Quality Compliance Assurance Officer - Quezon City

A Quality Compliance Assurance Officer in a Fintech/EMI company is responsible for ensuring all operations, products, and services consistently meet internal quality standards and comply with diverse regulations. This includes interpreting and implementing requirements from ISO, the Merchant Acquisition License (MAL), Bangko Sentral ng Pilipinas (BSP), and the Data Privacy Act (DPA), while also developing and maintaining quality management systems, conducting audits, managing risks, training staff, and driving continuous improvement across the organization.

Job Summary:

The officer will develop, implement, and maintain robust quality management systems, conduct regular audits, identify areas for improvement, and drive a culture of continuous quality improvement and regulatory adherence across the organization.

Key Responsibilities:

• Handling of compliance to regulatory requirement
• Assists in the implementation and dissemination of laws, regulations, rules, standards and other regulatory requirements. Attend governance forums/meetings to provide updates.
• Analyzes key upcoming regulatory guidance to assess level of compliance with current practice.
• Performs oversight function/regular audits and work closely with the business units in the performance of independent assessment of policy and process ensuring compliance to existing and new regulatory requirements. Recommend action to address any gaps or deficiencies.
• Assists in the implementation and monitoring of audit deliverables, compliance controls, compliance procedures and operational processes.
• Serves as point of contact on all compliance and regulatory matters. Interact and handle communication with internal and external auditors on matters related to audits/regulations and internal compliance controls in coordination with the other business units.
• Coordinate in the preparation and completion of regulatory and compliance documents. Assist in the preparation of senior management reports on regulatory requirements, internal audits, and credit reviews.
• Participates in the testing on system developments or enhancements concerning regulatory requirements.
• Perform projects or tasks that may be assigned from time to time
• Regulatory Compliance & Interpretation:
• Stay abreast of all relevant national and international regulatory requirements, including but not limited to ISO standards (e.g., ISO 9001, ISO 27001), MAL terms and conditions, BSP circulars and regulations, and the Data Privacy Act (DPA).Interpret complex regulatory guidelines and translate them into practical, actionable company policies and procedures specific to merchant acquisition, payments, EMI operations, and data privacy.
• Monitor changes in regulations and standards, assessing their impact on the organization and recommending necessary adjustments to maintain compliance.
• Quality Management System (QMS) Development & Maintenance:
• Develop, implement, and maintain a comprehensive QMS in line with ISO standards (e.g., ISO 9001 for quality, ISO 27001 for information security), the Data Privacy Act (DPA), and other applicable regulatory frameworks.
• Create, review, and update quality documentation, including policies, procedures, work instructions, and records related to merchant onboarding, transaction processing, data handling, and compliance.
• Ensure effective document control and record-keeping practices to meet audit and DPA requirements.
• Auditing & Monitoring:
• Plan, conduct, and report on internal quality audits to assess compliance with established procedures, QMS requirements, and regulatory obligations, particularly concerning MAL, BSP, and DPA requirements.
• Participate in and support external audits (e.g., certification audits for ISO, regulatory inspections from BSP, National Privacy Commission, or relevant licensing bodies for MAL).
• Identify non-conformities, deviations, and potential risks, initiating and tracking corrective and preventive actions (CAPA).
• Compliance Reporting
• Prepare a monthly Compliance Report for the Audit Committee and Board of Directors, covering:
• Status of compliance with BSP directives.
• Significant regulatory updates and communications.
• AML/CTF activities.
• Compliance Testing results and corrective actions.
• Status of compliance program activities.
• Reportorial Requirements
• Ensure the timely and accurate submission of the following reports:
• Annual Report to the BSP.
• Integrated Annual Corporate Governance Report (IACGR) to the SEC.
• Reports on Related Party Transactions (RPTs) and Material Intra-Group Transactions to the BSP.
• PDIC Bank Information Sheet (BIS) and Reporting Package.
• Reports on Crimes and Losses to the BSP.
• Audit Committee Support
• Record and maintain minutes of Audit Committee meetings.
• Corporate Governance
• Annually review and update Committee Charters and present changes to the Corporate Governance and Board of Directors for approval.
• Review and update the Corporate Governance Manual.
• Ensure submission of the Annual Corporate Governance Report (ACGR) to the SEC.
• Conduct self-assessments for the Board and Board-level Committees, presenting results to the Corporate Governance Committee and Board of Directors.
• Coordinate annual training on Corporate Governance for the Board of Directors and Senior Management.
• Related Party Transactions (RPTs)
• Review and update RPT policies and procedures.
• Maintain and update the RPT database.
• Present RPTs requiring review and approval to the RPT Committee.
• Risk Management:
• Contribute to the identification, assessment, and mitigation of quality and compliance-related risks across all operational areas, with a focus on merchant acquisition, anti-money laundering (AML), fraud prevention, and data privacy risks.
• Develop and implement risk-based approaches to quality assurance activities, ensuring adherence to regulatory risk frameworks, including those outlined in the DPA.
• Training & Awareness:
• Develop and deliver training programs to employees on quality management principles, regulatory requirements (including MAL, BSP, and DPA), and company policies.
• Promote a strong quality and compliance culture throughout the organization, emphasizing data privacy best practices.
• Continuous Improvement:
• Analyze quality data and trends to identify areas for improvement and propose solutions to enhance operational efficiency, product/service quality, and regulatory compliance.
• Drive and facilitate continuous improvement initiatives, especially in processes related to merchant acquisition, transaction monitoring, customer due diligence, and data privacy safeguards.
• Prepare and present regular reports on quality performance and compliance status to management.
• Stakeholder Collaboration:
• Collaborate closely with various departments, including Operations, Product Development, Legal, and IT, to ensure integrated compliance efforts, particularly concerning data protection impact assessments and privacy by design principles.
• Act as a primary point of contact for regulatory bodies (e.g., BSP, National Privacy Commission, MAL issuing authorities) and external auditors when required.

