PODCAST SERIES: Risky Women

The Transformation Journey

PODCAST SERIES: Risky Women

Welcome to our Risky Women Transformation series where Lucy Pearman talks change, innovation, and what’s next in the world of governance, risk, and compliance. Lucy Pearman is the global leader for Protiviti’s TRANSFORM Risk and Compliance practice and focuses on innovating the field of risk management. She has more than 20 years of experience leading complex change initiatives across a variety of organisations to optimise their business performance through operational effectiveness, enhanced governance, process automation and emerging technologies. Click below to listen to the episodes. 

 

Episode 1 – Compliance Priorities for 2022

risky-women-Full-Logo-Colour

View Transcript
Kimberley-Cole-50x50
Kimberley
This is Risky Women Radio – a show to connect, celebrate and champion women in risk, regulation, and compliance. Sharing insight and perspectives from the most influential members of our global Risky women network on the latest developments, we need to think about, the challenges we should all talk more about and the innovation we are most excited about governance, risk, and compliance. Bringing together the hundreds of senior women professionals already connected with a new emerging group of leading women and men. I’m Kimberley Cole, your chief risky woman.
Kimberley-Cole-50x50
Kimberley
Welcome to Risky Women radio. Today’s risky women are Carol Beaumier and Bernadine Reese both from Protiviti. There’ve been many challenges during the last year and the role and scope of compliance continues to grow in significance, more and more is expected of them. And along with innovation, the skills and experience requirements are becoming broader. The aim of our podcast today is to look at the evolving environment and give a view on some of the issues that should be top of mind for compliance professionals in 2022. So let me give you a quick introduction to these two fabulous senior executives from Protiviti. And then we will jump into what are the compliance priorities for 2022. Carol is senior managing director in Protiviti’s Risk and Compliance practice and oversees the firm’s Asia Pacific financial services practice. Prior to joining Protiviti, Carol was a partner with Arthur Andersen, where she led the global regulatory practice, a founding member of the Secura Group and leader of the firm’s risk management practice, and a regulator with the Office of the Comptroller of the Currency, a Bureau of the US Treasury Department. She’s an experienced consultant with more than 30 years of experience. She’s worked extensively with numerous regulatory issues that affect multiple industries. And she’s a frequent author and speaker on regulatory and other risk issues. So we are very lucky to have her with us today. We then also have Bernadine who is also a managing director with Protiviti’s Risk and Compliance team and she is based in London. So we have a very global podcast today. She joined Protiviti in 2007 from KPMG’s regulatory services practice and has more than 25 years of experience working with a variety of financial service clients to enhance their business performance by successfully implementing risk, compliance, governance change and optimising their risk and compliance programmes. Bernadine has assisted and guided a variety of financial service firms across the spectrum of risk and compliance areas from anti money laundering and financial crime compliance to investigations, conduct risk and board effectiveness reviews. So it’s going to be fabulous to hear from you both and welcome.
Carol Beaumier
Carol
Thank you very much.
Bernadine Reese
Bernadine
Thank you.
Kimberley-Cole-50x50
Kimberley
I would like to hear a bit about your careers. And I know many of our audience does as well. And I’ve given a brief synopsis there of what you’ve done so far. Let’s kick off with something I think it’s a bit more interesting is what do you think’s the biggest risk that you’ve taken in your career? So Bernadine, we’ll start with you.
Bernadine Reese
Bernadine
Sure that I think looking back, the biggest change in my career was moving to Protiviti, 14 years ago, the move from a big audit firm to a young and dynamic risk consultancy was just too good to pass up. And I’m so glad I took the risk and made the change because I’ve really enjoyed the entrepreneurial culture of a small growing business and the ability to have a say in how it’s run and make a difference.
Kimberley-Cole-50x50
Kimberley
Very interesting. I feel I have done something similar in my own career. So Carol, what about you? What’s the biggest risk you feel you’ve taken your career?
Carol Beaumier
Carol
So I’m going to go back even further than that. And as you noted in your introduction of me, I’ve been at this a long time. So I would say that my biggest risk was probably the decision to pursue a career in financial services. Over the long period that I’ve worked in the industry, it’s not always been an entirely welcoming environment. But certainly at this point of my career, I can say absolutely no regrets, and I can’t imagine having done anything differently.
Kimberley-Cole-50x50
Kimberley
Excellent. Okay. And so we’re going to talk about all of the risk and compliance priorities for the year ahead, based on the fabulous report that you guys put together that everyone can download from the Protiviti website and it’s titled Compliance Priorities for 2022 in the Financial Services Industry. But before we do that, maybe let’s kick off with what excites you most about the year ahead? Carol do you want to start?
Carol Beaumier
Carol
Sure. So from a personal standpoint, I’m very excited at the prospect of getting on a plane again, and traveling to visit Protiviti offices and clients around the globe. It’s been tough sitting in the same place for the last two years. So that would personally excite me. From an industry standpoint, I think there are some really fascinating things going on around transformation and innovation. And I’m really excited to see how those play out, particularly in the compliance space.
Kimberley-Cole-50x50
Kimberley
