Janice Sarnowski has over 25 years of experience in financial services including risk management, security, fraud prevention, and compliance. She is currently the AVP of Security, Risk Management, and BSA Analyst at Georgetown Bank where she oversees the security, anti-money laundering, and risk programs. Previously, she was the VP of Security, Information Security, and Vendor Management at Radius Bank where she developed their information security and vendor management programs. She has extensive experience implementing security systems, fraud monitoring tools, and ensuring compliance with regulations.
My classes on IT risk management. Recommendations do you expect to cover in a course on IT risk management and governance?
#riskmanagement #risk #governance #cybersecurity #security #informationsecurity #ciso #ITgovernance #ITRIsk #cyberrisk
Lynn J Larson has over 29 years of experience in the mortgage industry, specializing in mortgage servicing. She has extensive knowledge of Wells Fargo's servicing processes and systems, as well as those of their primary vendor Black Knight Financial Services. Larson has held various roles at Wells Fargo over the past 23 years, most recently as a Business Initiative Consultant, where she provides subject matter expertise regarding mortgage servicing, IRS regulations, and risk management.
Protect Yourself from Cyber Attacks Through Proper Third-Party Risk ManagementDevOps.com
The document discusses the threats of cyberterrorism and the importance of third-party risk management. It provides examples of recent cyberattacks attributed to state actors. It then outlines best practices for managing third-party vendor access, including identifying vendors, controlling their access, and auditing their connections. The presentation concludes by introducing SecureLink's Vendor Privileged Access Management (VPAM) solution for securing remote access of third-party vendors.
Risk Based Supervision - The Way Forward By Vismay MehtaVismay Mehta
This document discusses the introduction of risk-based supervision (RBS) by banking regulators in India. It provides background on the Basel accords and previous committee recommendations. RBS aims to allocate limited regulatory resources according to banks' risk profiles by identifying banks and business areas with the highest risks. The key aspects of RBS include ongoing risk assessment, supervision frequency based on risk level, increased responsibility for audit and compliance functions, and enforcement of additional capital requirements. Banks face challenges in strengthening risk measurement, early warning systems, regulatory reporting processes, and risk management systems to comply with the new RBS regime.
Learn about the standard for assurance over non-financial information ISAE 3000 and supporting assurance reporting associated with third-parties (ISAE 3402, SSAE 16, SOC1, SOC 2 and SOC 3). The presentation covers the sustainability report with information about economic, environmental, social and governance performance from organizations. The sustainability reports is a method to internalize and improve an organization’s commitment to sustainable development in a way that can be demonstrated to both internal and external stakeholders.
Risk-based supervision (RBS) assesses risks within the financial system, prioritizing resolution of the most critical risks. It is becoming the dominant regulatory approach worldwide. The RBS process identifies an individual insurer's most critical risks and evaluates risk management, financial vulnerability, and compliance through focused review. RBS is forward-looking, evaluating present and future risks to facilitate early intervention. It focuses on continuous data collection, on-site examinations, thematic reviews, increased audit/compliance reliance, and engagement between supervisors and management. The goal is continuous supervision and early corrective action.
Decision trees, scenario analysis, monte carlo simulation and scenario planni...Hernan Huwyler, MBA CPA
The document discusses using scenario planning to address the risk of routing bribery payments through third-party vendors. A workshop is proposed to generate scenarios on this issue over the next 5 years. Participants identify trends, strengths/weaknesses, and unknown factors. Scenarios are created on the impact of bribery cases, including a scenario where a large fine is imposed. Strategies are formulated to monitor for "early signals" of scenarios and centralize compliance functions. The process outlines interviews, workshops, and follow up needed to conduct the scenario planning exercise.
My classes on IT risk management. Recommendations do you expect to cover in a course on IT risk management and governance?
#riskmanagement #risk #governance #cybersecurity #security #informationsecurity #ciso #ITgovernance #ITRIsk #cyberrisk
Lynn J Larson has over 29 years of experience in the mortgage industry, specializing in mortgage servicing. She has extensive knowledge of Wells Fargo's servicing processes and systems, as well as those of their primary vendor Black Knight Financial Services. Larson has held various roles at Wells Fargo over the past 23 years, most recently as a Business Initiative Consultant, where she provides subject matter expertise regarding mortgage servicing, IRS regulations, and risk management.
Protect Yourself from Cyber Attacks Through Proper Third-Party Risk ManagementDevOps.com
The document discusses the threats of cyberterrorism and the importance of third-party risk management. It provides examples of recent cyberattacks attributed to state actors. It then outlines best practices for managing third-party vendor access, including identifying vendors, controlling their access, and auditing their connections. The presentation concludes by introducing SecureLink's Vendor Privileged Access Management (VPAM) solution for securing remote access of third-party vendors.
