Identification of risks 

• Facilitating undertaking of initial risk review of Products and SOPs (both new and changes to existing ones) for identifying new/emerging risks on a proactive basis in coordination with Business &/or related Support Functions.

Identification of risks

• Ensuring that all processes are well documented before go-live and updated on regular basis. 

Monitoring and reporting of risks 

• Monitoring compliance to various policies and procedures for reporting/ escalating exceptions/ breaches/ deviations to ORMD using ORM processes. 

Assessment, Monitoring and Reporting of risks 

• Facilitate continuous monitoring of risk and control environment through– 
  1. Risk and Control Self-Assessment (RCSA) – 
     • Regular review and updation of Risk Control Matrices / Risk Registers for new / emerging risks (based on new product, processes, systems and external events and changes thereto). 
     • Facilitating, Performing and verifying results of periodic RCSA/ Self-testing of controls to identify control design efficiency gaps &/or operating effectiveness issues. 
  2. Key Risk indicators (KRI) Monitoring– Timely collection, analysis and reporting (along with analysis and reason for limit breaches and actionable to bring risk within acceptable limit) of KRIs on periodic basis. Facilitate annual back testing/ validation of KRIs and thresholds by ORMD.
  3. Incident Reporting – Compliance to Incident reporting SOP by ensuring timely and accurate reporting of operational risk incidents (near miss and loss incidents) to ORMD, co-ordinating with stakeholders for root cause analysis and impact assessment, recording and data capture of loss events within the businesses and regular reporting of these events, follow up on open actions and recoveries for proper accounting/ provisioning for losses.

Monitoring and reporting of risks

• Management of Issues and Actions: Responsible for the timely follow-up, documentation and status of action plans, open issues (from Incident Reporting, RCSA, KRI monitoring, Self-identified issues, ORMC/RMC/Board meetings, Internal Audit, External Audit, Regulator and Inspector, etc.) and other initiatives waiting to be completed.

Management of risks in Outsourcing of activities

• Ensuring compliance with Outsourcing Policy and SOP to strengthen governance over outsourcing of activities including review of risks in outsourcing of new activities, service provider reviews, regulatory reviews, etc.

Risk Governance 

• Convening and conducting periodic Business Operational Risk Management Committee (BORMC) meetings and related activities, sharing key takeaways from BORMC meetings for escalating open/ emerging risk/ controls issues to ORMD for onwards reporting to ORMC/ RMC/ Board.