Yeah, absolutely. I think it’s fabulous that we can all meet and we can all be in different locations and do these Zoom in Teams calls. But yeah, face to face can’t be replaced I don’t think. Bernadine What about you?
Bernadine Reese
Bernadine
So quite similar to Carol really, for me this year brings the opportunity to start to think about life post pandemic, the thought of meeting new joiners and meeting our teams in person. Working with clients face to face and traveling is very exciting. The pandemic has certainly changed the world of work and jumpstarted to the adoption of technologies. And I think that brings interesting challenges and exciting opportunities.
Kimberley-Cole-50x50
Kimberley
Excellent, excellent. Okay, so let’s get on to our expert opinion area and our exciting look about what are the priorities for 2022 for our compliance professionals. And I’d love to get your perspective and I know you guys have done a lot of research and thinking around this so it’s going to be very interesting to hear your views. Let’s kick off with how do you think that the compliance landscape really differs in 2022, compared to previous years? Carol, what’s your thoughts around that?
Carol Beaumier
Carol
Kimberley, you touched on this? I think in your introductory comments, I think it really differs in scope and complexity. And the signs are certainly are that it’ll only continue to expand and become more complex. You know, when I reflect on the beginning of my career, compliance to me was very focused on technical adherence to a finite set of laws and regulations. Compliance sometimes operated in a silo not really connected well to the rest of the organisation. Today so much more is expected of compliance departments and the people who work in those departments. I think the role of compliance has been elevated to align more with other risk functions, which is very positive on many fronts, but understandably brings with it increased expectations for compliance. And as Bernadine and I first started thinking about what the compliance priorities would be for the industry in 2022, we decided that those priorities really fall into several different categories. So we began looking at things a little bit differently. The first category we call traditional compliance requirements. So those are the requirements that we’ve historically associated with the compliance department, those that have been owned by compliance departments for a long time. The second category we call broader risk mandates. And those are requirements where compliance departments now are expected to play a significant role in the management of risks that historically might have been owned by other risk functions. And the last group we called other impacts while we were bucketing a number of different considerations that really have an effect on the way that compliance does its job, whether those are changes in regulatory approaches, or even the impact of innovation on the industry.
Kimberley-Cole-50x50
Kimberley
Well, I look forward to exploring some of those with you. And what’s an example of compliance being expected support this broader risk mandate and this expanding scope Bernadine?
Bernadine Reese
Bernadine
As a topical example, I pointed the recent focus on environmental, social and governance initiatives, so called ESG, touches many different areas within a financial institution, strategy reporting sustainable lending and investing, the supply chain, people and human capital management, the corporate culture, diversity, equity and inclusion, and corporate governance amongst them. And many of these are not traditional compliance topics. And yet compliance officers are finding themselves increasingly involved in ESG discussions. Once regulators began promoting ESG agendas and issuing related regulations, I think it was inevitable that compliance departments would find themselves key participants in financial institutions’ ESG programmes.
Kimberley-Cole-50x50
Kimberley
Yeah, ESG is certainly a hot topic and it’s interesting how it started to weave its way into so many different areas. And as you say, the implications for that are quite interesting in terms of what that means.
Kimberley-Cole-50x50
Kimberley
This episode is brought to you by Protiviti. Protiviti is a global consulting firm with deep expertise in transformation, risk management and compliance. Partner with Protiviti and face the future with confidence.
Lucy-Pearman-50x50
Lucy
So what are some of those other key compliance challenges that you both see for 2022? Because I think you raised that complexity and all the different elements that have been brought into the mix.
Carol Beaumier
Carol
Let me start maybe with some of the traditional issues, and then Bernadine can pick up from there. So we identified four key traditional compliance issues. The first is culture and conduct, which certainly has been in the headlines since the great financial crisis and gets renewed emphasis every time we see a large financial institution pay a penalty for some misbehavior. But I think additionally, right now, culture and conduct come up in every discussion of ESG and every discussion of hybrid work environments. So we don’t see this going away as an issue anytime soon. In fact, to the contrary, we would see even more emphasis being placed on culture and conduct in the short term. Another important issue we identified is around vulnerable customers. And while the approach and issues and even the way we define vulnerable customers may not be identical in all jurisdictions, I think it’s fair to say that vulnerable customers were disproportionately affected by the pandemic, and likely will be disproportionately affected by the recovery. And couple that with the fact that we’re seeing a growth in non traditional products such as buy-now-pay-later, where the regulators are certainly looking closely at how all customers are being interacted with, with these products. And I think coupling that with the pandemic this is an area that we expect to see a lot of activity in the current year. Another issue we focused on was the use of artificial intelligence in decision making. And while we probably can’t call artificial intelligence traditional, what is traditional is that the artificial intelligence is being used in ways where it could impact long standing regulations and requirements such as those around discriminatory lending practices. So we know that this is an area that regulators are looking closely at and we expect that this is an area that compliance departments should be looking closely at as well. And then finally, a perennial to our list, is financial crimes, which I feel has been on the list for the last two decades. And with events occurring around the globe, such as the implementation of the AML Act of 2020 in the US, changes in the regulatory regime in Europe, just to name two examples, we feel pretty confident that financial crime is secure at the top of the list for some time to come. So Bernadine, maybe you want to pick up with some of the other issues that we considered.
