Purpose of Job The purpose of the EMEA Operations Risk & Control Manager is support the EMEA Operations Risk & Control Officer to ensure that within EMEA Operations: All risks are identified, assessed and managed in line with risk appetite.
The control environment is robust, comprehensive, and effective.
Staff operate in accordance with risk policy, comply with relevant regulation and behave in line with SMBC's values.
Background The EMEA Operations Risk & Control team is being established in order to improve the risk management capability within EMEA Operations.
EMEA Operations encompasses OPPD and OAD/ODED and provides key capabilities and core services for all of SMBC EMEA: OPPD (Operations Planning Department): provision of Data Management, Change Management, Third Party Management, Business Service Management and Corporate Real Estate & Services to all departments in EMEA.
OAD/ODED (Operations & Administration Department / Operations Department Europe Division): middle office, transaction processing and customer servicing support for all business departments in EMEA.
This includes Financial Crime Middle Office, Derivative Operations, Securities Operations, Treasury Operations, Loan Administration, Trade Finance Operations, Trade & Transaction Reporting and Payments.
This role will work closely with the EMEA Operations Risk & Control Officer to drive enhancements in risk management and control design and execution across EMEA Operations.
A key goal is supporting one of the co-General Managers of EMEA Operations in meeting their obligations as SMF24 for SMBC Bank International.
A project is underway to uplift the Non-Financial Risk Framework, enhance the Three Lines of Defence operating model and create an EMEA wide Control Office to enhance risk management in 1st Line of Defence (1LoD) across EMEA.
The EMEA Operations Risk & Control team will play a key role in the implementation of the new framework within EMEA Operations and, subject to future organisational design decisions, is likely to have a reporting line in to the EMEA-wide Control Office (once it is established).
The EMEA Operations Risk & Control team will also partner with, and support as necessary, other risk and control teams across the 1LoD (especially those in IT and Cyber) in developing and driving common agendas.
Supporting the 2nd Line of Defence (2LoD) in implementing risk frameworks and assisting them in executing their responsibilities to provide oversight of the EMEA Operations is also a core requirement for the role.
Similarly, the role holder will work with Internal Audit (3rd Line of Defence) to support their work.
Accountabilities & Responsibilities Providing support to the EMEA Operations Risk & Control Officer (ED) along with risk owners, control owners and other relevant senior management within the EMEA Operations to ensure that (i) all risks are identified, assessed and managed, and (ii) the control environment is robust, comprehensive, and effective.
This should be achieved in the context of the business strategy and risk appetite and in line with applicable laws and regulations, internal policies, and procedures.
Ensuring robust and comprehensive adherence to governance of risk and controls within EMEA Operations.
This includes supporting the 1LoD risk governance framework, providing insightful, timely and accurate data and analysis.
Providing insightful analysis of the risk and control environment within EMEA Operations.
For example, analyse key risk indicators, key control indicators, risk ratings, control ratings, issues, events, audit findings etc.
to identify trends and thematic weaknesses (e.g., unmitigated risks or ineffective controls) that require addressing.
Support in making sure root cause and solutions from investigations of Operational Events are implemented and tracked through to resolution, including the read across of issues so that learnings from a weakness identified in one area are applied to all areas.
Support deep dive "Risk Reviews" to assess how robustly and comprehensively risks are mitigated and/or investigate potential weaknesses in the control framework.
For example, this could involve an assessment of the design and operating effectiveness of controls in an end-to-end process or in a complete customer journey.
Support initiatives to assess and enhance the risk culture within EMEA Operations.
Knowledge, Skills, Experience & Qualifications Risk Management.
Good understanding of risk management frameworks and control environments as applied to the operational domains of Commercial and Investment Banks.
Business Knowledge.
Good knowledge of Commercial and Investment Banking products and services - and the end-to-end processes and infrastructure required to deliver these products and services to customers.
Experience of identifying and addressing deficiencies in risk management and/or control operation across the full product lifecycle and/or end-to-end processes.
Market Best Practice.
Good understanding and awareness of market-standard approaches for risk mitigation and control design and execution.
Familiarity with relevant regulation and regulatory expectation across EMEA.
Stakeholder Management.
Proven ability to build positive working relationships with senior stakeholders (e.g.
Department Head), able to become a "trusted advisor" whilst maintaining the ability to provide robust challenge.
Communication.
Good written and verbal communication skills.
Able to communicate effectively at all levels of the organisation.
Able to convey complex topics simply and to articulate issues in a way that eases decision making and drives action.
Specific requirements: Experience of a risk management and/or control office function in a major financial institution.
Highly numerate with a strong analytical skill set Broad industry knowledge encompassing Commercial Banking and Investment Banking.
Challenges The Non-Financial Risk Framework and Three Lines of Defence operating model at SMBC EMEA are relatively immature (when compared to Tier 1 Banks).
In addition, EMEA Operations has, to date, not had a dedicated risk and control capability and hence the "risk ecosystem" (including governance and MI) within EMEA Operations is also relatively immature.