Compliance Institute President, Kathy Jacob's speech from ACOI 2021 Annual Conference

Compliance Institute President, Kathy Jacob's speech from ACOI 2021 Annual Conference

Date: 18 November 2021

Opening

Día Dhíbh a Thoscairí agus failte romhaibh

Is mór an pléisiúr agus onóir dom an comhdháil seo a oscailt go hoifigiúil.

Good morning delegates and welcome. It is indeed a pleasure and an honour to open the 2021 ACOI Annual Conference.

This year’s conference is of necessity a virtual conference as the pandemic continues, but we should acknowledge that as a profession that thrives on exchanging ideas and solutions, it is not how we would wish to congregate this year or any year. But hopefully 2022 will see a greater return to a normality that includes in-person events.

We have a busy conference today with a packed agenda and not one but 2 announcements, one of which I will make now;

On 22nd November 2002, in the offices of Irish Life in Abbey Street, about 80 financial services professionals got together. We had just come through the millennium bug, 9/11 had happened and the Euro had been introduced in March that year. At that meeting, these professionals had one characteristic in common – they had responsibility in their firms for compliance. Those who organised the meeting that night had a vision of providing a network for compliance professionals and to provide a framework for upskilling for this emerging discipline.

This was the beginning of what has become the ACOI that we know today.

20 years later, the ACOI is the premier provider of compliance education in Ireland and is the largest organisation of its kind globally. Next November 2022, will be the 20th Anniversary of that meeting, and therefore, the 20th Anniversary of ACOI. So, this morning, I am delighted to launch our 20th Anniversary Year, which will see celebrations to mark the achievements of the last 20 years beginning today. The Executive under the leadership of Michael Kavanagh have organised a year-long celebration and I do hope that you all will get a chance to celebrate with the Council, Executive in one of the events to celebrate this landmark.

Now, to the business of the morning. Last year, our conference examined the changing nature of the role of the Compliance professional since the inception of our profession. We saw how the journey through the 5 ages of pioneer, specialist, expert, partner and finally compliance leader had brought different challenges which compliance professionals successfully navigated.

And so to this year’s conference, and indeed the next 20 years of ACOI. This morning, we will build on those themes and look at the challenges ahead as we face into the 2020’s. We will see how the compliance profession will be more relevant and even pivotal to the delivery of our industries and societies wider goals.

You will all be familiar with the Compliance Universe or footprint that forms the foundation of your compliance framework, and the typical headings of a compliance universe will comprise

- AML CTF / Sanctions or financial crime,
- data protection and privacy,
- consumer protection,
- prudential etc.

The Compliance Universe is about to get longer. The risk landscape facing compliance professionals is evolving at a pace I have not seen in 20 years working in the field. These threats include;

- Conduct Failures and enduring crises of culture and trust globally,
- New Business Models – Disruptors entering the market addressing the needs of customers in the digital 24/7 instant gratification economy.
- Geopolitical – Election of populists, Changing role of US, Brexit, escalating cyber warfare, role of China, more recently events in Afghanistan
- COVID19 – Has been an extreme live test of operational and financial resilence, but highlights the need to embed resilience into the fabric of the organisation
- Digital transformation, Automation and Data Privacy
- Environmental, Social and Governance or ESG – is the latest and arguably the most important acronym to be added to our extensive collection

All of these will drive Regulators’ agendas and expectations which will in turn set the Compliance Function’s agenda.

So, this morning, we are going to take some of these new threats and explore what they will mean for the Compliance leader of the 2020’s.

Taking Digital transformation, automation and innovation, disruptive technologies, however you wish to label them - a study published in December 2010, (Comin, 2010) showed how the mass adoption of new technology lags the research and development phase, on average 45 years and how that time has dramatically compressed. The adoption of the steamship took over 100 years, but the adoption of the internet and PCs took less than 10. And that study was published just as the smartphone was released, so the time to mass adoption of today’s new technologies is less than that. It was in 1950 that Alan Turing asked what is called the Turing question – can machines think – and in 1992 that an Artificial intelligence system first beat a chess grandmaster. In 2007, the Smartphone was born and with it, Siri, Cortana and Alexa. Iin financial services, we have seen the benefits of the deployment of disruptive technology such as AI in Credit Decisioning, Chatbots, analysis of legal documents, fraud, money laundering, Operations and Processes like Settlements and Scanning and retrieval of documents. The Financial Action Task Force have said that new technologies have the potential to make anti-money laundering and counter terrorist financing measures faster, cheaper and more effective, improve the implementation of FATF Standards to advance global AML/CFT efforts and ensure financial inclusion.