Bernadine Reese
Bernadine
So Carol, and that I certainly agree with all of those. I think some of the other challenges for the year ahead are possibly in the more traditional areas of IT. So cybersecurity is an area that has many links with traditional compliance areas. For example, cybersecurity is a core principle of operational resilience. It’s a financial crime in itself and dealing with ransomware requests may also give rise to sanctions concerns, cyber breaches may trigger reporting requirements. So we see this as a compliance priority and a key priority likely to be here for many years. Similarly, as financial institutions have moved critical services to the cloud, many have found that their cloud strategies have been met with challenges from their regulators, regulators are focusing on the clarity of responsibility and accountability for cloud security requirements, and have also expressed concerns about the reliance of financial institutions on really a small number of cloud providers and the potential resiliency issues this raises, so we expect this to be a growing area of focus. And then cloud and cybersecurity also highlight two other related compliance priorities, those being operational resilience and third party risk management. Operational resilience has been an area of focus for several years now. And in some countries, 2022 will be a year of regulatory focus for operational resilience, regulatory expectations for third party risk management, which extend well beyond information security requirements also continue to develop in respective areas such as operational resilience, ESG, and conduct and culture. And then finally, as mainstream financial institutions become interested in cryptocurrencies, it’s clear that regulators are interested in the development of the cryptocurrency market. And we can expect more regulation, including the likely expansion of regulatory regimes in this area.
Kimberley-Cole-50x50
Kimberley
Wow. That’s a long and interesting list. So I think you’re showing the complexity there, we’ve got everything from still culture and conduct but what are all of the implications of hybrid working and all of the changes that we’ve seen in the environment, vulnerable customers with innovation like buy-now-pay-later if you can call it innovation? The whole artificial intelligent realm, of course, financial crime still remaining front and center, then you’ve got IT, cyber security, operational resilience, cloud, crypto, everything. So a couple of questions, maybe for you, Bernadine to start with. Given that current compliance landscape that you’ve both just gone through and described, what does this mean for compliance in the future?
Bernadine Reese
Bernadine
Well, we know that the compliance function of the future will look very different, and that speed of that change is only likely to increase. So we expect to see a compliance function that has a much wider risk mandate with an interest in IT issues, digital technologies, analytical capabilities and use of data. For example, we know that regulators are taking an increasingly data led approach to supervision. And this is likely to be another driver for change, to stay one step ahead of regulators. At the same time, compliance functions need to transform to be the guardian of a variety of ethical and cultural issues. And all of this is against a backdrop of continuing cost pressures. So it’s a big ask, and one that will be a challenge to meet without significantly greater use of innovation and technology, and a greater range of skills and experience in the compliance function.
Kimberley-Cole-50x50
Kimberley
Yeah, definitely sounds like a big shift in or an additional number of skills required. Shat do you think organisations need to think about and to do to really drive the transformation that’s required?
Bernadine Reese
Bernadine
Think we’re seeing many compliance teams are already well developed in their transformation journey. They’re currently performing current state assessments, so the compliance mandate and key functions and trying to anticipate the needs of the business and regulators in 5-10 years time. What will the business model look like? What will regulators expect in an increasingly technology and digital driven world? Once the expected ask has been outlined, compliance officers are assessing how digital innovation can transform or automate aspects of the function to achieve greater efficiency and effectiveness at lower cost. There are many exciting digital opportunities out there. And this presupposes not only new technology processes and investment within compliance, but investment in compliance teams with a greater range of skills and experience. And underlying it all a really strong base of complete and reliable data.
Kimberley-Cole-50x50
Kimberley
Really interesting. And so it sounds like then a lot of innovation happening in that space. So maybe, Carol, you could give us some examples of what is some of that innovation that we’re seeing in compliance?
Carol Beaumier
Carol
