Meet an ICA member: Colin Ngan


Colin heads up the compliance function in the UK & DACH regions for Klarna Bank, leading compliance teams in London, Berlin and Munich. We caught up with him recently to find out what some of the challenges he faces are and what makes him tick.

How long have you worked in compliance for?

I’ve worked for over a decade in financial services, most of that time working in a range of compliance roles for incumbent banks – beginning with traditional retail, business & corporate banking perspectives, and later with a conduct, consumer digital & transformation lens.

What has changed since you first started as a compliance officer to now?

In my experience, since starting in an industry then reeling from the immediate fallout of the 2008 global financial crisis, some changes to how compliance applied itself included:

  • an initial building-up of first-line risk management and second-line risk oversight (rapidly inflating compliance functions, eager to show regulators that compliance had improved capacity…even if lacking plans for what to actually do with them all);

  • subsequently, a concerted effort towards assuring compliance independence from business operations; as well as clear lines of engagement between compliance ‘advisory’ and compliance ‘monitoring’ teams—paths never crossing—in order to maintain untainted oversight; and

  • then a period of time when the abundance of compliance officers were actively encouraged with a free hand to ‘look under the bonnet’, ‘kick the tyres’ (yes, feel free to insert your own annoying office euphemism!), and constructive challenge was welcomed by the business (which was still feeling the pain from 2008 years, after the event).

Conversely, I have also seen some reversal in more recent years – almost coming back full-circle:

  • the drive for efficient operating costs, streamlining compliance functions, conjoined with the introduction of RegTech, has led to compliance’s ready availability to proactively support being lessened – in favour of more risk-based and output focused oversight (concentrating a compliance function’s efforts in this way has its pros and cons, but is in tune with the direction of UK regulatory authorities); 

  • and the growing influx of new and different players / partners in the industry—e.g. FinTechs, disrupters, challenger banks, etc.—has led to those particular compliance functions starting from scratch, to convince and educate less mature firms to understand highly regulated environments (many of these firms not having direct corporate memory of prior crises, nor experience of consequence from significant breaches).


How did you land your first role; was it chance or a calling?

I never had aspirations of becoming a compliance officer. I first graduated from business school, then law school; practised as a lawyer, a prosecutor, as in-house counsel; a management consult; and in dispute resolution.

Chance all the way. By chance, a friend suggested I join her at an international bank, which at the time was specifically looking to develop its compliance population with officers who had any combination of experience from law, commerce and financial services – by chance, I happened to have all three and, by chance, I had a decent interviewer who presumably thought I had a glimmer of potential.


What do you find enjoyable about your role? What are the challenges?

I enjoy the variety and pace of my current role. In the context of a flourishing agile firm, growing fast in every aspect, this means my problem-space is wide and anything will come my way, day-to-day.

Everything that makes the role enjoyable is also the challenge! There are so many demands of compliance, be it from other lines-of-defence, key stakeholders / senior management, or juxtaposing requirements in different jurisdictions – the challenge is in balancing all these and ensuring compliance attention is value-adding.

Meeting that challenge means deciding where to make the most effective impact for the good of the whole firm. Keeping the conversation going is vital to good conducive relationships, and stakeholders / senior management or the business won’t feel alienated when the compliance function has to focus its energies on certain priorities.

With this amount of variety and challenge, at pace, boredom has no time to settle.


What attributes do you think are important for a career in compliance?

Too many to list, but a couple of related attributes might include:

  • Thirst for knowledge and curiosity: a lot happens all the time, in financial services. Not long ago it was about MiFID II, IDD, then talk moved on to GDPR, PSD II [and rumbles on], and extended SM&CR has been rolling out along with increasing levels of personal liability – amidst Brexit’s legislative and regulatory uncertainties. To help me keep my head above water, the ICA has vast resources and tools in its CPD Centre, webinars and Hot Topic events with the latest updates. Another attraction of the ICA, was that I could complete qualifications (from specialist certificates to the diploma) mostly in my own time.

  • Patient teacher and trusted-advisor: it is one thing to merely consume knowledge – what's important is recognising how to then upskill and guide others. Engaging and open dialogues on business strategy and the impact of decisions on the firm needn’t be about the intricacies of each and every rule, but about instilling a culture of ‘doing the right thing’ and ensuring ‘tone-from-the-top’ (complementing the detail with the big picture) on how to operate compliantly. To an extent, automation and technological developments may help, but will never accomplish the pragmatism and creativity— or indeed, the common sense—a sound compliance officer brings to the table.


What advice do you have for fledgling compliance professionals?

I am not ashamed to plug the ICA again here; there are other professional associations too, nonetheless make full use of continuing membership by attending events and expanding your network. Beyond the plug, there is a point here; as a fledgling compliance professional, there will be times when you just want to talk to like-minded peers.

Compliance is often a thankless role, where you may be: protecting the business, detecting control deficiencies, handling a breach, assuring authorities of an incident’s resolution, countering negative reputational damage or adverse impact to financial performance – but you do so unobtrusively in the background, in order that the business operates smoothly… while attention will invariably be on the gloss and glamour of the latest advertising campaign, hard-won contract, or new prestigious deal.

In a large corporation you’ll find colleagues who will champion the cause with you, but if you find yourself in a small firm with a smaller compliance function – you may have the need to reach out to a support network (e.g. the ICA community) for help understanding what the latest developments may mean in governance, risk and compliance (obvious ‘conflict of interest’ caveat applies when you have conversations outside your firm!).

 Read more meet an ICA member articles:


This article forms part of the #BigCompConvo - Join us as we explore and debate the latest challenges and issues facing you and regulatory and financial crime compliance professionals all over the world. If you’d like to contribute an article as part of the Big Compliance Conversation get in touch with us at

Big Compliance Conversation