role on both form and substance of the sub-perimeters, as well as a role of consolidating and steering the proper coverage of operational risks. Finally, the CORO has a direct role of information of management (direction of BU/SU but also LOD2 and DGLE/PIC).

The objective of the CORO is therefore to contribute to the control of the operational risks of its BU/ELR, respecting the principles of proportionality to risks, efficiency and continuous improvement of the Société Générale Group.

The CORO is the preferred interlocutor of the CN2 and IGAD teams (on the themes of control and risk management of its BU/SU/Entity) to obtain a centralised view of the areas of improvement of the framework under its responsibility.

The CORO reports directly and periodically to the head of its BU/SU or Entity on the framework and on the operational risk status of its perimeter, as well as on the associated action plans.

Perimeter of permanent control applies to the entire Société Générale group, its branches, and subsidiaries (is being considered a subsidiary, any legal person or entity over which exclusive control is exercised), as well as to all legal entities in which Société Générale exercises joint control.

ABC Manager

Management Oversight: Acting as representative of the General Management and by delegation of the BU/SU Management (Accountable for the respect of Groups obligation regarding ABC)

• Tone from the top & Role in the organisation: Promoting and disseminating the ABC compliance culture (communication)
• ABC Expertise & ABC Global Risk Management: Provision of guidance to the business relying on LoD2 for ABC expertise
  Informed of red flags and other ABC risks matters identified within his/her scope
• Policies & Procedures: Monitoring the implementation of the normative documentation among BU/SU
• Management Information (MI) - KRI: Monitoring the ABC MI and transfer to CPLE BU/SU. Analysis of ABC MI and comments from local entities
• Trainings: Monitoring deployment and completion of ABC trainings
• Controls: Monitoring of level 1 controls (for LoD1) for the BU + adaptation of level 1 controls further to Q&A roll out (KYC)
• Risk Assessment: Lead the ABC risk assessment on the relevant perimeter (in collaboration with the ABC Officer within CPLE)
• Organize BU ABC Committees in coordination with the BU ABC Officer

Summary of the key purposes of the role

• Lead the Operational Risk function within KH (team of 3-4 members) in the fulfilment of their responsibilities as listed in the previous section.
• Support and deputise, where required, for the head of LOD1 Risk and Governance at various committees and forums
• Lead the LOD 1b Risk Team in the timely and accuracy of their MI and monthly reporting packs
• Support the team in their delivery against Internal Audit and My Actions (tracking tool) points to ensure timely closure and prevent overdues
• Lead the team with T2eorem (risk logging tool) initiatives and completion, to align to the group model
• Chair weekly Team meetings with the team, recording minutes and uploading in SMR file
• Participate in team daily huddles and escalate to Head of LOD1 Risk and Governance where required
• Support the team on ad hoc requests and initiatives, whether Group or KH driven
• Work with the team on the tracking and completion of their annual appraisal process
• Weekly 121's with Head of LOD1 Risk and Governance
• Perform the annual ABC Risk Assessments, with Compliance, ABC Officer, HO and the KH teams to ensure the requirements and deadlines are met
• The LOD 1 Risk and regulatory team require all team members to be flexible within their role and can cover all activities under the department's responsibility where necessary. Thus, although the role will require the holder to be a lead in some of the department's responsibilities. the role holder is expected to be able to support and ensure all deliverables are covered within the teams in all the areas of the department's responsibilities.

Summary of responsibilities

• Assist the team to develop and maintain an effective operational risk management framework to enable articulation of a meaningful risk appetite and management of risks in accordance therewith for the first line of defence. Providing input and expertise to enforce the first line of defence.
• Provide clear, effective, and timely reporting to the Group Executive Risk and Compliance Committee, Operating Committee as required to ensure key risk issues are tracked and escalated for management and action.
• Ensure the team own the Risk and Control Self-Assessment process within the three lines of defence model. Assisting the first line to complete their assessments and ensuring key risks are identified, work with Head Office to ensure deliverables and timescales met and produce a memo and synthesis for the KH CEO to agree and sign off
• Support the business in the completion of risk assessments on significant new products and change initiatives to ensure all key risks have been considered and managed before the product or change is delivered.
• Support the team in providing training in relation to operational risk and deliver on an ongoing basis as required.
• Review the management of all major risk events to ensure they are properly resolved, and actions taken to prevent the same or similar issue re-occurring. Ensure MEG meetings follow the agreed approach and responsibilities and tasks assigned accurately.
• Manage performance and coach direct reports in terms of personal development and achievement of both individual and team objectives.
• Support all teams in the completion and updating of procedures
• Ensure the deadlines are met for the PCT programme, which is currently a project, but will move to BAU and ensures the mapping of processes and alignment to Permanent Supervision controls

Delegated responsibilities

• Deputise for Head of LOD 1 Risk and Governance as member of the Client Asset Operating Committee (CAOC) as required
• Deputise for Head of LOD 1 Risk and Governance at Group Executive Risk Committee (GERC), where required
• Deputise for Head of LOD 1 Risk and Governance at Operations Committee (OPCO) where required
• Deputise for Head of LOD 1 Risk and Governance as member of the Investment Operation Committee (IOC), where required
• Deputise for the Head of LOD1 Risk and Governance in the regular 121's with ABC Committee, Vendor Management, BCM and Infosec where required
• Support other COO Office Department managers as required.

Competencies

• Broad understanding of financial services, including asset and investment management
• Broad understanding of the FCA, PRA, GFSC and JFSC operational risk related regulations
• Experience of embedding risk management with a good understanding of concepts, tools and frameworks
• Desire to further develop the control environment (bringing new ideas) and promote operational risk awareness, thus ensuring the operational risk framework continues to be firmly embedded in the business
• Management skills
• Excellent interpersonal communication skills to build and sustain relationship with the business and key stakeholders
• Effective influencing skills with an ability to challenge with confidence

WORK EXPERIENCE

• Previous Operational Risk experience, preferably within a financial services environment.
• Previous experience of Private Banking/Wealth Management advantageous.
• Experience in investigating control failures is advantageous.

EDUCATION

• A-level qualification or equivalent in a topic that supports a strong analytical ability (for example Mathematics, Physics, Engineering)
• A-level qualification or equivalent in a topic that supports the ability to communicate effectively in English both verbally and in written reports (for example English)