Description of the Business Line or Department
The GBSU Business Controls team is part of the organisational structure supporting the SGIL Chief Business Control Officer for GBSU and LOD1 and UK Head of RPM/GRC.
GBSU Business Control team is responsible for leading and coordinating the risk and control agenda in the first line of defence across all SGIL GBSU perimeters, covering operational and other non-financial risks.
This function supports the maintenance of an effective control framework across every operational, information systems, regulatory reporting and on-boarding activities with a transversal focus to complement the organisational structure.
GBSU Risk & Production Management team (RPM), as part of LOD1, accompanies SG UK management in the development and transformation of its business whilst ensuring non-financial risks are appropriately identified and managed operationally, with a focus on:
- Transversal risks management (BCM, Cyber, Third Party Risk Management, Production Oversight, IT Risk Management) for the UK wholesale platform;
- Operational Security Management (OSM) functions for GBSU UK in SGIL and SGLB (ex-ITEC / ex-OPER / CLD / COO functions);
- LOD1 ad-hoc deliverables and project coordination (e.g. PCT, Operational Resilience) for the UK wholesale platform.
- On specific topics and at the request of UK Senior Management, RPM also ensures the coordination of specific LoD1 BAU topics relating to permanent control and operational risk management (on an ad-hoc or permanent basis), and also coordinates work on other ad-hoc deliverables (e.g. addressing regulatory requests for information).
In the UK for SGIL, LOD1 risk management and control functions are provided by RPM as a service under the governance of, and with accountability from, SGIL management.
In RPM, Governance, Risk and Controls (GRC) is primarily tasked with operational risk management topics for GBSU, notably:
- Assisting GBSU management and operational teams in the definition and the setup of their permanent control framework, supporting managers in ensuring that this framework is adequate and sufficient to address risk on the concerned perimeter;
- Day-to-day identification, investigation, response / remediation and reporting on key non-financial risks through appropriate channels (incl. op risk systems) and with escalation to relevant stakeholders (e.g. LOD2, senior management);
- Analysis, monitoring and reporting of the results of the managerial supervision controls to senior management and governance;
- Assist GBSU management in establishing relevant action plans addressing self-identified issues as well as LoD2 and LoD3 feedback regarding permanent controls, risk assessments, operational incidents management, etc.
- Co-ordination with other risk specialists across lines of defense (head-office GBSU LoD1 risk management team, other LoD1 teams in SG UK, LoD2 teams in RISQ, CPLE and DFIN…), to support the delivery of appropriate permanent controls measures in SGLB;
- Coordination of Risk and Control Self-Assessments (RCSA), mapping of Activities, Processes, Risks and Controls (MyAPRC), deployment of the Library of Normative Controls (LNC), and similar/related activities within GBSU;
- Preparing and facilitating GBSU’s reporting and oversight of risks – preparation of Operational & Conduct Risk committee (OCR), supporting GBSU’s input into SGLB’s own non-financial risk governance, supporting deep dives on GBSU-relevant risk topics, risk & controls related projects / transformation activities, scenario analysis exercises, and regulatory engagement.
- Supporting GBSU’s senior stakeholder to act in, and demonstrate, compliance with the requirements stemming from the Senior Management Regime in the UK, as well as Group requirements (e.g. Permanent Control Transformation related ones).
- Support operational risk management for the SGIL entity under the direction of SGIL’s CBCO (as a service provider, focusing on the forementioned topics).
In addition to the above, GRC will also provide a support and coordination on Permanent Control topics for SG UK (acting as “Permanent Control coordinators” for SGLB, and providing operational support to SGIL’s CBCO who remains the Permanent Control Coordinator for SGIL).
Lastly, GRC may also provide a targeted contribution on specific topics requiring coordination across RPM and/or SG UK Wholesale platform (e.g. ad-hoc initiatives stemming from the Senior Management Function regime requirements, Post-Brexit “Inbound Business” & cross-border requirements, regulatory-related developments requiring input from all BU/SUs).
Geographical & Business coverage:
- GBCO and OSM functions focus: GBSU UK
Summary of the key purposes of the role
- Support the SGIL Head of GBSU Business Controls Office (GBCO) in the oversight of the control framework for the UK Operations Function and promoting the framework to management.
- Liaise with UK and India Operations and other support functions; performing 1st level controls to ensure that there is a strong control framework over the Operations platform.
