Insight

BIG Compliance Festival 2020 – Part 2 highlights

Written by International Compliance Association on Friday November 6, 2020

Part 2 of the BIG Compliance Festival, the biggest event for compliance professionals globally, attracted over 1,500 participants from 67 countries, 31% of whom were at management level or above. Attendees enjoyed an array of insightful presentations and discussions on a variety of topics across 25 sessions. Below we present a summary of the festival’s highlights and key points from the conversations to take away.

Day 1: Leadership

Speakers at the opening session agreed that leadership is an integral part of the compliance function, and an important skill for compliance professionals to possess. Performance coach, author and psychologist Jamil Quereshi outlined the ‘six Cs’ of high performance, noting that the teams that perform the best are often ‘multi-faceted emergency response teams’.

These six Cs, Quereshi observed, are cooperation and a willingness to co-operate; collaboration i.e. genuinely working together; cognition, or tactical awareness, in other words, understanding the resource that’s available; a level of healthy conflict within the team which provides diverse and collaborative, bottom-up opinion; coaching from their peers; and timely and accurate communication.

Leadership and competence

Amalia Chilianis, consultant, coach, speaker and trainer, echoed Quereshi’s sentiments. She said that often people talk of leadership as one large bucket, but there are nuances, depending on the your organisation. ‘You can’t be a leader if you don’t know your stuff,’ Chilianis said. ‘On top of that you have to build credibility and you do that by being visible and approachable’. She continued:

Compliance is absolutely about doing business better. In order for compliance [professionals] to do their job we need to understand the commercial drivers … Although change is the ‘new normal’, compliance leaders have always been adaptable and enabling change because regulation changes and business changes.

The psychology of compliance

Simon Hurry, Managing Founder and Strategist of PlayNicely, claimed that compliance officers will be among the most important people in our society over the next ten years due to their vital role in preventing crime and driving ethical behaviour. ‘Once we stop to think about how people behave, we can begin to understand compliance,’ Hurry said. ‘If compliance is going to be successful going forward, it’s going to have to motivate people,’ he added.

Hurry went on to remark that compliance is not about being a police officer – it is about enrolling others, about educating and inspiring. Inspiration, he said, is often found in laying the foundations to compliance’s importance.

Day 2: Cyber heist uncovered

We have seen a significant growth in cybercrime, particularly high-profile ransomware campaigns, over the last year as a result of COVID-19. Breaches leaked personal data on a massive scale, leaving victims vulnerable to fraud, while lives were put at risk and services damaged. Paul C. Dwyer, President of the International Cyber Threat Task Force, convened with like-minded experts on day two to discuss these growing threats, and share his experience working in the field.

He began by saying that many cybercriminals are themselves either groomed or targeted, and that this needs to be taken into consideration when working to combat the threat. Dwyer further highlighted the physical aspect to cybercrime, noting that, as it is often integrated with traditional organised crime, cybercrime should not be thought of as a separate entity.

Cyber risk: A technology problem… or a people problem?

Is cyber risk a technology problem, or a people problem? This is a question often asked of cyber experts and the answer is far from simple. At the second session on the BIG Comp Fest Day 2, Jonathan Bowdler, Head of Regulatory Compliance at International Compliance Association, Jon Stoddard, Information Security and Threat Intelligence Leader at Lloyds Banking Group, and Guy Sheppard, Head of Asia-Pacific Financial Crime, Intelligence and Cyber at SWIFT, wrestled with this question, tapping into their own experience in their respective fields.

All agreed that employees are either the weakest or the strongest link in an organisation. One participant said that the rules have changed as a result of the COVID-19. ‘When we built our control frameworks we built them on the assumption that people are in an office working environment. That brings risks and opportunities.’

