Established in 1912, Bank of China is one of the largest banks in the world, with over $3 trillion in assets and a footprint that spans more than 60 countries and regions. Our long-term outlook, institutional weight and global breadth provide our clients with a stable and reliable financial partner, whether in Corporate or Personal Banking or our Trade Services, Commodities, Financial Institutions and Global Markets lines of business.

The Compliance and Risk management Officer is responsible for implementing and administrating all aspects the Bank’s compliance program pertaining to the Bank Secrecy Act (“BSA”), USA Patriot Act, Anti-Money Laundering (“AML”) Act, Counter-Terrorism Financing (“CTF”), and Office of Foreign Assets Control (“OFAC”) and other sanctions compliance. This role ensures that the MKD/MOD compliance efforts are maintained in accordance with laws and regulations, industry standard, regulatory guidance, and internal policies/procedures on a daily basis. The incumbent plays a vital role in managing the MKD/MOD’s risks related to BSA/AML/OFAC/CTF and other illicit financial activities, while aligning with the Bank’s BSA/AML Compliance Program, Sanctions Compliance Policy and Program, Risk Governance Framework and underlying regulatory requirements. Additionally, the incumbent will assist the Deputy Chief BSA Officer and Head of FLU Compliance Oversight, and Head of MKD/MOD to ensure the effective operation of the compliance program (including consumer and regulatory compliance). In addition, the incumbent is responsible for performing QCU related tasks.

Include but are not limited to:

Implement BSA/AML/OFAC/Sanctions Compliance Program in Front Line Unit

• Manage the MKD/MOD day-to-day adherence to the BSA/AML/OFAC/Sanctions/CTF and their implementing regulations, as well as internal policies and procedures.
• Provide subject matter expertise to guide the MKD/MOD in establishing of risk-mitigating controls commensurate with the MKD/MOD BSA/AML/OFAC/Sanctions/CTF and other illicit financial activity risk profiles, while maintaining independence.
• Maintain, update and communicate MKD/MOD compliance operational procedures or compliance operational guidance as necessary to ensure the processes and practices conform to the Bank and MKD/MOD unique money laundering, terrorist financing and other illicit financial activity risk profile.
• Maintain open communications with MKD/MOD staff by keeping them informed of regulatory updates, changes in internal policies and procedures and others emerging compliance risks. Deliver compliance related training to staff tailored to the business units’ BSA/AML/OFAC/Sanctions risks, and staff members’ specific functions, roles or responsibilities.
• Collaborate with business units to develop appropriate corrective actions addressing internal/external findings and compliance related issues/observations/exceptions/recommendations, ensuring timely resolution by target due dates.
• Regularly update LCD Management and senior management on ongoing compliance with BSA/AML/CTF, and OFAC and other sanctions regulations.
• Promptly escalate compliance issues as necessary to relevant LCD Teams, Deputy Chief BSA Officer, Chief BSA Officer, and other LCD Management.
• Proactively support the regulatory change management processes impacting the departments, conduct impact analysis while taking into consideration of the Bank and MKD/MOD risk profile (e.g., products, services, customers, and geographic locations, etc.). Enhance process and controls based on the new regulatory updates and address emerging risk indictors or red flags.
• Proactively support the compliance efforts and initiatives; participate in the new product/activity risk assessment processes aligning with the Bank and MKD/MOD’s risk profile. Proactively participate in change management process relating to compliance technology/system implementations, and other initiatives.
• Partner with MKD and MOD staff in charge of vendor relationship management to ensure adequate third-party risk management from a compliance risk perspective throughout the third-party relationship lifecycle.