Risk Based Supervision - The Way Forward By Vismay MehtaVismay Mehta
This document discusses the introduction of risk-based supervision (RBS) by banking regulators in India. It provides background on the Basel accords and previous committee recommendations. RBS aims to allocate limited regulatory resources according to banks' risk profiles by identifying banks and business areas with the highest risks. The key aspects of RBS include ongoing risk assessment, supervision frequency based on risk level, increased responsibility for audit and compliance functions, and enforcement of additional capital requirements. Banks face challenges in strengthening risk measurement, early warning systems, regulatory reporting processes, and risk management systems to comply with the new RBS regime.
Learn about the standard for assurance over non-financial information ISAE 3000 and supporting assurance reporting associated with third-parties (ISAE 3402, SSAE 16, SOC1, SOC 2 and SOC 3). The presentation covers the sustainability report with information about economic, environmental, social and governance performance from organizations. The sustainability reports is a method to internalize and improve an organization’s commitment to sustainable development in a way that can be demonstrated to both internal and external stakeholders.
Risk-based supervision (RBS) assesses risks within the financial system, prioritizing resolution of the most critical risks. It is becoming the dominant regulatory approach worldwide. The RBS process identifies an individual insurer's most critical risks and evaluates risk management, financial vulnerability, and compliance through focused review. RBS is forward-looking, evaluating present and future risks to facilitate early intervention. It focuses on continuous data collection, on-site examinations, thematic reviews, increased audit/compliance reliance, and engagement between supervisors and management. The goal is continuous supervision and early corrective action.
Decision trees, scenario analysis, monte carlo simulation and scenario planni...Hernan Huwyler, MBA CPA
The document discusses using scenario planning to address the risk of routing bribery payments through third-party vendors. A workshop is proposed to generate scenarios on this issue over the next 5 years. Participants identify trends, strengths/weaknesses, and unknown factors. Scenarios are created on the impact of bribery cases, including a scenario where a large fine is imposed. Strategies are formulated to monitor for "early signals" of scenarios and centralize compliance functions. The process outlines interviews, workshops, and follow up needed to conduct the scenario planning exercise.
Here is a brief description of third-party risk management (TPRM), how to onboard third-party vendors, and what the role of a CISO is in this process. To know more about TPRM and information security management, click here: https://www.eccouncil.org/information-security-management/
A compliance officer's guide to third party risk managementSALIH AHMED ISLAM
This document provides guidance for compliance officers on managing third-party risk. It discusses increasing regulations and enforcement, common third-party risks businesses face, challenges that keep compliance officers awake at night, and provides a five-step process for risk rating and conducting due diligence on third parties. It also discusses challenges with traditional disconnected approaches to third-party management and introduces a partnership between Control Risks and GAN Integrity that provides an automated platform and suite of tools to help compliance teams more efficiently manage third-party risk.
Third-Party Risk Management: Implementing a StrategyNICSA
Two Part Series: Part I of II
Third-Party Risk Management: Implementing a Strategy
Sleep Better at Night: Learn techniques to manage risks associated with third-party relationships.
Third Party Risk Management IntroductionNaveen Grover
On October 30, 2013 the Office of the Comptroller of the Currency (OCC) issued updated guidance on third-party risks and vendor management. The OCC's bulletin points out that its updated guidance replaces OCC Bulletin 2001-47, "Third-Party Relationships: Risk Management Principles," and OCC Advisory Letter 2000-9, "Third-Party Risk."
The control environment within IT refers to the overall attitude, awareness, and actions of management and employees regarding IT controls and their importance to the organization. Some key aspects of the IT control environment include:
- Tone at the top from CIO/IT leadership - Demonstrating commitment to IT controls through clear communication and leadership actions. Setting the "tone" that IT controls are important and should be taken seriously.
- Ethical climate within IT - Fostering an environment where ethical and compliant behavior is expected and encouraged regarding IT controls and responsibilities.
- Management philosophy and operating style - How IT management approaches oversight and accountability over IT controls. Ensuring appropriate philosophies around risk management, compliance, etc.
- A
This document outlines an upcoming two-day training on Anti Money Laundering and Counter Terrorism Financing taking place in Bangkok, Thailand from May 12-13, 2016. The training will be led by R.M. Magan and cover topics such as international AML standards, designing effective risk-based AML programs, red flags, and workshops using case studies. Attendees will include compliance officers and others working to prevent financial crimes. The agenda includes sessions on money laundering trends, policies and procedures, risk assessments, and know your employee practices.
