Citi Director, Consumer ORM - Independent Senior Operational Risk Manager Customer Conduct Risk in Irving, Texas

  • Primary Location: United States,Texas,Irving

  • Other Location: United States,New York,New York

  • Education: Bachelor's Degree

  • Job Function: Risk Management

  • Schedule: Full-time

  • Shift: Day Job

  • Employee Status: Regular

  • Travel Time: Yes, 25 % of the Time

  • Job ID: 17057058


About Citi

Citi, the leading global bank, has approximately 200 million customer accounts and does business in more than 160 countries and jurisdictions. Citi provides consumers, corporations, governments and institutions with a broad range of financial products and services, including consumer banking and credit, corporate and investment banking, securities brokerage, transaction services, and wealth management. Our core activities are safeguarding assets, lending money, making payments and accessing the capital markets on behalf of our clients.

Citi’s Mission and Value Proposition at explains what we do and Citi Leadership Standards at explain how we do it. Our mission is to serve as a trusted partner to our clients by responsibly providing financial services that enable growth and economic progress. We strive to earn and maintain our clients’ and the public’s trust by constantly adhering to the highest ethical standards and making a positive impact on the communities we serve. Our Leadership Standards is a common set of skills and expected behaviors that illustrate how our employees should work every day to be successful and strengthens our ability to execute against our strategic priorities.

Diversity is a key business imperative and a source of strength at Citi. We serve clients from every walk of life, every background and every origin. Our goal is to have our workforce reflect this same diversity at all levels. Citi has made it a priority to foster a culture where the best people want to work, where individuals are promoted based on merit, where we value and demand respect for others and where opportunities to develop are widely available to all.


Operational Risk Management is an independent function whose mission is to reduce operational losses in the firm through preventive actions and solutions to effectively manage and mitigate significant operational risks and vulnerabilities. At enterprise level the function is responsible for the implementation of an operational risk management framework that sets out enterprise level governance, policies and practices to proactively identify, assess, measure and report on, mitigate and control operational risk exposures associated with Citi’s businesses and operations at all levels of the organization.

ORM accomplishes its mission by:

•Independently assessing risk, challenging both our historical and proposed practices and working as independent partners with businesses to improve processes;

•Establishing and overseeing the application of operational risk policies, technology and tools, and governance processes;

•Monitoring and assessing the effectiveness of risk mitigation tools including internal controls;

•Maintaining an enterprise-wide assessment of the most significant, current, and emerging operational risks to business activities, and ensuring appropriate actions are in place to mitigate these risks;

•Identifying, assessing, anticipating, measuring, reporting and mitigating Citi’s operational risk exposure;

•Determining operational risk capital requirements and allocations; and

•As needed, driving projects aimed at strengthening controls to enable better decision making about products and service offers.


Serve as the GCB Consumer ORM Global Oversight Program lead for Customer Conduct Risk which is one of the major operational risk categories defined at firm level. The incumbent will work with Corporate as well as GCB Compliance, and heads of other Risk and Control functions as needed, to develop the consumer ORM policies, procedures and governance needed to effectively challenge and provide oversight of Business management of this category of risk. Initially a bulk of the time of this role will be spent on the ORM action plan related to the OCC Phase 1 exam MRAs issued in April 2017. The incumbent will provide Global Consumer ORM Oversight and challenge of relevant elements of the 5 OCC MRAs and related work streams including the expanded scope to cover Consumer Businesses in Asia and EMEA as well as GCB Business partners and third party employees. It will also include fulfilment of other regulatory requirements as they evolve.

The primary focus will be the US Businesses and partners but the lead will also coordinate with Asia ORM and CPB ORM to ensure consistent approach to remediation and to serve as the lead for parts of the action plan that are GCB wide (eg. Risk Appetite).This role will also work with relevant functions within Corporate and GCB Compliance to support development and application of the GCB Consumer Risk Appetite statement for Retail Sales and Marketing Risk as well as the broader Customer Conduct Risk.

The overall objective also is to ensure compliance with Citi’s Operational Risk Framework and policies as well as to meet “Heightened Standards” from Regulators for the 2nd Line of Defense.

