Bryan Lock Email & Phone Number

United Kingdom

• Reporting directly into NFP’s European President my role is responsible for the overall Compliance strategy for the UK & Republic of Ireland businesses. Currently holding role on numerous boards across the group.Core.
• Creation of robust multi-divisional Compliance oversight function covering both UK & Irish operations, covering General Insurance, Wealth Management & Employee Benefits.
• Oversee due diligence and compliance related aspects of NFP’s M&A activity, comprising of both UK & Irish acquisitions. 8 in total during 2023, 10+ planned for 2024.
• Drive improvements in quality and efficiency across all aspects of regulatory oversight and reporting
• Implement multi-entity standardised operational and compliance monitoring processes
• Lead on compliance driven entity rationalisation programme, with responsibility for the design of the operational end state for each division.

Birmingham, England, United Kingdom

• Reporting directly into the Chief Financial Officer I have been responsible for heading up the internal compliance function in an interim capacity:
• Define the strategic objectives for the Compliance function for H2 2021 through to 2022.
• Managing all internal and external regulatory reporting.
• The management all FCA permissions and approvals.
• Own and manage the incident management process.
• Support shared DPO function between myself and Head of IT.

• Reporting directly into the Head of People Risk & Governance I have been responsible for:
• Implementation of a new SMCR management system Trailighjt, including a full review of all impacted processes relating to the management of SMCR activities, for both dual and solo regulated entities.
• Design and implementation of new annual Fitness & Propriety process for 2020 covering Senior Managers, Certified Individuals, Key Function Holders and Non-Executive Directors.
• Represent the People Function on a Group wide process review exercise.
• Manage the risk review and controls testing for the People Risk & Governance function.
• Lead the monthly reporting of all regulatory activities through various forums & committees feeding up to quarterly reporting into the CEO & General Manager of UK Insurance.

Stratford-upon-Avon, Warwickshire, United Kingdom

• Reporting directly into the Head of HR Operations I have been responsible for the delivery of an in-flight programme of work in line with the 2019 FCA requirements, this included:
• Delivery of HR sponsored SM&CR project deliverables for 2019 regulatory deadline.
• Defining Conduct Rules and SM&CR frameworks and governance structures.
• Design and implementation of the SM&CR regulatory processes and systems for multiple group entities.
• Manage regulatory reviews of Hand Over Packs, Management Responsibilities Maps and Statements of Responsibilities.
• Manage all regulatory engagement at Board level for multiple company Boards.

Manchester, United Kingdom

• Reporting directly into the Co-op Insurance Services Managing Director I have been responsible for:
• Standing up risk & compliance functionality within a new standalone General Insurance distribution firm.
• Design and implementation of the SM&CR regulatory requirements.
• Embed controls specific to Conduct Risk and management accountabilities.
• Ensuring the new trading entity Co-op Insurance Services Ltd meets all FCA regulatory commitments.
• Defining the regulatory risk framework, governance structure and appetite statements.

UK

• Reporting directly into the CCO Director of Governance & Control I have been responsible for:
• Managing the execution of the 2018 RCSA activity for Barclays Financial Assistance, working with the group programme on the delivery of the RCSA in line with the PRA’s approved process lead approach.
• Full review of the monthly Risk Oversight Committee, restructuring the process and reporting to ensure the correct onus is being put on the Risk Environment, including Conduct and customer outcomes.
• A full review of the 2017 group control framework standards for Barclaycard International, comprising of 18 new or revised standards relating to core CCO activities, and the owning Control Framework.
• Delivering process assurance reviews of key pricing and sales processes, ensuring that customer outcomes and key controls are fully managed and evidenced.
• Providing consolation for the in-scope business units to ensure that all awareness and process revisions are in place in accordance with a PRA monitored delivery.

Birmingham, United Kingdom

• Reporting directly into the Operational & Regulatory Risk Directors I was responsible for:
• Defining the compliance framework for Group Conduct Risk, including Risk Categories, Control Requirements and Key Reporting Indicators, ensuring governance of Approved Persons, Significant Influence Functions SIF’s are.
• Managing the transition from a reporting perspective the transition from a small to medium CASS firm.
• The creation of monthly CASS compliance and oversight processes and MI pack to support submission of CMAR and providing internal CF10a assurance.
• A full review of operations within Unit Trust function to ensure compliance to CASS regulation, and the Governance and Conduct requirements.
• Provide oversight and assurance of 3rd party transfer agent function.

Birmingham, United Kingdom

• Reporting into the Head of Risk for Trade Services I was responsible for:
• Managing the operational controls function, delivering both BAU activities and regulatory change initiatives.
• Review of existing data protection controls to mitigate any impacts of the upcoming GDPR regulations, providing recommendations to the Data Protection Officer.
• The full revision of the current Operational Risk reporting pack in line with Group categories, incorporating industry standard best practise, appointing appropriate risk owners, agreeing and managing control.
• Review and monitor financial crime controls ensuring that Sanctions screening and PEPs processes are robust around the international trade activities.
• The design, build and implementation of a local User Access Management profile modelling tool, in line with a previous control improvement requirement.

Swindon, United Kingdom

Reporting into the Head of Group Risk & Controls I was responsible for:Revising the local Operational Risk management and reporting frameworks line with new Enterprise Wide Risk Management Framework, providing the feedback channel through to the 2nd Line of Defence oversight functionsRunning the annual Risk & Controls Self Assessments and reporting for.

