Independent Compliance Risk Management (ICRM) is a global organization of over 2,200 professionals covering Citi’s global businesses striving to be the best for our clients. ICRM facilitates responsible finance with objectives to i) Drive and embed a risk culture throughout the organization; ii) Maintain a framework that provides reasonable assurance and facilitates firm-wide compliance with local, national, or cross-border laws, rules, regulations, Citi’s internal policies and procedures, and relevant standards of conduct; and iii) Protect Citi’s reputation by managing compliance risk across products, business lines, and geographies, supported by globally consistent systems and processes.
Compliance Risk is defined as the risk arising from violations of, or non-conformance with, local, national, or cross-border laws, rules, or regulations, Citi’s internal policies and procedures, and relevant standards of conduct.
The Head of ICG and EMEA Conduct Risk Management is responsible for designing, implementing and managing effectively and efficiently a plan, to be prepared annually, and updated quarterly. The plan will include risk assessment, risk-based execution plan, accountabilities, timetables and due dates, resource requirements and fulfilment of the requirements, budget and budget management. This includes ensuring global policies, standards and processes are applied, and suitable addenda and supplementary procedures established and maintained for compliance with applicable jurisdictional laws and regulations. Contradictions between local law and regulations, and group standards must be promptly identified and escalated, and mitigating processes and controls established to comply with jurisdictional requirements and mitigate the risks of non- compliance with applicable group-wide or entity-chain related laws and regulations, and global policies and procedures.
Responsibilities also include implementing applicable global compliance processes, setting ICRM priorities and driving transformation. The Head of ICG and EMEA Conduct Risk Management will be based in London and will report to the Global Chief Compliance Officer (CCO) Conduct Risk Management in Independent Compliance Risk Management (ICRM). This individual will be responsible for heading Conduct Risk Management for the ICG globally and the EMEA region and leading key elements of the existing global Conduct Risk Management Program
The Head of ICG and EMEA Conduct Risk Management provides franchise support to global management, including offering credible challenge, escalation of issues and reporting, as appropriate. In addition, the role also provides strategic direction and facilitates the implementation of the Compliance Risk Management (CRM) Framework, supported by the Comprehensive Strategic Plan (CSP).
Key Responsibilities Governance and Organization:
• Annual Compliance Plan: Preparing, obtaining approval and successfully completing an annual compliance risk management plan, in accordance with the global template and content and presentation requirements, setting out how Conduct-related compliance risk in EMEA and through ICG will be managed, and the role to be played by ICRM in order to achieve the plan. Identification of the business requirements, accountabilities and the process ownership and monitoring and testing ownership, as well as the determination of suitable staffing, hours required and secured budget in order to achieve the state of compliance within risk appetite will be set out in the plan, which will be reviewed quarterly with Executive Leadership and ICRM, as well as any applicable legal entity, as well as where required by applicable regulatory agencies. The annual Conduct Risk Management EMEA and ICG compliance plan must take into consideration the applicable compliance risk assessments and MCAs appropriate to the business and its activities.
• State of Compliance Reporting: Preparing quarterly, in accordance with the approved global format, and in adherence to all established requirements for the State of Compliance reporting. The State of Compliance report will be presented to the appropriate CCC, BRCC and legal entity Board or Board Audit Committee, or other such Board committee required for the business. Reporting to include operational effectiveness of the EMEA and ICG Conduct Risk Management related activities, timelines, efficiency and effectiveness.
• Enhancing Governance: Providing a valued interactive program of support and compliance risk management services covering the assessment and reporting of Key Compliance Risks across Conduct Risk in EMEA and ICG. Providing stakeholders with insight and practical solutions as well as credible challenge to improve the ethical control culture, and conduct risk environment. Timely reporting of significant regulatory issues to local, overseas, regional, and global stakeholders. Same-day escalation of regulatory reports received. Maintaining on-going assessment and reporting of the State of Compliance through the relevant corporate governance committees such as country audit committee(s) and/or subsidiary board(s), country coordinating committee and business risk management committee, and other management body(ies).