Sure. And since I spend a lot of my own time working in financial crimes, I’ll start there, there were some really interesting things going on. We’re seeing, for example, the use of both internal and external KYC data being brought to bear and being used to drive a very dynamic process for updating KYC files, abandoning the historical one year, two year, three year depending on risk levels, so something that I think, can be far more efficient and effective for the industry. Similarly, we’re seeing financial institutions begin to think about abandoning the standard rules and filters that we’ve used for transaction monitoring and make better use of behavior and pattern analysis, which can be much more customised to an individual client. Look at how the client stacks up against its peers and then look for, you know, relationships to bad actors, bring in variables that are very difficult to use in a standard transaction monitoring system. We’re seeing the use of natural language processing to QC, alert reviews and suspicious activity reports. And then obviously, Financial Crimes doesn’t have a lock on innovation. So we’re seeing innovation in other areas as well. And I think some of the really interesting work is occurring in the area of customer complaints, or maybe more aptly, avoiding customer complaints. So we’ve seen some interesting work done, where compliance departments have teamed with data scientists to come up with predictive algorithms to identify when customers might be starting to get upset. And being able to share that information with frontline account officers to maybe cure the problem before it actually becomes a full fledged problem in there is an actual complaint. So I just think limitless opportunities out there to improve not only efficiency, but also the effectiveness of what we’re doing in the compliance space.
Kimberley-Cole-50x50
Kimberley
Really, really interesting. And obviously, all of that then has implications for what are those skill sets that your compliance officer needs? And I love this thinking about what is that compliance officer of the future, what do they look like? So what’s your thoughts around that Carol?
Carol Beaumier
Carol
On one hand, I’d probably say the future is now. But as we’ve all said, the the mandate for compliance will continue to expand. So we’ll have other factors that will certainly have to be taken into consideration as we think about what’s needed in the future. But I think unlike the compliance officer that I remember, early in my career who was solely focused on technical compliance, I think the compliance officer today really has to be a strategic thinker, has to have strong analytical and problem solving skills, has to have an executive presence, because the CCO is in the boardroom now has to be really adept at relationship building in order to work with the entire organisation to promote compliance. And I think like everyone else working in the industry these days has to be tech and data savvy.
Kimberley-Cole-50x50
Kimberley
Absolutely. So good list there for all of our listeners. So obviously, I think it sounds very exciting in terms of the dynamic nature and the change in the scope, and obviously getting involved in so many of the different areas that are growing and changing, but obviously, lots of different challenges. What do you think Bernardine really motivates someone to pursue a career in compliance?
Bernadine Reese
Bernadine
That’s a really good question. I think lots of compliance officers I speak to enjoy the huge variety of questions and issues and challenges and compliance. No two days are the same. There’s always something new to learn. And I think compliance is also a great role to feel like you’re making a difference in some way, whether that’s in the fight against financial crime, or helping to achieve good customer outcomes.
Kimberley-Cole-50x50
Kimberley
Excellent. Okay. So why don’t we leave everyone with a piece of advice, because I know we have lots of listeners to Risky Women who are looking for guidance and mentorship from the podcast. So what advice you give to your chief compliance officer, or even the budding chief compliance officers in 2022? Carol kick us off.
Carol Beaumier
Carol
So I would say kind of picking up on a lot of what we’ve already discussed that this is the time to step back and assess the capabilities of the current team against the future needs, and to develop a plan for recruiting and upscaling the talent that will be needed to support all the compliance we’ll be asked to do in the future.
Kimberley-Cole-50x50
Kimberley
And what’s your thoughts Bernadine?
Bernadine Reese
Bernadine
I think building on what Carol has said, being prepared to engage with regulators and challenge the first line on a much wider range of risk and regulatory issues than in the past.
Kimberley-Cole-50x50
Kimberley
Yeah, interesting. So I think you sort of given us a whole lot of think about there from the traditional issues, the broader risk mandates, all of the other impacts from ESG to culture and conduct to vulnerable customers, artificial intelligence, cybersecurity. So there’s a whole range of things and excellent priorities to keep in mind. I know you guys summarised all of these priorities beautifully in the Protiviti report, which is titled Compliance Priorities for 2022 in the Financial Services Industry. So I would recommend to all of our listeners to go and take a look at that report just to give you a bit more clarity or maybe add to your view of what should be your priorities for 2022 because I think it sets it out very nicely. I think you’ve given 13 different areas, so you’ve got one one per month and a bonus one as well. Definitely food for thought there. And it’s a very interesting read. So I recommend everyone do that. But thank you so much. It’s been fabulous having a chat with both of you. So brilliant to meet you and have this conversation. Carol, Bernadine, Thank you.
Kimberley-Cole-50x50
Kimberley
Thank you for listening to this exciting episode of Risky Women Radio, to connect, champion and celebrate women in risk, regulation and compliance. I’m Kimberley Cole, based in Hong Kong. For more information on the Risky Women global network, head to our website, and the episode notes and please be part of the ongoing conversation by subscribing to this podcast, connecting with us @RiskyWomen on Twitter, or even reaching out to me directly by email. 
 