On 19 March 2021, the EU presented a vision for Europe’s Digital transformation by 2030 (EU, eur-lex.europa.eu, 2021) what it calls a Digital Compass which evolves around 4 cardinal points under; skills, government, infrastructure and business each with associated targets. Some of the targets include;

- On skills, a target of 20+ million ICT specialists with gender convergence
- On digital infrastructures - All European households will be covered by a Gigabit network, with all populated areas covered by 5G
- On digitalisation of businesses – the target take-up of technology is to have 75% of European enterprises have taken up: - Cloud computing services (2020 baseline: 26%) - Big data (2020 baseline: 14%) - Artificial Intelligence (AI) (2020 baseline 25%)
- On digitalisation of government and public services - 100% online provision of key public services available for European citizens and businesses, including online access for all medical records

The aim of the of this initiative is to empower businesses and people for a prosperous and sustainable digital future across the EU. Technological innovations are designed to make life easier they bring efficiency, consistency and an answer to some of the risks like human error, but there are challenges for all – for Regulators - How to regulate and supervise without stifling innovation; for firms / businesses - How to prepare and respond, Compliance - How to advise, monitor, assess, report and for customers – who are subject to Information asymmetries in how e.g., AI is being deployed in the provision of services to them.

ESG

Turning to Environmental, Social and governance or ESG which is aligned to sustainability outcomes.

‘ th' whole worl's... in a terr...ible state o'... chassis ’ was uttered by Sean O Casey’s protagonist Boyle in his play set in early 1920’s Dublin ‘Juno and the Paycock’. Like all good literary quotations, they are relevant for the ages.

When O’Casey wrote these lines the world was emerging from a world War, a pandemic – Spanish Flu, and Ireland was newly independent following a decade of war. Today, the official 20-year war on terror may be over, but international terrorism and cyber warfare is a threat, the COVID19 pandemic has shown that the exploitation and consequent degradation of our natural world has catastrophic impacts on the human inhabitants of the planet, and Brexit has thrown the delicate settlement on this island into peril.

No-one could have missed COP 26 these past weeks and on climate, the data and statistics are many and catastrophic. To quote a couple;

- July 2021, has been found to be the warmest on record, 0.9% higher than the 20th century average, with floods, fires, and extreme high temperatures(NOAA, 2021)
- the latest UN Intergovernmental Panel on Climate Change report released in August shows that scientists are observing changes in the earth's climate at every region and across entire climate systems (IPCC, 2021) most of it attributed to human activities.

The very marked difference in pandemic outcomes in those countries led by females has demonstrated that female leadership – a manifestation of diversity - has moved from merely fairness and equality to being a proven force for good in and of itself making the case very strongly for gender diversity, and by extension, all forms of diversity. The inequalities within humanity, never greater than before the pandemic were exposed in a harsher light and then exacerbated. The case for governance has been made at a global and country level by the damage being done by the election of populists and through the global financial crisis and the conduct failures.

Sustainable development has been defined as far back as 1987 as ‘ development that meets the needs of the present without compromising the ability of future generations to meet their own needs (Brundtland, 1987). The global or supranational efforts include the 2006 UN Principles of Responsible Investment, the 2015 Paris Agreement on Climate Change, UN 2030 Sustainable Development Goals adopted in 2015, which have the ambition to be a ‘ blueprint to achieve a better and more sustainable future for all ’. Climate change is only one of the 17 goals, others include eliminating poverty and hunger, gender equality, wellbeing, reduction of inequality etc.

In Ireland we have had the 2019 Climate Action Plan, and Minister Pascal Donohue recently launched the Sustainable Finance Roadmap, in which he described sustainable finance as ‘ increasing prominence as a priority for Ireland and as a key piece of our toolkit in addressing the climate crisis ’. Minister Donohue sets the vision for the Roadmap to enable Ireland be ‘ a leading sustainable finance centre by 2025, informed by extensive research and stakeholder engagement ’.

The Central Bank will be developing its approach, and this began in the ‘Dear Chair, Dear CEO’ Letter on the 3rd November last where Governor Makhlouf outlined the emerging regulatory approach.

In the 11th EY/IIF Risk Survey, published in June this year which surveyed Chief Risk Officers of banks on their emerging risk priorities, over 90% of CROs view climate change as the top emerging risk in the next five years.

