Chief Risk Officer, LMI

With a company culture rooted in collaboration, expertise and innovation, we aim to promote progress and inspire our clients, employees, investors and communities to achieve their greatest potential. Our work is the catalyst that helps others achieve their goals. In short, We Enable Possibility℠.

JOB SUMMARY 

The Chief Risk Officer (“CRO”) is a broad and important role and is a key member of the Executive Committee and is responsible for assisting the Board and Senior Management in maintaining the Risk Management Framework of the Company. The role is positioned as the second line of defence. As such, it has a strategic focus, and must understand the enterprise risk, monitoring changes in the risk profile and ensure risk is aligned within the company’s risk appetite and tolerances. 

The CRO role has senior executive responsibility for the day-to-day management of a number of Accountable Functions of Arch, including the following functional responsibilities:  

• Enterprise-wide risk management, including risk controls, 

• Compliance, 

• Breach reporting, 

• Whistleblowing, and 

• Recovery and resolution planning. 

The CRO role is expected to provide relevant and insightful risk advice, oversight, reporting and counsel to the company regarding guidelines, regulatory obligations, frameworks policies, procedures and methodologies to develop a strongly performing insurance book of business. This includes ensuring the control systems are both appropriate and effective. The CRO reports directly to the CEO and Country Head of Arch LMI. The CRO role has direct access to the Board and Board Committees, the Global Internal Audit and Legal functions and is regularly expected to engage in mandatory regulatory sessions with the Board and its Committees. These include: 

• Board Risk Committee (standing invitee), 

• Board Audit Committee (standing invitee), and 

• Board Technology Committee (standing invitee). 

The CRO also has functional responsibility for the Compliance Function supported by the Head of Compliance. 

The details of the CRO’s Job Description are consistent with Arch’s Accountability statement required under the Financial Accountability Regime Act 2023 (Cth) (FAR Act). 

Accountable Person Details 

Reports to CEO and Country Manager 

Accountable Function Risk and Compliance 

Board Committee Memberships 

AFHA, Arch Indemnity and Arch LMI: 

• Board Risk Committee (standing invitee), 

• Board Audit Committee (standing invitee), and 

• Board Technology Committee (standing invitee). 

Executive Committee Memberships 

Chair of: Management Risk Committee. 

Member of: 

• Executive Committee, 

• Management Technology and Privacy Committee, and 

• Management Underwriting Committee. 

Responsibilities under s10(1) and 10(6) of the FAR Act 

The Accountable Person has senior executive responsibility for the day-to-day management of the Accountable Function of Arch, which includes the following functional areas:  

• Enterprise-wide risk management including risk controls, 

• Compliance function, 

• Breach reporting, and 

• Whistleblowing. 

Responsibilities under s10(2) and 10(3) of the FAR Act as prescribed under the Minister rules 

In respect of AFHA and Arch Indemnity, senior executive responsibility for management of overall risk controls or overall risk management arrangements.  

In respect of Arch Indemnity, senior executive responsibility for management of Arch Indemnity’s: 

• Compliance function, and 

• Breach reporting. 

Key functions 

• Financial and regulatory reporting (regulatory reporting only), 

• Operational risk management, 

• Recovery and exit planning and resolution planning (resolution planning not applicable to Arch), and 

• Training and monitoring of relevant representatives and staff. 

GENERAL MANAGEMENT RESPONSIBILITIES 

The Accountable Person has the following general management responsibilities in respect of the Accountable Function of Arch, to the extent they are relevant the activities of the Accountable Function: 

Strategy and Business Plan 

Leading the performance of the Accountable Function in line with the Board approved strategy, business plan and risk appetite for Arch. 

Organisational Structure and Governance 

• Where the Accountable Person is the Chair of a management committee, leading the committee, facilitating the effective contribution of all committee members, approving committee agendas and ensuring adequate time is available for discussion of all agenda items. 

• Where the Accountable Person is a member of a management committee, participating in discussions, constructively challenging when appropriate, and contributing to recommendations for decisions by the relevant decision maker. 

• Determining the organisational structure and internal governance arrangements for the Accountable Function. 

People and Culture 

• Monitoring the adequacy and appropriateness of staff reporting into the Accountable Person for the Accountable Function. 

• Determining the delegated responsibilities of direct reports and supervising the discharge of those responsibilities. 

• Monitoring the implementation of Arch’s people policies in the Accountable Function, including in relation to training and development, performance management, people development and hiring, workplace health and safety and remuneration and reward. 

• Supervising the completion of mandatory, ad hoc and specialist training by and development of staff in the Accountable Function. 

• Supporting the implementation of Arch’s desired culture and values in the Accountable Function. 