Performing a legal and compliance risk assessment. A Step-by-Step Implementation Guide-
Planning the Risk Assessment
Assessing and Prioritizing Risks
Improving Legal Risk Mitigation
Mastering Information Technology Risk ManagementGoutama Bachtiar
This is the presentation slide as part of the courseware utilized when delivering Information Technology Risk Management training - workshop on May 2013.
The document discusses managing third-party risk in the financial services industry. It recommends that financial institutions implement the Deloitte Third-Party Risk Management framework to achieve excellence in risk management and OCC compliance. The framework involves formalizing a third-party risk management program, classifying and overseeing third parties based on risk, adopting a holistic approach to third-party lifecycle management, and leveraging technology like SAP InfoNet for ongoing third-party monitoring and risk assessment. Building an effective third-party risk management program requires focus on governance, internal controls, policies and standards, and risk metrics and reporting.
Third-Party Risk Management: A Case Study in OversightNICSA
Two Part Series: Part II of II
Third-Party Risk Management: A Case Study in Oversight
Sleep Better at Night: Learn techniques to manage risks associated with third-party relationships.
Risk Management Strategy is an approach to dealing with global risks focused to anticipate the events, designing and implementing procedures to minimize the occurrence of the event or its impact if it occurs.
In era of globalization and interconnected world the task to protect the company from global risks became complicated. Any kind of internally or externally risk can cause distortion to its usual business activities. The source of potential risk can be human being, technology failure, sabotage or Mother Nature. All the risks must be considered individually since they overlap to a large degree. Then our Global Risk Management consulting focuses on: terrorism, internal sabotage, external espionage, technology failure.
This document discusses information technology risks in banking, specifically related to internet banking. It outlines two models of internet banking - established banks providing online services and internet-only banks. While regulatory expectations are the same, internet-only banks face unique risks like high marketing costs and low margins. The document also discusses various types of IT risks including financial, operational, and compliance risks. It provides examples of risks from hacking, viruses, and unauthorized access and their potential impacts. Finally, it outlines different supervisory approaches to assessing IT risks.
Significance of a Robust AML Risk Assessment Process for FIs and RIAsAML Audit
Regular risk assessments are important for registered investment advisors (RIAs) to evaluate their anti-money laundering (AML) compliance programs. A successful risk assessment provides a detailed analysis of risks and controls to mitigate those risks. The risk assessment should consider various factors like products, transactions, customers, affiliates, regulatory history, and geography. Upon completion, the risk assessment results should be documented and shared with senior management to obtain feedback and identify any necessary business changes. Conducting periodic risk assessments addresses critical elements of an effective AML compliance program and better prepares RIAs for regulatory examinations.
This document outlines the information security policies and procedures for Generic Sample Company, LLC. It includes 12 sections covering topics such as firewall and router security, system configuration, data encryption, secure data transmission, anti-virus protection, access control, user authentication, physical security, logging and auditing, security testing, and maintaining security policies. The purpose is to protect client, employee, financial and other corporate information by establishing requirements for securely handling, processing, storing and transmitting sensitive data. All employees are responsible for following the policies relevant to their roles to help ensure PCI compliance.
Enterprise Information Technology Risk Assessment FormGoutama Bachtiar
This document contains an IT risk assessment for an entity. It includes sections to provide the entity and assessor details, describe the entity's business processes, IT infrastructure, and key dependencies. It then evaluates various risk factors related to the external environment, internal environment, risk management capabilities, IT management capabilities, and value management. The top five risk factors and IT risk scenarios are also identified. The assessment is approved by a manager.
This document discusses IT security and risk management frameworks like ISO 27001 and 27002. It also discusses Visionet's services related to SSAE 16/SAS 70 audits, PCI DSS compliance, and information security consulting. Visionet helps clients with readiness assessments, gap analyses, and obtaining necessary certifications and compliance with standards.
Are you prepared to manage the current challenges, risks, and complexities related to vendor risk management in the financial industry? In summer 2014, in association with MetricStream, RMA conducted the Third-Party Vendor Risk Management Survey. This presentation brings you the highlights of the survey and some sound advice to manage your third- and fourth-party suppliers.
Mohamed Abdelhalim is a lawyer and fraud analyst based in Dubai with over 8 years of experience. He has worked at ADIB Bank and Barclays Bank as a senior fraud analyst. He is currently a freelance lawyer handling legal documents, advising clients, and settling disputes. He has strong skills in communication, teamwork, customer service, and problem solving.
