Transcript | Risky Women: Compliance Priorities for 2022

This is Risky Women Radio – a show to connect, celebrate and champion women in risk, regulation, and compliance. Sharing insight and perspectives from the most influential members of our global Risky women network on the latest developments, we need to think about, the challenges we should all talk more about and the innovation we are most excited about governance, risk, and compliance. Bringing together the hundreds of senior women professionals already connected with a new emerging group of leading women and men. I’m Kimberley Cole, your chief risky woman.

Welcome to Risky Women radio. Today’s risky women are Carol Beaumier and Bernadine Reese both from Protiviti. There’ve been many challenges during the last year and the role and scope of compliance continues to grow in significance, more and more is expected of them. And along with innovation, the skills and experience requirements are becoming broader. The aim of our podcast today is to look at the evolving environment and give a view on some of the issues that should be top of mind for compliance professionals in 2022. So let me give you a quick introduction to these two fabulous senior executives from Protiviti. And then we will jump into what are the compliance priorities for 2022. Carol is senior managing director in Protiviti’s Risk and Compliance practice and oversees the firm’s Asia Pacific financial services practice. Prior to joining Protiviti, Carol was a partner with Arthur Andersen, where she led the global regulatory practice, a founding member of the Secura Group and leader of the firm’s risk management practice, and a regulator with the Office of the Comptroller of the Currency, a Bureau of the US Treasury Department. She’s an experienced consultant with more than 30 years of experience. She’s worked extensively with numerous regulatory issues that affect multiple industries. And she’s a frequent author and speaker on regulatory and other risk issues. So we are very lucky to have her with us today. We then also have Bernadine who is also a managing director with Protiviti’s Risk and Compliance team and she is based in London. So we have a very global podcast today. She joined Protiviti in 2007 from KPMG’s regulatory services practice and has more than 25 years of experience working with a variety of financial service clients to enhance their business performance by successfully implementing risk, compliance, governance change and optimising their risk and compliance programmes. Bernadine has assisted and guided a variety of financial service firms across the spectrum of risk and compliance areas from anti money laundering and financial crime compliance to investigations, conduct risk and board effectiveness reviews. So it’s going to be fabulous to hear from you both and welcome.

Thank you very much.

Thank you.

I would like to hear a bit about your careers. And I know many of our audience does as well. And I’ve given a brief synopsis there of what you’ve done so far. Let’s kick off with something I think it’s a bit more interesting is what do you think’s the biggest risk that you’ve taken in your career? So Bernadine, we’ll start with you.

Sure that I think looking back, the biggest change in my career was moving to Protiviti, 14 years ago, the move from a big audit firm to a young and dynamic risk consultancy was just too good to pass up. And I’m so glad I took the risk and made the change because I’ve really enjoyed the entrepreneurial culture of a small growing business and the ability to have a say in how it’s run and make a difference.

Very interesting. I feel I have done something similar in my own career. So Carol, what about you? What’s the biggest risk you feel you’ve taken your career?

So I’m going to go back even further than that. And as you noted in your introduction of me, I’ve been at this a long time. So I would say that my biggest risk was probably the decision to pursue a career in financial services. Over the long period that I’ve worked in the industry, it’s not always been an entirely welcoming environment. But certainly at this point of my career, I can say absolutely no regrets, and I can’t imagine having done anything differently.

Excellent. Okay. And so we’re going to talk about all of the risk and compliance priorities for the year ahead, based on the fabulous report that you guys put together that everyone can download from the Protiviti website and it’s titled Compliance Priorities for 2022 in the Financial Services Industry. But before we do that, maybe let’s kick off with what excites you most about the year ahead? Carol do you want to start?

Sure. So from a personal standpoint, I’m very excited at the prospect of getting on a plane again, and traveling to visit Protiviti offices and clients around the globe. It’s been tough sitting in the same place for the last two years. So that would personally excite me. From an industry standpoint, I think there are some really fascinating things going on around transformation and innovation. And I’m really excited to see how those play out, particularly in the compliance space.

Yeah, absolutely. I think it’s fabulous that we can all meet and we can all be in different locations and do these Zoom in Teams calls. But yeah, face to face can’t be replaced I don’t think. Bernadine What about you?

