This 4-hour course provides a comprehensive understanding of the generic enterprise risk management practices and risk concepts commonly deployed in the financial industry to enhance the overall enterprise risk management. The complexity of today’s interconnected financial markets and globalization is exposing organizations to numerous operational, technological and business threats that could lead to substantial data and financial losses as well as reputational damages.

Designed for private banking professionals managing or supporting risk-taking activities for business growth and performances, this programme focuses on the practical considerations in the design, adoption and implementation of systems and processes for optimal enterprise risk and GRC management, aligned to MAS and global regulations. It covers the key enterprise risk management concepts and best practice implementation approaches, including its management and applications to IT and cyber risks. It will also go beyond that and address the practical usage of that knowledge; with case studies and examples.

• Assistant Relationship Managers in Private Banking
• Operations functions in Private Banking
• Covered persons under Private Banking Code of Conduct who may be interested

• Assist with risk planning in consultation with relevant stakeholders
• Support risk assessment at operational level
• Implement risk controls according to defined risk management policies and plans
• Identify and assess possible risk response activities for consideration in the risk management process
• Conduct risk response activities in accordance with risk management plans
• Apply change management techniques to facilitate implementation of risk controls, risk management and risk response activities
• Document and track risk management outcomes according to information format requirements and present documentation to relevant stakeholders for review

Principles of effective risk management

• Designing & Implementing a best practice GRC framework, incl. systems, policies & procedures incl. risk appetite setting
• Clear GRC governance incl. 3 or multiple LoD
• Roles and responsibilities with clear policy making on Code of Conduct and Fiduciary Responsibility
• Independent risk model review and validation, reporting to the Board

Risk management strategies, frameworks, policies, procedures and practices

• Board and Senior Management accountability on Strategy and risk appetite setting
• Key elements of Enterprise Risk Management/GRC Framework – Cycle of Objective, Risk Identification, Assessment, Response / Mitigation, Monitoring & Reporting

Components of risk management plans

• GRC Framework implementation, compliance and review
• Risk appetite setting, risk tolerance and limit management
• Contingency Planning including incidence response and recovery

Risk analyses and assessment processes

• Risk identification and assessment methodologies incl. use of surveys, incidence management, loss data and RCSA
• Risk response
• Risk monitoring and reporting

Types of records of risk management process and outcomes

• Design of risk registers / templates as part of records or document management
• Dynamic reporting incl. on outcomes and actions taken, with charts, dashboards and heatmaps

Methods for monitoring enterprise risk indicators and risk management activities

• Top-down and bottom-up risk registers, linking the enterprise layer to business units in the organisational hierarchy
• Risk connectivity chart and ecosystem view with alignment in ERM standards and framework processes, policies and procedures (incl. speaking the same language/risk taxonomy, data lineage and traceability, etc.)

Financial services industry specific risks

• Basel 3/4 banking regulations incl. the 3 Pillars of the Basel Accord
• IT and Cyber Risks encompassed by MAS TRM, 3rd Party and Cyber Hygiene Regulations
• ALM, Liquidity, Contagion, operational risk (as part of Pillar 1) and IRRBB

Concluding Remarks, Q&A and Summary of Key Points

Assessment - MCQ