Compliance Specific Tasks

• Work with MKD and FID for new FI non-customers/counterparty onboarding and/or existing counterparty refresh. Periodically or annually reconcile counterparty name list with FID.
• Transaction monitoring for MKD uninitiated transactions.
• Perform a product risk rating scorecard for any MKD new product or annual refresh of existing MKD products in LCD Risk Assessment Engine (RAE).
• Perform a monthly validation on MKD transactions for all products in LCD Risk Assessment Engine (RAE).
• Overseeing and executing risk management on Consumer and Regulatory Compliance areas to comply with the Bank’s policies and procedures, including procedure maintenance, training, Consumer and Regulatory Compliance risk assessment, and metrics reporting. Prepare compliance related metrics to management and respective second lines, including a Monthly Compliance Review Summary reflecting the overall status of MKD/MOD compliance control, existing issues, impact analysis on the relevant regulatory developments, and provide any necessary suggestions for improving compliance risk controls.
• Perform an annual BSA/AML/OFAC Sanctions Risk Assessment and Horizontal Risk Assessment.
• Prepare an annual OFAC Screening Checklist Form.
• Conduct the Compliance Risk Control Testing.

Risk Management Responsibilities

• Implement, or coordinate with relevant FLU teams on the implementation of, the RGF and risk management policies and procedures within FLU as well as enforcing relevant controls (e.g. Clean Desk check)
• Create and maintain FLU procedures pertaining to FLU Risk Managers’ responsibilities.
• Provide inputs/feedback to IRM risk management policies and procedures.
• Monitor FLU adherence to IRM standards and Requirements.
• Propose addition, modification and removal of KRIs and thresholds during annual review and off cycle adjustment, and facilitate the approval process.
• Monitor, maintain and report KRIs owned by FLU according to the governance requirements in the KRI Procedure.
• Identify and escalate KRI warning line and limit breaches according to the KRI Procedure.
• Produce FLU risk reporting for applicable risk areas, and report to Senior Management, IRM and risk committees as appropriate.
• Identify existing and emerging risks potentially impacting the FLUs if any.
• Identify incidents and issues and report to respective IRM.
• Remediate issue or monitor issue remediation according to action plan, validate issue closure documentation for FLU owned business identified issues.
• Conduct risk assessments pertaining to the respective risk areas (e.g., ERA, RCSA).
• Maintain a control inventory, process mapping and other documentations as applicable.
• Develop control testing plan.
• Conduct control testing, report results, monitor control
• Issue remediation as applicable and validate issue closure documentation.
• Review the risk self-assessment accuracy and completeness of new activity and propose improvement suggestions if necessary.
• Support product owner to inspect new activity pre-launch condition implementation and provide review opinions.
• Supervise and participate in the annual product annual risk assessment.
• Attend risk management related training.
• Identify risk management training needs for FLUs.
• Review the application security requirements, and conduct security control testing on processes, systems, and applications as applicable.
• Assist ORD in conducting security monitoring investigation as needed.
• Coordinate risk management related requests from internal/external audit, Head Office and regulators within FLU.

Other Department Responsibilities

• Conduct Quality Assurance on Anti Bribery and Anti-Corruption (ABAC).
• Perform Bank wide LGO Anti Bribery and Anti-Corruption (ABAC) Risk Assessment.
• Perform monthly ERM Strategic and Reputation Risk reporting for MKD/MOD and TRY.
• Perform monthly ORD Operational Risk reporting.
• Perform Bank wide FFIEC Cybersecurity Risk.
• Assessment Tool (FCAT) for MKD, MOD and TRY.
• Perform Bank wide Wholesale Payment Risk Assessment (WPRA) for TRY.
• Other ad-hoc QA assignment of MKD/MOD/TRY projects or system testing.
• Per HR requirement, to provide comments/input of Risk Management, Compliance and Internal Audit” (RCI) for MKD, MOD and TRY performance target and coaching & communication when request.
• Assist FLU and IRMs to remediate the bank Regulatory Issues (e.g. MRA, MRIA, etc.) or Audit Issues

• Bachelor's degree is required; master's degree or higher level degree preferred.
• Minimum 5 years of BSA/AML/OFAC and other sanctions compliance and risk management experience required.
• 2-3 years of Regulatory Compliance experience required.
• Financial services background experience is required.
• BSA or sanctions training and/or certificate preferred.
• CAMS (Certified Anti-Money Laundering Specialist) credential preferred.
• Demonstrate sound knowledge of  U.S. banking regulations and compliance practices with strong emphasis on all aspects of BSA/AML/OFAC/Sanctions/CTF.
• Bilingual ability in Mandarin and English preferred.