Evolution or Revolution: The Risk and Compliance Functions in 2021 & Beyond
April 2021

Our panelists were:

Dr. Peter Wilson, PB First Global Tax Advisors, Dubai, UAE
Socrates Coudounaris, CFIRM, FCII, CIRM, Executive Director for UK, Europe, Middle East & Africa, Reinsurance Group America, London, UK
Samantha Sheen, Founder and Director, Ex Ante Advisory Limited, and Associate Fellow, RUSI, London, UK
Adonis Pegasiou, Academic Director, EIMF, Cyprus

Adonis Pegasiou: Good afternoon everyone. I am Adonis Pegasiou and I will be the host of today’s webinar hosted by AGRC, the International Governance and Compliance Association. We have three distinguished panelists with us today. I will get to that in a minute but first let me say a couple of words about AGRC. The International Governance and Compliance Association is a fast growing global community of GRCC professionals where GRCC stands for governance, risk, compliance and cyber security. It’s a professional association, we have members from all around the world, as I can see also from our attendees, we have a lot of them joining us today. We offer our own qualifications, the AGRC qualifications, and the aim is to allow for knowledge exchange between our members, to provide professional networking and idea incubation, so we invite you all to visit our website and join us and there is a lot to gain out of this. Also, we have recently published our new online magazine, the AGRC Digest, which covers a wide range of very topical issues relating to governance, risk and compliance. So that’s about AGRC.

Now let me go to today’s webinar and the aim of today’s webinar is to analyze the future of both the risk and compliance function and whether or not we should actually look out for a full-blown revolution or an evolution given the ongoing challenges that these sectors face. We have with us three distinguished and outstanding experts in the fields of governance, risk and compliance with remarkable academic and professional qualifications so we have a lot to gain from their input and their contribution is without a doubt going to bring added value to this topical discussion that will take place today. So without further delay and without me going on and talking for more than I should have, I will first allow our speakers to introduce themselves. I will start with off with the lady of our group, Samantha, if you can say just a few words about your background and your area of expertise that would be great for the attendees as well as to get an idea of where you come from.

Samantha Sheen: Thank you Adonis. That’s wonderful. And thank you again for inviting me to take part. My name is Sam Sheen and I’m a subject matter expert in the area of financial crime prevention. I’m a solicitor in barrister by training and I hold a Master’s degree in risk management and my focus is on financial crime compliance programs. I have worked as a regulator, standing up a regulatory compliance function supervisory group, as well as taking part in a number of enforcement actions against firms offshore for failures to comply with anti-money laundering regulations. I’ve also worked in the private sector and I’m also qualified as one of Moneyval’s regional assessors.

Peter Wilson: Yes thank you very much. I’m an international tax advisor and I’ve been practicing as an international tax advisor for in excess of 40 years. I’ve worked in many countries, I’ve been based in the US, in the UK, Australia and Dubai and my expertise that is relevant to this particular group in this particular webinar is the compliance function that is becoming more and more important under automatic exchange of information, CRS, DAC 6, the UK Financial Crimes Assistance Act and what have you. As well as being a doctorate in tax, I have an undergraduate degree and two master’s degrees and also a chartered accountant in Australia and in the UK.

Socrates Coudounaris: Thank you very much. I’m a risk management professional with roughly 25 years of experience in the financial services. I’m the ex-chairman of the Institute of Risk Management based here in the UK, a similar institution providing risk qualifications and training so I’m qualified there. My day job is as head of risk oversight for a reinsurance company Reinsurance Group America and we have operations across 13 countries in Europe, the Middle East and Africa, so I guess authoritative here to speak and looking forward to engaging with my colleagues.

Adonis Pegasiou: Great. Now before I start with the first round of questions, let me also inform the attendees that they can place their questions either in the chat box or in Q&As and I will have a chance to have a look at them and also ask the participants on issues that they want to raise now before we go on and see the questions of the attendees.

Let me start with the first round of questions. The issue that troubles us most over the past year is undoubtedly the pandemic and I would like to ask Socrates: How do you think and whether you think COVID-19 will forever change risk management in the financial services sector?

Will COVID-19 forever change risk management in the financial services sector?

