Promote the forward-looking management of all risks so as to protect the entity’s solvency by means of a robust control environment.
Manage the local embedding of the General Risk Corporate Framework as well as the development and update of the related internal regulation (models, policies and procedures), using as a reference those provided by the Group, adapting them to local regulation and standards, if necessary, and ensuring Group validation as appropriate for performance of the risk function within the entity following Group standards.
Identify, assess, measure, and perform continuous monitoring and control of the risk profile of the entity and its likely future development, both from a consolidated standpoint and for each of the portfolios, business lines and legal entities. Must have access to all lines of business and legal entities that could generate risks, and pay special attention to identifying emerging risks, risk concentrations, or other situations that call for specific analysis.
Verify that risk levels and business processes are consistent with the entity’s risk appetite, risk tolerance and risk policies, and with regulatory requirements for risk management. Set in motion the necessary actions to ensure effective performance and mitigate any risks that materialize.
Ensure local risk appetite process is adequately aligned in a timely manner with the Group’s risk appetite key process.
Lead and oversee specialized teams with sufficient experience and knowledge in risk management, control and oversight, allocating responsibilities accordingly, ensuring that team members are independent and suitably qualified in the light of the risks taken, and that they act in coordination with other functions for the effective performance of their duties. Must set in motion a plan for team performance assessment, development and succession, and foster a positive and ethical working environment to attract and retain talent at all levels.
Promote the adoption of a robust and clear risk appetite of the entity, consistent with the long- term strategy and risk appetite of the Group, to allow for an effective risk management in all areas of the entity.
Promote the development and implementation of an environment of advanced risk management and control that meets the needs of the entity, following the guidelines set by external laws and regulations, the general risk framework and other internal rules and standards that may apply.
Ensure the adequacy and robustness of systems, processes and instruments needed for suitable performance of the risk function, and ensure the quality and integrity of the information used in risk-related activities.
Verify that incentives provided by the remuneration policies and practices take into consideration the institution’s risk profile and escalate any discrepancy to management bodies.
Provide the top management of the entity and the Group with a comprehensive vision of the risks accepted at the given time. This end-to-end view must consider the different standpoints (business, regulatory, strategic, reputational, etc.) that are relevant at the time and pay attention to the interrelationships among different risk types.
Provide complete and clear information on risks that enables management bodies to understand the global risk profile of the entity and how it stands in relation to risk appetite and other approved limits, as well as its aggregation and control.
Act as the entity’s main representative on risk matters and ensure an effective relationship with the Group and other stakeholders, mainly regulators and supervisors.
Provide guidance to the top management of the entity regarding their risk management responsibilities, advise other functions within the entity and, when necessary, work with other organizational units to frame an opinion at the entity or Group level.
Maintain an updated awareness of laws, regulations, industry trends, and audit reports relating to the risks function; lead the identification, adoption and transfer of best practices (both from other entities of the Group or from third parties); ensure adequate dissemination of relevant matters throughout the entity; and promote, develop and disseminate a strong risk culture (RiskPro).
Contribute, from a critical standpoint, to the main decision-making processes in the entity that involve risk-taking, providing critical expert judgment as required to the management bodies, committees and other bodies involved in decision-making. Make decisions within the scope of his/her powers in framing policies and performing his/her control and oversight functions. Take part in the entity’s planning processes in accordance with the Group, in the setting of strategic objectives, and in other processes where his/her involvement is required, including assessment and review, bringing to bear a specific focus on risks and seeking to find the right balance between risk and return.
Attend top-level committees that play a role in internal risk control.
Alert top management to any situation, which, in his/her view, is cause for concern from the risks standpoint, or may involve a breach of the entity’s risk appetite limits or a departure from its risks strategy.
Report periodically to the Board of Directors, and to Board Committees concerned with risk- related matters, on the entity’s risk profile and its development and prospects, and on the adequacy of the systems, policies, processes, frameworks/models and instruments used for risk management and control.
Escalate to the Board of Directors, to the head of the entity and to the Group any breach of defined limits –risk appetite limits especially– that could undermine the entity’s financial health.
Ensure the remediation of internal audit recommendations.