Risk Management and Culture 

Monitoring the implementation of the risk management framework and strategy in the Accountable Function, including the: 

• Identification, assessment, mitigation, monitoring, and reporting of risks and incidents, 

• Implementation of risk management controls, resources and self-assurance processes to manage risks, and 

• Escalation and remediation of risks and issues as appropriate to maintain the Accountable Function’s risk profile within the approved risk appetite. 

Compliance 

• Operating the Accountable Function consistently with relevant laws and regulations, as well as Arch’s policies and standards. 

• Escalating and remediating compliance breaches by the Accountable Function in accordance with the Incident Management Policy. 

Operational Risk 

• Leading the delivery of projects for which the Accountable Person is a project sponsor, including in relation to project governance, budgeting, time sensitivity, resourcing, and the achievement of project outcomes within the approved risk appetite. 

• Supervising the delivery of project-related responsibilities allocated to the Accountable Function by other project sponsors. 
   

• Monitoring the management of business continuity risks in the Accountable Function, including: 

• Undertaking business impact analysis to identify critical business functions, resources and infrastructure recovery objectives and implementation strategies, 

• Implementing the Business Continuity Plan (BCP) in the event of a business disruption, and 

• Supporting with periodic testing of the BCP where relevant to the Accountable Function. 

• Monitoring the management of risks associated with, and the performance of, service providers and outsourced activities required to support the activities of the Accountable Function in accordance with Arch’s service provider management framework. 

Information Technology and Security (including cyber security) (IT) 

• Communicating the Accountable Function’s business objectives in relation to information technology (IT) to the Technology team. 

• Implementing IT policies in the Accountable Function, including in relation to user access, information and asset management, operational security and awareness, third party security and information security incident management.  

Data Management 

• Monitoring the collection, processing, retention, publication, security and disposal of data in the Accountable Function consistently with the Arch’s data governance policies and procedures and applicable laws and regulations. 

• Monitoring that staff in the Accountable Function undertake ongoing training and awareness sessions on data governance practices. 

Reporting, Escalation and Advice 

• Reporting to the Board, Board Committees, CEO and Executive Committee members (as appropriate) in relation the activities of the Accountable Function. 

• Escalating and advising on material issues which are within the scope of the Accountable Person’s role to the Board, Board Committees, CEO and Executive Committee members (as appropriate). 

Regulatory Engagement 

• Communicating with regulators in accordance with the Business Code of Conduct and Regulatory Engagement Procedures (local procedures). 

• Maintaining an open, constructive and cooperative relationship with regulators and external auditors. 

Functional Responsibilities 

The Accountable Person has the following functional responsibilities in respect of the Accountable Function of Arch: 

Risk Management 

• Proposing the risk management strategy and risk appetite statement to the Board for approval. 

• Developing, maintaining and monitoring the implementation of Arch’s risk management framework and strategy (RMF) for managing material risks. 

• Delivery of the responsibilities of the Risk function in its capacity as the second line of defence under the RMF, including by: 

• Monitoring the implementation and assessing the effectiveness of the RMF across Arch, 

• Providing information, training, advice and tools to the first line of defence to assist them to identify, manage and monitor risks, 

• Providing independent oversight and challenge to the risk management activities and risk positions of the business lines, 

• Monitoring and following up on risk-related remediation actions with relevant Accountable Persons, 

• Monitoring Arch’s overall risk profile relative to risk appetite, 

• Reporting and advising on the RMF and Arch’s risk profile to the CEO, Executive Committee and the Board (via the Board Risk Committee), and 

• Preparing the CPS 220 attestation for Board approval. 

• Determining whether actual or potential breaches are required to be notified to the Executive Committee, the Board or relevant regulators. 

• Reporting actual or potential breaches to regulators in accordance with relevant laws and regulations. 

• Identifying the need for and developing enterprise-wide risk management and compliance training for delivery across Arch.  

• Developing and monitoring the implementation of Arch’s Model Risk Management Policy, including processes and activities for conducting an independent review of risk modelling validation. 

• Providing input to the Internal Audit team for preparation of the annual risk-based internal audit plan and the preparation of internal audit reports. 

Operational Risk Management Framework 

• Developing, maintaining, and monitoring the implementation of Arch’s operational risk management framework, including review of the service provider management policy and business continuity risk management framework. 

Risk culture framework  

• Developing, maintaining and monitoring the implementation of the risk culture framework (within the RMS). 

• Assessing and advising on risk culture to assist the Board to form a view of the risk culture of Arch, and the extent to which that culture supports Arch’s ability to operate consistently within its risk appetite, identify any desirable changes to the risk culture, and monitor whether Arch takes steps to address those changes. 

• Promoting a culture where people are encouraged to raise any issues or concerns. 

Compliance  

• Developing, implementing, and monitoring Arch’s compliance framework to support Arch to comply with regulatory and legal requirements including developing and presenting, for Board sign off: 

• Compliance tolerances within the risk appetite, and 

• Compliance risk framework. 

