Salary.sg Forums - View Single Post

#**2250** (**permalink**) 17-06-2024, 11:45 AM

Quote:

Originally Posted by Unregistered

I agree. We should always think of ways to improve.

Personally, my own jobscope turned out to be quite different from what the job description said. It is pretty annoying. But there are other reasons why I'm still here I guess, along with the colleagues who have stayed. Ultimately its a balance of pros and cons that each person must weigh for themselves.

Management chasing the "next new shiny thing" is actually important for our work. Especially in FSG, new risks are emerging all the time, and it is incumbent upon us to assess whether such risks can be managed by our FIs. Cyber risk and AI risk in particular, will become very prominent within the next few years. As much as I don't want to jinx myself, cyber attacks will increase in frequency and severity as the world becomes much more digitalized. Climate risks probably not so much.

What I disagree with, however, is the adhoc manner in which such risks are dealt with. The right way should be for top management to sit down and come up with the best way to address these risks. How to assign work between the departments, what data needs to be collected and how to store it, is existing legislation enough to address these risks, do we need to shift headcount or add more headcount to be able to tackle these risks, what kind of expertise should we be looking to obtain, do we have such expertise in-house, etc. A strategic view is definitely required.

But no. What usually happens is that some random boss casually comes across an article online that talks about this risk. He/she then suddenly feels that this is an important risk, and then sends an email to the departments asking them whether our FIs are exposed to this risk. The officers then have to scramble to ask the FIs for such information, with no sense of how urgent this matter is, or if it is even urgent in the first place. The FIs themselves sometimes also don't even collect such information in the first place. Anyway the boss gets his/her report after the officers hastily put together something for him/her and replies with a simple email of acknowledgement.

Here are issues with the process:
1) The boss doesn't consult with the other bosses whether this is a risk that MAS should devote attention to. He/she is simply basing it off an article that was published. It might actually be a small risk or a risk that is already managed relatively well.
2) If it is an important risk, then it must be considered what is the information needed to address this risk.
3) If this risk is established to be important and recurring, then a formal process should be instituted among the departments to monitor this risk, along with regular data submission. Instead, arbitrary data is being collected each time which makes it unpredictable for the FIs. This is because the process of data collection each time was not seriously thought through.
4) Even after the data is submitted, there must be an analysis of the data, with people expressly designated to do it. The question then needs to be asked who are the people who should do it and are they qualified to do it.
5) After the analysis has been done, it remains to be discussed what is the residual risk left, and whether any remediation to the legislation or supervisory framework needs to be carried out.

This is a fairly straightforward process that I think everyone in MAS, even the bosses, agree with.

Unfortunately, it is not being implemented very well. Instead, we get patchwork of random information collection that needs to be carried out, sometimes for seemingly unimportant items just because a boss got too carried away with the article. And then after an email to the boss, the issue is considered "closed", until the boss reads his/her next article some time in the future, when he/she suddenly gets reminded of the risk again. You also have to factor in the change in boss(es), where the new boss might be clueless as to what the old boss had asked.

So yes, the poor officer has to deal with this unpredictable behaviour because no systematic approach in the organization was taken to address such risks. And yes, there are certain bosses who expect the officer to have a lot of information about the FI on hand, without considering whether such information is collected routinely. The officers are not from Hogwarts and simply cannot come up with stuff on the wave of a wand.

On issue (3), on occasion departments with related functions collect similar sets of data from different teams within the same FI, in the absence of someone from MAS who take it upon themselves to coordinate the approach, the poor FI compliance staff from different teams is confused by the seemingly duplicitous requests because they thought they already provided the info to another officer in MAS. Of course the FI compliance has little choice but to drop their existing work to attend to regulator’s request. It is also not the fault of the poor MAS staff, as they were only acting on instructions to request for the information and were not aware it had already been collected given that it was not properly stored but residing in someone’s email archives.

With regards to issue (4), what is your view on whether management should outsource to third party, hire on contract basis new personnel who have real world experience in this area to train/guide existing staff, or continue on the path of training its own in-house experts through sending them for courses, short attachments/secondments and whatnot.

The preference towards relying on the tried and tested, safe pairs of hands from in-house teams is that even if their primary qualification was not in this area, they have proven themselves to be overall competent (thus attracting more and more work), and understand the corporate culture (by the very fact of staying on whether because of inertia or other reasons, such people gain trust of management which to some extent may ease the willingness to consider novel recommendations). The problem which often arises with agencies bringing in “qualified” personnel from external sources to ‘make things right’ is the concern about culture compatibility. The external hire thought they were hired to generate fresh ideas to resolve some of the constraints you have identified. But they soon find themselves mired in navigating ways of doing things that they have never encountered in the private sector. They then have to decide whether to continue the half-hearted attempt towards meeting their deliverables (eg. recommending the path of least resistance) or leave (in which case the organisation is back at square one). Views on how to overcome potential culture clash?