Episode 2 – Compliance & Risk Challenges for Small Asset Management Firms: Amy Aubin

risky-women-Full-Logo-Colour

View Transcript
Kimberley Cole
Kimberley
This is Risky Women Radio – a show to connect, celebrate and champion women in risk, regulation, and compliance. Sharing insight and perspectives from the most influential members of our global Risky women network on the latest developments, we need to think about, the challenges we should all talk more about and the innovation we are most excited about governance, risk, and compliance. Bringing together the hundreds of senior women professionals already connected with a new emerging group of leading women and men. I’m Kimberley Cole, your chief risky woman. 
Jackie Sanz
Jackie Sanz
Welcome to today’s Risky Women Radio episode, where we will be talking about compliance and risk challenges faced by compliance professionals of smaller firms in the asset management industry, where innovation and access to compliance networks are of importance in the management of risk. I’m Jackie Sanz, Managing Director Risk and Compliance at Protiviti. And I have the great pleasure today to introduce today’s risky woman Amy Aubin. Amy is the Chief Compliance Officer of Waypoint Investment Partners Inc, an independent wealth management firm and also of true exposure investments Inc., and investment fund manager, formerly the Chief Compliance Officer at Gluskin Sheff + Associates Inc., and CFO and CCO at AGF Trust Company, and an auditor and consultant with PriceWaterhouseCoopers. She has breadth and depth of experience in the financial services sector in Canada. A fan of continuing education, Amy has accumulated several professional designations throughout her professional journey, and taught audit and accounting at a local university. Amy is a chartered accountant, a Certified Information Systems Auditor, a Certified Anti-money Laundering specialist and a Chartered Financial Analyst charterholder now working for two startup companies she has taken on broad roles, including most of the back office and accounting functions as well as compliance roles. Welcome, Amy.
Amy Aubin
Amy Aubin
Thank you, Jackie, for that intro.
Jackie Sanz
Jackie Sanz
You’re welcome. Look, tell us about some of the biggest risks you’ve taken in your career.
Amy Aubin
Amy Aubin
Okay, biggest risk, I think I am generally a risk averse person. That’s my personality. I’m an accountant. I’m a compliance person now, and I fit many of the stereotypes, I think that go along with that. I’ve left jobs, and those are risky things to me. So any sort of change, to me feels like a risk. And I think I’ve gotten better at that as I go through my career moving from a CA firm to industry, banking, and now securities. And I think one of the biggest risks I took, which I hope is not as big a risk today, was having children. So I was only a couple of years into my employment at a CA firm in Canada. And even now, I think there can be negative consequences for women who choose to have children in professional environments. This was now over 20 years ago. And at the firm I work for I was in the consulting area. And I had seen other women ____ assignment, sidelined for the better part of their pregnancies. So for me, I was 24 years old or actually 23. And it was a risk for me, but I knew I wanted to have my children earlier. So luckily for me, this risk paid off, I did not experience these sorts of negative consequences. The partners that I worked for, all almost met at that time still, were wonderful partners. I had this worry that I was torpedoing my career right at the beginning and it didn’t work out that way. So that, to me was a big risk. I hope my children to appreciate it. I have many children now, had more children along the way. And it’s been one of the best things of my life. So far. I’m glad I took that risk. But it was it was a stressful time. I have to admit. Another risk that I took a little more recently was when I left one of the bigger firms to take on these two. Well, at the time, it was only one part time role that I knew I would be _____ small, less than 10 people Asset Manager. This is you know, it’s a financial risk at this point in your career and professional risks. So a lot of conversations with wonderful colleagues in the industry to get over my little bit of my imposter syndrome, which I will admit to having on occasion, convinced myself I can still enjoy professional satisfaction. I am knowledgeable enough to be of service to these smaller firms. And that’s really what I was looking for was some way to make a bigger impact and really help the smaller firms in the regulatory environment that exists in Canada today. And there have been recent changes in regulations that allowed somebody to be the CCO at more than one company. And I think I’m one of the first people in Canada, probably not the first. But there’s a handful of us who’ve done that. This has also worked out wonderfully. So I’ve given you two risks that worked out wonderfully, I will not say every risk that I have, my personal career has worked out great. Sometimes I trusted the wrong people or the wrong processes and got burned. But I think there is truth in that, you know, adage that you learn from all of your mistakes. So I think those are probably two notable highlights that worked out really well for me, but that were stressful at the time.
Jackie Sanz
Jackie Sanz
That’s great. And quite frankly, your most recent risk is a great segway for our listeners, maybe you can explain sort of how and where risks differ between smaller and larger asset management firms?
Amy Aubin
Amy Aubin
Sure, I think I’ve had a variety of sizes, you know, I’ve worked at PwC Coopers & Lybrand, before the merger. And that’s an enormous firm. And just thinking about general risks that apply to firms and people working at firms. Some of those risks are universal, no matter what industry you’re in. So I’m in the asset management industry. Some risks are specific to that area. For example, if you’re in a small firm, you have, there’s just fewer resources, that’s the way it is, you’re also much more nimble. So you know, there’s a give and take in the benefits of being a small firm. But if you had to defend yourself from a claim or an investigation or a lawsuit, it’s a much bigger deal. If you’re in a small firm, you just don’t have the same resources to draw from. So I think that sort of risk can be much more significant for small firm, for example. Another area, I would say, is expertise. It seems obvious. But it can be very expensive to acquire expertise. But in a small firm in this industry, asset management, the firm itself is still the one on the hook for getting it right. So you have a CEO who’s wearing multiple hats, they may not be an expert in any one of the areas that they have to oversee. But the risks they’re taking are the same, just on a smaller scale. So they need to find ways to get that expertise in a cost effective manner, and still oversee those service providers to the best of their ability to make sure that it’s being done correctly. So I think that sort of balancing act is a risk for firms that something gets overlooked.
Amy Aubin
Amy Aubin
That’s a great point. And it kind of makes me think then are there less relevant, perhaps risks to the smaller firm? Because, you know, you talk about common risks, and how their scale or impact could be different, right, between the larger or smaller firms? Are there quite frankly, less relevant risks to a smaller firm?
Amy Aubin
Amy Aubin