Ronke Fagbemi has over 30 years of experience in risk management, regulatory compliance, and operations in the banking industry. She is currently the Head of Operational Risk and Compliance at Ecobank Nigeria Ltd. She has a strong background developing and implementing operational risk management frameworks, monitoring key risk indicators, conducting risk assessments, and ensuring regulatory compliance. She also has experience overseeing compliance programs, monitoring compliance activities, developing compliance policies and procedures, and providing compliance training.
This document provides a summary of Dennis L. Batdorf's professional experience and qualifications. He has over 20 years of experience managing projects and audits related to governance, risk management, and compliance frameworks. His experience spans multiple industries and includes roles such as Project Manager, Senior Regulatory Compliance Specialist, and Audit Manager. He has expertise in areas such as SOX, PCI DSS, ISO, and information security auditing.
Here is a brief description of third-party risk management (TPRM), how to onboard third-party vendors, and what the role of a CISO is in this process. To know more about TPRM and information security management, click here: https://www.eccouncil.org/information-security-management/
A compliance officer's guide to third party risk managementSALIH AHMED ISLAM
This document provides guidance for compliance officers on managing third-party risk. It discusses increasing regulations and enforcement, common third-party risks businesses face, challenges that keep compliance officers awake at night, and provides a five-step process for risk rating and conducting due diligence on third parties. It also discusses challenges with traditional disconnected approaches to third-party management and introduces a partnership between Control Risks and GAN Integrity that provides an automated platform and suite of tools to help compliance teams more efficiently manage third-party risk.
Third-Party Risk Management: Implementing a StrategyNICSA
Two Part Series: Part I of II
Third-Party Risk Management: Implementing a Strategy
Sleep Better at Night: Learn techniques to manage risks associated with third-party relationships.
Third Party Risk Management IntroductionNaveen Grover
On October 30, 2013 the Office of the Comptroller of the Currency (OCC) issued updated guidance on third-party risks and vendor management. The OCC's bulletin points out that its updated guidance replaces OCC Bulletin 2001-47, "Third-Party Relationships: Risk Management Principles," and OCC Advisory Letter 2000-9, "Third-Party Risk."
The control environment within IT refers to the overall attitude, awareness, and actions of management and employees regarding IT controls and their importance to the organization. Some key aspects of the IT control environment include:
- Tone at the top from CIO/IT leadership - Demonstrating commitment to IT controls through clear communication and leadership actions. Setting the "tone" that IT controls are important and should be taken seriously.
- Ethical climate within IT - Fostering an environment where ethical and compliant behavior is expected and encouraged regarding IT controls and responsibilities.
- Management philosophy and operating style - How IT management approaches oversight and accountability over IT controls. Ensuring appropriate philosophies around risk management, compliance, etc.
- A
This document outlines an upcoming two-day training on Anti Money Laundering and Counter Terrorism Financing taking place in Bangkok, Thailand from May 12-13, 2016. The training will be led by R.M. Magan and cover topics such as international AML standards, designing effective risk-based AML programs, red flags, and workshops using case studies. Attendees will include compliance officers and others working to prevent financial crimes. The agenda includes sessions on money laundering trends, policies and procedures, risk assessments, and know your employee practices.
Performing a legal and compliance risk assessment. A Step-by-Step Implementation Guide-
Planning the Risk Assessment
Assessing and Prioritizing Risks
Improving Legal Risk Mitigation
Mastering Information Technology Risk ManagementGoutama Bachtiar
This is the presentation slide as part of the courseware utilized when delivering Information Technology Risk Management training - workshop on May 2013.
The document discusses managing third-party risk in the financial services industry. It recommends that financial institutions implement the Deloitte Third-Party Risk Management framework to achieve excellence in risk management and OCC compliance. The framework involves formalizing a third-party risk management program, classifying and overseeing third parties based on risk, adopting a holistic approach to third-party lifecycle management, and leveraging technology like SAP InfoNet for ongoing third-party monitoring and risk assessment. Building an effective third-party risk management program requires focus on governance, internal controls, policies and standards, and risk metrics and reporting.
Third-Party Risk Management: A Case Study in OversightNICSA
Two Part Series: Part II of II
Third-Party Risk Management: A Case Study in Oversight
Sleep Better at Night: Learn techniques to manage risks associated with third-party relationships.
Risk Management Strategy is an approach to dealing with global risks focused to anticipate the events, designing and implementing procedures to minimize the occurrence of the event or its impact if it occurs.