Socrates Coudounaris: Thank you very much, very topical and obviously a year on now, it’s a bit of a post-mortem conversation to have. I think a few highlights, COVID has actually tested the strength of the relationships in all the functions in a financial services organization, all the way from the Board to the Chief Risk Officer, the compliance functions, the executive teams, all the way down to the first line staff, and it’s a good news story mostly. Risk management has continued to be a consistent and critical friend and stepped up since March 2020 when all this kicked off last year, here in the UK at least and showing that collaboration. So we all left our offices, the desks and started working from home, and most of us are still doing exactly the same thing but I think what has changed and what is the success story is that direct and open line of communication. So, as you know, risk management is a second line oversight function working with the first line, being that collaborative critical friend and stepping up and figuring out what are those critical risks that people were facing, as well as the remoteness from working from home. The good news is we were prepared, we have business continuity plans in place, disaster recovery, we’ve trained for this but we’ve never trained for it lasting for 12 months ongoing. So it’s a good success story and I guess through our conversations and the next questions, what does the future hold, what does the future look like and what have we learned in this crazy pandemic. I used to travel to 13 countries in 2019 and prior years. In 2021 I’m traveling to all my European countries without leaving my desk, so that’s one opportunity. So I’ll sort of stop there and allow others to chip in.

Samantha Sheen: I think it’s really opened the eyes of compliance functions about the importance of their data and what I mean by that is, when you can’t just walk down the hall to go speak to another team, your next best place is the data that you hold as a business to make sure things are compliant the way they’re supposed to be. You’re able to detect failures in your control environments and also that you’re able to communicate effectively if you can’t physically get together. So it was quite interesting initially, people were concerned the compliance functions would struggle to operate. And actually the feedback I’ve received from a number of people is they’re far more efficient as compliance working from home, they’re not commuting, they don’t have the extra travel time and even moving from meeting to meeting or being interrupted all day really consumes a lot of time. But that having been said, things are going to go back to a different normal and what people have found is that when you can’t find people face to face as is the current situation, how can you then go find the data or find other means to make sure the compliance is happening as it should. And I think as well it’s been a bit of an eye-opener for our Fintech friends in financial crime. So of course they are driven by a very different imperative, the customer experience, onboarding very quickly. And I think in some respects this was a real eye-opener for them, so it was less “look how enabled we were for when the virus happened, we all work at home,” it was more about looking at the volumes of fraudsters who were able to punch through their front doors who they had to exit quickly because they offer this fast onboarding and they hadn’t anticipated how the pandemic would really increase the amount of fraud. So it has been a very varied experience depending on the kind of business you work in but I do think for a lot of people, out of sight out of mind, it did create some concerns about whether or not the controls are still working for compliance.

Peter Wilson: There are a number of areas that have been hit by the pandemic and I just want to focus on a couple. One is the economic substance regulations that have been in operation now probably since the beginning of 2009. A lot of the former British colonies and other countries that have come in at the insistence of the European Union as part of part of the European Union’s attempt to stop mobile money in order to satisfy the economic substance requirements. You had to actually have people in places doing defined roles of a sufficient quality and having board meetings taking place in the jurisdiction and you’re supposed to have people actually sitting in those board meetings. Well, of course, all this has become very difficult if people who are international executives are not able to actually travel to the country where they’re supposed to have board meetings. So the regulators have become much more flexible and realized that you can’t penalize people and companies because of the inability for those people to actually travel where they’re contracted to travel. So that’s an interesting development and I think we all keenly watch to see when people are able to freely travel, whether this so-called leniency continues.

Another one that’s particularly interesting, it’s a very boring example, but if you, for example in the UK, are buying stock in a private company or a non-publicly listed company, you’ve got to go through the scenario and sending a document to the government’s stamp duty office get a nice official stamp put on it, pay the amount of stamp duty before you can be entered as a shareholder in the register. Well, of course the stamp duty office doesn’t function that way anymore, there are very few people there to receive paperwork, so they’re now saying that they accept applications for filing online well over the last year. I must have filed about 10 of these applications and they seem to be far speedier when the regulator has questions rather than waiting for a letter to come through the post. You get the questions very quickly, you can answer them very quickly and, if there’s an interpretation gap either with you or the regulator, that can be resolved very quickly. So I actually think that the pandemic has driven inefficiencies out of the system and is enabling people and businesses to actually accomplish what they want to accomplish a bit quicker and the regulators are becoming a bit less stiff about people having to strictly follow the processes.