Shifting cyber security from a compliance to a risk focus

Greg Slayton, CISSP, Client Partner at Galvanize, and Nick Frost, Co-founder of Cyber Risk Management Group, discussed the opportunities and challenges of shifting cyber security from a compliance to a risk focus. The speakers agreed that cyber risk is interwoven into a range of other risks, including operational risk, and that cost is not always the number one factor that decides whether the business implements cyber security measures. Complexity and the user experience are the other significant obstacles that the business considers. An audience poll during the presentation demonstrated that most delegates are 50% compliance, 50% risk-based. The speakers commended this as is a positive trend. ‘Five years ago, we would have been much more compliance led’, Frost said.

Day 3: Financial crime

‘Transaction monitoring: A technical arms race’ inaugurated day three, with moderator Pekka Dare, FICA, Director, Stakeholder Engagement & Delivery Excellence, ICA, hosting Pawel Kryszkiewicz, Product Manager, Comarch, Eve Rahmani, Financial Crime Risk Specialist, Accenture, and Ashley Bostel, Product Development Manager at Nasdaq. ‘Banks have realised it’s a changing landscape and they need to keep improving. Banks have to introduce AI and machine learning for improved effectiveness and efficiency,’ commented Rahmani, adding that they have to turn to technology to allow them to keep improving their standards, whilst having a sustainable model.

Surfacing new threats in retail banking

Head of Business Financial Crime Risk, Data & Analytics at HSBC Francisco Mainez, and Araliya Sammé, Head of Financial Crime at Featurespace, said that integration is key when it comes to financial crime technology.

We had to go through several iterations of the process to interpret the data and to understand what the process was that was going on inside the black box … A few years ago you could build a team with only a little bit of IT skills. We now need to have a good balance between being technical (not just Excel, but things like Python and analytical skills) as well as financial crime

Meeting the challenge of sanctions compliance

Richard Dunmall, Head of Sanctions at SMBC, said that a reliance on the list-based approach is no longer sufficient. He added that a lot of education is needed for business colleagues: ‘They would previously have placed a lot more reliance on screening and controls in the background, but we have had to explain to colleagues that they are the first line.’

FinCEN leaks from the inside

Martin Woods, Financial Crime Consultant, AML Ltd, Tim Tyler, Head of Financial Crime Compliance, ICA, and Pekka Dare, Director, ICA, discussed the recent FinCEN files leaks and the implications for the financial services industry.

‘There has been a fantastic progress in money laundering,’ said Woods, but ‘we still seize 1%; I think this presents an opportunity for the AML community to make some fantastic progress.’

However, Woods warned that ‘we haven’t stopped the money laundering. And the public does wonder “what was the point of these reports?”’ Woods further highlighted the importance of robust training and the connection between combating money laundering and saving lives.

Day 4: Third party risk

Che Sidanius, Global Head of Financial Crime and Industry Affairs, Refinitiv, discussed the connection between financial and environmental crimes. ‘We can no longer think of money laundering and financial crime as simply compliance issues, as white-collar crime that has no impact on society. We can talk about modern day slavery, the impact on the environment, the impact on tax revenues,’ he said.

‘We are big believers in collaboration across the public and private sector. That might sound like an obvious thing, but it is actually quite complicated from a regulatory and privacy perspective,’ Sidanius added.

Regulatory expectations, reputational fallout and best practice

Moderator Jane Jee, FICA, CEO at Kompli Global Ltd spoke with Chen, Jee Meng, Head of Regulatory, Corporate & Financial Crime Compliance, AIA Singapore, Ansie Delport, Head of ABC Compliance Operations, Rolls-Royce and Verity Blair, Director, Third Party Risk Management, NAVEX Global, on regulatory expectations, reputational fallout and best practice in third party risk management.

‘We expect our third parties to act with integrity,’ said Delport. ‘We operate with a zero-tolerance approach to [bad business practices] and we expect our third parties to [do so] as well.’

Blair added: ‘We’ve seen that through globalisation organisations have increased their reliance on third parties. In fact, over 50% of businesses have a critical reliance on third parties – they are an extension of your organisation, so you should hold them to the same standard as your employees. Unfortunately, that’s not the reality we see at the moment.’

