Summary
Overview
Work History
Education
Skills
Timeline
Generic

Andrea Carnali

Head Of Enterprise Risk Management & DPO

Summary

Risk management professional with over 10 years of leadership experience in Enterprise Risk Management, strategic planning, AML/CTF, digital transformation, and regulatory engagement.


Skilled in leading cross-border operations, implementing global risk frameworks (ISO 31000, DORA, GDPR), and driving business resilience and sustainable growth.


Recognized for a pragmatic and forward-thinking approach to aligning risk with opportunity, enhancing board-level reporting, and embedding a strong risk culture across all levels of the organization.


Demonstrated ability to manage complex regulatory audits (e.g., MFSA) with successful outcomes, including no findings or recommendations.


Approved by the MFSA.

Overview

17
17
years of professional experience

Work History

Enterprise Risk Management - Head of Department

Finance Incorporated Limited
02.2021 - Current
  • Leading the Risk Department, managing a team of credit and risk professionals.
  • Implementation of ISO 31000 Risk Management Framework.
  • Serving as the appointed Data Protection Officer (DPO) of the company, ensuring compliance with applicable data protection regulations (including GDPR), overseeing data governance practices, managing privacy risk, and acting as the primary liaison with supervisory authorities.
  • Member of executive committee and presenting to Risk Committee and Board of Directors.
  • Developed a structured Quarterly Risk Management Report.
  • Fostered strong relationships with regulatory bodies, especially MFSA ensuring compliance and facilitating smooth navigation of regulatory changes.
  • Developed strong relationships with internal stakeholders, promoting a culture of risk awareness and accountability.
  • Increased stakeholder confidence with detailed risk assessment reports, outlining potential impacts and mitigation strategies.
  • Strengthened company's compliance with international regulatory standards by conducting detailed audits and training sessions.
  • Supported executive decision-making by providing accurate and timely reports on enterprise-wide risk exposure levels.
  • Collaborated with cross-functional teams to establish effective risk management practices across all business units.
  • Developed comprehensive risk management policies for minimizing operational vulnerabilities, leading to robust corporate risk posture.
  • Setting the Risk Appetite of the Company.
  • Conducting ERM and GDPR training sessions.
  • Spearheading the development and implementation of the Company’s Business & Disaster Recovery Plan and Business Impact Analysis.
  • Assessed liquidity and market risk levels and applied risk-based approach to oversee financial activities.

ACCOMPLISHMENTS

  • Successfully passed the recent MFSA risk audit with no findings or recommendations, demonstrating full compliance with regulatory requirements and the effectiveness of the implemented risk management framework.
  • Successfully built and scaled the risk department from inception to a fully operational team of four risk professionals.
  • Leading the preparation and execution of the Risk and Control Self-Assessment process to proactively identify, assess, and mitigate operational and strategic risks.
  • Actively involved in the implementation of the Digital Operational Resilience Act (DORA), ensuring alignment of ICT risk management, incident reporting, and third-party oversight frameworks with upcoming regulatory requirements.
  • Leading the implementation of a third-party risk assessment framework to identify, evaluate, and monitor risks associated with outsourced services and external vendors, in line with regulatory expectations and industry best practices.

Senior Risk Analyst

Ceevo
06.2019 - 01.2021

Underwriting
• Pre-vetting new applications before proceeding with the underwriting stage especially for high-risk business models (Gaming, Crypto, Forex etc).
• Determine credit worthiness of new or existing merchants through financial analysis, processing history, compliance analysis through VMAS, MATCH or by making use of data provided by credit scoring agencies (Creditsafe).
• Determine the degree of risk involved

Portfolio analysis
• Merchants and website monitoring through Webshield.
• Recommend any collateral that may be required to better mitigate any identified risks.

• Liaise with Card Schemes including, Visa and MasterCard regarding fraud and risk-related matters including Fraud/Chargebacks remediation plans.

• Discuss fraud trends and processes with partners and merchants, discuss action plans and work with them to make recommendations.

ACCOMPLISHMENTS

  • Prepared ad hoc MI to Head of Risk, CRO and other Senior Management on the performance of the portfolio from a credit risk perspective, and additionally highlight areas for attention and made recommendations.
  • Supported the Head of Risk throughout the VISA process to step up the business from PSP to PF.

Senior Credit Risk Analyst

Trust Payments
07.2016 - 05.2019

• Performing the full onboarding cycle from data entry in Salesforce to generate merchant contracts.
• Performing KYC, KYB, AML, Fraud and Risk checks on new clients from a Card scheme perspective.
• Assess merchant's financial position through proper financial statement analysis (P/L, Balance Sheet analysis and extract financial ratios).
• Establish and decide on held collateral on behalf of a merchant or partner in line with the allowed approval threshold.
• VAR calculation.

• Monitoring transactions and high-risk payments through the gateway and Omnipay reports.
• Monitoring 500+ merchants in terms of fraud transactions, processing, OCT, refunds, and authorizations including through in-house ad hoc reports.


ACCOMPLISHMENTS


  • Organized and finalized loan applications for underwriter review.
  • Merchant onboarding average time: 3 days (Department average approximately 5 days).
    - Reviewed over € 1 billion in yearly turnover in 2018.
    - Prepared complex credit underwriting for PSP and ISO facilities including forecasts, collateral adequacy and risk analysis ensuring compliance with FCA, MFSA and others EEA regulations.

Credit Risk Supervisor

Barclays
05.2008 - 03.2014

• Supervising the credit management service and credit risk assessment.
• Interpretation of MI to identify trends and areas of development.
• Review alternative strategies and drive the decision.
• Preparing daily, weekly and monthly reports.

Education

365 Data Science Certificate -

365 Data Science
04.2001 -

Global Financial Compliance And Regulation -

CISI
Malta
04.2001 -

Master's Degree in Banking And Financial Law -

University of Perugia
Perugia - Italy
04.2001 -

Diploma in Accounting And Business -

ITC
Assisi - Italy
04.2001 -

Skills

  • Strategic Thinking & Decision-Making
    Ability to align risk management or business growth with long-term corporate strategy, anticipating market, regulatory, and operational challenges

  • Leadership & Stakeholder Management
    Proven capability to lead cross-functional teams, influence the Board and regulators, and manage relationships with internal and external stakeholders

  • Regulatory & Governance Expertise
    In-depth knowledge of compliance frameworks (eg, AML, GDPR, DORA, Basel III) and corporate governance, ensuring alignment with evolving regulatory landscapes

  • Enterprise Risk Management (ERM)
    Mastery of identifying, assessing, and mitigating strategic, financial, operational, reputational, and technology risks across the organization

  • Financial & Business Acumen
    Strong understanding of financial drivers, capital allocation, and performance metrics, with the ability to interpret risk-reward trade-offs to drive value creation

Timeline

Enterprise Risk Management - Head of Department

Finance Incorporated Limited
02.2021 - Current

Senior Risk Analyst

Ceevo
06.2019 - 01.2021

Senior Credit Risk Analyst

Trust Payments
07.2016 - 05.2019

Credit Risk Supervisor

Barclays
05.2008 - 03.2014

365 Data Science Certificate -

365 Data Science
04.2001 -

Global Financial Compliance And Regulation -

CISI
04.2001 -

Master's Degree in Banking And Financial Law -

University of Perugia
04.2001 -

Diploma in Accounting And Business -

ITC
04.2001 -
Andrea CarnaliHead Of Enterprise Risk Management & DPO