So quite similar to Carol really, for me this year brings the opportunity to start to think about life post pandemic, the thought of meeting new joiners and meeting our teams in person. Working with clients face to face and traveling is very exciting. The pandemic has certainly changed the world of work and jumpstarted to the adoption of technologies. And I think that brings interesting challenges and exciting opportunities.

Excellent, excellent. Okay, so let’s get on to our expert opinion area and our exciting look about what are the priorities for 2022 for our compliance professionals. And I’d love to get your perspective and I know you guys have done a lot of research and thinking around this so it’s going to be very interesting to hear your views. Let’s kick off with how do you think that the compliance landscape really differs in 2022, compared to previous years? Carol, what’s your thoughts around that?

Kimberley, you touched on this? I think in your introductory comments, I think it really differs in scope and complexity. And the signs are certainly are that it’ll only continue to expand and become more complex. You know, when I reflect on the beginning of my career, compliance to me was very focused on technical adherence to a finite set of laws and regulations. Compliance sometimes operated in a silo not really connected well to the rest of the organisation. Today so much more is expected of compliance departments and the people who work in those departments. I think the role of compliance has been elevated to align more with other risk functions, which is very positive on many fronts, but understandably brings with it increased expectations for compliance. And as Bernadine and I first started thinking about what the compliance priorities would be for the industry in 2022, we decided that those priorities really fall into several different categories. So we began looking at things a little bit differently. The first category we call traditional compliance requirements. So those are the requirements that we’ve historically associated with the compliance department, those that have been owned by compliance departments for a long time. The second category we call broader risk mandates. And those are requirements where compliance departments now are expected to play a significant role in the management of risks that historically might have been owned by other risk functions. And the last group we called other impacts while we were bucketing a number of different considerations that really have an effect on the way that compliance does its job, whether those are changes in regulatory approaches, or even the impact of innovation on the industry.

Well, I look forward to exploring some of those with you. And what’s an example of compliance being expected support this broader risk mandate and this expanding scope Bernadine?

As a topical example, I pointed the recent focus on environmental, social and governance initiatives, so called ESG, touches many different areas within a financial institution, strategy reporting sustainable lending and investing, the supply chain, people and human capital management, the corporate culture, diversity, equity and inclusion, and corporate governance amongst them. And many of these are not traditional compliance topics. And yet compliance officers are finding themselves increasingly involved in ESG discussions. Once regulators began promoting ESG agendas and issuing related regulations, I think it was inevitable that compliance departments would find themselves key participants in financial institutions’ ESG programmes.

Yeah, ESG is certainly a hot topic and it’s interesting how it started to weave its way into so many different areas. And as you say, the implications for that are quite interesting in terms of what that means.

This episode is brought to you by Protiviti. Protiviti is a global consulting firm with deep expertise in transformation, risk management and compliance. Partner with Protiviti and face the future with confidence.

So what are some of those other key compliance challenges that you both see for 2022? Because I think you raised that complexity and all the different elements that have been brought into the mix.

Let me start maybe with some of the traditional issues, and then Bernadine can pick up from there. So we identified four key traditional compliance issues. The first is culture and conduct, which certainly has been in the headlines since the great financial crisis and gets renewed emphasis every time we see a large financial institution pay a penalty for some misbehavior. But I think additionally, right now, culture and conduct come up in every discussion of ESG and every discussion of hybrid work environments. So we don’t see this going away as an issue anytime soon. In fact, to the contrary, we would see even more emphasis being placed on culture and conduct in the short term. Another important issue we identified is around vulnerable customers. And while the approach and issues and even the way we define vulnerable customers may not be identical in all jurisdictions, I think it’s fair to say that vulnerable customers were disproportionately affected by the pandemic, and likely will be disproportionately affected by the recovery. And couple that with the fact that we’re seeing a growth in non traditional products such as buy-now-pay-later, where the regulators are certainly looking closely at how all customers are being interacted with, with these products. And I think coupling that with the pandemic this is an area that we expect to see a lot of activity in the current year. Another issue we focused on was the use of artificial intelligence in decision making. And while we probably can’t call artificial intelligence traditional, what is traditional is that the artificial intelligence is being used in ways where it could impact long standing regulations and requirements such as those around discriminatory lending practices. So we know that this is an area that regulators are looking closely at and we expect that this is an area that compliance departments should be looking closely at as well. And then finally, a perennial to our list, is financial crimes, which I feel has been on the list for the last two decades. And with events occurring around the globe, such as the implementation of the AML Act of 2020 in the US, changes in the regulatory regime in Europe, just to name two examples, we feel pretty confident that financial crime is secure at the top of the list for some time to come. So Bernadine, maybe you want to pick up with some of the other issues that we considered.

