Andrea Carnali

• Leading the Risk Department, managing a team of credit and risk professionals.
• Implementation of ISO 31000 Risk Management Framework.
• Serving as the appointed Data Protection Officer (DPO) of the company, ensuring compliance with applicable data protection regulations (including GDPR), overseeing data governance practices, managing privacy risk, and acting as the primary liaison with supervisory authorities.
• Member of executive committee and presenting to Risk Committee and Board of Directors.
• Developed a structured Quarterly Risk Management Report.
• Fostered strong relationships with regulatory bodies, especially MFSA ensuring compliance and facilitating smooth navigation of regulatory changes.
• Developed strong relationships with internal stakeholders, promoting a culture of risk awareness and accountability.
• Increased stakeholder confidence with detailed risk assessment reports, outlining potential impacts and mitigation strategies.
• Strengthened company's compliance with international regulatory standards by conducting detailed audits and training sessions.
• Supported executive decision-making by providing accurate and timely reports on enterprise-wide risk exposure levels.
• Collaborated with cross-functional teams to establish effective risk management practices across all business units.
• Developed comprehensive risk management policies for minimizing operational vulnerabilities, leading to robust corporate risk posture.
• Setting the Risk Appetite of the Company.
• Conducting ERM and GDPR training sessions.
• Spearheading the development and implementation of the Company’s Business & Disaster Recovery Plan and Business Impact Analysis.
• Assessed liquidity and market risk levels and applied risk-based approach to oversee financial activities.

ACCOMPLISHMENTS

• Successfully passed the recent MFSA risk audit with no findings or recommendations, demonstrating full compliance with regulatory requirements and the effectiveness of the implemented risk management framework.
• Successfully built and scaled the risk department from inception to a fully operational team of four risk professionals.
• Leading the preparation and execution of the Risk and Control Self-Assessment process to proactively identify, assess, and mitigate operational and strategic risks.
• Actively involved in the implementation of the Digital Operational Resilience Act (DORA), ensuring alignment of ICT risk management, incident reporting, and third-party oversight frameworks with upcoming regulatory requirements.
• Leading the implementation of a third-party risk assessment framework to identify, evaluate, and monitor risks associated with outsourced services and external vendors, in line with regulatory expectations and industry best practices.

Underwriting
• Pre-vetting new applications before proceeding with the underwriting stage especially for high-risk business models (Gaming, Crypto, Forex etc).
• Determine credit worthiness of new or existing merchants through financial analysis, processing history, compliance analysis through VMAS, MATCH or by making use of data provided by credit scoring agencies (Creditsafe).
• Determine the degree of risk involved

Portfolio analysis
• Merchants and website monitoring through Webshield.
• Recommend any collateral that may be required to better mitigate any identified risks.

• Liaise with Card Schemes including, Visa and MasterCard regarding fraud and risk-related matters including Fraud/Chargebacks remediation plans.

• Discuss fraud trends and processes with partners and merchants, discuss action plans and work with them to make recommendations.

ACCOMPLISHMENTS

• Prepared ad hoc MI to Head of Risk, CRO and other Senior Management on the performance of the portfolio from a credit risk perspective, and additionally highlight areas for attention and made recommendations.
• Supported the Head of Risk throughout the VISA process to step up the business from PSP to PF.

• Performing the full onboarding cycle from data entry in Salesforce to generate merchant contracts.
• Performing KYC, KYB, AML, Fraud and Risk checks on new clients from a Card scheme perspective.
• Assess merchant's financial position through proper financial statement analysis (P/L, Balance Sheet analysis and extract financial ratios).
• Establish and decide on held collateral on behalf of a merchant or partner in line with the allowed approval threshold.
• VAR calculation.

• Monitoring transactions and high-risk payments through the gateway and Omnipay reports.
• Monitoring 500+ merchants in terms of fraud transactions, processing, OCT, refunds, and authorizations including through in-house ad hoc reports.

ACCOMPLISHMENTS

• Organized and finalized loan applications for underwriter review.
• Merchant onboarding average time: 3 days (Department average approximately 5 days).
  - Reviewed over € 1 billion in yearly turnover in 2018.
  - Prepared complex credit underwriting for PSP and ISO facilities including forecasts, collateral adequacy and risk analysis ensuring compliance with FCA, MFSA and others EEA regulations.

• Supervising the credit management service and credit risk assessment.
• Interpretation of MI to identify trends and areas of development.
• Review alternative strategies and drive the decision.
• Preparing daily, weekly and monthly reports.