Dickson Koh

• I am responsible for steering risk imperatives and implementing and managing enterprise, operational, merchant and third party risk covering all Australian entities through practical value adds
• Our vision is to be best in class risk leader and trusted advisor to our organization
• Lead and develop a high performing Line 2 team achieve organizational goals, this has broad spectrum coverage across security, risk and compliance

Enterprise Risk

• Implement Risk Management Methodology and ancillary frameworks to help management prisk and opportunities. This includes undertaking risks assessments, facilitating risk forums and also preparation of various board packs and presentations.
• Drove the implementation of risk appetite statements and risk indicators across the organisation
• Embed risk and compliance culture by developing three lines of defence videos, posters and regular training sessions on all key areas such as third party risk management, incident management etc.
• Utilised various mechanisms for better storytelling, visualisation and automation of work flow. This included the automating key risk indicators data collection and visualisation using PowerBI and MS List.
• Implemented financial risk leakage model to increase visibility of monies recovery resulting from business incidents and improved company’s bottom line
• Implementing risk maturity assessment and benchmark using industry standards e.g. RIMS Maturity Model
• Work with go-to market functions in establishing opportunities and assessing risks
• Close collaboration with European counterparts to ensure alignment between Group and ANZWL Payment Solutions and be the go to team in terms of risk related matters
• Drove the implementation of GRC tools (ReadiNow, ServiceNow and RSA Archer).

Operational Risk

• Build controls framework that is aligned with IIA's Comprehensive Assessment Model and identified key controls and routinely assess and test these key controls through controls self-assessment and design/operating effectiveness testing relating to high risk areas to mitigate and prevent potential losses
• Implemented a robust business incident reporting tool and process within the business > 100% of incidents reported and included bow-tie technique for root cause analysis.

Third Party Risk

• Implement/Assess/Manage Third Party Risks relating to Information Security, Business Continuity etc, through the use of OneTrust tooling

Merchant Risk

• Develop and enhance Merchant and Acceptance Entities Rules and Requirements Framework to align risk and rewards against Management’s risk appetite
• This includes developing rules/guidelines to mitigate our risks relating to financial crime due diligence, merchant fraud, sanctions etc
• Localised risk class and improve boarding flow to allow 70% onboarding of Merchants with minimal rules and requirements, balancing risk and rewards as well as reducing boarding friction through the use of proxies.

Security

• Oversight over Security compliance with PCI DSS Compliance and ISO 27001 and also support security maturity uplift by using NIST Maturity Model to assess organizational maturity

Compliance

• Oversight over Regulatory/scheme compliance including upcoming payments licensing (e.g AFSL), AML/CTF Compliance etc
• Ensure policy requirements are complied with and that there is active monitoring of new rules and regulations that make result in changes on obligations
• Ensured compliance to WL policies and local AU regulatory requirements

• I am responsible for managing the risk profile and contribute to the well managed agenda
• This includes assessing the Tribe’s key risks and having oversight over its KRIs, Treatment plans, Reportable Events and Controls testing of the Tribe
• I also oversee Tribe change management process, and any other compliance activities and act as the key liaison with second line risk and our assurance partners
• Some of the activities that I have managed and uplifted includes:
• Creation of the Tribe’s Operational Risk Framework and uplifted monitoring mechanisms to ensure risk events and treatments are up to date, accurate and complete
• Assessment and the management of risk relating to the transfer from ANZ to the new Joint Venture
• Assess, review and rollout of new obligations such as the anti-competition rules, RG 271, significant breach reporting, Project Augur etc.)
• Managing of 80+ reportable events and ensuring that remediation is on track and be the key escalation point to relevant parties as appropriate
• Chair the Merchants Services Risk Forum and Health check forums and attends other related forums (Portfolio Risk Forum, Change Advisory Forums, Value Chain Forums and Deposits Risk Management Forum)
• Completed Visa Payments Management Lab – 2021 (Top Simulation Team)