Reporting to the Head of Global Consumer ORM this roe will work closely with Business Heads, Product Managers, in-business Operational Risk and Control Managers, as well as Independent Risk and other control functions (Compliance, Legal, HR) in carrying out job responsibilities.


The scope of this role is GCB Consumer wide in terms of setting standards for oversight practices that are consistently deployed by the ORM teams covering Consumer Businesses in all geographies. It will also provide leadership for oversight of implementation by GCB Consumer Business of the Operational Risk Appetite framework and statement for Sales Practices Risk as well as for Customer Conduct Risk in general. It will also coordinate with Citi Private Bank ORM for consistency of risk practices and metrics across sectors as relevant.

Prime interfaces for Independent Senior Operational Risk Manager – Customer Conduct Risk:

•CBORC (Consumer Business Operational Risk and Control) Head and his Direct Reports

•GCB Consumer US Business leadership : US Retail Bank (including Private Wealth Management and US International Personal Banking), Branded Cards and Citi Retail Services.

•Consumer CRO and Directs

•Citi ORM head and staff as well as other Independent Senior Op Risk Managers in Consumer ORM

•Corporate and GCB Compliance seniors.

•Franchise Risk Architecture Reporting

•Consumer ORM Framework and Risk Cycle Management team for expertise in framework requirements, policies and procedures.


Customer Conduct Risk Oversight

•Develop a detailed plan and milestones (including engagement with other functions) for executing on the ORM Plan for strengthening oversight of Sales and Marketing Practices

•Work with the ORM Foundation team, Compliance and Business to craft GCB Risk Appetite statement for Customer Conduct Risk – focusing initially on Retail Sales and Marketing Practices Risk. Develop necessary procedures and oversight processes around governance and monitoring of the Risk Appetite including Business response and corrective actions in the event of breaches ;

•Review and challenge the design and development by 1st LOD of sales practices surveillance methodology and recommend enhancements as needed – in particular if there are any gaps related to meeting the requirements of the MRAs

•Understand and have a good line of sight to end to end monitoring practices put in place across functions – HR, Ethics Office, Businesses, and Compliance.

•Evaluate escalation standards developed by the Business and require modifications as necessary.

•Review enhanced controls developed by the Business and evaluate if adequately reflected in the MCAs of US Businesses. Collaborate with Asia ORM and other International Regions to drive consistency across Consumer MCA entities and Regions. Drive corrective action as required.

•Re-evaluate Sales Practices related KORs and KRIs including breach trigger thresholds at Segment and Sub-Segment level, recommend enhancements and drive change as needed.

•Review and enhance Consumer ORM oversight procedures at sub-segment level, coordinate with International regions and Private Bank ORM to facilitate adoption of consistent procedures.

Risk Identification Analysis & Assessment

The Operational Risk Manager leverages all the core tools that are part of the ORM framework viz., the Key Operational Risk Identification and Key Risk Indicator monitoring process, Scenario Analysis, Manager’s Control Assessment and Ratings Challenges, Internal and External Loss Analysis as well as Risk Reviews to provide effective oversight. Risk identification, analysis and assessment of current and emerging issues also requires working with Specialists in other second lines of defense as relevant for individual risk types associated with the business or product.

•Identify trends, themes, tendencies that indicate emerging operational risks by relying on mining trends in relevant metrics, loss data and external events. Effectively communicate learnings to Business in order to drive necessary responses and action.

•Proactively analyze various data sources to form an independent assessment/opinion of op risk.

•Take the lead in developing and implementing (latter with the Risk Analysis unit) the data mining and conceptual approaches necessary to establish robust leading indicators and metrics to identify areas of potential OR exposure and emerging risk to enhance loss anticipation and mitigation. For specific risk types engage the relevant specialists from the 2nd line to develop leading risk indicators.

•Continuously monitor Key Operational Risks and related Key Risk Indicators and ensure the Business is taking appropriate action to respond to breaches.

•Leverage knowledge of the current economic, regulatory and Business environment to proactively identify potential risk and develop specific recommendations for the Business to action.