I think so. Since moving over to the smaller environment, maybe just over a year ago, in the middle of a pandemic, I no longer have to worry about multiple regulatory regimes. So I can focus on one country, one regulator, one type of client, one type of product, so that multidisciplinary complexity just isn’t something I need to worry about any more. That being said, now, I have a much broader role. So for me personally, there’s still interesting things to do. But in terms of risks of the firm it’s much smaller. I think one of the big things I noticed was project risk. So in larger firms, I used to be involved in a lot of projects. And one of the big areas of project management is getting buy in. So this adoption risk, how do I make sure change management happens throughout this huge organization? In a small firm, you know, there’s five people so you just don’t have to worry. You don’t have the huge spend on training and getting buy in posters and all that stuff. You can just be like, Okay, everybody, Do we all agree and you can really move so fast. So that speed of implementation is a totally different ballgame. And a small firm I would say some other things that are less risky is silo. You don’t have the silos that happened in a large firm. One of the things I really noticed was what I call the IT spaghetti. I’m sure there’s a better term for it than that. The picture that big firms always have of their IT systems and all of the linkages, and it just looks like a big ball of mass. And it’s the legacy. It’s the our old system. And then half of it got moved to this new system, you have a link here and a link there, in that the one thing I’m loving, and I’m feeling no risk about is have these clean datasets, there’s no massaging of data. It’s just nice, simple. Everything from scratch. And you know, I’m an accountant at heart. I have many of the stereotypical traits of an accountant, I like things just so, I like order, I like numbers. And creating a reporting structure from scratch is just like music to my ears. You know, I can just see, here’s my file, here’s my attachment and everything matches and I don’t have that spaghetti, and the burden of a long legacy and multiple system changes and everything. Nothing’s ever simple when you have that IT spaghetti as I call it. I think that’s probably some of the things that I’ve noticed or less risky.