Key Responsibilities Compliance Risk Culture:
• Stakeholder Support and Relationships: Developing senior management relationships with key stakeholders. Informing senior management of significant compliance matters that require their attention or action. Proactively anticipate and help the business and functions plan for changes in the compliance and regulatory environment. Provide support to compliance programs and business management on policy interpretation and “gray area” exposures. Build and maintain strong relationships with other functional leads, including Legal, Risk Management, including Operational Risk Management, and Internal Audit to create a supportive and seamless compliance and ethical control culture and an appropriate conduct risk environment. Creatively and personally engage with stakeholders globally in different countries and businesses to create awareness of and confidence in Citi’s EMEA and ICG Conduct Risk Management Program, including employees, management, Boards and regulators.
Key Responsibilities Processes and Activities:
• Regulatory Management and Coordination: Supporting ICRM in the management and development of regulatory relationships. Coordinating as the key interface with regulators on compliance risk management issues and supervisory exam management matters related to Ethics. Providing same day notification of regulator correspondence to Citi Compliance Officer, Regulatory Liaison and Exam Management CCO and ICRM COO. Providing leadership, coordination and regular interaction with the authorities on behalf of ICRM and the Citi franchise. Record regulator correspondence and minutes of regulator meetings on Citi system in line with the Global Regulatory Exam Management Governance and Process Standards. Ensuring prompt recording of, responses to, and escalation of regulatory queries, notices of violations and breaches, any forbearance, and concerns identified. Deliver to regulators and supervisors a valued interactive program of support and assurance in accordance with requirements and appropriate expectations on compliance issues, trends, themes, root cases and impacts relating to governance, regulatory risk management and internal control issues. The overall objective is to earn the regulator’s trust and to establish a strong, independent and professional regulatory relationship across the franchises.
• Regulatory Inventory: Ensuring prompt identification, logging in, evaluation and formulation of a plan to address requirements arising from new and amended laws, regulations, rules and other requirements and expectations from regulatory and enforcement authorities.
• Regulatory Change Management and Controls: Ensuring that the regulatory change management requirements and processes, along with the regulatory control framework for existing requirements, as they impact surveillance activities are effectively operating with respect to the identification, impact assessment and implementation of all applicable laws, regulations, rules and related processes, controls and reporting that impact Citi activities in the jurisdiction. Provide oversight and guidance of the implementation of laws, regulations and rule (LRR) changes. Effectively manage compliance risk associated with regulatory changes by: Ensuring a holistic approach to regulatory implementation; Raising awareness around both emerging areas of elevated risk and where implemen tation is off-track or likely to lead to non-compliance, and providing credible challenge to the applicability, impact, and implementation plan; and verifying completeness of Citi’s regulatory inventory.
• Policies, Standards and Procedures (PSPs): For all PSPs assigned to the role the holder (owner) is responsible for: Developing and maintaining policies that meet policy framework requirements; Reviewing and approving underlying policy including local country addenda and associated documents aligned to policies; Completing a stakeholder review and feedback process; Clear, complete, concise policy drafting; Completing policy committee approval requirements; Completing periodic review requirements; Reviewing/approving exception; Assessing and reporting on implementation status via policy effectiveness metrics, including exceptions, breaches, issues.
• Independent Compliance Risk Management (EMEA and ICG Conduct Risk Management Program): Developing and implementing a global organizational design framework, as well as supporting policies and procedures, to enable consistent and appropriate identification, investigation, escalation and reporting of significant risks arising from the EMEA and ICG Conduct Risk Management Program, including providing thought leadership and advice as to the remediation of such risks. Providing direction and oversight in supporting ICRM teams related to global requirements and the applicable extraterritorial laws, regulations, relevant Citi policies, standards, and global procedures. Deliver consistent application of program procedures.
• ICRM Training: Ensuring that EMEA and ICG Conduct Risk Management elements of the ICRM global training plan are current and reflect global regulations while providing a fresh perspective on global trends and emerging regulation; ensuring that the training delivery method is tailored to the requirements of the subject matter and audience. Oversee the end-to-end development of content, as well as the delivery to employee and non-employee populations.
