Candace Brosnan

• Co-ordinating and overseeing the compliance incident management process, including identifying and implementing opportunities to optimise the process
• Manage the incidents within the Operations Portfolio which cover Claims, Complaints, Sales & Services and Supplier Partnerships - to date assessed 1,086 incidents in 14 months with an average time to complete assessment under ~4 days, with only 5 incidents exceeding 30 days due to delays in obtaining information from the business.
• Assisted in the closure of two long dated incidents from 2021 and 2022.
• Provide services to business stakeholders within Operations to ensure compliance incidents are managed effectively, accurately and in a timely manner
• Co-ordinating the breach assessment process with relevant business stakeholders by drafting Compliance Assessment to be presented at the relevant Breach Assessment Forums.
• Co-ordinating the breach reporting process with relevant business stakeholders, drafting submissions, obtaining relevant approvals, and ensuring submissions are made within regulatory timeframes
• Providing support with responding to Regulator requests for information (RFI) including collating the information and investigating concerns raised by regulators via the incident management process (assisted from a compliance perspective on close to 30 RFIs to date)
• Assisting with deep-dive thematic reviews and/or analysis to identify gaps in compliance or regulatory compliance issues
• Conduct ongoing trend analysis to assist with identifying systemic issues which may require assessment, breach determination and reportability to regulators – with recent trend analysis focussing on GICOP Part 11 and RG271 compliance, GICOP Part 8, and Refunds
• Work closely with the systemic issues team on issues identified through trend analysis, as well as issues they might identify through analysis of complaints data
• Assist with preparation of the annual CGC Data Return

• Worked collaboratively with the Group functions, business units and other stakeholders across the Group to ensure effective and efficient management of regulatory risks
• As a team act as a central point of contact for AMP’s regulators via a centrally controlled team mailbox
• Assist in developing, communicating and implementing a consistent regulatory relationship strategy
• Maintain the Group regulatory commitments register to ensure AMP meets it regulatory commitments in a timely manner
• Reviewing material correspondence to regulators; providing internal review and challenge; and assisting with the Commitments Register
• Coordinate prudential reviews and meetings with regulators including pre-meeting preparation, briefing notes, coordination of follow up actions, ensuring timely responses, monitoring/reporting of actions and maintaining a central and complete file for each review for future reference
• Provide regulatory SME support to all CROs, the Group Compliance team, ERM and business units on regulatory matters
• Monitor, identify, report and facilitate remediation of incidents of non-compliance with the Group Regulatory Engagement Policy
• Produce or support the production of materials to communicate regulatory requirements / commitments / engagements

Number of direct reports: 3

• Support timely management and escalation of incidents and potential breaches in accordance with Governance frameworks
• Manage investigation, rectification, and remediation of incidents, issues and breaches
• Provide support and oversight to the business in relation to incident, issue and breach management functions:
• Drafting Rectification Plans for all medium, high rated and reportable breaches to ASIC, together with collating supporting evidence for verification. Rectification Plans outline background information as well as 3 keys areas of resolution for incident and issue management: rectification, control uplift and client remediation
• Monthly reporting for all medium, high rated and reportable breaches for AMPA and LT Risk Committees
• Drafting quarterly Breach Reporting updates to ASIC for all open breaches together with verification of all supporting evidence and working collaboratively with all stakeholders (business, GRR, DRRR, legal, Line 2 and CRO) to ensure a complete, accurate, quality, verified, signed off response is provided timely to regulators
• Draft Breach Reports for any new reportable breaches as per process outlined above
• Provide support to business owners to ensure effective management and closure of incidents, issues and breaches
• Review events for lessons learnt, including identification of systemic issues across different processes / business lines
• Documentation and reporting of work through GRC and appropriate governance
• Assist with scheduling and tabling matters for hearing at Incident Review Group including drafting of Memo’s for complex matters and/ where legal advice is required
• Line 1 Risk representative at Advice Breach Committee where reportability to regulator is determined
• Responsible for oversight of E2E control environment across relevant business functions within Advice Division including controls assurance plan
• Develop and manage a team of risk professionals and continuously improve risk management processes
• Responsible for ensuring up-to-date Risk Profile (RCSA) for certain Advice Business functions in my remit
• Support Head of Risk and Compliance (HO) in producing Risk reports for risk committees, EXCO and Boards
• Support with Risk Appetite Statement (RAS) reporting
• Leading and coordinating Controls Assurance related initiatives across people, processes and systems as requested
• Review and assess control test plans and methodologies for controls for Advice Division with consideration of business operations, processes, and risks

Key deliverables:

• Working through updating and embedding new processes and procedures for the Advice division (i.e client file review, complaints, self-reported adviser issues and remediation) post 30 September 2021 under RG78
• Closure of two open long dated breaches from 2017 within 6 months of joining the team