London, United Kingdom

Reporting into the MD of Conduct & Compliance Risk I was responsible for:The design of the 7 Business Unit Level Key Risk Framework definitions, shaping and feedback in order to ensure appropriateness for all in scope Business Units and Group FunctionsEnsuring local requirements are correctly represented at Group Exec level, and where required, push back.

Cardiff, United Kingdom

Reporting into the Group Programme manager for strategic change I was responsible for:Full business requirements gathering and solution design for PCI compliant web payment channel and customer journeyDefine functional requirements, and design, including application controls required to maintain complianceManage FATCA reporting requirements definition.

Milton Keynes, United Kingdom

Define and collate documented evidence of actions and activities undertaken following a full Intensive & Intrusive review by the FSA during 2011Document Conduct Risk framework for adoption throughout Santander UKCompile a recommended course of action for areas where remediation works have not yet commenced.Host workshops with primary stakeholdersEnsure.

Gloucester, United Kingdom

ResponsibilitiesEnsure compliance requirements are fully documented and understood by internal steering groupHost workshops with virtual teams, primarily via teleconference to gather requirementsEnsure project scope is correct as per legal definition of PSD requirementsReport progress and actions to steering groupRepresent internal project at group.

Basingstoke

ResponsibilitiesDefine and document processes surrounding existing business practices to PCI-DSS compliance standards.Undertake gap analysis works relating to existing process documentation in order to ensure full PCI-DSS coverage within Visa Europe’s documented processes.Manage stakeholder engagement.AchievementsProduction of multi level PCI-DSS ROC.

Barclaycard PCI - DSS ProgrammeBarclays Group - Logical Access ProgrammeResponsibilitiesDefine PCI - DSS data management requirements for both legacy applications and current development projects.Provide accurate assessment of PCI PAN truncation and merchant receipt management requirements based on the various interpretations of the PCI.

FSA ILAA Liquidity Reporting & Implementation ProgrammeResponsibilitiesManage senior management workshops to define required stress testing scenariosFully document FSA stress testing requirementsSupport risk analysis and capacity planning function in defining required FSA stress testing.Manage work stream responsible for FSA CP09/17 treasury management.

ISO 27002 Based Compliance Controls Implementation ProjectResponsibilitiesDefine & document Lloyds compliance requirements for Commercial business unit standardsDefine scope of compliance project for 2009Develop reporting and management mechanisms for compliance activitiesProvide detailed plans on implementing logical access controls for applications.

Contract BA, assigned to multiple client site based projects. (Zurich & Prudential)ResponsibilitiesMain BA resource for Zurich Insurance Account, AUDDIS implementation into key productsBA & Lead BA for FSA required change project on product illustrations for PrudentialDefine & document business requirements base on work stream requirement detailsProvide.

ISO 17799/27001 Controls Implementation & Logical Access Controls Implementation ProjectResponsibilitiesDefine & document Nationwide standards for compliance with BS7799 controls.Ensure defined standards complied to PCI-DSS requirements.Develop plan for implementation of ISO 17799 / BS7799 compliant logical access management processDevelop overall logical.

Belgium Financial Systems Legislation ChangesResponsibilitiesSystems component design for application reengineering projectDocumentation of new processing rules within applicationHandover of reengineered components, and system areas to businessEnsure new application meets stringent financial legal requirementsFacilitate Testing of reengineered.

Sarbanes Oxley Project - Logical Security Access ControlsResponsibilitiesEnd to end delivery and reengineering of Logical Access procedures for multiple business applications, covering differing business areasAnalyse security risks surrounding existing application knowledge, usage and accessAnalyse, document and implement user role profiles for each.

MI Reporting, Anti Money Laundering, & FSA Compliance ReportingResponsibilitiesManage technical development changes, liaise with business & PMO to ensure clear and concise understanding of requirements, and expectationsUndertake to design systems modifications, including all technical & functional design documentationEnsure development process adheres to.

Sarbanes Oxley, Compliance Program ResponsibilitiesManage compliance and documentation of technology processesManage testing & remediation of three European MarketsDocument Risk Assessment & remediation action plansReport progress back to US controls departmentSuggest and manage implementation of system and process improvementsReview existing controls to.

Responsible for the implementation of service desk procedures in a new support venture undertaken by the companyProvided a multi client support desk for core AS/400 systemsSupported client change management systems, implementing a multi application Thenon See/Change system.Manage existing systems test to facilitate transition to third party.

Project Leader, taking overall responsibility for all AS/400 applications, systems and customers. 18 Month project ensuring McDonalds IT attained full compliance with USA Sarbanes Oxley legislation, including documenting IT processes, flow & narrative. Carrying out any required remediation works. Liaising with global team, ensuring that standards attained.

Responsibilities Worked to client standards and specifications for several major clients including, Comet PLC, Estee Lauder, Sears Womenswear, Oddbins, HMVResponsibilities varied greatly from role to role, from simple system testing, to business analysis and project management.Show flexibility, and willingness to provide value during the time on each.

AS400 Application Development.ResponsibilitiesRe-design and development of overnight reporting processing to reduce system downtime.Re-design above reports.Design and develop series of interactive user queries, for stock forecastingDevelop user required changes to current systems.Report to senior management on development progress.AchievementsAn issue.

Migrated existing client WMS software into JDA WMS for each of the group brands, including Wallis

Liaise with help desk staff, and senior development staff, suggesting resolutions to user issues.Provide second level support to the JDA systems on site.Provide out of hours support on a rota basis.Communicate system issues with store management.Implementation of new overnight processing software, and train fellow staff in its operation.Manage and maintain.