The ESG/Sustainability agenda is getting the attention it so desperately requires – and the race is on to deliver change. And we at ACOI are playing our part, with the recent announcement of the Sustainable Finance for Compliance Professional Education programme which we will be launching in 2022.

And what do these new threats mean for us Compliance professionals? Have we a part to play and what is it?

Today's contributors will explore what these and other important themes such as culture and privacy mean for us in Compliance in the 2020s.

I am delighted to welcome Ed Sibley , Deputy Governor, Prudential Regulation, Central Bank of Ireland, who will give the Central Bank of Ireland’s view on governance and other updates, Vivienne Artz – Director of Privacy Policy at Centre for Information Policy Leadership ’ –will talk about the future of data protection, Kieran Towey , Lead for Applied Intelligence, KPMG will elaborate on the challenges and ethics of Artificial intelligence.

After the break we will hear from Yvonne Holmes, Chief Sustainability Officer at AIB. Tim Dyball Managing Director, Head of European Compliance , will chair our ESG Panel with Laura Wadding, Partner, Risk Advisory , KPMG, Ann Shiel, Associate Asset management and Investment Funds, A&L Goodbody , and Vincent McCarthy Founder, ESG Ireland .

and then Bill Callahan, Director of Government and Strategic Affairs at the Blockchain Intelligence Group will join us from the United States to take us through the impact of blockchain and in particular, cryptocurrency

At the end of the morning, we will close our conference with some of my own thoughts on how compliance officers should tackle these challenges. I also have a very special announcement to make – the biggest development / change since the foundation of ACOI so I look forward to speaking to you all later.

In the meantime, please do enjoy the ACOI Conference 2021…

Closing

I hope you all enjoyed today’s conference as I have.

Before my concluding remarks, I would like to thank everyone who contributed to the ACOI this year most on a voluntary basis, chairing working groups, contributing to podcasts, delivering a webinar to name just a few -– there are too many to mention, but we are sincerely grateful for their contribution. I would like on behalf of the Council of ACOI and the members tuning in today to thank and also the ACOI Executive, who under the leadership of Michael Kavanagh, our CEO have made today’s conference happen.

I hope you all enjoyed today’s conference as I have.

I would like to sincerely thank all our speakers today for their insightful and thought-provoking contributions.

As we saw last year, compliance professionals are adept at developing skill sets and honing their approaches to meet the needs of a changing environment. We have a powerful playbook underpinned by an educational and skills framework and an active professional network.

On new technologies, business will be coming forward with compelling business cases for deployment. The new technologies offer precision, consistency of service and decisions, can do laborious, repetitive, time-consuming tasks, assist with fraud detection, perform tasks rationally, they function without stopping, have very powerful problem solving and decision-making capabilities. The risks include the cost of maintenance and repair, lack of the human touch, common sense and insight, they are not creative – yet it could lead to a decrease in human capabilities in the functions it takes on, which will lead to dependency. They can’t deal with emergency situations and are unable to handle nuance, or ambiguous and contradictory messages. And of course, a very powerful ethical dimension, in the wrong hands new tech can be destructive.

On ESG, this will be a dominant agenda for the businesses we compliance professionals operate in as the climate emergency accelerates, the impacts are felt globally and sustainability reporting is demanded not just by regulators, but by investors and other stakeholders.

With the upcoming Individual Accountability Framework, and Senior Executive Accountability Regime, these new threats will fall within the remit of one or more individuals in a firm to take ownership and be accountable for. Effective Board led governance and a risk-aware culture will be the building blocks for facing the challenges.

Digital Transformation, Innovation and Disruptive Tech

First, the role of the Board. I see Board vision and leadership as essential to the safe, successful and ethical deployment and an articulated IT strategy should link into the broader commercial strategy and be its enabler and accelerator.

Establishing AI Governance

The Board should establish appropriate governance over the deployment of new tech, define roles and responsibilities across the 3 lines of defence, ensure there are documented policies to guide staff ensure there is appropriate resources and training for all from Board down as needed.

Skills; Many Boards will not have the skills within it membership to oversee management deployment of new tech and should address any skills gaps by specific training / education or recruitment?

Tone from the Top ; The tone from the top set by the Board should be about setting expectations across the business as it is on a journey to embrace new technologies, including a consideration of the ethical implications and articulate the standards it expects to see when management are implementing. Boards also need to take a very active interest post-deployment.

The role of the Compliance Professional

So, taking the Tech strategy set by the Board, what is what is the role for the compliance professional?

