Role Overview
The Risk & Compliance Manager at Tower Sacco is responsible for establishing and implementing an appropriate Operational & Compliance Risk Management framework. This role aligns with the Society’s Strategic Plan, Risk Management Policy, established SACCO By-laws, and regulations. The successful candidate will provide oversight to the enterprise-wide risk management (ERM) strategy and framework, translating the risk appetite framework into informed decision-making practices that support Tower SACCO’s unique business model and strategic plan.
Key Responsibilities
- Strategy Development: Develop and implement a risk management strategy and monitor the implementation of the SACCO’s strategic plan to prevent, eliminate, and mitigate operational risks.
- Business Continuity: Maintain and periodically review Business Continuity plans to ensure operational resilience.
- Risk Identification: Identify emerging risks that present new regulatory, fraud, or money laundering threats, particularly those associated with new products, services, customer types, and geographies.
- Monitoring & Reporting: Participate in the development and implementation of a Risk Monitoring and Reporting Framework.
- Policy Enforcement: Provide assistance in developing and updating policies and procedures by enforcing document standards and ensuring they are embedded within business units.
- Training: Develop and conduct training programs on developments in the legal and regulatory framework.
- Compliance & AML: Ensure customer portfolios are risk-rated and that AML monitoring is in line with the risk levels. Screen transactions and customers for Anti-Money Laundering (AML) through daily reports and system alerts.
- Liaison: Liaise with the SACCO’s partners and counter-parties on AML & KYC matters. Coordinate with the Financial Reporting Centre (FRC) regarding cash transaction returns and suspicious activities.
- Regulatory Compliance: Monitor compliance with the Unclaimed Financial Assets Act (UFAA), Data Protection laws, and SASRA regulatory requirements.
- Risk Assessments: Conduct risk assessments for existing and proposed units, including branches and head office departments.
- Remediation: Track the progress of remediation for control weaknesses identified by Internal Audit or self-testing.
Requirements & Qualifications
- Education: A Bachelor’s degree in a Business-related field, Computer Science, ICT, or a related field from a recognized University.
- Professional Certifications: Possession of professional qualifications such as CPA, ACCA, CISA, FRM, CEH, CISSP, CRISC, or CISM. Additional certification in ICT Security, Audit, and Risk management is an added advantage.
- Experience: A minimum of four (4) years of working experience in an audit firm or a financial institution, specifically in Banking Operations, Audit, Risk Management, and/or Compliance practices.
- Technical Knowledge: Comprehensive knowledge of ERM concepts, operations, and ICT risk management concepts.
- Age Requirement: Candidates must be below 35 years of age.
Desired Qualities
- High analytical and problem-solving skills to challenge the status quo based on qualitative facts.
- Knowledge of risk and governance standards such as COSO framework, Basel Corporate Governance Principles, and SASRA Risk Management for SACCOs.
- A track record of delivering on targets within regulatory and non-regulatory deadlines.
- High ethical standards, integrity, and professionalism.
