As any BNP Paribas Function or Operational Entity, RISK is responsible for the management, in compliance with BNP Paribas risks tolerance and the supporting policies and procedures, of the operational and regulatory risks caused by, or related to, its activity. A permanent control framework, relying on three lines of defense guaranties the proper exercise of such responsibility.

RISK (1LoD) relies mostly on its RISK Chief Conduct & Control Officer (RISK CCCO) and the network of identified Operational Permanent Control (OPC) coordinators spread across the different streams of the RISK function. 

The RISK CCCO coordinates, as LoD1 and in line with the RISK OPC community, the ORM framework related to all operational risks, excluding financial risks. It includes Fraud, Third Party, Data Protection, Conduct, Compliance, Regulatory, Information & Cyber security risks, and others risks types in collaboration with other specialized independent control functions and in compliance with internal policies, procedures and guidelines issued by independent control functions as well as with external regulatory and supervisory requirements. For this mission, the RISK CCCO´s scope of action is RISK.

Since December 31st, 2021, the updated Committee of European Banking Supervisors (CEBS) guidelines on outsourcing, issued by the European Banking authority (EBA), are applicable. BNP PARIBAS has implemented a framework in line with the regulation.

The RISK CCCO Outsourcing Coordinator will ensure alignment with group outsourcing policies, oversee risk assessments and lifecycle management of outsourcing arrangements, and monitor compliance and reporting obligations throughout the process

The RISK CCCO Outsourcing Coordinator will report to the head of RISK CCCO.

The RISK CCCO Outsourcing Coordinator has the responsibility to monitor and control contractual coverage of RISK outsourced activities, processes, or services worldwide, in compliance with internal policies, procedures and guidelines as well as with external regulatory and supervisory requirements.

This includes the following key responsibilities: 

1. Governance and Strategic Alignment

The outsourcing coordinator ensures that all outsourcing initiatives within the entity are aligned with BNP Paribas Group’s outsourcing risk management framework. This includes:

• Acting as the primary point of contact for outsourcing matters within the entity.
• Ensuring that outsourcing decisions are consistent with strategic objectives.
• Contributing with Subject Matter Experts (SMEs), the RISK function, and other stakeholders to assess the criticality of arrangements.
• Supporting Group projects involving Outsourcing.

2. Risk Assessment and Lifecycle Oversight

The coordinator is responsible for managing outsourcing risk throughout the lifecycle of each arrangement. This includes:

• Leading the qualification and in-depth risk assessment of outsourcing projects, including the use of tools like the ARAQ to evaluate 12 risk families.
• Ensuring that risk assessments are documented, regularly reviewed, and updated when material changes occur.
• Ensuring the creation/renewal/amendment of contracts and arrangements into 360RiskOp with a satisfactory level of data quality and consistency across RISK.

3. Monitoring, Reporting, and Compliance

The coordinator ensures ongoing compliance and effective monitoring of outsourcing arrangements by:

• Maintaining accurate and up-to-date records of all outsourcing arrangements, including criticality levels and risk profiles with adequate data quality
• Reporting key outsourcing risks and issues to top management and relevant committees.
• Ensuring that arrangements comply with internal policies, regulatory requirements, and supervisory expectations, including those from the ECB and EBA
• Contributing and/or consolidating arrangements to comply with internal/regulatory reporting requirements

• Experience

• Languages

• Technical

• Transversal & Behavioral