BIG Compliance Festival 2021 - Highlights

Written by International Compliance Association on Thursday May 27, 2021

The 2021 edition of the BIG Compliance Festival attracted over 650 participants from 82 countries worldwide. Attendees enjoyed an array of insightful presentations on a range of pressing topics. This article summarises some of the highlights and key takeaways from the discussions that took place.

Day One

John Flint, former Group Chief Executive, HSBC, delivered the keynote address on Day One, challenging attendees to think about how they can maintain the relevance of the compliance function in today’s rapidly- changing world. He highlighted three emerging catalysts for change that compliance must respond to: the shift from an old industrial analogue economy to a new digital economy; ongoing tensions between the two economies; and the transition to a low carbon future.

The remaining sessions focused on the first of these catalysts: emerging technologies. Session Two provided an engaging discussion of Artificial Intelligence (AI) and ethics led by Janet Adams, Chief Operating Officer, SingularityNET. “What is different about this industrial revolution is that all these technological advances are converging at an unprecedented pace, whereas in previous industrial revolutions changes took decades to rollout,” she explained.  “We are now into an era of continuous lifelong learning and curiosity and I would suggest that it is really time to get studying.”

The third session of the day considered the importance of developing a data strategy. The huge availability of data represents an astonishing opportunity for organisations, especially when you combine it with the technology available now, suggested Patrick Lord, Commercial Director, Diligencia. “It is therefore perhaps surprising that many organisations regard data as a liability,” he added, stressing that “developing a data strategy will empower organisations to take control of their data and make it work for them.” Araliya Sammé, Head of Financial Crime at Featurespace, emphasised the importance of first establishing the question that organisations are seeking to solve with their data. Luma Zitani FICA, Senior Manager at Accenture, concurred. “There is almost a pressure to start utilising data immediately. A data strategy is about how to scope that data and then utilise it,” she explained.

The day concluded with a session discussing ‘the risk of falling behind’ in which a panel of experts considered the practical compliance implications of implementing new technologies, platforms and products, and the challenges of managing technological risk. The festival audience were asked to share their greatest concerns with regard to ‘falling behind’. More than (57%) said that understanding the technology is their top concern, while a third (32%) said they are most concerned by fraudsters and cyber criminals. Nine percent of respondents said that understanding their own business was their greatest concern, and just 2% were most worried about new entrants.

Day Two

The technology theme carried over into the opening session of Day Two, in which Neil Isherwood, Risk and Compliance Specialist, Dunn & Bradstreet, discussed the practical application of new technology innovations to the CDD process, with the conversation centering around emerging trends in CDD such as perpetual KYC and people and network resolution. He emphasised that perpetual KYC takes a different approach to traditional methodologies, ensuring that you are “right-sizing” your CDD programme and enabling you to spend the most time on the cases that present the most risk.

Session Two was a panel discussion on the challenges of outsourcing. Zsombor Brommer, FICA, Compliance Officer, Al Hilal Bank, kicked off the conversation by highlighting the importance of engaging as early as possible with the relevant risk stewards before outsourcing or offshoring to a subsidiary. Alok Gupta, FICA, Regional Head of Risk Analytics, FCR HSBC, raised the question of data quality and data sharing regulations, which can vary significantly from jurisdiction to jurisdiction. When a company is outsourcing or offshoring certain functions, compliance officers need to retain strong oversight of the activities and what is being outsourced, he concluded.

Sanctions risk was the focus of Session Three, with a panel discussion of current trends in sanctions compliance and advice on how to meet emerging challenges in the area. The growth of thematic sanctions targeting individuals and entities is one such development. “Thematic sanctions are a lot less cumbersome than the country sanctions that we have traditionally seen and can be applied more quickly,” explained Stephen Purdie, MICA, Head of Sanctions Response, Nordea, “That requires organisations to have really robust upstream risk control processes.” Richard Dunmall, EMEA Head of Sanctions, SMBC Group, agreed. “Things are becoming more complicated and therefore our risk assessments are having to become more nuanced, agile and frequent,” he suggested. “The targets of thematic sanctions are increasingly scattered across the world. How should we go about managing that risk? You have to be able to be agile in terms of recalibrating your controls.”

Day Two concluded with a fireside chat between ICA Head of Qualifications, Tim Tyler, and Bill Browder, founder & CEO, Hermitage Capital Management, who provided a fascinating insight into the past, present and future of Magnitsky sanctions.

Day Three

Day Three began with a panel session discussing challenges and best practice in establishing CFT frameworks. Nitin Sane, Senior Anti Money Laundering Analyst, Payvision, explained that institutions often group AML and CFT together, whereas in reality different skillsets are required to combat terrorist financing and money laundering. “To increase CFT awareness across organisations, we need first to ensure that the anti-terrorist financing teams in the organisation have regular interaction with law enforcement authorities and keep fully abreast of typologies,” he continued. “There then needs to be a structured, proactive engagement between these units and the first line of defence in banks. The knowledge transfer from these teams to the first line of defence at regular intervals is key.”

