Robyn Furlong

• As per our annual plan for the Risk Assurance Team and work with SMTs as part of the annual test plan. Multiple reviews are required to be carried out throughout the year. These can range from third party management reviews, tax attestation reviews, and financial crime to name a few. Each team member is assigned projects to complete each quarter. this lends to great exposure across the range of sectors and work being carried out throughout the business in an operations capacity and to evaluate the performance of the key internal controls of our highest risks.
• For assigned projects, requirements would be organising and completing walkthroughs with key stakeholders in the business units that are subject to review. These walkthroughs are to pinpoint how these stakeholders carry out their day-to-day work as per the control we are testing.
• Involved in scoping of the key controls and control testing plan.
• Analyse technical requirements to assess risks and identify key functionalities.
• Requests of evidence to support walkthroughs and diligent notes, documenting issues that may need to be brought to the attention of the business unit or to escalate for resolution.
• We would also need to be aware of the report of any operational risk events reported within the timeframe of the previous attestation of the RCA under review, this would support the rationale for changes needed to be made to the business owners' RCA.
• Test control against standard operating procedures, evidence supporting samples chosen, taking into account bank policy as well as current regulation obligations and standards. this is to also determine whether the control is sufficient in its role to detect and or prevent the risk it is attached to.
• Ensuring that the control wording explicitly explains the who, what, when why, and how as per GAM methodology and that the work being carried out by the business unit supports and is reflected in the control wording.
• Observations and findings are later brought to and presented to the business unit under review and potential actions to be carried out. these would need to be written up in our individual observation reports and submitted and discussed with the business unit.
• Onsite testing may also may be a requirement depending on the business unit under review.

• Participated in the ci-annual review and challenges of the business' Risk Control Assessment (RCA).
• RCA review and challenges would range from different levels all the way to board level throughout the pillars of the business.
• We would assess the current RCA for the business unit to identify that they we following GAM methodology.
• Be up to date of relevant regulatory requirements needed to be met by the business and business unit.
• We would also assess the current key risks outlined in the business units RCA.
• Carry out meetings to discuss upcoming business changes, and changes in the market environment, that may affect the current RCA and list recommendations of changes to the RCA, for example changing the risk rating be that increase or lower, possible addition of more controls removal of controls, or additions of new risks. we would support this with our rationale. We would also need to be aware of the report of any operational risk events reported within the timeframe of the previous attestation of the RCA under review, this would support rationale for changes needed to be made to the business owners RCA.
• This would later be presented and discussed with key stakeholders. Actions from these review and challenge meetings then would be made by me, for example I would be responsible for the manual system changes of key risk ratings, addition of controls or their removal, attaching action plans to outstanding risks if there had been events or findings of particular risks.
• I would later follow up when the due date for the action plan completion was forthcoming.
• I was responsible for the submission of the monthly Risk Appetite Statement (RAS) report
• For RAS, each month I would reach out to heads of different business units within operations to gather their metrics for the monthly RAS report and collate the information.
• Where required I would reach out to the same stakeholders if metrics had been breached for reports to evidence the reasoning for the breach. I would also request and review their supporting evidence of the breach, send them back for amendments if necessary, and attach them to the monthly report submitted to the overarching RAS dept.
• I would be required to maintain a level of knowledge of all risks attached to each RCA for the different level business units.
• I would be required to carry out ad-hoc work for supporting business units and SMTs as per their risk profile, for example exporting RCAs of different business units with brief explanations of the information exported, updating action plans after previous follow-up, supporting the risk assurance team in updates on changes to RCA's prior control testing.
• I would also be responsible for the review of business policy. this would be reviewing new documents or changes to previous versions. I would be required to submit a report of any findings or changes needed to be made in within the policy.

