Protiviti Contact

Protiviti Contact

Justin Pang


Professional Experience

Justin is a Director in Protiviti’s Risk and Compliance Consulting practice specialising in the project management and delivery of anti-financial crime, regulatory change and risk management projects in the financial services industry. Justin’s strong practical experience across all three lines of defence allows him to assist clients to build and implement pragmatic strategies to mitigate a broad range of risks which impact their business, particularly during a period of change.

Major Projects

  • Global Bank: Global CDD Standards – Financial Crime Customer Risk Rating Methodology (CRRM) – Justin led the alignment of the CRRM across all lines of Global Retail and Commercial Bank
    • Target Operating Model – Led the design and implementation of a target operating model (TOM) to centralise a Bank’s KYC operations across the UK. This includes the design of target state processes and key controls, capacity and competency planning, defining target service level agreements, and the design of a case management tool to support the TOM.
    • CDD Assurance – Led the design and initial set up of this function. This included development and implementation of a QA Checklist based on the Bank’s current Instructions, recruitment of over twenty interim resources to support this function, and development of management information capability.
    • Business Wide Risk Assessment (“BWRA”) – Led the BWRA for AML/CTF, sanctions and the facilitation of tax evasion for three EWRA cycles. This included development of the methodology for sanctions and tax evasion. Oversaw the BWRA for fraud.
    • CDD Instructions (KYC Minimum Standards) – Led the design and drafting across a range of core processes aligned with 4th EU MLD requirements, JMLSG and leading industry practices. This included definition of target state process maps, agreeing roles and responsibilities for key activities and engaging with Branch representatives to understand the impact to Branches. Instructions included KYC trigger event and periodic reviews, ID&V, ‘Unregulated’ Client Accounts and SARs.
  • Business for a global bank: Key responsibilities include identification of CRRM enhancements based on regulatory guidance and leading industry practices across multiple jurisdictions; scenario and risk-based testing of proposed enhancements; impact assessment from process, people and technology perspectives; implementation in the UK and Middle East; and training delivery.
  • Global Bank – Global AML/KYC Framework Assessment: Justin led the review of a global bank’s AML/KYC Framework focusing on identifying gaps between the bank’s KYC Policies and Procedures against regulatory requirements and benchmarking against leading industry practice in key markets where the bank operates. This included an assessment of the bank’s governance arrangements (including the engagement model for AML/KYC),  AML Client Risk Rating methodology, AML technology, tools and templates, training approach, quality assurance in the first and second line, deployment approach and implementation plans. Recommendations to remediate and enhance the bank’s AML/KYC Framework were presented to the client for implementation.
  • UK Retail and Commercial Bank – AML Quality Assurance Framework: Justin led the diagnostic and overall design and implementation of a quality assurance framework for Financial Crime activities within the Bank’s first line of defence. This included recruitment and training of permanent employees.
  • UK Retail and Commercial Bank – Customer Screening and De-risking: Justin led the delivery of a project to reverse screen the Bank’s back-book against sanctions, PEP, SIP/SIE and RCA lists  to enable a review of higher risk customers as part of the Bank’s wider customer re-risking activities.  Key responsibilities included the delivery of a TOM for the project, definition of minimum standards for the review of alerts (including quality control and quality assurance), a case management and workflow tool (including MI reports), training and an agreed approach to effectively and pragmatically transition these enhanced processes to a business-as-usual function.

Areas of Expertise

  • Financial Crime Prevention
  • Anti-Money Laundering (AML)
  • Know Your Customer (KYC)
  • Target Operating Model Design and Implementation
  • Project, Risk and Change Management
  • Internal Audit / SOX Compliance

Industry Expertise

  • Financial Services
  • Retail Banking
  • Investment Banking
  • Broking


  • Bachelor of Commerce – Accounting, Finance, and Business Law (University of Western Australia)

Professional Memberships and Certifications

  • CAMS
  • Chartered Accountant, Institute of Chartered Accountants in Australia (ICAA)
  • Chartered Internal Auditor (IIA)
  • Certified Internal Audit Quality Assessor (IIA)