In era of globalization and interconnected world the task to protect the company from global risks became complicated. Any kind of internally or externally risk can cause distortion to its usual business activities. The source of potential risk can be human being, technology failure, sabotage or Mother Nature. All the risks must be considered individually since they overlap to a large degree. Then our Global Risk Management consulting focuses on: terrorism, internal sabotage, external espionage, technology failure.
This document discusses information technology risks in banking, specifically related to internet banking. It outlines two models of internet banking - established banks providing online services and internet-only banks. While regulatory expectations are the same, internet-only banks face unique risks like high marketing costs and low margins. The document also discusses various types of IT risks including financial, operational, and compliance risks. It provides examples of risks from hacking, viruses, and unauthorized access and their potential impacts. Finally, it outlines different supervisory approaches to assessing IT risks.
Significance of a Robust AML Risk Assessment Process for FIs and RIAsAML Audit
Regular risk assessments are important for registered investment advisors (RIAs) to evaluate their anti-money laundering (AML) compliance programs. A successful risk assessment provides a detailed analysis of risks and controls to mitigate those risks. The risk assessment should consider various factors like products, transactions, customers, affiliates, regulatory history, and geography. Upon completion, the risk assessment results should be documented and shared with senior management to obtain feedback and identify any necessary business changes. Conducting periodic risk assessments addresses critical elements of an effective AML compliance program and better prepares RIAs for regulatory examinations.
This document outlines the information security policies and procedures for Generic Sample Company, LLC. It includes 12 sections covering topics such as firewall and router security, system configuration, data encryption, secure data transmission, anti-virus protection, access control, user authentication, physical security, logging and auditing, security testing, and maintaining security policies. The purpose is to protect client, employee, financial and other corporate information by establishing requirements for securely handling, processing, storing and transmitting sensitive data. All employees are responsible for following the policies relevant to their roles to help ensure PCI compliance.
Enterprise Information Technology Risk Assessment FormGoutama Bachtiar
This document contains an IT risk assessment for an entity. It includes sections to provide the entity and assessor details, describe the entity's business processes, IT infrastructure, and key dependencies. It then evaluates various risk factors related to the external environment, internal environment, risk management capabilities, IT management capabilities, and value management. The top five risk factors and IT risk scenarios are also identified. The assessment is approved by a manager.
This document discusses IT security and risk management frameworks like ISO 27001 and 27002. It also discusses Visionet's services related to SSAE 16/SAS 70 audits, PCI DSS compliance, and information security consulting. Visionet helps clients with readiness assessments, gap analyses, and obtaining necessary certifications and compliance with standards.
Are you prepared to manage the current challenges, risks, and complexities related to vendor risk management in the financial industry? In summer 2014, in association with MetricStream, RMA conducted the Third-Party Vendor Risk Management Survey. This presentation brings you the highlights of the survey and some sound advice to manage your third- and fourth-party suppliers.
Mohamed Abdelhalim is a lawyer and fraud analyst based in Dubai with over 8 years of experience. He has worked at ADIB Bank and Barclays Bank as a senior fraud analyst. He is currently a freelance lawyer handling legal documents, advising clients, and settling disputes. He has strong skills in communication, teamwork, customer service, and problem solving.
Ronke Fagbemi has over 30 years of experience in risk management, regulatory compliance, and operations in the banking industry. She is currently the Head of Operational Risk and Compliance at Ecobank Nigeria Ltd. She has a strong background developing and implementing operational risk management frameworks, monitoring key risk indicators, conducting risk assessments, and ensuring regulatory compliance. She also has experience overseeing compliance programs, monitoring compliance activities, developing compliance policies and procedures, and providing compliance training.
This document provides a summary of Dennis L. Batdorf's professional experience and qualifications. He has over 20 years of experience managing projects and audits related to governance, risk management, and compliance frameworks. His experience spans multiple industries and includes roles such as Project Manager, Senior Regulatory Compliance Specialist, and Audit Manager. He has expertise in areas such as SOX, PCI DSS, ISO, and information security auditing.
Reuben L. Stewart has over 15 years of experience in risk management for electronic delivery channels including digital banking, cyber security, and information security policies. He currently works as a Digital Channel Risk Manager for BB&T, where he is responsible for managing risks associated with online banking and mobile applications. Prior to his current role, Stewart held positions in project management, call center management, and law enforcement.