Do you think COVID-19 and the pandemic can be seen as a driving force for some sort of technological revolution and a shift to using more IT than we’re used to?

Samantha Sheen: I’ve done this when this started last year. Everyone was expecting huge sales and technology and people were going to jump on certain solutions and some businesses very quickly adopted technology but they were already down the path of deciding. They were going to go that route so what they accelerated was more the procurement processes and the implementation processes and often they scaled down the technology for a specific solution. So rather than fix everything along the onboarding process, they may have picked a particular activity or a particular line of business where we’ve seen a realization that something has to change. And it’s the larger institutions that have struggled greatly in terms of getting the speed they need to change their transaction monitoring rules faster, harnessing that artificial intelligence to look for patterns of behavior. But conversely there are medium and smaller size businesses just coming into AML who are getting a lot of traction in their arguments around, well, now we’re building our program, let’s start with the technology rather than do it all manually. And interestingly they’re doing well.

But the one group I’ve been really surprised by who struggled with the technology are crypto firms. So, as you know, they all have to be licensed and they are ultimate technology-enabled groups. You still find over the last 12 months they’ve really struggled with certain financial crime controls and they’re still doing them manually and I find this incredibly curious. Part of the reasons is they rely on in-house engineers and stuff but it seems a bizarre thing don’t you think?

I think more regulators have been using supervisory tech for some time. I think though they are much more savvy about the questions they ask of firms, so I think you will find now that over the last 12 months with visits and examinations, those who did them remotely, they now know what to ask about the technology. But I think they, in turn, are looking to see what they have on offer for themselves. I think there’s a real risk unless they speed up, the pandemic has taught them they’re a little bit far behind.

Peter Wilson: I think a lot of countries have been moving in recent over the last 10 or 15 years to filing tax returns online. You know that the days of doing paper tax returns are probably 15 to 20 years ago but what we have seen is a speeding up and more efficient and more effective means of filing all this stuff and this stuff being analyzed and questions coming back much quicker. Another area is the amazing software system that goes with the automatic exchange of information, whereby there’s one model basically, one model of software and 150 or 160 countries in the world that have signed up to automatic exchange of information, they receive the reports from their financial institutions and it’s fed into that country’s software system, which is the same as all the other 150 or 160 countries use. And through the press of a button the information moves to the other countries. And if I remember correctly there was a publication last year, I think, that said that the UK on the 30th of September last year received its inflow of automatic exchange of information almost simultaneously from over 100 countries. So this software was coming in any event but I believe it’s been accelerated and its usage has been accelerated through the pandemic.

How can behavioral sciences actually help improve risk-related decision-making and the compliance functions?

Socrates Coudounaris: I’ll start with IT. I mean it’s the natural flow, right? So it’s all about data and what data, where it is, how much. So for sure over the past 12 months, AI has come into play and IT functions are ramping up on using that. Because, as Sam said, you can’t just walk down the hallway and chat to people so you know people are getting savvy on the actual data we hold globally. You’ve got GDPR, you’ve got Shrems, you’ve got all the legal and compliance issues around. What data and how much, that’s one part of it. And I’m sure from a financial services standpoint, we’re leading in that space because we have both regulatory and also safeguarding, the only thing we do have is the data, right? So we have to safeguard our customers’ data.

And behavioral sciences, well, if I speak about insurance companies, that’s my level of expertise, that’s been ongoing for I would say the past five years. Insurance companies have done their own offshoots back in the day when people were suited and booted, the hubs were in jeans and t-shirts but, fun enough, we’re all in jeans and t-shirts now, where they were having those sandboxes, closed workshops, working with data but also working with human behavior. So it’s a combination of that behavioral response from an insured, from what the customer wants, how the customer interacts, coupled with the historic data that an insurance company holds, and you’ll find a lot of this. We have found or the insurance companies have found a lot of disconnect because it’s been a very traditional way of looking at data claims and projecting that into the future without bearing in mind human interaction, consumer buying behavior trends, the way that the new insurance buyers or the financial savvy people are coming into the markets. They do not think the same way as established buyers so those are just a few things that I’ve seen.