• I am responsible for providing assurance over Finance APRA regulatory returns and this includes conducting risk assessments to IT and non-IT controls testing of those returns as well as compilation of the program and reporting it to all relevant stakeholders
• Oversee the governance of APRA EFS (Economic and financial statistics) implementation
• Performed reviews over the regulatory reporting controls of international regulatory returns e.g Singapore and China
• Key point of contact on matters relating to audit, governance and controls for internal stakeholders such as ANZ Compliance team and the ANZ regulatory reporting teams, External Audit (KPMG) and internal stakeholders
• Attends the APRA Governance Forums and provide insights from governance/controls perspective
• Ensure other areas of compliance such as BBSW compliance
• Provides training to stakeholders on Regulatory reporting controls framework
• Other responsibilities includes updating and developing/implementing policies and processes such as Financial Governance Framework, Finance Escalation Requirements, Controls framework for Ah-hoc/Covid-19 requests by Regulators, Enterprise Data Governance Framework and Integrated Technology Risk Management Framework
• Identify key reporting risks, creation and monitoring of key risk indicators, as well as the compliance aspects of regulatory reporting to the broader bank framework (I.AM)
• Assist in the broader Finance operational risk such as maintaining and updating the obligations registers and information asset register
• Involvement in Financial Governance related activities such as review of appropriateness of financial controls for IFRS 16; took lead and streamlined the year end results announcements tick and tie
• Assist in the broader Finance operational risk such as maintaining and updating the obligations registers and information asset register

Key Clients: AustralianSuper, Investa Property Group, National Australia Bank, China Construction Bank and Cooper Investors.

Asset Management

• I am the lead manager responsible for the delivery of financial statements audit, risk and compliance engagements such as AFSL, SIS Compliance and Prudential Standards
• This includes project management from inception to completion of engagement (includes planning, budgeting, scope and resourcing, coaching, preparation of deliverables and acting as key point of contact to stakeholders)
• I am also responsible for developing effective audit approaches through understanding and evaluating the end to end processes and control environment, assessing the design and operating effectiveness of the controls and implementing substantive tests
• I regularly mentor and coach my teams in complex areas and review their work performed
• I prepare management letters on control deficiencies/financial impact observations, raise recommendations on mitigating controls and suggest remediation
• I also own the process for preparation of audit plans and board papers and present a section at the Board and Audit Committees
• The findings and insights in our board reports were appreciated and considered as a key value-add
• Lead risk and controls optimization projects within the asset management industry and presented reports detailing process and control deficiencies/uplift
• The recommendations were well accepted by senior stakeholders and these when implemented brought about significant efficiencies in the management’s internal processes
• Performed comprehensive risk management framework reviews and benchmarking across risk and compliance to identify emerging risks and trends
• Also benchmarked policies, processes and procedures across clients to identify gaps
• These were provided as value add to the client which was well received
• Lead AASB 9, 15 and 16 conversations and worked with management to implement these new accounting standards

Banking

• Ensure compliance with the APRA prudential standards by testing the completeness and accuracy of form submissions under APS 310 requirements and dealt with adverse audit opinions.
• Reporting our findings from the audit and providing recommending to management
• I have also lead benchmarking exercise on APRA forms across banks to identify inconsistencies and this also includes following up with regulators (e.g APRA) on ambiguities on forms
• Assessed the risk management framework of the financial institutions (e.g CPS 220) to identify issues with risk culture and governance and propose best practices to remediate gaps
• Experienced in regulations set by Monetary Authority of Singapore relating to financial institutions. This includes Anti Money Laundering (AML/CFT).
• Proactively uplift the firm’s culture by being part of the PwC Sydney Assurance Change Committee, National Be@PwC Member, FS Assurance People’s Committee
• Was presented an award for displaying exemplary values

• Consistent rating of 2 (Highly effective performance) and Letter of Commendation from client in 2013
• Service Excellence Team Award (SETA) 2013 – Silver and Captain of KPMG Corporate Sports Team
• Specializations – Financial Institutions and others
• Companies audited but not limited to: Financial Institution (ABN AMRO Bank, Bank of Singapore and Saxo Capital Markets) / Manufacturing - Panasonic