Description of the Business Line or Department
The Risk Management (RISQ) Division in the UK is independent from the Business Lines. The RISQ Division's mission is to contribute to the development of the SG Group's activity by facilitating the objectives of the Business Lines while maintaining independent oversight through risk evaluation and monitoring.
The mission of the Operational Risk Second Line of Defence department (RISQ/OPE, LoD2) is to provide independent, objective and leading operational risk management challenge and oversight services to assist the firm in maintaining an effective system of operational risk management.
RISQ/OPE conducts oversight of the governance, risk and control frameworks and tolerances of Operational Risk.
RISQ/OPE provides proactive advice to help management identify and measure key risks, and to evaluate controls in existing and expanding businesses. An objective is to accompany employees and raise awareness on the importance of operational risk management which is based on the principle that “everyone is an operational risk manager”.
RISQ/OPE organises and/or tests the soundness and efficiency of the operational risk framework, especially on governance, risk identification and mitigation as well as permanent controls.
Summary of the key purposes of the role
- Implement and lead the framework for identifying and managing fraud risk on the SG UK Wholesale business across SG London Branch and SG International Limited, aligned to UK supervisory authority requirements.
In his/her LOD2 function, the role-holder will independently challenge LoD1 as they identify, assess, manage and report fraud risks through various operational risk framework processes: incidents, RCSA, key risk indicators, new products, outsourced/offshored activities, information security, permanent controls evaluation, etc. Challenge will include the exhaustiveness of risk identification and effectiveness of the controls landscape, offering advice as appropriate.
Strong and effective relationships across the lines of defence are key to ensure identifiable control weaknesses and concerns are proactively managed to within risk appetite.
Key to this role will be independent analysis and reporting of a consolidated view of the fraud risk environment to senior management, focusing on the most material risks, ongoing remediation and recommendations to enhance the control framework.
Implementation of the framework will be in conjunction with LoD1 BUs/SUs and associated control functions, and Compliance.
Summary of responsibilities
Primary Responsibilities as a member of RISQ/OPE
- Implement the SG UK Wholesale Fraud risk framework covering internal and external fraud;
- Monitor framework implementation and provide robust challenge to LoD1 as they identify, assess, manage and report fraud risks through various activities such as incidents, new products, outsourced/offshored activities, RCSA, key risk indicators, permanent controls evaluations, etc;
- Perform LoD2 activities in the evaluation of fraud risks through such activities as: horizon scanning, deep-dive thematic reviews, root cause analysis, etc;
- Provide advice and guidance to SG employees across LoD1 and LoD2, as appropriate;
- Continuously evaluate the maturity of the fraud risk framework across LoD1 and LoD2;
- Monitor and report to senior management the fraud risk environment, providing independent analysis and opinion on the most critical risky areas, including the effectiveness of their mitigating controls;
- Develop and maintain relationships with key LoD1 stakeholders in BUs/SUs and control functions, LoD2 Compliance (to ensure effective complementary oversight), and Group RISQ/OPE to ensure continuous alignment of objectives and goals;
- Support the development of SG’s fraud risk management capabilities by providing expert inputs into the development of the wider operational risk framework;
- Support the RISQ function to embed a strong risk culture across the Group;
- Develop and implement fraud related training for SG employees and associated Third Party providers, as appropriate;
- Engage with the wider RISQ/OPE team to share information and best practice advice;
- Complement RISQ/CTL’s control programme through the provision of fraud risk profiling and assessment of the effectiveness of mitigating controls; and,
- Continually develop expert knowledge and advise on best practices related to fraud risk and operational risk management in general.
Level of Autonomy and Authority
Operational Risk Supervisors are involved in assessing risks and recommending appropriate mitigating actions or ensuring escalation is taking place. The role also encompasses decisions on norms or existing policies on their perimeter of responsibilities. The Operational Risk Supervisors are allowed to validate exceptions within the risk appetite, where there is no apparent or minimal risk or should escalate to the business or his/her management if not able to make a decision.