So for us, again very simple, for those who drive, they need to have auto insurance. The products have now changed. There’s black box technology that’s ascribes to the behavior of the driver. Obviously, an older person wouldn’t really gain much from having that behavioral aspect of Big Brother but a younger person would and that’s a new technology that’s come into place and your premiums are linked to the way that you behave. Life insurance, take that for example. You wear a Fitbit or some kind of Apple tracking device, it monitors the way that you, the human person, is actively controlling your exposure as a human to obesity, heart rate, all these kind of things and whether you exercise or not exactly and then rewards you appropriately on your insurance premium, right? So in the past, age, sex, historical background, medical checkup, and there’s a price. So those are two examples.

Peter Wilson: I think people in the tax compliance world, I think their behavior is becoming more compliant as a result of the pandemic because the tax regulators, I mean, there are a whole lot of regulators in my world, whether it’s the tax regulators, whether it’s a European Union regulator for DAC 6, whether it’s an economic substance regulator, whether it’s a trust regulator, whether it’s a Company’s House regulator, there are millions figuratively. These regulators all relevant to tax and accounting professionals and because those regulators are becoming or the regulator systems are becoming more intelligent, the people who interface with those systems have to be more careful so my view is that we, the professionals, respect the regulator’s systems and procedures more because they’re more sophisticated, which means that our behavior towards them, what we put into those portals, how we phrase it, how we might write something to put somebody on notice as a protective device, that’s driving behavior very much. And on top of I suppose the most important thing is that with the governments of the world desperate to raise more money and taxpayers are one of the easiest way for them to raise money and certainly corporate tax pay is the easiest way for them to raise money, corporate taxpayers generally don’t vote, is that the corporate taxpayers generally have to be very careful in what they say to a tax authority. It’s got to be very clear, it’s got to be very concise, it’s got to respond to the specific questions. And with the government’s wanting more money, that’s definitely driving people’s responses, how they respond and when they respond to their timeliness.

What does the future look like for risk transfer instruments?

Socrates Coudonaris: I mean it depends on what risk and what category of risk. So some are, nothing has changed but others, for example, there’s been sort of a huge uproar regarding the insurance policies of business interruption and was COVID, was it an insured event, was it not an insured event. So I think a very high level from an insurance standpoint, I think legal compliance risk will have a bit more work to do from looking at the contracts of transfer of risk because COVID has demonstrated that there have been some gaps in the legal interpretation of what is covered, what isn’t covered. At the end of the day, insurance is there to indemnify against a specific peril and it’s been there for 300 years roughly. So that’s one area that I can see. I mean we can pick up other emerging risks as well, ESG, how do you ensure against that or how do you deal with that but we can discuss that later on.

Samantha Sheen: Compliance is very much a looking-back-over-your-shoulder function. Everything we design is around what people did in the past but we’re not very good at predicting how people might behave. It’s a really good example, it’s not directly compliance but it’s also a bit of risk. So I think Socrates you’ll enjoy this as well. So yesterday the banks in the UK announced they would issue 95 percent mortgages for first-time homebuyers. So that’s great, they don’t have to pay a great big deposit. The same day, a story came out to say that businesses were finding that their level of limits on their credit cards were being cut sometimes up to 90 percent so people who may have had like several thousand pounds available on their business credit card suddenly had like 250 pounds now. When the pandemic first started, it was almost impossible to get a home loan because the banks guessed that people would not pay back these mortgages and they only waited until we found out what happened. Well, if we knew about people, we would have realized they were all saving money, they weren’t going out to restaurants, they weren’t buying, they weren’t going on vacations and so they have all this cash. They have been saving up their money so they can pay the deposit on a house. But the truth is probably these consumers are not going to rush to the banks that refuse them six months ago because they’ve had such a terrible experience with it and the same thing with the businesses. We have no idea now why suddenly they have decided to cut their credit limits but again we’re thinking what have we not learned as compliance that we keep making these decisions. From fraud or financial crime or even solvency perspective, did we keep missing these opportunities to actually turn it into something positive? So I think we would really benefit from some behavioral scientists in our profession.

Socrates Coudounaris: Can I add something? It’s amazing; it’s cyclical. So when I was a first-time buyer 20 years ago, I was getting 105 percent and I just couldn’t for the life of me understand why they wanted to give me more money. Oh, you can buy furniture and stuff like that, and I was thinking there’s something wrong there. So we’re not far off that 105, I mean 95 is as close, so we never learn. I mean that’s 20 years ago so it’s quite interesting what you just said. It’s a deja vu moment.

