Risk Framework

Representative Activities

Enterprise Risk Framework

Developed complete Enterprise Risk Management program de novo for a FinTech with a suite of financial services.

Program Review:

Partnered with stakeholders to set desired objectives, conduct current state risk assessment, address gaps in existing program, and implement continuous improvement activities:

• Evaluated the overall framework (or develop new framework) for the purpose of risk identification, evaluation, prioritization, response, monitoring, and reporting.
• Established/updated metrics and criteria for analysis
• Conducted assessment (audit) of framework alongside industry standards for gap analysis and maturity roadmap.
• Partnered with risk owners to ensure similar audits for unique risk exposures per governing or industry standards
• Developed and executed program implementation plan

Representative Activities

Governance Partnership Engagement:

• Legal team – ensured consistent documentation approach
• Internal Audit – validated third line of defense exam protocols
• Compliance office – ensured key risk findings identified and prioritized
• Outside rating agencies / other stakeholders – provided insight about organization approach to risk management program
• Investor Relations – ensured alignment with public reporting of key business risk disclosures (e.g., 8K)

Risk Assessments:

Supported program owner to conduct risk assessment to include engagement with senior leadership and the business risk owners across the organization

Conducted Risk Assessments across the lines of defense and business functions:

• Enterprise-wide risk assessments aligned to operational priorities and business strategy
• Credit Portfolio Risk Assessment (CPRA) reports
• OFAC risk assessments
• BSA/AML risk assessments
• New product, services, and project risk assessment processes

Established sound governance through evaluation and enhancement of program protocol and stakeholder engagement (including governance partners)

• Identified / validated risks across the enterprise portfolio
• Prioritized existing risks and emerging risks
• Ensured residual risk tolerance is aligned with policies, procedures, and activities through enhance scoring methodology
• Documented risks, response plans, and changes
• Produced comprehensive readable report used to inform the program, Board, management, and regulators

Representative Activities

Ensured business continuity plans were compliant with FFIEC guidance as well as sound risk management practice for non-financial service companies.

• Sponsored strategic initiatives to improve company risk profile and support corporate strategy
• Implemented enterprise business continuity, crisis management, and IT disaster recovery programs, to protect critical business functions and technologies,
  • Reduced business interruptions, customer impact, and ensured employee safety
• Oversaw training, testing, and execution of business continuity plans
• Reviewed client and vendor contracts to ensure service level agreements fit company requirements
• Implemented incident and problem management processes, root cause analysis, and key performance metrics for operations quality that reduced business interruptions and customer service outages