By Ateya Mohammad Abu Elbeh
Publications of Basle Committee, Sorban-Oxely ,COBIT, ISO, BSI & many others that deal with Risk Management stress the need for a continuous process of Risk Identification, Assessment, Monitoring, Mitigation and Control. Specifically. Starting off this point ,you at PSE, need to identify and assess all kinds of risks especially Operational risk, Business Continuity, Information Security and Regulatory Compliance.
The increased potential for Disaster , electronic attacks or system outage, Internal & External Fraud ... suggest that you have to create your continuity & Disaster Recovery plans ,and those plans should be reviewed in a systematic and periodically basis , or if necessary developed, to account for the greater risk of physical threats and malicious attacks on people, property, computer and telecommunications systems. Additional consideration needs to be given to the proximity of threats as well as the vulnerability of back-up facilities in case of its existence.
1.2 Objective
Our objective is to establish a comprehensive Risk Management Department based on the best practices In our area & globally to identify and prioritize the risks and processes that are critical to our business at the Country & international Level to meet local and international regulatory requirements.
1.3 Definition
Today, Risk Management occupied the top priority in the financial & monetary system locally and globally ., because of the rapid and huge revolution in this industry .
There are four main Divisions under Banking Risk Management Department:
· Regulatory Compliance
· Operational Risk
· Business Continuity
· Information Security
1.4 Scope
This department applies to all PSE branches, Products, operations, services & IT in order to enable us in mitigate ,reduce ,manage and a verse those exposures in a right time with the minimum costs .
2.1 Jobs Description and Responsibilities
2.1.1 General Department Responsibilities:
The key task of the Risk Control & Regulatory Compliance Department is to monitor PSE members compliance with all the regulatory requirements. The main mission is to ensure that PSE has a robust system for the identification and management of Risk and Regulatory Compliance requirements in all jurisdictions and provide reasonable assurance to the CEO/Audit Committee/Board of Directors that it is applied consistently across PSE .
Develop and maintain the risk assessment framework..
Implement the Risk Framework as the basis of any risk assessment requirement and where necessary, including for projects.
Produce the required risk assessment and action plan reports.
· The link point between the PSE management and local /global regulatory bodies .
· Develop and maintain Regulatory Compliance, operational risk, Business Continuity and Information security Manuals .
2.1.2 Department Manager Responsibilities (General):
· Ensure the implementation of the customer's identification, verification, and due diligence programs.
· Monitoring conspicuous business relationships.
· Take the necessary action in case of any suspicious transaction/activity within the limitations specified.
· Responsible for maintaining awareness within the PSE staff of Money Laundering and Terrorism Financing risks, issues, and PSE policies and procedures.
· Act as the central point for all contact and communication between PSE and the Competent Authorities.
· Produce regulatory compliance business plan and budget.
· Plan and execute regulatory compliance projects.
· Prepare Operational risk, Regulatory Compliance, Information Security and business continuity handbooks and manuals .
· Advice the CEO/ BOD and other departments on new developments.
· Assess impact of local regulatory change on business.
· Obtain approval from the local Competent Authorities on relevant policies and procedures.
· Ensure appropriate policies and procedures are defined in compliance with local regulatory requirements.
· Consult on specific transactions.
2.1.3 Department Responsibilities (regarding Operational Risk & BC ):
· Identification of risks process and Risk universe.
· Evaluation and developing existing controls to enhance organizational performance and raise awareness across the department of procedures relating to operational risk
· analyze procedures and controls within the department, checking them for relevance, effectiveness, and consistency.
· assess the impact of new system, product, services ,activities implementations and will be accountable for the continuous awareness of operational risk mitigation.
· Maintain an active understanding of developments in operational risk management both through peer review and regulatory developments (e.g. Basel II).
The following manuals & Plans will be prepared:
· Enterprise Risk Management Manual
· Loss Data Collection Manual
· Strategic Risk Management Instruction Manual
· High Level Risk Assessment Instruction Manual
· Outsourcing Risk Management Manual
· Products, Activities, Process & Systems (PAPS)
· Reputation risk Manual .
· Loss Data report.
· Business Contiguity Plan (BCP).
· Crisis Management Plan.
· Incident Response Plan
· Evacuation Plan
· Disaster Recovery plan
· KYC, KYCC, CODE Of Conduct, AML
· Information Security manual.
The following projects will be conducted (long & short term) :
· Equip a command center for the PSE.
· Conduct BCM Project.
· Equip Living Disaster Recovery Site for PSE (LDRS).
· Equip An Alternate Site for PSE .
· Equip Disaster Recovery Site.
2.1.4 Department Responsibilities (regarding Information Security ) :
· Monitors compliance with the organization's information security policies and procedures among employees, contractors and other third parties and refers security incidents to appropriate department managers, administrators as per the corporate policy.
· Ensures the compliance of existing and new information systems with the Corporate Information Security policies, procedures and controls;
· Initiates procedures for nominating data owners for information assets and assigning data ownership
· assess risks related to information technology and develop effective solutions that complied with PSE's information assets
2.1.5 Department Responsibilities (regarding Money Laundering) :
· Identify, evaluate, and manage Money Laundering and Terrorism Financing risks through the execution of various testing and monitoring programs.
· Ensure the implementation of the customer's identification, verification, and due diligence programs;
· Reviews on a daily basis the customers identification, verification and due diligence processes and implementation;
· Checking all large transactions above or equal to the threshold established by the Local Competent Authorities , and document such activities in a verifiable manner;
· Reviews the daily control reports including the amounts of transactions that exceeds a certain limit i.e. threshold;
· Responsible for monitoring on a day - to - day basis for all matters relating to Anti Money Laundering and Combating Financing of Terrorists in the branch;
· Receive and analyze suspicious transactions/activities reports from the branch staff members.
· Take the necessary action in case of any suspicious transaction/activity within the limitations specified and under the direct supervision of Risk Department Manger .
· Processing reports of suspicious transactions/activities and pass them to the Risk and regulatory compliance department.
· Make sure that the filing / archiving of the internal reports is kept according to the filing instructions and secures them in a safe facility under his responsibility.
Responsible for maintaining awareness within the PSE staff members of Money Laundering and Terrorism Financing risks, issues, and the PSE policies and procedures.