Day 6: APAC focus

Joanne Horgan, Chief Innovation Officer, Vizor Software, focused on the digitalisation of regulatory reporting and what it means for compliance professionals. She pointed to a huge explosion in data and acknowledged that keeping up with change (e.g. regulatory updates) can be tricky for global businesses. At the same time there has also been a shift in the way regulators use technology, Horgan noted. We’ve seen a move from static reports and collecting via email, to bulk uploads and using portals for collection, and on to using business intelligence to obtain more quality data. That explosion of data hasn’t been accompanied by a clear strategy on how the data is going to be managed and defined. In a lot of jurisdictions, regulation is looked at in a very piecemeal way, she said. This isn’t sustainable in the long term.

How to use automation to identify emerging risk

The role of automation in helping to identify risk, particularly during the coronavirus pandemic, was the focus of Moses Maigurira’s (Regional Director, Australia, Galvanize) and Juliana Gozali’s (Adoption Manager, Galvanize) presentation. Maigurira described the new risk reality as one defined by user access and deprovisioning – e.g. you may not be notified of a departure (of a colleague) as timely as pre-pandemic. They said the challenges related to the pandemic are reputational, carrying the risk of leakage or reduced oversight; there are also considerations around productivity (e.g. in the light of remote working), missed or disrupted revenue and the cost of goods and services.

A standardised KYC utility: The future of corporate KYC

Claus Christensen, CEO, Know Your Customer, described the challenges related to knowing your customer (KYC). The unequal incentives to contribute between the largest and the smaller players in the market is just one of the challenges identified. ‘Without the largest contributors, any given KYC utility is useless,’ Christensen said. ‘KYC is arguably the biggest client-facing process for institutions … if we centralise this then all the institutions’ onboarding processes begin to look alike, and this removes the potential for organisations to distinguish themselves as having a smoother onboarding process. You can’t outsource responsibility.’

Day 7: Career development

Jonathan Bowdler, Head of Regulatory Compliance, ICA, delivered an introduction presentation to compliance and the need for regulations. He began by telling the audience that rules and regulations create the framework that enables the industry to operate safely for all stakeholders. ‘If we are to do the best possible job for our firms, we must understand the regulators’ objectives,’ Bowdler said. ‘Most regulators have some form of consumer protection built into the rules and regulations that they put upon us. One thing we’ve seen often in compliance failures is too much short-termism. It’s a balancing act – overregulation can stifle innovation, while underregulation results in bad conduct‘

Compliance: Nurturing the next generation

Megan Birch, VP AML SME, Feedzai, Mario Menz, FICA, Course Director, London Metropolitan University, Catherine Vaughan, FICA, Partner, Global Financial Crime Leader, Ethics and Compliance, EY Global, and Sameer Ismail, Co-Founder, FintechXchange, came together to discuss the opportunities to develop your compliance career, drawing upon their personal experience working in the field. Birch gave the coronavirus outbreak as an example of an occasion when people were forced to find a way to reinvent themselves and develop a rapport with colleagues remotely, giving softer skills as an example of essential attributes that can help you do your job better.

Ismail stressed that the pool of diversity in compliance is of increasing importance. ‘If you have that variety of experience coming into the profession, then you are able to handle the challenges of it,’ he said. Vaughan agreed, adding that ‘the ingenuity, innovation and diversity of the next generation does push us to achieve [more]. It’s what keeps us relevant to the business.’

Day 8: Fraud

In an exclusive interview with Martin Woods, concluding ICA’s BIG Compliance Festival, FATF President, Dr Marcus Pleyer emphasised his commitment to stopping money laundering, telling delegates that he is ‘deeply convinced’ that doing so will save lives.

In a wide-ranging and forward-looking discussion, Dr Pleyer underlined the importance of public-private sector cooperation, information sharing, technological development, a risk-based approach, and AML training in achieving this vision. ‘The AML system puts responsibility not only on law enforcement and supervisors but also on obliged entities,’ he told delegates, ‘because you are the first line of defence. This is why it is important that we all work together to stop money laundering.’

He further highlighted FATF’s desire to engage with compliance practitioners. ‘We need to understand how you work in practice. We cannot make reasonable standards without engaging with you.’