•Identify changes in business strategy, market conditions, industry trends, regulatory environment, macro-economic factors etc. that may lead to an increase in Op Risk

•Use risk analysis to understand how losses were incurred, determine lessons learned, identify root causes and use in developing recommendations for risk mitigation

Risk Mitigation

•Drive solutions to root causes that potentially can lead to op risk

•Develop actions or, as appropriate, projects to apply lessons learned and share across relevant geographies/managed segments. Coordinate with ORM colleagues to determine applicability on a global basis.

•Work as an independent partner to mitigate risk and improve processes and controls so as to take action before risks materialize into op losses.

•Evaluate control issues and ensure adequacy of Event Root Cause Analysis and corrective action plans.

Ongoing Business Monitoring Activities

•For those areas where potential risk has been assessed to have increased or is high, or there has been a significant recent loss, determine if a deep dive and/or specific review is required.

•Continuously monitor and review relevant data, reports, and trends to develop and maintain an Operational Risk profile assessments for the Business.

•Review op losses (including external / industry events) and MCA results (execution quality and ratings) quarterly

•Stay informed and current on news related to financial markets/industry, segment, region, country as relevant. Consider the potential impact from an op risk perspective to reevaluate the risk profile of the coverage area


Knowledge /Experience

-Work experience of 10+ years in the financial services industry with in depth knowledge of Retail Consumer products and operations across products. Knowledge of core banking operations is a plus.

-Expertise in working with complex and rapidly changing, technology enabled businesses with a strong understanding of associated risks, cyber threats and risks of reliance on third parties.

-Leadership positions in high volume Business Operations, Risk Management, IA, Compliance or related fields with experience of interfacing with senior management

-Good knowledge of US Consumer product related regulations and industry standards including infrastructure requirements and related controls


Bachelors or Master’s Degree in Business, Finance, Law, Engineering or Science disciplines.

Experience / knowledge of data base or MIS management tools a plus


Risk relevant skills

-Strong analytical and conceptual skills applicable across Consumer businesses, products and customer classes.

-Well versed in breaking down complex matters into core issues and root causes that can be more readily addressed.

-Able to prioritize high impact potential problems effectively.

-Innovative and independent thought leader. Well versed in developing new ideas and improving current processes.

-Ability to successfully influence without authority across functions and geographies.

-Consider broad implications of decisions on different functions and units.

-Can clearly articulate the processes supporting a business unit’s function, controls, issues and risks associated with the operations and IT infrastructure; can identify gaps and proactively help develop solutions.

Client Relationships/Business Partnerships

-Establishes an effective voice at the table of the senior most Business leaders to function as a valued and respected independent risk partner.

-Navigates organizational complexity; demonstrates organizational savvy.

-Builds partnerships across Business seniors and in business control functions; collaborates well with others.

-Networks regularly and builds relationships across Risk disciplines.

-Effective team player and contributor in dynamic and shifting teams as well as virtual ones.

Strong Leadership Skills:

-Provides leadership in optimization and efficiencies in control practices for the business.

-Fosters collaboration across businesses and across teams within ORM in the resolution of cross business issues.

-Engages business and functional managers to mitigate risks.

-Thinks strategically and articulates concepts clearly.

-Plans and organizes very well to ensure individual and team efforts closely and efficiently tracked and delivered in a timely fashion.

-Focuses and guides the priorities of others. Makes well-reasoned decisions under pressure.

-Continuously evaluates organizational design and optimizes to meet business objectives as well as people development.

-Sets high standards of performance for staff / team and conducts objective performance reviews

-Develops bench strength and talent and builds high performing team

Excellent Communication Skills:

-Both verbal and written – particularly well versed in executive level communication

-Experienced in using active listening techniques on a consistent basis.

-Strong Presentation skills – comfortable with public speaking across various forums and able to effectively and logically communicate when ideas are being challenged in an open forum.


-Proficient in MS Office applications necessary for executing on job responsibilities

-Excellent quantitative analysis skills with the ability to design and develop effective risk measurement indicators and concepts

-Superior writing skills with the ability to direct and oversee development of high quality policy / procedure documentation