QIAN YAO CHOW

Group T&O : 1st Line of Defense

Successfully managed all operational risk types (eg. third party risks, data privacy risks, money laundering risks, cyber security risks, reputation risks etc) in line with the Bank-wide Operational Risk Management Framework

• Facilitated development of a strong organizational risk culture to influence and ensure business adherence with the bank-wide risk management framework and policies;
• Collaborated with senior management and various technology and operations teams to address risks timely and effectively (e.g. Loss events, complaints, control weaknesses, risk acceptances etc.);
• Established and monitored first line-of-defense risk limits and risk indicators consistent with the Bank’s risk appetite statement;
• Managed and provided comprehensive risk governance reports to key leadership committees, and the senior leadership team;
• Enhanced risk reporting processes across the Group (eg. via system changes to the Bank-wide Governance, Risk and Compliance tool);
• Ensured application of and adherence to the Bank’s risk frameworks, policies, processes, measures and limits;
• Conducted reviews and providing recommendations to strengthen control processes across technology and operations teams (eg. Improvements to Anti-Money Laundering processes, data loss protection mechanisms);
• Challenged the key Risk & Control Self-Assessment (RCSA) steps for group technology and operations processes;
• Challenged the assessment of impact assessments for risks and materialized operational risk events relating to operational or technology failures;
• Collaborated closely with technology and operations’ teams on new business and change initiatives across the Group;
• Performed horizon scanning activities to keep pace with regulatory and industry-wide developments and identify risks early;
• Drove the Group’s integrated data analytics program to reap more effective outcomes and greater efficiencies for T&O; and
• Drove key projects across teams to ensure compliance with key regulations (eg. PDPA compliance).

SGX Group: 2nd Line of Defense

Pioneered the set-up of a new ERM unit in 2008, developed the various frameworks & risk management programs, and built a fully functional second line of defense within the SGX Group

Developmental Work:

• Board-approved risk appetite statement (including KRIs and risk tolerances);
• Board-approved key risks identification & management program, including risk monitoring dashboards;
• Organization-wide risk and control self-assessment programs;
• Organization-wide risk awareness training program;
• Management-level risk governance forums; and
• Real-time enterprise risk platform

Ongoing Risk Governance:

• Operationalized the ERM program across the SGX Group, including obtaining assurance over key internal controls via sample tests;
• Advised senior management and working closely alongside units to address risk and control matters, involving technology risks, cyber security risks, outsourcing risks, business continuity risks, procurement risks etc
• Conducted end-to-end deep dives to identify risks and areas for improvement;
• Conducted various internal forums and risk awareness sessions;
• Supported reviews by MAS, Internal Audit and other external parties;
• Led organization-wide key projects eg. Recent project to ensure compliance with the new Cybersecurity Act & Code of Practice;
• Collaborated closely with other first line control functions (eg. IT Controls, Operations Quality Assurance, CFO Risk & Assurance, Compliance, BCM, Legal etc) and all units across the Group on various initiatives eg Compliance with Cybersecurity Code of Practice, Compliance with MAS TRMG, Outsourcing & BCM Guidelines, Operations quality assurance reviews, Outsourcing and Procurement matters, End User Computing frameworks etc
• Supported the Board Risk Management Committee by facilitating meetings; and
• Prepared reports to the Board, Board Risk Management Committee and Audit Committee on key risk and control issues.

Investment Bank T&O: 1st Line of Defense

Led first line of defense risk governance & assurance efforts for the Technology & Operations Group across 9 countries in Asia Pacific, to assure resilient operations

• Collaborated closely with other governance teams eg. Compliance, Legal, Business Continuity Management etc, on MAS inspections, internal audits and other reviews
• Conducted quarterly Control Self Assessments amongst the countries, harmonized findings with US & EMEA teams, updated the GRC platform and followed through to work with the teams to address issues identified;
• Analyzed risk events to determine root causes, wrote up error reports, and worked with the teams to prevent recurrence;
• Conducted deep dives for high risk areas to ensure adequate controls in place;
• Led Sarbanes-Oxley testing efforts for key controls and ensured appropriate remediation efforts where risks were identified;
• Monitored and reported progress on key risk indicators to identify red flags early;
• Reviewed operational risks for new product launches;
• Facilitated quarterly Business Control Committees to highlight and resolve risk issues with Business Heads; and
• Drove the Asia Pacific Quality Agenda project to improve front office trade capture, across credit, rates and equity products.

Advisory Services: Risk & Valuation Advisory

Pitched for, and managed projects on risk management, valuation, financial analysis and modeling to support transactions, as well as for financial reporting:

• Valuation projects involved valuations of businesses, stock options and intellectual assets;
• Strategy projects addressed business risk management, and value consulting; and
• Financial reporting projects involved reviews of financial statement accuracy.

Assurance Services – 3rd Line of Defense

Led the external audits of listed companies, MNCs and SMEs, across a diversified range of industries

• Prepared working papers, reports and supporting documentation for audit findings;
• Conveyed complex audit information to clients of diverse backgrounds;
• Assessed company controls and potential risks against benchmarks; and
• Performed special projects involving financial due diligence, IPOs and internal control reviews.