• Developing and maintaining the process for identifying and responding to regulatory changes, incident management and breach reporting. 

• Developing and monitoring the implementation of the Corporate Document Governance Policy. 

• Developing and monitoring the implementation of compliance obligations registers, including: 

• Allocating responsibility for complying with each of the obligations listed in the obligations registers to Arch staff; and 

• Co-ordinating and administering the attestation processes for compliance obligations management. 

• Monitoring the first line of defence execution of the compliance framework to provide an appropriate level of assurance to the CEO, Senior Management Team, and the Board that material obligations are being managed within compliance tolerances. 

• Providing information, training, advice, and tools to the first line of defence to assist them to identify, manage and monitor breaches of compliance obligations. 

• Developing and implementing mechanisms to monitor, report and manage incidents and breaches. 

• Monitoring and reporting breaches and compliance matters to the CEO, Management Committees, and the Board. 

• Leading and supervising the compliance function, including assessing whether the number of staff is adequate, and staff are appropriately trained and competent to manage compliance risks. 

People and Culture 

• Developing and maintaining Arch LMI’s Whistleblower Policy. 

• Supervising the responsibilities of the Internal Whistleblower Protection Officer who reports to the Accountable Person. 

• Monitoring the appropriate management of whistleblower complaints by Arch Group. 

• Monitoring that staff in all Accountable Functions undertake ongoing mandatory training. 

Recovery, Exit and Resolution Planning 

• Developing, maintaining and monitoring the Recovery & Exit Plan including reporting and advising on the Plan to the CEO, Executive Committee and the Board Risk Committee 

• Proposing the Recovery & Exit Plan to the Board for approval. 

Limitations and Exclusions of Responsibility 

• The CRO role must seek to discharge their responsibilities consistently with Arch’s global management structure, operating model and governance, risk management and control frameworks (including associated policies and procedures), as adopted by Arch and subject to complying with Australian legal and regulatory obligations. 

• The responsibilities related to the key functions allocated to the CRO role are as described in this job description and the accompanying Accountability Statement and not as described in Attachment B to the Financial Accountability Regime Act (Information for Register) Regulator Rules 2024. 

Job Specifications 

Knowledge & Skills: 

• Knowledge and expertise in mortgage credit risk, LMI and structured financial transactions. 

• Technical and quantitative knowledge of APRA regulatory capital rules and APRA regulation of banks and general insurers. 

• Technical and quantitative knowledge of bank capital including Basel Committee capital rules (Basel II and Basel III). 

• Depth of knowledge and insight into the key drivers of residential mortgage credit losses including borrower, product, property, geographic and lender specific attributes along with macro-economic and socio-demographic factors. 

• Strong project management skills and demonstrated ability to deliver results under tight deadlines and competing objectives 

• Ability and willingness to work outside normal business hours including weekends and holidays when necessary. 

• Strong communication skills in written and verbal formats; ability to address a broad range of audiences including Senior Management, the Board and its Committees, the Appointed Actuary, the Reviewing Actuary, the Arch Capital Group Senior Executives and key stakeholders including APRA, ASIC, Rating Agencies, and Reinsurance Market. 

• Ability to lead a team of risk and compliance staff in the second line of defense. 

• Credibility among industry peers. 

• Strong interpersonal skills and willingness / ability to function as a member of a multi-disciplined, international team. 

• Professional maturity and quiet confidence. 

• Bias towards action and self-directed. 

• Unquestionable integrity and moral compass, including successful fit-and-proper assessment. 

• Strong intellectual curiosity. 

Education & Experience: 

• Required knowledge and skills would typically be acquired through an MBA or bachelor’s degree in finance, economics or related field and approximately 10-15 years of related experience in risk management and analysis. 

• A senior actuarial qualification including Fellow of the Institute of Actuaries of Australia. 

• Advanced knowledge of data platforms, tools and methodologies. 

Working Conditions / Environment & Physical Demands 

• Normal office environment - The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations will be made to enable qualified individuals with disabilities to perform the essential functions of the job. 

• Attendance / Punctuality - Is consistently at work and on time. Willing to periodically work hours to accommodate other time zones. Ensures work responsibilities are covered when absent. 

• Hybrid work schedule. 

• Occasional domestic and international travel is required. 

Disclaimer 

Incumbent may be asked to perform other duties as required

Do you like solving complex business problems, working with talented colleagues and have an innovative mindset? Arch may be a great fit for you. If this job isn’t the right fit but you’re interested in working for Arch, create a job alert! Simply create an account and opt in to receive emails when we have job openings that meet your criteria. Join our talent community to share your preferences directly with Arch’s Talent Acquisition team.