- Participate in control environment enhancement projects.
- Challenge existing processes and procedures within the GBSU Operations department.
- Ensure that audit points and action plans are being cleared and will act as the liaison for Operations with Internal Audit (IGAD), Operational Risk (OSM), Finance (DFIN) and dedicated control functions (CTL).
- Provide operational support to OSMs in the day-to-day management of OSM deliveries, focusing on GBSU’s identification, assessment, recording & mitigation of operational risk.
- Support OSMs in the oversight and first level challenge of all operational risk related topics, including but not limited to: RCSA process; incident management; Internal Capital Adequacy Process (for entities where this is relevant); KRI reporting; process reviews, outsourcing risk reviews, action plan completion, including CTL and IGAD finding/recommendation progress tracking.
- Support the production of operational risk governance packs to be presented to key senior stakeholders.
- Participate to the implementation and maintenance of the first level (operational) control framework as well as of the supervisory control framework within GBSU (OPER, CLD, IT, COO).
- Recording of operational incidents within the Group’s internal incident management platform, and their subsequent handling / management in line with appropriate procedures.
- Assist OSMs and LoD1 managers in addressing queries from 2LoD in relation to non-financial risk management and collaborate on incident management matters and investigations (as per relevant thresholds).
- Contributing to the deployment and monitoring of the requirements of the “Permanent Control Transformation” (PCT) in run mode for GBSU SGIL and SGLB; General support to the PCT Coordinator function in RPM, addressing ad-hoc requests from all UK BU/SUs, conducting training sessions, minuting decisions and actions from PCT governance.
- Risk-related actions & deliverables management for GBSU: keeping track of all the open actions stemming from all lines of defense (LoD1/2/3) to avoid overdues, collating appropriate justifications for deadline extensions and supporting reviews/approvals for these – SGIL and SGLB; overdue e-learning , phishing campaign defaulters, mandatory absence anomalies; Ad hoc Permanent Supervision (GPS) requests / assisting with the modifications of controls , creation of controls through SG workflow. Preparing relevant weekly or ad-hoc reports on these topics to key stakeholders (head of RPM UK, GRC Paris, entity management etc.).
This role does not require a specific certification.
This role covers all SGIL activities, whether conducted in UK, AMER, APAC or India, and support on activities in SGLB as required.
Summary of responsibilities
Control Framework Supervision and Governance
- Support OSMs in the day-to-day OSM tasks for GBSU (SGLB, SGIL) and EMEA OSM supervisor on EMEA OSM coordination and regional governance topics.
- Support OSMs in providing oversight and first level challenge of all operational risk related topics (GBSU-focus).
- Preparation of operational risk governance packs to key senior stakeholders (GBSU-focus).
- Support the maintenance and enhancement of the first level control framework (GBSU-focus).
- Support OSMs in challenging GBSU stakeholders on the quality of their operational risk reporting (GBSU focus)
- Support the effective and, where needed, consistent roll-out of projects & ad-hoc tasks e.g. RCSA, PCT, Outsourcing risk reviews (GBSU).
- Ensure capture of operational errors & incidents and use of relevant risk event collection processes/tool(s) (GBSU).
- Ensure action plans are developed and implemented, with appropriate ownership and achievable deadlines; ensure and track sign off on closed actions (GBSU)
- Assist in ad-hoc projects or initiatives of the CCO/UK department, as directed by Senior OSMs, CBCO, Head of Operations of SGIL, Head of GRC, Head of CCO UK/EMEA and, potentially, EMEA OSM supervisor (GBSU, EMEA).
- Contribute proactively to KRI initiatives, incl. helping to improve data quality and avoidance of duplication (GBSU).
- Support operational key risk indicator dashboard to ensure key items including FBK have agreed action plans with Operational Managers, tracked and shared with appropriate parties (SGIL, GBSU).
- Monitor and report on operational policies and procedures to ensure review and sign off completed by owners (SGIL, potentially extended to SGLB).
- Maintain awareness of operational driven projects, in order to assist with remediation and input new/enhanced controls, procedures and ongoing oversight (SGIL, GBSU).
- Support coordination of Deloitte audit, managing the requests and tracking quality and completion of responses (SGIL).
- Participate in all required governance meetings related to the perimeter and prepare relevant reporting (SGIL, GBSU SGLB).
- Support I2C quarterly declarations process with DFIN (SGIL)