Risk Governance
ING Hubs Philippines risk governance structure follows ING Bank's three lines of defence model. This model aims to provide sound governance framework for risk management by defining and implementing three risk management layers with distinct roles, execution, and oversight responsibilities.
First line of defence (1LoD)
Each department and business line has the primary ownership, accountability, and responsibility for assessing, controlling, and mitigating all financial and non-financial risks affecting their businesses and for the completeness and accuracy of financial statements and risk reports with respect to their responsible areas.
Meanwhile, the Management Committee (ManCom) is responsible for developing and implementing operational controls to manage and mitigate risks.
The ODCR Team functions as 1LoD risk and control, mandated to ensure framework execution in the organization and to provide control insight and support to the business lines and Mancom.
Specific to ING Hubs, the ODCR Team also:
Functions as the delegate Data Protection Executive (DPE) Office, ensuring execution of Global Personal Data Protection Policy and relevant local data privacy requirements
Covers specialized function for Fraud Management, Business Continuity Management, and Compliance, ensuring proper execution of relevant controls within the organization
Job Purpose
Contributes to business risk and control functions to ensure that ING's activities are in line with regulatory requirements and run smoothly, in such a way that it can be demonstrated to the regulators and the outside world. Contributes to the integrity of ING's products, services, and employees, and compliance with respect to the outside world.
Roles and Responsibilities
Process
Responsibilities
Activities
Training and Awareness
Ensure adequate understanding of control ownership and risks across the organization
Create awareness about Non-Financial Risk (NFR) responsibilities and control ownership across 1LOD
Ensure 1LOD staff are trained on NFR methodology and tooling
Develop local training & awareness plan in collaboration with 2LOD
Monitor timely participation in mandatory trainings on specific control requirements
Risk Assessment
Facilitate the timely execution of risk assessments, ensuring the participation of relevant 2LoD functions as of the start of risk assessment
Support the preparation, coordinate, and monitor the timely execution and submission of risk assessments
Ensure quality and documentation of risk assessment in relevant tooling
Control Design
Support process control design, considering effectiveness, efficiency, and customer experience criteria
Advise business on the design of generic controls, considering effectiveness and efficiency and ensuring automation where possible
Support business with control definition and documentation, including the definition of control indicators and/or test plans
Control Implementation / Execution
Facilitate gap analysis/impact assessment and monitor the remediation of gaps related to global policies, control standards, and regulatory requirements
Ensure the timely and proper documentation of controls in the system
Coordinate execution of applicable entity wide and/or process specific controls
Coordinate and advise on the analysis of control requirements to identify any required changes
Ensure correct pushing of controls in the system
Document/update risk assessment, risk and control owners, control description, waivers/deviations, test dates, and test plans, among others, in the system
Together with risk and control owners, ensure timely and proper execution of controls in the entity or within the specific departments/business lines
Control Evaluation
Perform and/or coordinate Key Control Testing and/or other alternative methods
Facilitate and document testing results and control evaluation
In consultation with 2LoD, identify scope and plan of testing of key controls
Monitor progress on key control testing and/or other alternative methods (e.g., Risk Measurement Model)
Coordinate and provide input for the timely control evaluation (sign-off on control effectiveness) in the system
Event Management
Ensure timely capturing, analysis, follow up, and reporting on events
Support the documentation of lessons learned and facilitate the sharing with/learning from other units
Embed event reporting process in the local set-up
Advise departments and business lines on immediate event reporting requirements
Ensure proper documentation and updates of incidents in the system
Agree with event owners on follow up actions and track these until closure
Support root cause analysis and lessons learned delivery
Monitor timely delivery of lessons learned and share with relevant stakeholders
Issue and Action Management
Execute and/or coordinate the timely definition, capturing, monitoring, and reporting of issues
Advise on issue risk ratings, action owners, management actions, and timelines to mitigate control deficiencies
Ensure timely recording of issues and actions in the system with correct linkage to relevant controls and/or regulatory requirements
Monitor and track progress of issues and facilitate requests of risk rating and target date changes and issue acceptance
Support business in CAS close out meetings
Coordinate timely closure of issues
Management Information and Reporting
Prepare dashboards providing management insight on control effectiveness, issues, events, among others
Report on NFR framework execution as well as on the effectiveness and efficiency of overall control environment to the local NFR Committee and relevant Operations Management Teams
Support the preparation and reporting of quarterly NFR Dashboard
Prepare and release reports on NFR Targets
Mandate, roles, and responsibilities are the same except that C&R Officers are assigned as local control and risk owners while C&R Business Partners work with the Delivery Teams in managing 1LOD risk and control activities.
Work experience/skills required:
At least 3 years of banking experience, specifically in the fields of Business Control, Operational Risk Management, Compliance, and/or Audit
(Note: This increases depending on the GJA level. Specialized function (i.e., Fraud, BCM, DPE) will require at least 5 years of experience in the specific field/area of expertise.)
Demonstrable understanding of and experience with various risk management tools and processes
Fluent in English (written and spoken); with good communication and presentation skills
Able to liaise and collaborate with a broad range of individuals, including Senior Management and Global stakeholders
Capable to train others, transfer knowledge, and share expertise
Able to work well, apply sound judgment, and make timely decisions under pressure
Proactive, self-starter, and requires minimal supervision
Able to establish a good working relationship among colleagues
Experience with international/global financial institution is an advantage
