Team Member - ORM

Role & responsibilities

1) Job Purpose: Write the purpose for which the job exists (in 2-3 lines)

Assist Team Lead-ORM in implementing ORM framework across all/assigned Businesses and Support functions and monitoring their adherence to ORM policy and procedures for identification, measurement, monitoring and reporting of operational risks. In particular, the role will be responsible for executing various activities involved in following:

1. Key ORM processes -

a. Risk review of assigned Policies, Products and SOPs.

b. Incident analysis, reporting, remediation and loss data management;

c. Risk and Control Self-Assessment;

d. Collection, analysis and KRI breach reporting; and

e. Management of open issues and actions from various sources for closure &/ or timely escalation of overdue items.

f. ORM training and awareness drives.

g. Other ad-hoc assignments from time to time.

2. Monitoring and oversight over outsourcing of financial services activities.

2) Job Context & Major Challenges: Write the specific aspects of the job that provide a challenge (internal and external) to the jobholder in the context of the Business/Unit/Function/Department/Section

Job Context -

Operational risk (OR) is one of the major risks faced by organizations globally. With increase in product complexity, automated transaction processing, rapid technological changes, ever changing regulatory landscape, customer expectations and a series of failures / frauds in financial services industry, the importance of ORM has only increased over time. As OR is integral to financial services activities and is all pervasive in nature, ORM cuts across businesses and support functions, products, systems, management levels and geographies. Further, ORM is an extremely critical component of Enterprise Risk Management.

Major challenges -

While ORM function is guided by Board approved ORM Policy and Framework, Operational risk itself is a very unique and complicated subject in many ways (vis--vis market or credit risk), thus a challenging task.

Key challenges involved in implementing an effective ORM include (though not limited to):

• Diverse and complex products, multiple systems (with inadequate/ missing functionalities due to technical/budget) due to leading to manual &/or semi-automated/ fragmented processes;
• Speed of technological advancements and its adoption by entities leading to newer risk and controls issues;
• Ever changing regulatory landscape that requires constant re-alignment of products, processes and systems to ensure compliance with newer regulations;
• Time and effort involved in building a risk culture within Business and Support Functions to ensure timely reporting and escalation of known risks/ control gaps / issues;
• Integrated nature of risks whereby one/ multiple Operational risks may lead to other risk/(s) and vice versa and resultant cascading impact;
• Lack of coordinated effort by diverse stakeholders sometimes leading to delay in remediating issues;
• Involvement of multiple diverse set of stakeholders sometimes with conflicting interests require strong negotiation skills to arrive at consensus which is mutually acceptable to all; and
• Constant struggle to achieve the right balance between risks and controls due to financial and non-financial considerations.
• Rigorous follow-ups with stakeholders and escalations.

Key Result Areas

Supporting Actions

Identify potential risks/ control issues from various available records/ sources for timely remediation and strengthening internal controls.

1. Co-ordinate with BORMs/Process owners to ensure independent validation of RCMs and RCSA results shared by Business and Support Functions.

2. Review various available sources like GLs, System generated/ ad hoc operational reports, IT incidents log, Info Sec security logs, Customer Complaint data, Operations error log, etc. using analytics/ or manual review procedures to identify potential risk/ control issues.

3. Discuss identified potential risks/ control issues with Team Lead-ORM and Head-ORM for further investigation, reporting and remediation, as appropriate.

Support KRI monitoring process for monitoring risk levels and direction.

1. Collect, analyze and prepare KRI breach report along with root cause, actions, action owners and timelines for review of Team Lead -ORM and Head-ORM.

2. Ensure timely publishing of correct KRI breach report to all stakeholders.

Manage open issues and actions from various sources for closure &/ or timely escalation of overdue items to strengthen ORM governance and oversight.

Implement Issue and Action Management process by ensuring following -

• Build a comprehensive tracker for issues and actions emanating from various source like approved Product notes/ revisions, review of SOPs, RCM reviews, RCSA results, KRI monitoring, Incident reporting including insurance claims, ORMC, RMC, etc.
• Ensure periodic follow-up for timely and correct updation of tracker to facilitate availability of relevant data to various stakeholders.
• Ensure timely reporting &/or escalation of overdue open issues &/or actions.

Assist in strengthening governance over outsourcing of financial service activities.

1. Implement approved Outsourcing Policy and various aspects of Outsourcing SOP.

2. Annual review of Outsourcing Policy and SOP for changes, if any.

3. Assist Head- ORM in ensuring adequate governance over outsourcing of financial service activities by Business and Support functions including co-ordination with Business/Support functions to facilitate pre-assessment of risks prior to outsourcing of new financial services activities.

4. Ensure timely completion of periodic Outsourcing reviews by Business & Support functions as per regulations. Review submitted reports and prepare summary report for Board reporting.

5. Independent validation of Service Provider review reports submitted by Business and Support Functions.

Assist &/ participate in various ORM initiatives to further strengthen ORM governance and oversight.

1. Review adequacy of risks covered in Insurance Policies and publish relevant information for reference and use by LOBs and Support Functions.

2. Assist in independent assessment of controls and remediation of gaps (including process control automation initiatives)

3. Execute &/or facilitate other ORM initiatives including detailed risk reviews/ process deep dives/ thematic reviews/ ad-hoc projects, etc.

4. Assist in collation and preparation of periodic/ ad hoc ORM reports for Senior Management, ORMC, RMC and Board.

5. Co-ordinate with Learning & Development team and Business/Support functions for execution of training strategies through online/ offline channels.

6. Support automation of ORM processes by participating in system implementation, performance of UAT and resolution of UAT issues, on-going master maintenance, updation of ORM data (RCM updation, RCSA results, risk incidents, KRI, issues and actions, reporting module, etc.) and on-going change management activities.

7. Any other project/ responsibility assigned from time to time.