Peter Wilson: I’ll add something, which I find quite fascinating as well. And I got a text message from my bank and I’m not going to say which bank because I don’t want to embarrass them but they said to me that I was near my overdraft limit and the overdraft limit on my card, on my bank account is 500 pounds, because I never go into overdraft, but they said if I exceeded that overdraft limit they would charge me interest at 35 percent, which I’m thinking, well, that sounds quite serious. Then I looked at a credit card statement that came in yesterday and I was fascinated. It said that the interest rate on the credit card was 17 percent so I’m thinking it used to be the other way around. The interest on the credit cards used to be way in excess of the interest on the bank accounts, so suddenly the banks have become very credit averse, they don’t want to extend any credit, whereas it looks like the credit cards people want to extend credit because they’re bringing their interest rates down, so that behavior I do not understand.

Samantha Sheen: It’s odd, isn’t it? And you think about these 95 percent mortgages and then think what a compliance function will typically do, which is they’ll ask the lender lots of questions to make sure they can repay back the money, and I’m not sure necessarily that compliance functions appreciate that if these campaigns are successful, they will get large volumes of applicants, in particularly challenger banks, and that is not an exercise you can do overnight. That’s not an exercise you can do in 15 minutes to make sure someone is, they’re going to have money in the long term to pay that mortgage back, so question whether their compliance functions will be properly staffed to deal with that.

How will remote work and the work from home movement affect the company’s compliance obligations? Do you think that supervisors are ready to check the technically complex systems of companies?

Samantha Sheen: Okay so let’s see if I can I can hit all these really quickly. I’m going to be controversial and say, as a former regulator, I don’t need to have the technical know-how to check your system. Speaking as a regulator, my attitude would be I don’t need to be an IT expert, I do not need to have the same level of knowledge as your engineers because the problem is with you, if you can’t explain to me in plain simple language how your controls work and if you can’t demonstrate how they’re effective, then you’re not doing your job properly. And people struggle with this, they think somehow the supervisors have to be technologically fantastic and some of them are without a doubt, some of them are very competent. But the issue is you made the decision to use the technology, it’s your responsibility to evidence that it works the way you expected it to and it’s the same thing with working from home. Regulators generally have no problem with people working from home except if you can’t explain how people are not breaking through controls, messing documents, putting false information into reviews, people who go offline you can’t find them for hours, you’re not sure what they’re doing, if they’re doing something, they’re not downloading stuff into their personal laptops, etc. Those are things a regulator will expect you to have already thought about when you sent those laptops to your staff last March and if you haven’t already thought about those things, you’re already on the back foot anyways. So I think those questions, sometimes people need to look at it differently. You’re the one who bears the responsibility, not your regulator so to speak.

And as for your high-risk customers sort of disappearing and being difficult to follow, I worked offshore for seven years and I would say the big mistake you make when you work in an international finance center is misunderstanding you are not the compliance function for your high-risk customer. You are the compliance function for your business. If you feel you need to always be in touch with or have visibility over your high-risk customers, they are too high risk for your business or you don’t understand how to do compliance properly. That is not the way to properly supervise your high-risk customers and I’ll leave it at that.

Peter Wilson: I’ll just focus on one area and that is the area in which companies can be treated as tax resident in a country other than their country of incorporation if the company has its central management and control in a different country. And the central, the historical approach to central management and control is broadly where the main people in the company meet to transact the main business of the company, which some jurisdictions still say is where the Board members meet or and who the board members are. Now that’s a very important rule because if the Board members aren’t able to travel to the country where the company is incorporated and has its main place of business, it gives rise to a question as to whether the company has become tax resident in another jurisdiction. And if it has then depending upon that other jurisdiction, the company may become taxable on its worldwide net income even though it’s only tax resident because one or more Board members happen to live somewhere and haven’t been able to travel to where they need to be. So that has driven a focus by the tax authorities of the world and they have become a bit more flexible over the pandemic about where the main drivers are and how the main drivers participate in the main decision-making. But that’s a concession by a tax authority and it’s not a concession I think that one would really want to rely upon. And the best advised people are best-advised companies with Board members stuck in the wrong place. If I should use that expression was that they would appoint other people to become members of the Board during the pandemic who happen to be in the right jurisdiction.