Jackie Sanz
Jackie Sanz
Yeah, and just a comment on on your last point there, certainly, by having those risks missing when you do need to pull together something, be it for the regulator, be it for, you know, some kind of litigation or other sort of case investigation. It’s simpler, it’s easier, you have more control, and can certainly be more assured, although never 100%. But more assured that you have everything you need that I presume.
Amy Aubin
Amy Aubin
Certainly from a compliance point of view, there is a reassurednace, I don’t even know if that’s a word, to knowing everything that’s going on. So I know, that’s it. There’s one GL, there’s one system, there’s 50 clients or however many there are. And yeah, I can pull together that report myself, I don’t even need help from anybody because everything is new and pretty and off you go. There are some some risks to smaller firms, I mean, one person can have a big influence on a large, firm or small firm. But if you’re the compliance person, in any firm, you always have to worry, does this person’s level of risk tolerance, match my own. So as a compliance person, several people have told me lawyers and others, like you’re the one with the bull’s eye on your forehead related to compliance. So there is a level of personal liability to a compliance type role. And you have to make sure you match up well, style wise, with the people that you’re working with. So I’m pretty straightforward right off the bat. And after a few mis-starts, I guess that’s one of the questions I would ask, what is your approach to risk taking? What is your approach to compliance? I’ll label where I am on the spectrum in terms of highly risk averse to highly risk seeking, do you match up with my approach? Because otherwise, it’s a recipe for a ton of stress and conflict. You don’t want somebody who’s exactly like you, because you want to have that counterbalance. But if you have somebody diametrically opposed to your approach, it’s gonna be a very stressful place to be.
Jackie Sanz
Jackie Sanz
Absolutely. I guess, going back to your comment on the new and shiny and great sort of environment of the smaller firm, what would you say, or can you say that there has been a lasting impact arising from, you know, the last two years of the pandemic experience for compliance practitioners of the smaller firms?
Amy Aubin
Amy Aubin
I think so. I mean, I started the pandemic in a larger firm, and then I’ve moved to a smaller firm during the lockdown. One big difference is I never need to go to the office anymore. if I don’t want to. So I have two part time roles right now, one of my companies doesn’t even have an office. It only has a virtual office that takes the mail and there’s no other bricks and mortars associated with that company. So I don’t know it seems pretty avant garde in a way for a pretty conservative type of industry. So this move to remote work, I think, has been a change and I think it will last in compliance. I don’t know about every compliance department, but certainly, we were doing a lot of things manually that can be handled electronically, much more efficiently. So I think the pandemic has spurred on why are we getting this by mail, when at the beginning during the pandemic, there was concerns about mail delivery, there was concerns about touching mail. And it really has spurred that change to let’s get a feed. And why can’t you provide the feed this is the 21st century? At the beginning of a lockdown, I have daily meetings with staff, I don’t have staff anymore. But you know, are you are you more productive at home? What is hindering you? And at the beginning, I would get no, I’m 70% of where I used to be in the office. I think after a year, nobody was at 70% people were at 100 or more, probably, I would say I was more productive during the pandemic, no lineup of people outside my door. But I think there’s something lost in that movement as well, where a casual drop in doesn’t happen. And it feels, so if I used to have often, you know, compliance intelligence network of just people who would come and say, you know, what this is, this doesn’t seem good. Or I wonder if there’s a way to improve this, and is that something Compliance would be interested in, and you don’t have that anymore. It feels much more important, or like you’re tattling on somebody, if you have to call or set up a Team’s meeting, to talk to the compliance person about it, it feels like a bigger deal than a casual office conversation. So I think there is something that’s been lost a little bit that I hope we can get back. But I think the efficiency and the wonderfulness for me any way of working from home will continue.
Jackie Sanz
Jackie Sanz
I would echo that sentiment, I personally feel that the last two years, were the most productive of my 30 plus year career as crazy as that sounds.
Amy Aubin
Amy Aubin
Yes, I could agree with that. I mean, I had some big changes, obviously. So it’s more difficult to measure but but definitely it’s been…I used to commute an hour a day each way. And it’s amazing how much more productive you are in your life and in your work without losing those few hours everyday.
Jackie Sanz
Jackie Sanz
Agreed!
Kimberley Cole
Kimberley
This episode is brought to you by Protiviti. Protiviti is a global consulting firm with deep expertise in transformation, risk management and compliance. Partner with Protiviti and face the future with confidence.
Jackie Sanz
Jackie Sanz
So what then are some of the key challenges, specifically for compliance practitioners, and for those that are actually trying to hire them?
Amy Aubin
Amy Aubin
So hiring is one of the things that I think has become more difficult during the pandemic. And I think it’s a tricky balance anyway, I feel like it’s hard to find a good person, people are in high demand, good people are in high demand. And really for a compliance role, particularly in a small or medium sized firm, getting a person that fits properly into your environment matters. So what do I mean by that? What are you good at? What services do you already have that are working well, and what can a new person bring to help fill that gap? I mean, time and money. Anything’s possible with time and money. But I think we want to minimize time and the money, particularly in smaller firms. So if you need somebody who can stay up to date on all the new regulations, decide what’s important, proactively create content, write your policies, educate your staff, if that person has traditionally been a doer, rather than a researcher, or whatever it is you need, you might unintentionally have the wrong person who’s a really great person for whatever it is they’re good at, but just not for what exactly you need. I’ve seen that happen. Or you might hire a consultant instead of a staff person. And maybe that consultant is well versed in security, compliance, and your manual processes, and oversight, and in that area, KYC is beautiful. But your AML is years behind. If you’re this, you know, the sole Portfolio Manager or CEO of a two person team, you’re not an expert in AML either. So finding those right people is a challenge. More so for a small firm, I think because you need to be selective with how you spend your money. But you still need to follow all of the rules that are big firm needs to follow. And I think what I found too, is trying to hire people, not everybody needs to be a compliancer in compliance. I’m a big fan of hire for attitude and train for the rest. I do love teaching I used to teach in university and I, one day, I’ll get back to that. So training somebody or talking to somebody who’s interested in what you have to tell them, and wants to learn what you have to say is a great feeling. So I like finding those sorts of people, you don’t have to be a compliance person to be able to learn about the parts of compliance that I need you to do. I don’t need everybody to come in and be a compliance expert. There’s a lot of transferable skills from other departments. Having people who understand the sales cycle, for example, is one of the best things I ever did in terms of hiring. Because they just had knowledge that I was not familiar with, I’ve never been in sales. And they really had that practical knowledge. One thing that I find in job requirements is I never write up a job requirement that says you need to know how to use a certain piece of software. I see that a lot in accounting jobs, sometimes in compliance for rule building. I think anybody that I would want to hire is going to be able to learn that. Software has become so easy to use, so trainable. If you hire somebody who’s interested and has the right attitude, I think they can learn to use that software. And, frankly, we might decide to change our software tomorrow. So having that five years of experience with that piece of software might irrelevant in the future. So I think for a small firm, summing up this long rant, small firm is really trying to find that person who complements your company’s GAAP is the challenge. And you really need to think about all the things that need to be done. And then what are the highest value items that you need to try to bring in?