• Risk Mitigation and Issue Remediation: Work with management to ensure continued improvement in self-identification of issues, and appropriate escalation and monitoring processes to ensure timely and effective remediation to mitigate the Compliance Risk per ICRM Methodology and applicable policy.
• ICRM Operational Activity: Proactively leading the ICRM team to provide value added and timely compliance risk management direction, providing oversight of global delivery of the EMEA and ICG Conduct Risk Management Program to meet regulatory requirements and expectations, as well as global key performance indicators. Developing team operational efficiency with the timely implementation of enhancements. Conducting and meeting required standards in the relevant MCAs.
Key Responsibilities Resources and Capabilities:
• Management of Team: Championing a high performance environment and implementing a people strategy that attracts, retains, develops, embraces diversity and motivates teams (includes ICRM CSC colleagues) by fostering an inclusive work environment; communicating vision/values/business strategy and managing succession and development planning for the team.
• Compliance Technology and Automation; Data, Metrics, and Analytics: Support ICRM efforts to enhance technology and automation across the function. Provide relevant information and materials related to data to enhance the development of enhanced metrics and analytics for compliance risk. Ensure that efficient use is made of technology and information systems. Work closely with the CCO Technology and Information Security and the Technology and Information Security Compliance Risk Management team to support technology and systems requirements by researching and understanding technology needs, developing detailed functional requirements documentation, communicating clear priorities (including identifying which functionality is designed to meet regulatory mandates, efficiency goals or other business objectives). Ensure clear accountability for planning and oversight of technology projects, including timelines, budget, ongoing maintenance and support and updating or replacing systems as requirements – whether regulatory or business needs – change. Accountability for designated technologies as the ‘technology owner’ include: ensuring the technology functionality is fit for purpose, managing the technology expenditure within budget and specifications, monitoring amortization costs, anticipating requirements for functionality upgrades and replacement when appropriate. Liaison with the ICRM CCO for Technology and Information Security and Citi OandT to ensure cost effective management of effective technology tools. The tools for which this role is owner, or for which this role supervises the owner, are attached to this role profile. The supervisor of a technology owner has the same responsibilities as the direct owner.
Knowledge, skills and experience required:
The successful candidate will have strong technical knowledge of compliance regulations and requirements, through a minimum of 12 years of experience within a highly complex, global financial institution, regulator or related industry participant. Specifically, the successful candidate will have:
• Effective persuasion skills, the ability to work effectively at the highest levels of the organization, and display highly effective networking and influencing skills.
• An ability to influence senior business leaders on all compliance risk-related matters affecting the business. The individual should have the ability to independently challenge, when needed, while at the same time being supportive and solution-based and not being perceived as obstructive;
• An ability to be “hands on” and “in the trenches” with the direct team, while also bringing a sense of strategic vision and a global sensibility to the function;
• An ability to navigate and negotiate through conflicting demands to maintain focus on priority objectives while ensuring key stakeholders’ needs are met;
• Strong team leadership, communication, interpersonal and management skills, with a track record of leading through change and the ability to effectively communicate the strategic vision to various stakeholder groups;
• Executive presence and a reputation for building strong relationships with stakeholders, regulators, and leading teams, both direct reports and in peer/influence models. This person will interface with local external regulators and risk and control thought leaders as Citi will be driving leading edge practices;
• Effective negotiation skills, a proactive and “no surprises” approach in communicating issues and strength in sustaining independent views;
• The ability to thrive and execute in a complex, highly matrixed, global environment;
• Bachelor’s Degree required. Preference for post graduate degree and/or recognized professional qualifications where applicable. Professional qualifications may include: J.D., MBA, LLM, CRMC or equivalent, CPA.
Exceptional candidates who do not meet these criteria may be considered for the role provided they have the necessary skills and experience.
Demonstrates an appreciation of a diverse workforce. Appreciates differences in style or perspective and uses differences to add value to decisions or actions and organisational success.
Citi is an Equal Opportunities Employer
EMEA-GBR-ENG-London Compliance and Control Full-time Bachelor's Degree Day Job Regular NoRead Full Description