Socrates Coudounaris: I’m going to sort of put an umbrella over the entire conversation and talk about culture and the tone from the top. So back to Sam’s point about, as an ex-regulator they don’t need to see detailed, how everything works. It’s the culture of the organization, a regulator picks up the culture and the tone from the top, whether you’re this side of the law or straddling the line of the law or on the other side of the law and that’s that. And COVID and the way that things have been for the past year or so, it’s taking stock on corporate values and how each organization has been. So what might be written as a corporate culture or as a sort of a strap line on paper and what actually is may be different.

So from a risk management standpoint, do we have key risk indicators? Do we have dashboards? Do we have forward-looking metrics? Do we have all these processes in place in order to give comfort to our regulator and our Board that all is okay? That’s pretty much the sort of umbrella on how you give comfort to others, that you have your own comfort. But, as I mentioned earlier, if you’re thinking about it right now, you’re a year or two too late.

In light of Brexit, how will the issue of diverging regulatory frameworks pose a challenge to the work performed by compliance officers? And how can compliance professionals deal better with this more complex regulatory environment?

Samantha Sheen: I think people working, in particular with a base involving European businesses, are going to be pulled in two different directions because the divergence is already happening with the UK. So we currently have consultations with our government treasury with plans to amend our AML regulations in two stages and those amendments are going to take them away from the 5AMLD implementation. They will not have the same ordering. Just two weeks ago they have issued a clarification around the treatment of high-risk countries, which is different from what’s written in the risk factor guidelines in Europe. So it’s already happening. You add to that the fact there’s been legislation passed about setting up free zones similar to what you have in Switzerland, low tax areas for antiquities, art, etc. It’s already in motion and the challenge for compliance functions will be, particularly for those who are technologically enabled, how are you going to set up these different compliance plans? Are you still going to go with the highest standard across your regions and go with whatever it is they require regardless of whether the business or the customer is based in the UK or not? Or are you actually going to take advantage commercially if you do have a business in the UK and have your own ring fenced UK compliance program where you can benefit from those altered standards? And that’s a real Rubik’s cube; it’s a complicated puzzle, particularly if you’ve started automating your monitoring and your screening because you’re going to have different criteria to clear alerts. You will be able to take on some high-risk customers faster or you might have to look at different aspects of what they do, so it’s not a case of if the divergence will happen, it’s planned, it’s already starting to happen so now you need to strategize which way are you going to go, ignore it and keep to the higher standard or you’re going to have your own separate set of rails for the UK.

Socrates Coudounaris: It does and again it depends where you’re located, right? So if I speak about operation or resilience, which is a big-ticket item in the risk space, the UK PRA and FCA have come out and they’ve said what they had to say: We have a year to do all that. And then you see others, the Central Bank of Ireland is behind them so there’s risks and opportunities, I would say. So back to Sam’s point, there are sort of those higher level, lower level. Would you capitalize and take some upside depending on where you’re located and who is regulating you? What it does mean? And always in my regulatory updates and risk reports is compliance and risk, I now have to ramp up on resource and time and expertise in order to stay on the front foot of everything that’s changing because it’s not as it was.

Peter Wilson: I’m just going to focus again on one area and I’m going to talk about mandatory reporting on cross-border transactions and that’s been a big focus of the EU for many years and in mid-2018 the directive called DAC 6 came in that required companies that had cross-border transactions, where the transactions met specific hallmarks, to report these transactions to the appropriate tax authority, who would then share them. And there was a very complicated mechanism because more than one person could actually report on the one transaction and there’s no hard and fast rule about whether transactions would meet these hallmarks. Now the UK signed up to that and people were reporting to the UK, as well as to the other tax authorities within the European Union, and then at the death knell, at the end of last year beginning of this year, the UK’s HMRC issued a note saying that of the seven or eight categories of hallmarks, it was now only going to require people to report on one, which is broadly whether they were entering into arrangements to avoid having to automatically disclose transactions. So almost immediately that the transition period in Brexit finished, the UK diverged from a device that had been set up designed to bring to the surface transactions that companies were entering into that were designed to shift profits, and the UK said we’re only going to ask you to report on what’s called hallmark D. But then we’re moving towards adopting the OECD’s mandatory reporting disclosure doctrine so at the moment the UK is just requiring people to focus on hallmark D, whereas the European Union has got A through about F and very soon the UK is going to ditch hallmark D from DAC 6 and adopt the OECD mandatory reporting. And I’m not aware of what the European Union’s approach to that is, but this is a very simple example of the UK divergence almost commencing the day after the transition period ceased.

