Compliance Perspectives:

Regulatory technology (RegTech) is expected to play an increasingly important role in supporting in-house risk and compliance teams as they grapple with huge volumes of internal and external compliance data. Numerous financial institutions will be looking to roll out or further develop tools that leverage artificial intelligence (AI) and data analytics to support processes which are data-rich but can be manually intensive and prone to high volumes of false positives. These include core risk management processes such as transaction monitoring, trade surveillance and risk screening processes, according to Ahmed.

The threat of AI displacing roles across banking has been discussed for several years and the deployment of increasingly sophisticated tools in compliance risk management processes may give rise to concerns about the marginalization of compliance professionals across the banking industry.  However, Ahmed is of the view that RegTech can strengthen compliance teams, rather than replace them, by providing rapid and reliable analysis of high volumes of data to augment decision making or to help identify potential risks or trends that merit further investigation.

“I think we are a long way away from having AI replicate and adjudicate things in a similar cognitive fashion that a human would do across the broad spectrum of compliance advice provided today,” he said.

He argued that technological advances will instead increase demand for data-savvy compliance officers with strong critical thinking skills. Compliance professionals who understand the principles of data analytics and who are able to engage with data scientists that develop risk monitoring tools will be “very, very useful”, he said.

“Being comfortable with these tools and algorithms, how they work conceptually and how they can assist decision making in compliance risk management is going to be really important.”

Having a strong understanding of core banking products and processes and being able to “think on your feet” when discussing new business propositions, will also be increasingly important, he said. This can enable compliance officers to ask “very insightful questions” that can help them to determine potential risks and raise red flags as needed at the appropriate stage in the product development lifecycle.

“Having the right mindset when it comes to being able to identify risks and being able to then come up with sensible decisions around those risks is really key,” commented Ahmed.

That curious, inquisitive and open mindset will further benefit compliance professionals as they engage with industry developments and evaluate changes in financial crime typologies, legislation and regulatory requirements.

“This is not a role where you can be insular and forget what is happening in the wider industry or in the world; financial crime is global problem,” said Ahmed.

As chief compliance officer for the Singapore division of a global bank that offers a wide range of products and services to individual and corporate clients, Ahmed’s role carries a lot of responsibility. It will soon also include sharpened accountability for leading a core management function in a bank, in line with Singapore’s new individual accountability and conduct regime that comes into effect on 10 September 2021.

An important aspect of his role is striking the right balance between business growth and risk appetite. “If businesses are too conservative in their outlook relative to competitors, it may impact the frontline in terms of their opportunity to grow the top line, but if we’re too aggressive on risk management, that can create the potential for further challenges in terms of regulatory compliance issues that may arise in future,” he said.

For Ahmed, achieving that balance requires some reflection, good judgement and the use of technical skills to achieve the best output or decision. It also means articulating to businesses the risks posed by a particular product proposition that they wish to pursue.

“The key thing is how views are aligned between the compliance function and the business so that both collectively arrive at a common understanding and appreciation of the risk,” he reflected. “If the residual risk is beyond comfort levels from a compliance standpoint, a common consideration is whether the risk can be reduced through the implementation of additional controls or through any other risk mitigating actions to bring it within appetite.”

Compliance teams are often able to manage the risks “effectively” by clearly articulating in conversations with business leaders their position and the risks posed by the product proposition. A debate typically ensues on how compliance and business representatives can collectively bring the risk factor of the product proposition down within the risk appetite and implement enhanced controls as needed.

“In many cases you can have that open conversation and dialogue with the business and come up with additional controls and plans to reduce the risk level, but there may be certain instances where we have to advise against a certain proposition,” reflected Ahmed.

In situations where an agreement between compliance and business heads cannot be reached, he said, banks often have internal processes for managing differences of opinion between the first and second line defence on a particular proposition.

As the responsibility for financial crime compliance rests squarely on Ahmed’s shoulders, it is naturally a concern that weighs heavily on his mind. “What generally keeps me up at night is the constant need to ensure that processes and controls are robust and evolve to adapt to the changing landscape of financial crime and regulatory compliance issues,” he said. “Therefore, I continue to focus on how we can closely monitor the risks within the business in those areas.” 

Ahmed heads a 90-member compliance team in Singapore whose activities include advising the business on financial crime risks, regulatory compliance issues, reviewing suspicious transaction alerts and conducting financial crime investigations.

After the Covid-19 pandemic forced senior and junior staff alike to work from home for extended periods of time, the risk of data leakage and internal fraud increased. However, Ahmed found that those risks were largely managed by reinforcing and enhancing existing processes and controls, with some enhancements. “While the inherent risk has gone up, we haven’t necessarily seen that translate into major events or major disruption-type issues across the industry,” he said.

Guidance issued by the Monetary Authority of Singapore (MAS) in January on how financial institutions should address their cyber risks has given Ahmed some comfort that his firm’s processes and controls for technology risk management are aligned with best practice.

As his compliance team gradually settles into the new normal, Ahmed intends to formalise a hybrid approach to working arrangements, with staff working both from home and the office. He does not see the compliance team shifting to a 100% working from home model. 

“Given that so much of what we do results from collaboration and relationships from both within the department and amongst businesses, the best way that I think to establish and strengthen those bonds is really through face-to-face interaction,” he said.

Those workplace relationships will be particularly important for new joiners, who will need careful management to ensure they fully integrate into the organisational culture while regularly working from home.

“The aspect that I’m mostly focused on is how we can ensure that people are brought into the culture and are comfortable with raising their hand for any sort of question or raising any concerns,” said Ahmed. “That is something that takes some courage, confidence and relationships.”