Qualifications:

• Bachelor's degree in Quality Management, Business Administration, Finance, Regulatory Affairs, Information Technology, or a related field.
• 3-5 years of progressive experience in quality assurance, compliance, or regulatory affairs, preferably within the Fintech, Payments, or Electronic Money Institution (EMI) industry.
• Demonstrable in-depth knowledge and practical experience with ISO standards (e.g., ISO 9001:2015 for Quality Management, ISO 27001:2022 for Information Security Management).
• Proven experience and understanding of compliance requirements related to Merchant Acquisition Licenses (MAL), including onboarding, monitoring, and reporting obligations.
• Strong understanding and experience with Bangko Sentral ng Pilipinas (BSP) regulations and guidelines applicable to EMIs and payment system operators (e.g., Circulars on E-Money, AML, Consumer Protection).
• In-depth knowledge and practical experience with the Philippine Data Privacy Act of 2012 (DPA) and its implementing rules and regulations, including principles of data protection, data breach management, and individual rights.
• Familiarity with Minister of Finance Regulation, Indonesia (MULAI) or similar financial regulatory frameworks for payments/EMI is a plus, if applicable to the company's operations.
• Certified Internal Auditor (e.g., ISO Lead Auditor certification) is highly preferred. Data Privacy Officer (DPO) certification or equivalent is a significant advantage.
• Excellent analytical, problem-solving, and decision-making skills.
• Strong attention to detail and accuracy.
• Exceptional communication (written and verbal), interpersonal, and presentation skills.
• Ability to work independently and as part of a team in a fast-paced, regulated environment.
• Proficiency in quality management software and Microsoft Office Suite.

Preferred Qualifications:

• Master's degree in a related field.
• Project management certification.
• Experience with risk management methodologies relevant to financial services (e.g., operational risk management, fraud risk assessment).
• Experience specifically with compliance pertaining to payment scheme rules (e.g., Visa, Mastercard).
• Experience in conducting Data Protection Impact Assessments (DPIA).