So Carol, and that I certainly agree with all of those. I think some of the other challenges for the year ahead are possibly in the more traditional areas of IT. So cybersecurity is an area that has many links with traditional compliance areas. For example, cybersecurity is a core principle of operational resilience. It’s a financial crime in itself and dealing with ransomware requests may also give rise to sanctions concerns, cyber breaches may trigger reporting requirements. So we see this as a compliance priority and a key priority likely to be here for many years. Similarly, as financial institutions have moved critical services to the cloud, many have found that their cloud strategies have been met with challenges from their regulators, regulators are focusing on the clarity of responsibility and accountability for cloud security requirements, and have also expressed concerns about the reliance of financial institutions on really a small number of cloud providers and the potential resiliency issues this raises, so we expect this to be a growing area of focus. And then cloud and cybersecurity also highlight two other related compliance priorities, those being operational resilience and third party risk management. Operational resilience has been an area of focus for several years now. And in some countries, 2022 will be a year of regulatory focus for operational resilience, regulatory expectations for third party risk management, which extend well beyond information security requirements also continue to develop in respective areas such as operational resilience, ESG, and conduct and culture. And then finally, as mainstream financial institutions become interested in cryptocurrencies, it’s clear that regulators are interested in the development of the cryptocurrency market. And we can expect more regulation, including the likely expansion of regulatory regimes in this area.

Wow. That’s a long and interesting list. So I think you’re showing the complexity there, we’ve got everything from still culture and conduct but what are all of the implications of hybrid working and all of the changes that we’ve seen in the environment, vulnerable customers with innovation like buy-now-pay-later if you can call it innovation? The whole artificial intelligent realm, of course, financial crime still remaining front and center, then you’ve got IT, cyber security, operational resilience, cloud, crypto, everything. So a couple of questions, maybe for you, Bernadine to start with. Given that current compliance landscape that you’ve both just gone through and described, what does this mean for compliance in the future?

Well, we know that the compliance function of the future will look very different, and that speed of that change is only likely to increase. So we expect to see a compliance function that has a much wider risk mandate with an interest in IT issues, digital technologies, analytical capabilities and use of data. For example, we know that regulators are taking an increasingly data led approach to supervision. And this is likely to be another driver for change, to stay one step ahead of regulators. At the same time, compliance functions need to transform to be the guardian of a variety of ethical and cultural issues. And all of this is against a backdrop of continuing cost pressures. So it’s a big ask, and one that will be a challenge to meet without significantly greater use of innovation and technology, and a greater range of skills and experience in the compliance function.

Yeah, definitely sounds like a big shift in or an additional number of skills required. Shat do you think organisations need to think about and to do to really drive the transformation that’s required?

Think we’re seeing many compliance teams are already well developed in their transformation journey. They’re currently performing current state assessments, so the compliance mandate and key functions and trying to anticipate the needs of the business and regulators in 5-10 years time. What will the business model look like? What will regulators expect in an increasingly technology and digital driven world? Once the expected ask has been outlined, compliance officers are assessing how digital innovation can transform or automate aspects of the function to achieve greater efficiency and effectiveness at lower cost. There are many exciting digital opportunities out there. And this presupposes not only new technology processes and investment within compliance, but investment in compliance teams with a greater range of skills and experience. And underlying it all a really strong base of complete and reliable data.

Really interesting. And so it sounds like then a lot of innovation happening in that space. So maybe, Carol, you could give us some examples of what is some of that innovation that we’re seeing in compliance?

