Regulation, risk and reward with HSBC’s Chief Compliance Officer, Asia Pacific

In brief

  • "Some of the key things that I see will be around digitalisation, open banking, artificial intelligence and robotics, workforce transformation, cyber security, and as mentioned, sustainable banking as well as regulatory technology."
  • "We're also already seeing an increase in regulatory complexity, and banks will need to invest significantly more, in my opinion, around regtech solutions. These solutions will certainly help banks to manage regulatory requirements more effectively and efficiently and help drive some of those efficiencies to reduce the overall cost of being compliant with regulations."
  • "As [these technologies] progress and become more mainstream, regulators will be looking to address some of the pretty big open questions out there around the ethical implications of some of the algorithms and all the potential biases in [them]. Are we susceptible to legal and potential [privacy] violations? Is machine learning and AI making decisions, and where do we rest the accountability for some of these?"

Darren Furnarello, Chief Compliance Officer at HSBC Asia Pacific, talks regulation, risk and reward with Protiviti Managing Director Adam Johnston. What does the future of the regulatory environment look like, how do we navigate it, and what keeps compliance officers up at night?

In this interview:

1:30 – Compliance priorities right now: Sanctions, resilience, privacy, sustainability

6:12 – Meeting the challenges of the future: Open banking, AI, regtech

10:36 – Balancing digital transformation with data and other risks

13:23 – Future of banking regulation

19:10 – The next 10 years through a compliance lens

What could C-level executives and directors be doing to prepare for the regulatory future? Darren Furnarello offered this advice:

  • Pressure-test current compliance programs and the effectiveness of controls. This is usually done through specific regulatory inspections, internal assurance reviews and through internal audits. This is vitally important to ensure there is a clear understanding of gaps, weakness or ineffective controls and to determine the necessary resources and strategies to meet new regulatory requirements. Organisations should also consider conducting scenario planning exercises to anticipate and prepare for different regulatory scenarios.
  • Develop a strong compliance culture. This includes creating and enforcing policies and procedures that align with regulations, providing effective compliance training, and fostering a culture of transparency, accountability and ethical behavior. Employees should be encouraged to report potential compliance issues, and there should be a robust system for addressing and resolving concerns.
  • Build regulatory relationships. Business leaders must stay in touch with current regulations and proactively seek information about potential changes. Building and maintaining relationships with regulatory agencies and industry bodies can help anticipate changes and provide opportunity for input on proposed regulations. This could involve participating in public consultations and partnering with industry associations to collectively address regulatory concerns. Executives should also work with government relations teams to articulate the potential impact of regulations on their organisation and present alternative solutions.
  • Embrace regulatory technology. Executives should leverage technology solutions to streamline and automate compliance processes. Regulatory technology tools can help monitor for regulatory changes, track compliance activities and improve reporting capabilities. By adopting regtech solutions, executives can proactively manage regulatory risks and ensure timely compliance.
  • Recognise that regulatory change is inevitable and should be viewed as an opportunity to adapt, innovate and ensure long-term success. By staying informed, building relationships, conducting impact assessments, fostering a compliance culture, engaging in advocacy, adopting technology and collaborating, executives can navigate regulatory change more effectively, minimise disruptions and improve compliance. I strongly advocate that executives view regulatory change as an opportunity to strengthen their businesses practices/strategies and maintain trust with the customers and industry they serve.
  • Ensure there is a robust regulatory change management framework. This means having a dedicated teams and functions for assessing, implementing and monitoring regulatory change.

For more insights on the Future of Money, please visit:


Adam Johnston
Adam is the country market lead for Hong Kong. With over 15 years’ experience, he has spent much of his career consulting to Fortune 500 organisations, helping them solve complex transformation, and resourcing programs and projects. Adam’s specialisation is ...
Jeffrey Hau
Jeffrey leads Protiviti Hong Kong's risk and compliance and internal audit practices with more than 20 years of experience in regulatory compliance consulting and auditing. As the leader of the financial services practice, his specific areas of focus include advising ...