Main Purpose Statement

The OPC is responsible for implementing and maintaining the Operational Risk and Permanent Control Framework within their assigned domain and Operational Entity (OE). The role requires working closely with stakeholders across RCS in a collaborative, innovative, and efficient way.

Key Responsibilities

Identification and Assessment of Operational Risk and Controls

•Ensure all material risks and their mitigation measures are properly evaluated.

Operational Risk Management and Permanent Control Procedures

•Implement Group procedures locally and adapt them where required by local regulations or organisational needs.

•Ensure procedures are validated, updated, stored correctly, and communicated to relevant stakeholders.

•Recommend updates to business-area procedures based on risk assessments, incidents, control results, audits, etc.

•Prepare exception requests to the procedural framework when needed.

Controls and Control Libraries

•Contribute to defining and regularly updating Central Control Libraries (CCLs) and Local Control Plans (LCPs), ensuring they reflect local risks, regulations, and events.

•Execute and/or coordinate controls according to these plans.

•Ensure control results are reviewed, analysed, and action plans are created where required.

•Input or verify the correct input of control results and action plans into Group tools.

•Monitor the implementation of self-identified action plans for failed controls.

Management of Incidents (Potential, Historical, and External)

•Alert management and relevant control functions on major incidents as per BNP procedures.

•Collect, record, and update incidents—including suspected or attempted fraud—in the Group tool.

•Analyse incidents promptly and work with stakeholders to define corrective actions.

•Monitor and/or implement action plans related to significant historical incidents.

•Track progress on long-term incident investigations and updates.

•Perform controls on the incident collection process through cross-check exercises.

•Monitor external incidents.

•Lead or coordinate the creation, assessment, quantification, and updating of potential incidents with the first line of defence and control functions.

Findings, Recommendations and Control Actions

•Follow up on internal and external audit or regulatory findings and recommendations.

•Coordinate the implementation of action plans and ensure recommendations are closed on time.

•Analyse reports to confirm proper implementation of recommendations.

•Contribute to identifying, monitoring, and closing self-identified permanent control actions.

Alerts and Reporting

•Contribute to the annual attestation signed by local management.

•Escalate recurring operational risk incidents or control weaknesses to management and relevant control functions.

•Prepare periodic and ad-hoc reports for management and control functions.

•Support updates or creation of local or Group reports related to operational risk monitoring.

Awareness, Training and Advisory

•Promote staff awareness of operational risk, permanent control, and related procedures.

•Ensure proper training on operational risk and permanent control frameworks, especially for new employees.

•Act as the local contact point for Group-driven risk awareness initiatives.

Key Competencies

•Strong understanding of governance, risk, and controls.

•Strong written, verbal, and presentation skills.

•Able to build relationships and collaborate

•Strong analytical and critical thinking skills.

Qualifications, Skills and Experience

•Internal Audit/BCom Accounting qualification or similar 

•2–4 years’ experience in Audit, Compliance or a similar function

•Financial Services experience with focus on risk, controls, and governance (preferred)

•Good understanding of the consumer finance industry (advantageous)