Financial crimes compliance Brochure - BMR AdvisorsAbhishek Bali
BMR Advisors - Financial Crimes Compliance Services. These constitute - Anti-Money Laundering, Anti-Bribery Compliance, Fraud & Forensic Services and Data & Database Services. Their applicability is across countries, geographies and sectors,
Snehal Thakur has over 10 years of experience managing anti-money laundering (AML) and know your customer (KYC) guidelines and systems. She is currently a Senior Associate at Ernst & Young Advisory in Singapore providing advisory services for KYC-AML. Previously she has worked at banks like DBS in Singapore and India, YES Bank, and Kotak Mahindra Bank, where she helped set up their AML frameworks and managed transaction surveillance. She holds certifications like Certified Anti-Money Laundering Specialist from ACAMS and has received awards for her work setting up AML systems.
Fredrick A. Pankieth has over 16 years of experience in finance, risk management, compliance, operations, and systems development. He has worked for reputed organizations managing risk, spearheading projects, and taking on leadership roles. Currently, he is seeking a role where he can utilize his expertise in these areas.
Fredrick A. Pankieth is a finance professional with over 16 years of experience in risk management, compliance, operations, and systems development at reputed organizations. He has expertise in strategic planning, business development, project management, and people management. Currently he works as a Manager of Risk, Audit & Compliance at IDBI Capital Markets Ltd, where he oversees a team and is responsible for tasks like risk and control assessment, key risk indicators, and operational loss database reporting.
This document provides a summary of Rajesh Singh's professional experience and qualifications. He has nearly 9 years of experience in fields like compliance operations, credit underwriting, risk management, and investment banking. Currently he works as a manager of risk and compliance at Prop-tiger, where he handles credit underwriting, portfolio management, and KYC/AML operations. He is seeking a senior managerial role in investment banking, credit underwriting, or AML/KYC compliance.
Papa Dior Ndiaye has over 10 years of experience in financial services risk and controls, including anti-money laundering investigation, audit, and management control assessment. He currently works as a Compliance Officer for Citigroup's Global Investigation Unit, where he audits AML investigation reports and conducts reviews of controls. Previously, he held senior risk analyst and control specialist roles at RBC, TD Securities, CIBC, and BNP Paribas, where he performed operational audits and assessed internal controls. Ndiaye holds an MBA in Financial Management from Pace University and a BS in Finance from New Jersey City University.
An experienced compliance professional with over 20 years of experience in anti-money laundering and Bank Secrecy Act compliance. Currently serves as the BSA Officer for a $1.8 billion financial institution, where he manages a staff of five and ensures regulatory expectations are met. Previously held similar positions at other financial institutions, developing and enforcing policy, conducting investigations, and providing training.
Temaswiss' Integrated Key Risk Controls (IKRC) best-practice design for Commercial Banking KYC and AML Transactions Monitoring.
- Commoditised Consulting & FSI Advisory packages.
- Tailored to your data & process realities.
- Budget- & Time-bound.
This document summarizes the career experience of a senior level risk manager with nearly 10 years of experience in risk management, compliance, operations, audit, credit, and policy formulation. They currently serve as a senior risk manager at Bajaj Finserv Lending, where they establish risk frameworks, develop policies, implement risk management tools, conduct risk analysis and reporting, ensure compliance, and provide staff training. Prior experience includes roles as a credit analyst at Development Credit Bank and Axis Bank, where responsibilities involved credit analysis, financial assessment, and risk profiling of corporate clients. Additional experience was gained in business intelligence, product development, and technical support roles.
Abhishek Singh has over 7 years of experience in investment banking, project management, KYC, AML, and team management. He has designed triggers to mitigate fraud and has successfully migrated various processes. Currently working as a client onboarding professional at Deutsche Bank, he performs KYC and AML checks on clients. Previously he has worked as a fraud analyst at Bank of America and performed various tasks including account opening, transaction monitoring, and reporting suspicious activities. He has a graduate degree from Delhi University and is skilled in various banking applications.
Roosevelt Marshall has extensive experience in project management, business analysis, financial analysis, and procurement/contracting. He currently works as a Senior Financial Analyst for the Department of Justice, where he examines criminal debt statistics and business processes to identify areas for improvement. Previously, he was a Business Analyst Specialist at the American Red Cross managing their IT/telecom contracts, purchases, budgets, and implementing a mobile device management system. He has expertise in areas such as project tracking, requirements definition, process improvement, and quality assurance.
The document discusses how forensic data analytics (FDA) can help banks better detect money laundering risks and meet evolving anti-money laundering (AML) regulations. FDA uses advanced analytics on both structured and unstructured data to identify hidden relationships and behaviors that may indicate money laundering. This allows banks to more accurately predict and prevent AML risks. Major banks are already using FDA to enhance transaction monitoring and develop risk scores to flag potentially suspicious activities for investigation.