Number of direct reports: 2

• Complaints management – management of adviser complaints and liaison between adviser and Group Customer Relations to see the successful resolution of IDR and EDR complaints ensuring any customer wrongs were put right
• Ongoing monitoring and reporting of complaints to ensure any systemic issues were investigated and remediated if required
• Incident & Issue management – ensuring incident and issues are raised in a timely manner and owned at the appropriate management level; tracking of agreed actions to ensure timely resolution; ensuring incidents and issues are appropriately rectified by addressing the root cause; ensuring appropriate controls have been enhanced or newly created and are designed and operating effectively; and ensuring that any client remediation has been addressed
• Contribute to risk reporting to the Licensee Risk Committee (LRC) and Non-Financial Risk Committee (NFRC) as well as assistance with drafting the risk and complaints papers, to build awareness and understanding of risks, issues and opportunities and ways to manage these at the required level
• Assist in the preparation of business response to regulatory Notices and RFIs received from ASIC, including collating the relevant information and verification of the source data for accuracy and completeness, and obtaining all required sign-offs
• Create and implement effective and sustainable controls to help the business meet its objectives and reduce its risk, including the design and operating effectiveness testing of controls
• Driving the delivery of the annual assurance program that encompasses Controls Assurance Program testing and targeted reviews
• Work with key stakeholders across the Aligned Advice business to drive improvements in advice quality and compliant practices & activities that aim to reduce the overall risk profile of the AFSLs.
• Quarterly Risk Control Self-Assessment (RCSA) workshops (90-day Challenge Workshops) to discuss prioritised risks and formulate actions to reduce the residual risk
• Preparation of workshop packs, agenda, minute taking, as well as the Risk Management Action Plan to track agreed actions
• Identification and monitoring of key risk indicators (KRIs) and Risk Appetite Statement (RAS) metrics to alert senior leaders to have a strong risk awareness
• Remediation management – management and oversight of adviser remediation and liaison between licensee and Quality Advice Assurance (QAA), Investigations and Remediation teams
• Key point of contact for QA in relation to adviser remediation escalations, queries, and determining appropriate remediation
• Responsible for determining whether instances raised across adviser file audits required a broader investigation and remediation across the adviser’s client book (via incident remediation)

Additional deliverables:

• Improved complaints reporting to ensure we met our licensee obligations around the complaint’s management process
• Line 1 risk lead on the Better Risk Outcomes Program (BROP) in response to the APRA report ensuring the timely implementation of the various recommendations and rollout of updated group policies to the Aligned Advice team. Timely execution of BROP deliverables including: rollout of the new Issue Management Standard, Incident Management Standard and Group policies around Conflict Management, Gifts & Entertainment, and Remediation; Risk Profile consolidation; reporting at the NFRC and preparation of committee papers; and improved RiskInSite (GRC) data quality
• Line 1 Risk lead on the Royal Commission Response team assisting in collating the information required as well as verifying the documentation for submission for accuracy and completeness

Number of direct reports: 12

• Lead, manage, coach and develop a team focused on investigating the quality of advice provided to our Customers and ensure the successful investigation and resolution of customer cases
• Influence adoption and application of OARp advice assessment management tools, methodology guidelines and processes by: Coaching and mentoring team members; Building productivity competency; Regular quality assurance checks to drive consistency and ensure the highest quality; Ensuring any business risk issues are raised and dealt with appropriately and through change management
• Build and establish continuous improvement best practice within the team to help drive and implement continuous improvement ideas
• Oversee and manage the performance of the team, which involved: Workflow management; Strategic allocation of resources; Data analytics of performance metrics – throughput and quality; Personal and career development to ensure they are working to their strengths

Key deliverables:

• Senior Manager Delegate responsible for the workflow management, strategic allocation of resources across 6 teams, management of strategic initiatives, and risk management
• A quorum member of the Advice Technical Forum responsible for developing the methodology and providing technical support and decisions for case assessment queries
• Liaising with legal counsel, customer engagement team and other stakeholders on methodology rollouts
• Tasked with forming a Risk Champion network to assist in identifying, communicating and relaying any issues or incidents to the leadership team. The Risk Champions were successful in creating a culture where everyone felt comfortable in raising any risks they identified so that they could be escalated appropriately
• Organised risk management training for the Advice Assessment Team (team of 150)
• Assist with Issues and Incident management and escalate within required timeframes
• Tasked with co-ordinating the creation and classification of 17 case studies to take our new starters through Competency and ensure that they were sufficiently trained to begin assessing live cases
• Reduced the competency timeframe from 7 weeks to 2 weeks leading to increased throughput
• Presenting continuous improvement initiatives to the Decision and Prioritisation Support (DaPS) committee for approval
• Development of a Style Guide which was successful in terms of improving the quality and consistency of case assessments

Key Achievements:

• Selected to participate in the Springboard Leadership program for female leaders
• Developed two high performing teams recognised for their capability, throughput and quality