• Local SME and senior of the payments monitoring team
• Reviewing accounts and observing KYC, AML procedures etc.
• Constant monitoring of alert payments made by customers through online payment
  channels. This would be for business and personal customers.
• Payments would range from €1 (or equivalent) to over €300 million (or equivalent). Payments monitored could be made in several international currencies and be made internationally
  ● Being up to date on new scams and fraudster methods.
  ● Understanding different forms of scams and fraud, i.e vishing, phishing, and smishing. And
  learning about scams linked to cryptocurrency etc
• Implemented new guidelines for the team regarding the increase in fraud involving cryptocurrency, PPE, and online purchases at the start of the pandemic and guidelines to identify and work the scams that came out of the HSE cyber attack as well as other international current events and being aware of updated sanctions and updates made to sanction rules.
• Required to understand the products that were on offer to customers where potential fraud could occur, for example, a fraudster manages to get access to a customer account and we would need to know the facilities that would be used for an unauthorised lending application is made, to recognise the references that come from that and the outcome, how that appears on accounts and look for other signs that would indicate that this is not in line with the customer's usual activity
  ● Monitoring payments and accounts, to ensure the prevention of money mules and money
  laundering
  ● Engaging with customers regarding their payments, advising on scams, gathering
  information on how they received bank details
  ● Following KYC and AML procedures, completing STR reports, following procedures across three regions that the business has presence, Republic of Ireland, Northern Ireland and Britain.
  ● Consulting with branch and relationship managers, direct banking and other key stakeholders
  ● Understanding patterns in which personal and business payments are made
  ● Training and managing new staff on the payments monitoring team
  ● Consulting with colleagues about difficult payments, making connections, and ensuring
  they make sense as to why a customer, personal or business, is making a payment
  ● Managed and trained teams of fifteen new staff for nine weeks focusing on personal and
  sole trader accounts. this team, as of 2024, is still in place.

● Meeting MCC requirements, completing comet courses and exams
● Constantly engaging with customers
● Reviewing accounts and observing KYC, AML procedures etc.
● Advising on lending products and completing applications. Products ranged from overdrafts, personal loans, finance and leasing, credit cards, and advising on savings products.
● Restructuring outstanding lending for customers in difficulty
● Trained to identify potential vulnerable customers

• I was later trained as a mortgage advisor and would advise and complete mortgage applications for customers alongside our other lending products.

• Liaised professionally with external legal teams for smooth case management.
• Met practice, firm and legal standards for compliant case management.
• Coordinated case evidence to support positive client outcomes.
• ● Observe the daily legal diary to keep solicitors in the practice, updated on their daily
  schedules.
  ● Taking calls and making appointments.
  ● Greeting clients.
  ● Building briefs for court.
  ● Staying up to date with changes to litigation legislation.
  ● Making my way around Dublin to have affidavits sworn.
  
  ● Being in regular contact with barristers about ongoing cases to ensure all information
  needed for the court is updated, following instructions from barristers if anything extra was
  needed and henceforth contacting clients to gather information in line with counsel’s
  request.
  ● Attending court with documents set out for cases for the day, attending settlement meetings
  with counsel and clients, outlining the layout and content of the brief to counsel
  ensuring the client is comfortable, and directing them through courthouses. While in court
  I would also attend to counsel’s needs, for example, if they needed a witness brought into
  the courtroom.
  ● I would write letters, dictated by solicitors, to clients and defendants.
  ● Covering reception during sick days and annual leave.

● Testing Health and Safety software to be rolled out company wide.
● Follow a script using the application Quality Centre that outlined the tasks to be carried
out in order to stress test the new software to ensure it would withstand the use it would
be set to carry out and send back detailed reports to my reporting manager.
● Training senior staff on the use of the software.
● Meeting with the supplier of the software and would have the opportunity to outline issue
with the new software and where improvements could be made.
● While I was working in this role I also took up an opportunity to volunteer to take part in
the 40th anniversary of the opening of the Turlough Hill hydroelectric station in Co.
Wicklow. From a young age, I have had a heavy interest in the station and its workings
after having my first trip there at 14 years old. While volunteering I was involved in
explaining the history of the hydroelectric station to visitors and giving them tours of the
cavern within the mountain containing the control centre and turbines. I would show them
around the lower natural lake of the station.