Vikas Limbachiya is a performance-driven professional with over 11 years of experience in financial services operations including customer service, quality control, and training. He has expertise in anti-money laundering, compliance, payment investigations, and managing teams. Limbachiya is seeking a challenging position that utilizes his skills in areas such as strategic planning, process improvement, risk management, and innovation.
This document is a resume for Marco Germain summarizing his professional experience. He has over 10 years of experience in crisis management, corporate security, credit risk analysis, and staff management. Currently he is a Senior Analyst at Deutsche Bank managing crisis incidents that pose physical security threats. Previously he held roles managing credit underwriting departments and was a policy and procedure writer. He is seeking a leadership role in crisis management.
Jojy John is an AML Surveillance Analyst with over 4 years of experience working at Tata Consultancy Services for HSBC and RBS Bank. He is responsible for investigating alerts for potential money laundering risks, monitoring suspicious activities and transactions, and ensuring compliance. John aims to utilize his skills and knowledge for organizational and self growth. He has a MBA in Finance and Bachelor's degree in Economics.
1. JANICE SARNOWSKI
15 Light Street 617-875-9781
Lynn, MA 01905 jsarnowski@msn.com
PROFESSIONA L PROFILE
25+ years of Financial Services experience in risk management, physical security, customer information security, vendor
management, fraud, retail operations and deposit operations.
Proven ability in developing and implementing risk management frameworks, policies, programs and systems.
Significant experience spear-heading risk management initiatives working with all business lines to ensure compliance with risk
mitigation.
Experienced in Banking Core Applications, Real-time Fraud Monitoring Applications, Risk Assessment Applications, Vendor Due
Diligence Applications, Online Banking and New Account Applications, Remote Deposit Capture Applications, and Microsoft
Office Applications.
MA Bankers Security Committee member.
COM M ITTEE PARTICIPATION
Compliance Enterprise Risk Change Advisory Board
IT Steering BSA/AML/Fraud Incident Response
Verafin User Community WolfPAC User Group Miser User Group
Bankers Toolbox Community MA Bankers Security Committee AML/BSA SAR Committee
PROJECT M ANAGEM ENT IM PLEM ENTATIONS
Fraud/BSA/AML Monitoring Software In-House Banking Core Retail & Corporate Online Banking
Remote Deposit Capture Bill Payment Services Online Account Opening
Positive Pay Software Branch Capture Mobile Wallet
Branch Openings Document Imaging Systems Teller /Platform Systems
PROFESSIONAL EXPERIENCE
Georgetown Bank, Georgetown, MA
AVP, Security Officer, Risk Manager, BSA Analyst (May 2016 – Present)
Oversee all aspects of the organization-wide Security, AML/BSA, and Risk Programs. Including but not limited to:
o Physical Security
o Employee Access Control Management
o Vendor Management
o AML/BSA Alert Monitoring and Resolution
o Suspicious Activity and Fraud Monitoring
o Customer High Risk Monitoring and Reporting
o CTR and SAR Filings
o 314A Filing
o OFAC
Responsible for assisting the VP of Compliance in the development, design and governance of all Bank Security and AML/BSA
regulatory compliance related processes, policies and procedures.
Ensure sufficient internal controls are in place to promote an effective Security and AML/BSA control environment.
Perform quarterly high risk assessments to identify levels of risk exposure to the Bank.
Develop and deliver Security and AML/BSA training to business lines.
Perform annual review of all Application employee access across all business lines to ensure compliance with Bank Policy.
Coordinate and oversee an effective Bank Secrecy Act/Anti-Money Laundering/OFAC Compliance Program that is in line with
current industry best practices, regulatory guidance and requirements.
Enhance, develop, implement and administer the BSA/AML/OFAC/USA Patriot Act monitoring systems to ensure that
appropriate parameters are in place to identify suspicious and/or fraudulent activity.
Establish and maintain an effective CDD/EDD risk rating and monitoring program to include initial and ongoing assessments,
and review and analysis of unusual/suspicious account activity.
Establish and maintain appropriate SAR investigation, review and reporting processes that promote consistent decisions;
adequate investigation and research; and complete and detailed documentation.
Responsible for ensuring all required regulatory reporting is conducted in a timely, accurate, and compliant manner, including
the filing of Currency Transaction Reports (CTRs) and Suspicious Activity Reports (SARs) to FinCEN, as well as, FinCEN
314(a) and 314(b) procedures and reporting.
