BNP Paribas is a leading European bank with an international reach. It has a presence in 72 countries, with more than 202,000 Employees ? including more than 154,000 in Europe and over 5,000 in Portugal alone.
BNP Paribas is present in Portugal since 1985, having been one of the first foreign banks to operate in the country. Today, BNP Paribas has several entities operating directly in this territory, offering a wide range of integrated financial solutions to support its clients and their businesses.
Worldwide, the Group has key positions in its three main activities: Domestic Markets and International Financial Services (whose retail-banking networks and financial services are covered by Retail Banking & Services) and Corporate & Institutional Banking, which serves two client franchises: corporate clients and institutional investors. The Group helps all its clients (individuals, community associations, entrepreneurs, SMEs, corporate and institutional clients) to realise their projects through solutions spanning financing, investment, savings and protection insurance.
BNP Paribas Internal Control framework is organized around 3 lines of defense, under the accountability of the management Body in its management function and the oversight of the management Body in its supervisory function ((DG0020 Internal Control Charter).
The first two layers are responsible for the permanent control framework, while the 3rd layer (LoD3) is responsible for the periodic control framework that is the verification and assessment function that operates according to a dedicated audit cycle.
The Functions embodied within the LoD2, are accountable, by delegation from the management Body in its management function, for the organization and the sound functioning of the risk monitoring framework and its compliance with laws and regulations over a whole set of domains.
The 1st Line of Defense is at CIB level (LoD1), whether it is directly related to the business (FO), a function (Finance, HR or IT) or accompanying the business (Operations).
ROLE AND RESPONSIBILITIES
The Permanent Control
Is an overall system set up to permanently control risks and monitor the execution of strategic actions. It is based on policies, procedures, processes and control plans and involves organizational measures, controls and governance
It consists in the continuous implementation of the risk management framework by the 1st and 2nd line of defense. (DG0020 Internal Control Charter)
The permanent control framework
Is the continuous risk management framework, embedded in operating processes and involving 1st and 2nd lines of defense, whereas the periodic control framework is an audit process, out of the current operating processes, run by the Inspection Générale. (RISK0327 ?Organizational framework and governance for Operational risk management and Permanent control framework)
Defined as ?The risk of loss resulting from the inadequacy or failure of internal processes or external events, whether deliberate, accidental or natural? (RISK0326 ? Fundamental operational risk definitions)
Losses attributed to credit risk, market risk, and ?break even? are not included in the operational risks, nor are consequences affecting the o reputation
Are entities running a business or delivering a service, such as Métiers, support functions i.e. organizational entity
First and foremost the mandate of the OPC is to support the Head of his operating entity in the management of her/his operational risk and to ensure Permanent Control pillars requirements are met, by:
Identifying, assessing and mitigating Operational Risks:
Identify and assess the risk, Design Risk Cartography in line with the Risk & Control SelfAssessment (RCSA) Group approach
Collect and analyze Historical Incidents o Contribute to Regulatory Capital computation or monitoring through the determination of Potential Incidents (for AMA eligible entities)
Based on Risk Profile, implement relevant mitigating actions, o Participate to the governance of project impacting significantly the Operational Risks and Permanent Control framework.
Materializing, maintaining and improving the permanent control set-up, thus protecting the Bank:
Assessing the quality of his control framework and of its execution, i.e. monitor control execution and perform a posteriori control to test the quality of the framework (Key Surveillance Point, Quality review on control, control of controls etc.?)
Ensure regulatory mandatory duties are duly monitored by Control Plan at LoD1 level
Ensure and foster operational risk awareness vis a vis staff belonging to operating entities
Providing official opinions and advices on major decisions having an impact on the operational risk management and risk appetite of her/his operating entity notably related to outsourcing (internal and external) projects
Monitoring permanent control actions and recommendations and notably ensuring the relevance of implementation dates as well as the adequate ownership of recommendations issued by LoD2, LoD3, central supervisors and external audit
Organizing, deploying and coordinating:
GovernanceRISK0339 policy on Governance bodies for the management of operational risks, and of the permanent control system states that ?the set-up of a governance system focusing on the permanent control system and the risks for which they are responsible. It must serve to:
Provide an organized and overall vision of an entity in terms of Permanent Control
Constitute an alarm and escalation level relative to recurring weaknesses
Provide an analysis and decision-making collective body relative to these subjects
Formalize the executive body?s involvement in the management of these issues and follow-up of the related actions
ReportingEase transparent monitoring information to their reporting lines, hierarchical or functional, internal or external, ensure adequate regular and ad hoc reporting to Management and build the Permanent Control Reporting
Relevant and up-to-date procedural framework
IT toolsUse appropriate Group or specific tool that is used to record, report and consolidate controls and control results
CLM OPC are assessed on followings:
His/her ability to Manage CLM Operational Risk taking into account the Regulatory, Compliance and LOD1 evolutions
His/her ability to analyse & investigate a process/product/situation/Incident with an operational risk mindset and to provide with structured, written feedbacks
His/her ability to organise himself/herself and coordinate with the OPC pairs
His/her ability to alert when required
Yearly objectives are defined with CLM OR& PC manager
Experience in Operational risk Management, Audit or in Compliance area
Knowledge of products and/or processes risk analysis and management
Good Powerpoint skills
Basic and OPC IT tools
Ability to report
Negotiation, conflict management, adaptability
Any experience as a Project Manager is a plus
Communication skills in influencing and leading
Fluent in English (required)
Please note that only applications submitted in English will be considered.
In case you are selected for this role, further documentation will be requested to support your hiring process.
BNP Paribas is an equal opportunity employer and proud to provide equal employment opportunity to all job seekers. We are actively committed to ensuring that no individual is discriminated against on the grounds of age, disability, gender reassignment, marriage or civil partnership status, pregnancy and maternity, race, religion or belief, sex or sexual orientation. Equity and diversity are at the core of our recruitment policy because we believe that they foster creativity and efficiency, which in turn increase performance and productivity. We strive to reflect the society we live in, while keeping with the image of our clients.