Trust and technology do not always go together as the revelations from the Facebook whistle-blower (Jim Waterson, 2021) Frances Haugen and the rise of privacy activists like Max Schrems show that citizens are no longer taking privacy for granted.

We have seen through the last 15 years how quickly trust can be lost, and difficult to regain, but trust will be an important component for the safe and successful deployment of new tech.

That is where the compliance professional will be the differentiator and key to the success of a firm’s tech strategy.

Outsourcing / External partnering

The first decision re new tech implementation will often be to who to partner with as its unlikely the technology solutions such as AI can be developed in-house. This will require the full spectrum of controls for outsourcing and third-party risk management such as due diligence and risk assessments as, if these are delivering regulated activities, it’s difficult to see how these would not be critical outsourced or third-party relationships.

‘Black Box risk’

Transparency is an essential enabler of trust. Compliance professionals can support with the ‘black box’ risk – e.g. ensuring the working of the technology can be explained in plain language to customers. Also, for categories of vulnerable customer, tools driven by e.g. AI may not be appropriate or at least this cohort will need additional support. What if the decision-making cannot be explained? Is it still ethical to deploy?

Data Protection

AI is driven by algorithms and by big data leading to data protection risks, and compliance professionals are well versed in analysing these risks through data protection impact assessments.

Looking at some of the data protection challenges – How can you incorporate data protection by design into the new tech – especially if you are not the developer – what will you take as assurance from the developers on data protection by design? Do we have a lawful basis to use customer data collected to service the customer account to also be fed into an algorithmic model? At application level, is there a very clear objective defined for the solution? In blockchain technology – who is the data controller, and what jurisdiction is the governing regulatory framework in a distributed database? What level of human intervention is there especially if customer facing? To name just a few.

Given the complexity of these new systems, it can be difficult to mitigate the full suite of data security risks. So are business continuity plans and exit strategies in place should these systems be attacked.

Incorrect Decisions

Technology is not infallible. How do we guard against the garbage in, gospel out syndrome? Does e.g. a decision engine turn down customers who should get loans? How do you detect? What are the risks to our customers if incorrect decisions which may lead to potentially unfair outcomes for customers? Is there a guardrail system to switch off a tool to revert to traditional models if the models are producing incorrect outputs that produce poor or detrimental outcomes for customers?

How to monitor results,

Skills Gaps

If you build or buy, you need internal skillsets to maintain the systems. What happens if problems arise during deployment? For risk management the compliance team need to have an understanding of data, tech and their specific governance.

Ethical Underpinning: need to ensure the models don't conflict with laws, and regulation and are 'non-discriminatory'. Without proper direction models can double down in a very biased manner.

So some actions for the compliance professional include;

Engage with the internal innovators, know what is being planned in the IT strategy

Develop an understanding of how different customer cohorts might interact with technology

Develop a full picture of a customer’s online journey

A full Risk Framework Implementation may be warranted across the 3 lines of defence

Consider how to build compliance and risk systems around an algorithm that is designed to learn and adapt; and

AI Ethics – is beyond compliance - start with the EU’s Ethical Guidelines and familiarise yourself with the ethical issues(EU, Ethics Guidelines for Trustworthy AI, 2019).

The EU has responded with the Proposal for an Artificial Intelligence Regulation published by the European Commission in April this year. This regulation, which aims to promote the uptake of AI by creating an ‘ecosystem of trust’ borrows heavily from GDPR for inspiration seeks to provide a regulatory framework for this new technology. This as a welcome development that the EU have been brave enough to have attempted to regulate this early before mass adoption and avoid playing catch-up with such powerful technology. And it creates a role for the Compliance professional in our comfort zone and traditional role of interpretation of regulation.

ESG

ESG is a complex and multi-faceted agenda, requiring business wide collaboration. Currently the task for compliance professionals is to develop a clear sense of its own role. What was very much voluntary is becoming regulatory – with the Sustainable Finance Disclosure Regulation being the start. So ESG is an area where compliance can add real value in their roles and from the outset.

Again, the Board will set the tone, and as stated in Governor Makhlouf’s letter, have ownership of the climate risks impacting the firm with individual accountability providing momentum.

Define ESG for the firm and Compliance Professional

Compliance professionals need to examine now what it means for their firms, across the three categories which can be hard to define. Mark Carney sets out in his book ‘Values’ a suggested set of categories under the 3 headings (Carney, 2021)

Review frameworks and identify the Gaps

Carney’s list includes under governance; bribery and corruption, whistleblowing and lobbying, others include conflicts of interest – and compliance is already active, in many firms’ models on many of these fronts. So, reviewing current frameworks and identifying the gaps is a start.