2. Act as internal Security and AML/BSA contact for Federal and State examinations and internal and external independent
auditors. Participate in response to exam and audit concerns and provide corrective action of all Security, AML/BSA related
compliance deficiencies or violations.
Focus appropriate attention on significant 3d party relationships, assign ownership for those vendor relationships, and ensure
the proper degree of due diligence oversight is exercised both before entering into a contract and throughout the entire term of
the arrangement.
Make recommendations to the Compliance Officer and senior management when and where appropriate.
Maintain proficient knowledge of all applicable rules, regulations and regulatory guidance.
Radius Bank, Boston, MA
VP, Security, Information Security, Vendor Management and Interim BSA Officer (2010- May 2016)
Oversee all aspects of the organization-wide Security, Information Security and Vendor Programs. Including but not limited to:
o Risk Management
o Vendor Management
o Physical Security
o Fraud Monitoring and Alert Resolution
o Employee Access Control Management
o Application Access Control Management
o Social Engineering
o Summons/Subpoena Processing
o BSA Officer
Developed a formal written information security program that details the internal methods, procedures, and controls used to
protect nonpublic personal information of the bank’s customers. As part of the program, assist business line owners in
performing periodic risk assessments to determine potential areas of concern regarding information security.
Work with business lines to identify business processes, functions and technologies that contain, store and transmit customer
information and provide guidance in risk assessing each process via the WolfPAC Risk Management Application.
Manage vendors through the entire life cycle beginning with vendor risk assessment, evaluation and selection through contract
expiration and retirement via WolfPAC.
Focus appropriate attention on significant 3d party relationships, assign ownership for those vendor relationships, and ensure
the proper degree of due diligence oversight is exercised both before entering into a contract and throughout the entire term of
the arrangement.
Manage development and implementation of updated security protocols to address lapses created by advances in technology
and criminal strategies.
Create new loss control and anti-compromise measures to protect physical and information assets.
Perform daily review of fraud alerts (new account, debit, remote banking, stolen check, kiting) via Verafin’s FRAML Application
and working with business lines to investigate transactions that are suspicious in nature. Collaborate closely with BSA Officer in
this context, reviewing suspicious activity reviews when the BSA officer is away.
Collaborate with Human Resources, IT, and application administrators to provide/remove access for onboarding/terminating
employees.
Perform annual review of all Application employee access across all business lines to ensure compliance with Bank Policy.
Coordinate social engineering training and testing for all new employees and make recommendations to the Chief Risk Officer
for remediation, if needed.
Log incoming summons/subpoenas and oversee research to ensure required documents are forwarded on a timely basis.
Generate robust quarterly fraud, information security and vendor reports for senior management, board members and
examiners.
Developed training materials for BOD.
Coordinate and assist in the administration of independent, state and federal regulator and auditor examinations and reviews.
Make recommendations to the Senior Compliance Officer and senior management when and where appropriate.
Maintain proficient knowledge of all applicable rules, regulations and regulatory guidance.
Led BSA program again 2010 through 2012.
Participate in bi-weekly meetings with BSA, AML & Fraud Risk Committee to discuss potential risks and other compliance
related issues.
VP, Deposit Operations Officer (1996-2010)
Administered all aspects of domestic and international wire transfer processing from initiation to settlement.
Implemented and oversaw an ACH origination risk assessment, underwriting and approval program.
Supervised all aspects of ATM Card Management, Settlement and Deployment processes.
Standardized parameter administration for Core Banking Systems.
Designed and enhanced policy and procedures to meet bank objectives.
Managed retail and corporate online banking, new account, and bill payment systems.
3. Assisted in the implementation and oversaw a retail and corporate remote deposit capture origination risk assessment and
approval program.
Collaborated with Human Resources on the hiring process for all operations personal including creation of job descriptions,
goal setting and performance evaluations
Supervised operations employees creating a safe environment to gain the necessary motivation, autonomy and self-awareness to
successfully move to the next level of development.
BSA Officer until 2000
AVP, Retail Banking Officer (1992 -1996)
Oversee all aspects of Branch Operations including Security and BSA/AML monitoring responsibilities.
BSA Officer
Designed policies and procedures to meet the Bank’s objectives.
Developed cross sell and incentive programs to engage employees in meeting sales initiatives.
Monitored all branch activity for Customer Identification Program (CIP) compliance.
Created a Missing and Deficiency Log to assist in remediation of potential CIP errors.
Participated in Core Release updates including testing, training, creating procedures and implementation.
Performed monthly branch audits of critical functions.