How can risk professionals better adjust to an increased focus on green and sustainable finance issues of ESG becoming a more integral part of corporate governance?

Socrates Coudounaris: So ESG is definitely on the broad agenda and it’s back to that culture of what does that organization want to look like and feel like and especially to the outside world because ESG is everyone’s responsibility. But then if you’re in a financial services organization, you have shareholders and stakeholders and how you portray yourself. So you’ve got to, from a top-down perspective, identify with how you want to look and feel in the future. So that could be from investments. Do you invest in carbon neutral? Do you ditch tobacco? These are big-ticket item conversations for a board level. Do you rebalance the portfolio of your investments if you are influencing, if you’re insuring, I don’t know, coal-fired power stations? Do you still carry on doing that? Then, of course, it becomes an issue of capacity because if everyone ditches all that, then again as an insurer with 20 plus years experience, who will insure these fossil dirty burning whatever you want to call it? But that’s a different conversation. So it’s again governance, risk and compliance, but more importantly the image of what you, the financial services organization, want to look like and it starts from the top. But we’re always there as a risk and compliance to help them on that journey.

It’s more political than anything else, yeah, I’d say. The regulators are saying that you’ve got to demonstrate how you’re approaching this. It’s more of a political incentive than anything else.

Given all the challenges we’ve discussed, can you predict either an evolution or a revolution in the coming years for the GRCC field?

Will technology replace humans?

What about firms sort of pledging that they are actually following green policies when in fact they are not? Do we need to look at a company’s culture to tell whether it is authentically green?

Samantha Sheen: I totally agree green washing is a serious issue. A really good example is people who put logos on their websites claiming they’re 100 sustainable product using, etc., and then advocate groups find out this in fact is not the case. I think you’re always going to have this problem. You want consumer commitments that will pressure businesses to take on a more responsible attitude but unfortunately it’s easy to put up the curtains and have nothing behind the window of substance. If you check out the Nordics, they do some fantastic stuff around sustainable reporting, they are way ahead of us but their compliance programs are very active in terms of verifying what they report and put out there. So check out some of their websites if you want to see how it’s done well.

In terms of technology replacing people, we’ve seen it happen during the pandemic. An Australian company that does insurance had a piece of AI brought in from a Regtech provider to help them with a call center in Asia that had to be shut down because of the pandemic, due to the outbreak of COVID. The AI claims it did it so fast and so efficiently, it picked up fraud effortlessly, it was really easy to train and now the Australian companies decided there’s no more need for the call center, so the question is what happens to all those people who have jobs. It’s going to happen and we need to be responsible as a society. How do we reskill people? What are we going to do, right? It’s a really serious question.

And revolution or evolution, really quickly, if people think they can evolve going on this journey, they are already sitting back with the turtles. There has to be some quick radical stuff happening here, like if we don’t learn how to twist quickly on our heels to the next unexpected thing or the next positive opportunity, we will be left behind as compliance. And our goal has to be, as compliance, we need to be at the table with the big people, we don’t want to be left behind as the people they just ask at the end because we are not ready to adjust to change and come up with solutions.

Peter Wilson: Again I want to focus on one and that is: Will people be replaced by technology? I think that is likely in the more standardized functionality of compliance. But when you get to the higher level of compliance, of dealing with tax regulators, on interpreting documents and very complex tax laws, I don’t see that’s possible. I have a current situation representing a client who has put a substantial number of documents that support its position to a tax authority and the tax authority says, “Well, I don’t really care what documents you put to me,” and they say, “I don’t believe you,” and they won’t say why they don’t believe you, but it’s obviously because it doesn’t suit the financial objectives of the particular tax authority. So I don’t see how that adoption of a different version of the truth can be replaced by technology.

Socrates Coudounaris: So we’ve all embraced change and we’re here, so clearly we’ve been agile and adaptive and surviving but to Peter’s point and Sam’s point, yeah, some jobs will be lost, the more mundane routine ones, which can be AI automated. But I think the main focus in the future is having the qualified and engaged staff to do the right thing in our space. No AI or no system will replace the brains and the deep expertise that is on this call and in the functions and the people who represent those functions in order to steer the company in the right way. And we’ve all looked at perils and risks, as well as enough opportunities that are over the horizon.