Jackie Sanz
Jackie Sanz
That’s a good philosophy to follow for sure. Particularly in today’s market, where as you said previously, you know, hiring is more challenging in the pandemic, but also, everybody wants the good people. And while there may be many good people out there, they’re hard to find, and certainly hard to procure when everybody wants them. So that’s very sage advice. I guess, what would you say then, at the moment, if you could take now as a point in time as we come out of the pandemic, all the sort of crazy things going on in the world in terms of economic sanctions, regulatory reform and the speed at which regulations are changing? What would you say, are the top risks that you personally with both the firms that you’re working with, are dealing with?
Amy Aubin
Amy Aubin
I would say, some of the things that I’ve been working on for the last decade, though, cyber risk, it’s a very different ballgame. So I have a bit of a history with auditing IT systems. But we’re talking now, we have three laptops, and we use Office 365. What are the cyber risks related to that? What are the basic things that we need to put in place? And when I was at a big firm, there was an IT department that would set up all of our security. And I can go and ask them, you know, have you done penetration testing? Have you set up dual factor authentication, and now it’s the same thing on a very small scale. And you just need to go back to basics. So how do I protect my system from people getting in? How do I protect the data while it’s at rest? How do I protect the data in transit? And all of the things are there, but sometimes you have to know to turn them on. So that’s one area that I’ve been learning about since I’ve been at a smaller firm. What are the basic items in Office 365 on you know, people’s laptops, that are just the standard things you should have? Which if I had an IT department, they would be able to tell me. So that’s one area that is always interesting. Every time the government itself has a cyber breach, I think, you know, it’s just a matter of time. So it gets kind of reenergized to look at cyber risks and think of ways to protect our clients’ data. I think to new regulations you mentioned it in your question, it’s unbelievable the number of new regulations! In Canada, we just had an introduction of what’s called Client Focused Reforms and it had a big impact on firms, law firms, big firms, everybody, a lot of attention has been paid to getting this right. We’re now turning our heads to Okay, we’ve created all these lovely policies on paper are now we’ve had a couple of months trying to implement them in practice, is what we thought would work on paper work in practice? Is that the most efficient way to do it? So now it’s a little bit of that feedback loop to make sure that what we said we would do worked, so that by the time the regulators come in a year, or in months or whatever, we’ve actually got a system that we can actually use and doesn’t just look good on paper. So that’s another area of focus, I would say. And then I think it is the asset management industry, so valuation and liquidity, and making sure, you know, I deal with some funds, so making sure those funds, protection policies match the liquidity, the underlying assets, those portfolio types of risks. I think, with asset management firms, small ones, the one area, you’re almost always going to have expertise in the portfolio management. So it’s often a portfolio manager who starts a small firm. So they know how to find the assets, buy the assets, do all that good sort of stuff. But I’m looking at some of the emerging risks in private credit, and valuation, and how these longer term assets are as a trend going into more retail type products. So I think it’s a trend across the globe. I know in the UK, they’ve introduced a new retail funds structure that allows you to get access to private credit, for example. So we have no capability in that area, we have expertise in that sort of asset, how can I adapt that sort of structure for a small, firm without spending a million dollars on legal fees? So that sort of emerging risk, but it’s also really an opportunity to get this sort of structure correct. And be first out at in some cases are one of the first firms to have this sort of product. Because we can move very quickly.
Jackie Sanz
Jackie Sanz
Excellent. So I have to say you’ve given all kinds of great insights to common risks and unique risks between the larger and smaller firms. But I guess, now, I would ask, if you could give sort of one big solid piece of advice to risk and compliance practitioners that are in the smaller or medium sized firms? What would that be?
Amy Aubin
Amy Aubin
Sage words of advice…I would say, enjoy the variety. So I still have the chance to do research and analyzing things at a fairly high level, you know, private credit and new structures. But I’m also the person who opens up the envelopes to review personal account statements, because I’m compliance in all of its forms. I personally love that. So I do enjoy the variety. And I think there’s opportunity in a smaller firm, literally sitting right next to you, the portfolio manager might be sitting right next to you. They can bring you into whatever it is they’re doing, because they’re literally right there. So I would say take advantage of your smaller firms threat on a small scale, to just get everything you can out of it.
Jackie Sanz
Jackie Sanz
Excellent and sage advice. Because you are right in the larger firms, and you said it earlier, everything is quite siloed. And quite literally siloed and so far is physical proximity and who you easily can sort of bump into when walking the halls. So I take your advice as quite sage because it is true, in the smaller firm, you probably fit all on one floor or maybe in one room, and have that opportunity to learn, observe, share dialog, research and just, quite frankly, personally grow. That’s great advice. Thank you, Amy. So I would say to our listeners, this brings this episode to an end it was a very interesting discussion on risks, and certainly on Amy’s interesting journey. Thank you, Amy, for joining us today and for sharing your thoughts, perspectives and quite valuable insights. I have no doubt that our listeners have come away with some pretty practical considerations as they continue through their own career journeys. And more importantly, maybe now more will join smaller firms after that great insight. Thank you, Amy.
Amy Aubin
Amy Aubin
Thank you Jackie.
Kimberley Cole
Kimberley
Thank you for listening to this exciting episode of Risky Women Radio, to connect, champion and celebrate women in risk, regulation and compliance. I’m Kimberley Cole, based in Hong Kong. For more information on the Risky Women global network, head to our website, and the episode notes and please be part of the ongoing conversation by subscribing to this podcast, connecting with us @RiskyWomen on Twitter, or even reaching out to me directly by email. 
 

 


Want To Learn More?

 

CATEGORY INDUSTRY:
Financial Services
SUBSCRIBE TO PODCASTS:

Ready to work with us?

Ranadip Dutta
Ranadip Datta
Managing Director
+65 6309 5988
Linked