Sure. And since I spend a lot of my own time working in financial crimes, I’ll start there, there were some really interesting things going on. We’re seeing, for example, the use of both internal and external KYC data being brought to bear and being used to drive a very dynamic process for updating KYC files, abandoning the historical one year, two year, three year depending on risk levels, so something that I think, can be far more efficient and effective for the industry. Similarly, we’re seeing financial institutions begin to think about abandoning the standard rules and filters that we’ve used for transaction monitoring and make better use of behavior and pattern analysis, which can be much more customised to an individual client. Look at how the client stacks up against its peers and then look for, you know, relationships to bad actors, bring in variables that are very difficult to use in a standard transaction monitoring system. We’re seeing the use of natural language processing to QC, alert reviews and suspicious activity reports. And then obviously, Financial Crimes doesn’t have a lock on innovation. So we’re seeing innovation in other areas as well. And I think some of the really interesting work is occurring in the area of customer complaints, or maybe more aptly, avoiding customer complaints. So we’ve seen some interesting work done, where compliance departments have teamed with data scientists to come up with predictive algorithms to identify when customers might be starting to get upset. And being able to share that information with frontline account officers to maybe cure the problem before it actually becomes a full fledged problem in there is an actual complaint. So I just think limitless opportunities out there to improve not only efficiency, but also the effectiveness of what we’re doing in the compliance space.

Really, really interesting. And obviously, all of that then has implications for what are those skill sets that your compliance officer needs? And I love this thinking about what is that compliance officer of the future, what do they look like? So what’s your thoughts around that Carol?

On one hand, I’d probably say the future is now. But as we’ve all said, the the mandate for compliance will continue to expand. So we’ll have other factors that will certainly have to be taken into consideration as we think about what’s needed in the future. But I think unlike the compliance officer that I remember, early in my career who was solely focused on technical compliance, I think the compliance officer today really has to be a strategic thinker, has to have strong analytical and problem solving skills, has to have an executive presence, because the CCO is in the boardroom now has to be really adept at relationship building in order to work with the entire organisation to promote compliance. And I think like everyone else working in the industry these days has to be tech and data savvy.

Absolutely. So good list there for all of our listeners. So obviously, I think it sounds very exciting in terms of the dynamic nature and the change in the scope, and obviously getting involved in so many of the different areas that are growing and changing, but obviously, lots of different challenges. What do you think Bernardine really motivates someone to pursue a career in compliance?

That’s a really good question. I think lots of compliance officers I speak to enjoy the huge variety of questions and issues and challenges and compliance. No two days are the same. There’s always something new to learn. And I think compliance is also a great role to feel like you’re making a difference in some way, whether that’s in the fight against financial crime, or helping to achieve good customer outcomes.

Excellent. Okay. So why don’t we leave everyone with a piece of advice, because I know we have lots of listeners to Risky Women who are looking for guidance and mentorship from the podcast. So what advice you give to your chief compliance officer, or even the budding chief compliance officers in 2022? Carol kick us off.

So I would say kind of picking up on a lot of what we’ve already discussed that this is the time to step back and assess the capabilities of the current team against the future needs, and to develop a plan for recruiting and upscaling the talent that will be needed to support all the compliance we’ll be asked to do in the future.

And what’s your thoughts Bernadine?

I think building on what Carol has said, being prepared to engage with regulators and challenge the first line on a much wider range of risk and regulatory issues than in the past.

Yeah, interesting. So I think you sort of given us a whole lot of think about there from the traditional issues, the broader risk mandates, all of the other impacts from ESG to culture and conduct to vulnerable customers, artificial intelligence, cybersecurity. So there’s a whole range of things and excellent priorities to keep in mind. I know you guys summarised all of these priorities beautifully in the Protiviti report, which is titled Compliance Priorities for 2022 in the Financial Services Industry. So I would recommend to all of our listeners to go and take a look at that report just to give you a bit more clarity or maybe add to your view of what should be your priorities for 2022 because I think it sets it out very nicely. I think you’ve given 13 different areas, so you’ve got one one per month and a bonus one as well. Definitely food for thought there. And it’s a very interesting read. So I recommend everyone do that. But thank you so much. It’s been fabulous having a chat with both of you. So brilliant to meet you and have this conversation. Carol, Bernadine, Thank you.

Thank you for listening to this exciting episode of Risky Women Radio, to connect, champion and celebrate women in risk, regulation and compliance. I’m Kimberley Cole, based in Hong Kong. For more information on the Risky Women global network, head to our website, and the episode notes and please be part of the ongoing conversation by subscribing to this podcast, connecting with us @RiskyWomen on Twitter, or even reaching out to me directly by email.