Justin Pang

Managing Director, Risk & Compliance

Justin is a Managing Director in Protiviti’s Risk and Compliance Consulting practice specialising in the project management and delivery of anti-financial crime, regulatory change and risk management projects in the financial services industry. His strong practical experience across all three lines of defence allows him to assist clients to build and implement pragmatic strategies to mitigate a broad range of risks which impact their business, particularly during a period of change. He is the Process Mining lead for the UK working in partnership with Celonis, one of Protiviti’s global ecosystem partners.

Major Projects – Transformation and Change

Global Bank – Next-Gen Internal Audit Transformation Programme – Justin led the design and delivery of over 170 Minimum Viable Products (MVPs) and over 200 Audit Supports globally in collaboration with the client. This included defining the ‘gold standard’ on how to apply enabling technologies such as process mining, data analytics and data visualisation throughout an audit lifecycle; designing and delivering a training programme for audit executives; and automating activities to support the Programme operating model. Key outcomes achieved for the client were savings in audit hours and increased capability to apply Next-Gen Internal Audit techniques. 

Global Bank – First Line Controls Transformation – Justin led Phase 1 of the transformation programme. This included the design of the approach to standardise the method which controls are articulated; to assess the design of controls to mitigate one of more risks; and to collaborate with process and control owners to better understand their end-to-end process and their control environment. Justin continued to lead this project and partner with the project sponsor as controls move from a standardised to an optimised state.

Global Retail and Commercial Bank – Financial Crime Prevention Programme

  • Target Operating Model – Led the design and implementation of a target operating model (TOM) to centralise a Bank’s KYC operations across the UK. This includes the design of target state processes and key controls, capacity and competency planning, defining target service level agreements, and the design of a case management tool to support the TOM.
  • CDD Assurance Function Set-up – Led the design and initial set up of this function. This included development and implementation of a QA Checklist based on the Bank’s current Instructions, recruitment of over thirty interim resources to support this function, and development of management information capability. The key outcome for the client is a managed service with a trusted partner.

Process Mining and Enabling Technologies

  • Global Bank – Risk Operations – In collaboration with the client and one of Protiviti’s ecosystem partners, Justin led the design, build and presentation of a proof of value (POV) using process mining and execution management technology, with Transaction Monitoring Alert Handling as the use case. This POV demonstrated the art of the possible to effectively and efficiently manage, quantify and take action on operational risks in real time using data.  
  • UK Retail and Commercial Bank – Process Optimisation – Justin led the discovery and prioritisation on how robotic process automation can be applied across a traditional bank as part of their journey to move to a full digital bank, with Client Onboarding as the use case. Key outcomes for the client include consensus on the opportunities to increase efficiency and customer satisfaction, and a prioritised road map.
  • UK Challenger Bank – Internal Audit – Justin led the POV in collaboration with the client’s Financial Crime Internal Audit team, with suspicious activity reporting (SAR) as the use case. Key outcomes for the client include identification of an issue not identified through a previous audit and business wide awareness of the value of process mining across all three lines of defence.

Areas of Expertise

  • Transformation and Change
  • Target Operating Model Design and Implementation
  • Process Mining and Enabling Technologies
  • Financial Crime Compliance
  • Enterprise Risk Management and Operational Risk

Industry Expertise

  • Financial Services
  • Manufacturing & Distribution
  • Consumer Products & Services


  • Bachelor of Commerce – Accounting, Finance, and Business Law (University of Western Australia)

Professional Memberships and Certifications

  • CAMS
  • Chartered Accountant, Institute of Chartered Accountants in Australia (ICAA)
  • Chartered Internal Auditor (IIA)
  • Certified Internal Audit Quality Assessor (IIA)