Barry Faudemer, Chief Executive, Baker Regulatory, added that: “It is so important to have someone in your organisation who lives and breathes this subject and keeps on top of it. And you need to give them time to upskill and develop their knowledge.”

In Session Two Ruth Dearnley, CEO, Stop the Traffik, and John McGrath, Senior Solutions Architect, IBM, highlighted the problem of human trafficking and the need for greater information sharing to counter it. “The world is not currently winning in the fight against human trafficking because the risk to the trafficker is too low,” explained Dearnley. “Business has the power to change this faster than anything else in the world.” “There is

a need for a new understanding of how trafficking interacts with business and society,” McGrath added. “We need financial institutions to share the results of their investigative activities, when it’s safe to do so. We need to understand the patterns.”

In Session Three, Professor Keith Grint, Professor Emeritus, Warwick University, offered advice to compliance leaders on how to solve the ‘wicked’ problem of compliance, emphasising the importance of collaboration, expertise, and the removal of the ‘blame culture’ within organisations.

In the final session of the day, Misha Glenny, Journalist, considered the geopolitics of cybersecurity. “On one level cybersecurity is about technology but, above all else, cybersecurity is about people,” he said. “85% of company breaches are the result of successful phishing attacks. That’s why communication within companies is so important,” he added, concluding that cybersecurity breaches will persist unless we help people to understand “what their role is in a well-designed digital hygiene strategy within the company”.

Day Four

Day Four focused on some of the ‘softer’ (yet increasingly important) skills associated with achieving compliance. This began with a discussion of the role of diversity and inclusion in addressing unconscious bias. “There is a real value in diversity of thought and perspective,” explained Hayley Barnard, Managing Director, MIX Diversity Developers. “If we

can build inclusion, we can take our individual differences and help that to drive excellence in compliance.”

Next, Paul Eccleson, Governance Risk and Compliance Consultant, Gail Bragg Consulting, considered the psychology of compliance and the particular challenges arising from the pandemic. Working from home has led to about 65-70% of noticed rule breaches going unreported, and the reason employees most often do not intervene is that they think someone else will, he suggested. He emphasised the importance of having the right organisational culture. “It doesn’t matter what it says in your compliance policy if your first line team does not have a leader that buys into that. So, focus on those first line team leaders. Get the message out to them,” Eccleson concluded.

There followed a panel session entitled ‘Courageous integrity: How compliance leaders can effectively challenge and support the business’, in which senior compliance practitioners discussed the importance of courage and empathy to the modern compliance leader. The value of courage was further illustrated in the day’s final session, an engaging fireside chat offering an inside view of the 1MDB scandal, as whistleblower Xavier Justo and Mary Inman, Partner, Constantine Cannon, discussed the compliance lessons to be gleaned from the world’s biggest financial scandal.

Day Five

The final day of the festival included a range of emerging topics that are set to dominate the agenda over the coming months. This began with a discussion  of outcomes-based approaches (OBA) to regulation, by Chris Hill, Financial Crime Director and MLRO, Tesco Bank. There is an increasing focus on OBA  in the UK, and Hill suggested that other jurisdictions are likely to follow suit. However, while there are real benefits for regulators, the industry and society from moving to an OBA, there is as yet no clarity about an OBA, how to implement it, and how it will be regulated. Hill offered a valuable insight into Tesco Bank’s experience of implementing an OBA.

Session Two focused on the expanding role for compliance in meeting growing environmental, social and governance (ESG) requirements. “There is now a real focus on ESG reporting,” explained Beth Haddock, Managing Partner, Warburton Advisers. “In order for us to have credibility and have capital in this space, it has to be controls driven. We need the reporting and claims to be accurate and valid.” Pam Shearing, Managing Partner, Fulcrum, added: “Business is now seeing a focus on people, planet and profit. Any commercial enterprise is now focused on sustainability. Setting out the policy around ESG is one strategy to achieve that.” Finally, Justin Smith, Head of Business Development Unit, WWF South Africa, urged the audience to “understand your future customers
and what their concerns are around sustainability, and understand the reputational impacts of responding well or not responding well in this space”. “More and more questions are going to be asked not only by investors but by the public,” he concluded.

The third session of the day looked at the future of risk governance, ‘beyond 3LOD’, with the panel discussing whether, rather than supporting the right risk culture, the 3LOD model actually gets in the way of it. Concluding, Catherine Vaughan, FICA, Partner, Financial Crime
Leader, EY, advised delegates to think about ‘the three Es’: Education, Empowerment, and Enablement. “People must understand why you want them to do this,” she said. “It
is not just to be audit ready or to be compliant or to keep regulators happy. They need to understand the impact of financial crime. If they understand the ‘why’ and if you enable them, through the proper design and controls, then you have empowered them to be the first line of defence.”

Closing the Festival, Joost van der Burgt, Senior Policy Advisory at De Nederlandsche Bank (DNB), provided a regulator’s perspective on compliance and AI. While assuring the audience that “you will not all need to become technical experts or AI experts”, he nevertheless highlighted the challenging nature of the technology, in particular around the question of ‘explainability’ of (and accountability for) decisions made using AI (in particular where failures have resulted).