Citibank

ICG (TTS) - TTS In-business Control (IBC) Program Manager

Citibank
Full Time
Lead (more than 10 years)
Bachelor
English

Job Description

ICG (TTS) - TTS In-business Control (IBC) Program Manager

Location: APAC-HKG-Hong Kong-Hong Kong

Overview:

The Treasury and Trade Solutions In-business Control (IBC) Program Manager is a risk management specialist who proactively supports TTS Asia Pacific Management Team in managing and mitigating operational risks and executing risk and control responsibilities as a part of the First Line of Defense.

The TTS IBC Program Manager will work with the TTS product heads and function owners of the countries supported to establish a robust framework that enables effective risk and control management by the TTS business and functions, to provide objective views on risks, controls, and trends, and to advise and guide the business and function owners on risk and control matters. Accountability for robust and compliant processes and controls and their effective execution rests with the respective business managers and function owners.

The TTS IBC Program Manager is a hub/regional role and part of the team who will manage, coordinate and execute the core in-business control processes for the TTS Asia Pacific business in an effective, efficient and consistent manner. The role has a direct reporting line to the TTS IBC Region Head for Asia Pacific.

The TTS IBC Program Manager will partner with TTS Independent Risk to implement the TTS Risk and Control framework and policies and with the Franchise Risk and Control (FRC) functions that cover Information Security, COB, Third Party Risk Management, Data Privacy and Fraud in order to stay abreast of risks and issues that relate to the business and to escalate these to the TTS Business Heads.

Key Responsibilities:

Manager’s Control Assessment (MCA) Oversight and Quality Execution:

  • Coordinate the overall MCA and Annual Risk Assessment (ARA) processes for the Business, track their status, ensure timely completion, and escalate exceptions. The ARA should include Fraud and Conduct Risk assessment and documentation the assessment performed
  • Support the business in performing its ARA based on the analysis of internally raised risks and issues (management-raised issues, Compliance review issues, Internal Audit review issues etc) and externally raised risks and issues (regulatory issues, KPMG observations, etc.)
  • Provide specialist risk and control advice and guidance to the product heads and functions
  • Review control design and monitoring method to ensure soundness and effectiveness
  • Work with the product and function heads to establish reasonable thresholds for KRIs/ORIs
  • Coordinate and track the appropriate training of managers involved in the MCA process based on the regional MCA training program and escalate exceptions
  • Maintain the Process, Risk, Controls and Monitoring Methodologies (PRCM) in CitiRisk MCA system
  • Perform quality review of the documentation of the quarterly assessment to ensure the results are documented properly. Point out areas for improvement
  • Summarize and analyze the quarterly MCA results including issues and trends. Facilitate a review and discussion with TTS country management to determine entity unit rating
  • Work with the product/function managers to implement appropriate corrective actions, and share best practices
  • Provide MCA related data to region/global management
  • NOTE: MCA execution (monitoring/testing) should be performed by the product and functions heads, not the IBC Program Managers. Exceptions to this process should be based on a strong risk and control rationale

Issue and Corrective Action Plan (CAP) Management and Coordination:

  • Track issue and CAP status and progress, and escalate to the TTS Region IBC/COO, responsible TTS Business Head any CAP that are at risk of missing their target dates at least 30 days ahead of the targeted closure date
  • Support the business on ‘at-risk’ issues and CAPs
  • Review and document management-raised issues and CAPs in the iCAPs system (while ownership for the issues and CAPs remains with the Business and Function Heads), including compensating controls and the Issues Being Addressed by Management (IBAM) checklist
  • Validate completed CAPs in the iCAPs system prior to validation by other control and assessment functions such as Internal Audit and ORM

Annual Risk Assessments Coordination and Facilitation:

  • Work with the product and function Heads to review and provide responses to ARA questionnaires e.g. EWORA, EWARA, Anti-Bribery and Corruption (AB&C) and Compliance Risk Assessment (CARA), where applicable
  • The process should include identification, quantification, prioritization, and escalation of key risks and vulnerabilities identified
  • Document lessons learned, and propagate these across other countries, lines of business and functions as relevant
  • Lead and support the root cause analysis of material risk events and control breaks, and establish an effective feedback loop to country and regional business and control management
  • Support the business in drafting appropriate corrective and preventive actions plans

Permanent Control Readiness Assessment:

  • Manage, coordinate and support the business in reviewing, maintaining, and enhancing Permanent Control Readiness
  • Perform or coordinate periodic process review or control monitoring to ensure continued compliance with Citi policies and procedures e.g. Anti-Bribery & Corruption and Gifts and Entertainment, Mandatory Absence, Mandatory Trainings, Information Security Standards, Product Approvals and Deal Reviews, Outsourcing/Insourcing, Data Privacy and Cross border Data Clearance, Manual Payments Processing, Dormant Accounts, etc.
  • Where possible, use or develop ORIs/KRIs in addition to sample testing to assess, evaluate and validate controls. Results from these monitoring activities must be documented in the MCA
  • Work with the process owners to develop action plans that remediate the weaknesses

Third Party Risk Management:

  • Work with the Third Party Officer (TPO) to support the Business Activity Owner (BAO) and their delegates in the execution of the required control procedures set out in the Third Party Risk Management Policy
  • Take part in the review and assessment of outsourcing and in-sourcing activities to ensure adherence to the Citi policies and/or local regulatory requirements
  • Maintain relevant information on third party relationships, both outsourcing and in-sourcing and including those with affiliates, to support Resolution and Contingency Planning
  • Work with the TTS Front-office Third Party Officer (TPO) to implement a consistent third party risk management procedures

Standards and Procedures Coordination:

  • Support the product and function owners on gap analysis and the implementation of global policy requirements and regional standards including but not limited to Anti-Bribery and Corruption and Gifts and Entertainment, Mandatory Absence, Mandatory Trainings, Information Security Standards, Product Approvals and Deal Reviews, Outsourcing/Insourcing, Data Privacy and Cross border Data Clearance, Manual Payments Processing, Dormant Accounts, etc.
  • Track and review deviations and risk acceptances when raised and at the time of renewal to assess the need for deviations, and ascertain that the business have implemented and documented effective compensating controls

New Product and Business Practice Reviews:

  • Participate in the review of new products or business or significant deals by joining the appropriate forums e.g. Pre/New Product Approval Committee, Deal Reviews
  • Track conditions for approvals and discuss with the respective product or function owner potential delays so appropriate action can be taken
  • Analyze new product issues and draft lessons learned to prevent recurrence
  • Monitor product program renewal status and validate completeness of review and approvals by all stakeholders
  • Audits, Franchise Reviews and Regulatory Examination Management:
  • Support the Business on reviews and audits by reviewing and coordinating responses to findings issued by reviewers
  • Perform reconciliation between IA’s Risk and Control Matrix ( RCM ) and Manager’s Control Assessment (MCA) to evaluate alignment with IA’s assessment of the business’s key risks and controls
  • Review MCA effectiveness rating and initiate action to address gaps
  • Review and analyze non-IBAM issues and work with product or function owners on areas that need to be improved
  • Share lessons learned and/or areas for improvement with Region IBC

Operational Risk Events Management:

  • Assist the process or function owner in conducting root-cause analysis, preparing corrective action plan (CAP) and preparing write off/on memo for approvals, if applicable
  • Depending on country practices, ensure reportable items are input and reported in the CitiRisk Loss Capture system on a timely manner to facilitate attestation by TTS Senior Management
  • Escalate material or significant events to relevant senior management and stakeholders
  • Perform trend analysis and process deep-dive, as necessary

Risk and Control Project Management:

  • Coordinate and support the Business in the implementation of global and regional risk and control projects

Training and Awareness:

  • Perform or coordinate training on risk and control concepts, processes, tools, and on effective issue self-identification and testing
  • Customize global and regional training programs to cater for local requirements and nuances
  • Conduct new staff risk and control awareness training to supplement the country new staff orientation session
  • Create Permanent Control Readiness awareness across all countries, products and functions

End-to-end Line of Sight and Oversight Committee Participation:

  • Maintain front-to-back line-of-sight on risks and controls across all TTS business products and functions, including Operations, Technology and Service Centers
  • Represent the Business on risk and control matters to support the Business Head, as may be required
  • Work with the product or function heads to provide relevant inputs to risk and control committees, management meetings, and forums (e.g. Business Risk, Compliance, and Control (BRCC) Committee, TTS Risk Oversight Committee, AML Governance and Business Risk Committee, etc.)
  • Participate in country TTS Client Operations and Technology Oversight meetings as may be organized by the TTS country head and outsourced service provider governance/oversight meetings organized by business activity owner or their delegate, where possible

Qualifications

Professional Experience:

  • Minimum ten years in the Financial Services industry
  • Minimum five years in an Internal Audit, Risk Management, or Control Management-related role

Qualifications:

  • Minimum Bachelor’s Degree or equivalent professional qualification

Skills and Competencies:

  • Ability to lead and drive controls across the products and functions irrespective of reporting lines
  • Ability to manage through influence (e.g. management in the absence of reporting lines or with matrix reporting)
  • Ability to build rapport and work closely with key country and regional stakeholders and partners within and outside the country ICG Business Unit Strong understanding of ICG Business Unit processes and products as well as Operations and Technology
  • Up-to-date understanding of key risk and control concepts, tools and trends relating to risk identification, rating and prioritization, mitigation, and reporting, Operational Loss treatment, as well as the Basel Committee on Banking Supervision Accords (Basel I/II/III) and the COSO (Committee of Sponsoring Organizations of the Treadway Commission) framework
  • Proven people and team management skills
  • Risk-based thinking and analytical mindset
  • Self-starter who can work independently
  • Ability to multi-task and manage concurrent projects and deliverables
  • Proficient in the use of basic Microsoft applications (Word, Excel, PowerPoint)

Technical Skills

  • Accountancy
  • Anti Money Laundering (AML)
  • Audit
  • Basel I
  • BASIC
  • C (Programming Language)
  • Compliance
  • Gap Analysis
  • Information Security
  • Internal Audit
  • Microsoft Excel
  • Microsoft Powerpoint
  • Microsoft Word
  • Reconciliations
  • Risk Assessment
  • Risk Management
  • Root Cause Analysis
  • Sourcing
  • Team Management
  • Training