Monitoring Developments

The Central Bank will be establishing its Climate Forum and there will continue to be the development of standards and ‘soft’ law on ESG matters which require compliance traditional skills of interpreting and understanding regulatory expectations. Risk management

Compliance professionals are familiar with the risk management methodologies which will be key any firm’s approach. In addition, those involved in asset management firms will already be looking at how to evaluate and classify investment and ensure that statements are fair and accurate as regards green credentials. Greenwashing which has been around for decades, so we know what bad looks like - will translate in the coming years into a significant reputational risk if firms cannot deliver on this agenda.

Upskill

As Compliance Professionals, we regard education and upskilling as a career long activity and as mentioned earlier, we will be launching next year what we believe will be the world’s first Sustainable Finance for Compliance Professional Education programme.

In the meantime, there is also a wealth of sources to watch e.g. The Network for Greening of Financial System shares best practice and contributes to the development of environment and climate risk management in the financial sector to support a green transition (NFGS, 2021). Also, seek out and follow other thought leaders in this space.

That concludes the technical part of this year’s Conference.

I promised a 2nd very important announcement this morning, and I ask you to watch this video – its just a couple of minutes to help with the announcement.

Please look out for the new website, and the new LinkedIn page which you have to follow again and these will be launched tomorrow morning.

So in closing the 2021 Conference of the Compliance Institute

The topics explored today in our conference are the most exciting and rapidly evolving topics of business today. Bill Gates said that people overestimate the effect of technology over 2 years, but completely underestimate its effect over ten . In the pandemic, technological change has accelerated by a number of years, Technology will change how we manage risks and even how we are supervised. There will be pressure to reduce costs as the post-pandemic slowdown takes hold, but also pressure to invest in technology and skills. In 2020/21 Resilience was key, and from now on will extend beyond financial and operational but will include - internal culture as we work in hybrid environments, IT, workforce (physical and mental wellbeing), societal and the planet. The climate agenda will not be addressed without financial services and there are significant opportunities for the Compliance professional to be a dynamic partner to business in the 20’s and 30’s to meet the challenges.

We, Compliance Professionals have a very rich agenda over the next number of years and the Compliance Institute will be your support though education, upskilling and exchanging of ideas and best practice.

The Taoiseach’s announcement this week seems a sort of setback, but in truth, this pandemic will run its course heedless of its human hosts and it is for us to adapt, and we will.

So I will close giving the final word to Seamus Heaney, our Nobel Laureate Poet with words of hope;

Believe that a further shore is reachable from here…

Thank you for attending the Compliance Institute 2021 Annual Conference

And we hope to see you soon

Bibliography

Brundtland, G. H. (1987). Report of the World Commission on Environment and Development. Oslo: UN.

Carney, M. (2021). Value(s) - Building a Better World for All p419 (1st ed.). London: William Collins.

Comin, D. A. (2010). An Exploration of Technology Diffusion. American Economic Review, 100(5), 2031 - 59.

(2019, April 8). Ethics Guidelines for Trustworthy AI. Retrieved November 7, 2021, from https://digital-strategy.ec.europa.eu/en/library/ethics-guidelines-trustworthy-ai

(2021, March 19). eur-lex.europa.eu. Retrieved October 15, 2021, from https://ec.europa.eu/info/strategy/priorities-2019-2024/europe-fit-digital-age/europes-digital-decade-digital-targets-2030_en

IPCC. (2021). Summary for Policymakers. In: Climate Change 2021: The Physical Science Basis. Contribution of Working Group I to the Sixth Assessment Report of the Intergovernmental Panel on Climate [Masson-Delmotte, V., P. Zhai, A. Pirani, S. L. Connors, C. Péan, S. Cambridge: Cambridge University Press.

Jim Waterson, D. M. (2021). Guardian Facebook. Retrieved October 31, 2021, from https://www.theguardian.com/technology/2021/oct/25/facebook-whistleblower-frances-haugen-calls-for-urgent-external-regulation

NFGS. (2021). NFGS. Retrieved October 31, 2021, from https://www.ngfs.net/en

NOAA. (2021). National Oceanic and Atmospheric Administration. Retrieved October 17, 2021, from https://www.noaa.gov/news/its-official-july-2021-was-earths-hottest-month-on-record

Quick Links

Resources

Connect with us