KEY PERFORMANCE AREAS (KPAs)

1. Risk & Compliance Data Management

·       Build and maintain data pipelines for operational risk registers, incidents/loss events, RCSAs, compliance monitoring plans, KRIs, and scenario analysis.

·       Standardise datasets, templates, and evidence documentation for monitoring officers and risk officers to ensure auditability and traceability under the GRICAF.

·       Stretch: Lead the design of enterprise-wide data architecture standards for risk and compliance, aligning with GRICAF and BCBS239 principles.

2. Monitoring, Planning & Execution

·       Provide analytical support for risk-based compliance monitoring plans (aligned with GACP) and operational risk reviews.

·       Integrate structured datasets supporting compliance monitoring scope, risk assessment models, and RCSA cycles for ERM management and/or data governance approval.

·       Provide dashboards, extracts, and predictive insights to identify compliance gaps, emerging operational risks, and control effectiveness trends.

·       Stretch: Shape Group-wide methodologies for data-enabled monitoring and risk assessment, ensuring consistency across subsidiaries, supporting and influencing revisions of principal risk frameworks.

3. Reporting & Documentation

·       Contribute validated risk and compliance data for inclusion in Group Risk Committee packs and BARCC reports.

·       Support consolidated departmental and executive management reporting, aligned with Group data governance standards.

·       Stretch: Advise on the evolution of reporting standards for principal risks, ensuring Group reporting aligns with regulatory developments and emerging international standards.

4. Controls, Issues & Remediation Tracking

·       Enable automation of ERM workflows such as control testing, risk and control assessments, issue remediation reporting and risk and compliance performance discussion input.

·       Provide consolidated views across various risk dimensions such as Operational Risk, Financial Crime, Compliance, matters for board attention, remediation actions and overdue items for escalation to the Group Risk Committee and BARCC.

·       Stretch: Provide thought leadership and insights on Group-wide control taxonomy and remediation protocols, influencing enterprise risk governance standards.

5. Stakeholder Engagement & Support

·       Collaborate with GPROs, PROs, Operational Risk Officers, Compliance Officers, and Business Unit Risk Champions across the Group.

·       Support ERM’s representation at regulatory and industry forums by preparing relevant risk and compliance data inputs.

·       Provide risk and compliance data insights to internal assurance functions under the combined assurance model.

·       Stretch: Represent Capricorn Group in external industry working groups or regulatory consultations on data-driven risk and compliance practices.

6. Quality Assurance & Tools

·       Develop and enhance ERM’s risk and compliance data tools, dashboards, and models to support dynamic risk management.

·       Perform quality assurance on data inputs into principal risk frameworks, compliance monitoring outputs, and advisory notes.

•         Stretch: Champion innovation in ERM data tools (e.g. AI/ML use in risk data), driving Group adoption of advanced risk       analytics.