Kimberley Cole speaks with Stacey English and Susannah Hammond of Theta Lake about the risks modern communication platforms bring, recent regulatory actions, and what you can do to be compliant without turning off features in Zoom, Microsoft Teams, RingCentral!
Stacey English is Director of Regulatory Intelligence for Theta Lake, a leader in modern collaboration compliance and security solutions. She has over 25 years’ experience in financial services regulation and technology as a former regulator for the now FCA and as a risk and compliance practitioner in global banks and insurers. For more than a decade, she led Regulatory Intelligence for Thomson Reuters providing regulatory insight to financial services firms including global industry research covering conduct, culture, and the cost of compliance. She’s also a qualified accountant, a published author on conduct and accountability in financial services and an Honorary Fellow of Cambridge Judge Business School – providing expert guidance to the Cambridge Centre For Alternative Finance.
Susannah Hammond is senior regulatory intelligence expert at Theta Lake. She has over 30 years of wide-ranging compliance, regulatory and risk experience in international and UK financial services. She has held senior compliance roles at firms such as Warburgs, HBOS, GE Capital and Caspian before joining Complinet which was acquired by Thomson Reuters. Susannah is a well known thought leader in financial services and was the inaugural host of the popular podcast Compliance Clarified.
02:04 Career Journeys
08:37 Top Skills for the Ultimate Compliance Professional
17:19 How the Way We Communicate Has Changed
22:20 Privacy & Data Security
27:46 Using Emojis
31:05 Biggest Takeaways from Communications Risk Report
Kimberley Cole 0:01
This is Risky Women Radio, a show that connects, celebrates and champions women in risk regulation and compliance. We’re here to share the insights on the biggest issues in our industry and hear inspiring journeys from our global members. Sign up to our newsletter at riskywomen.org. I’m Kimberley Cole, your Chief Risky Woman.
Kimberley Cole 0:24
Welcome to Risky Women Radio. Today’s risky women are Stacey English, and Susannah Hammond. They join us from Theta Lake, a leader in modern collaboration, compliance and security solutions. Stacey English is the director of regulatory intelligence for Theta Lake. She has over 25 years experience in financial services regulation and technology as a former regulator for the now FCA and as a risk and compliance practitioner in global banks and insurers. For more than a decade, she led regulatory intelligence for Thomson Reuters, providing the regulatory insight to financial services firms, including global industry research covering conduct culture, and the cost of compliance. She’s also a qualified accountant, a published author on conduct and accountability and financial services, and an Honorary Fellow of Cambridge Judge Business School, providing expert guidance to the Cambridge centre for alternative finance. Susannah Hammond is a senior regulatory intelligence expert at Theta Lake. She has over 30 years of wide ranging compliance regulatory and risk experience in international and UK financial services. She has held senior compliance roles at firms such as Warburgs, HBOS, GE Capital, and Caspian before joining Complinet, which was acquired by Thomson Reuters. Susannah is a well known thought leader in financial services, and was the inaugural host of the popular podcast, Compliance Clarified, so great to have both Susannah and Stacey join us on Risky Women Radio today.
Stacey English 2:04
Thanks so much for having us. It’s great to be here.
Susannah Hammond 2:07
Delighted to be here.
Kimberley Cole 2:08
Absolutely. So I what I’d love to hear about obviously, you guys are long term professionals in the risk and compliance area, have done many different things through the industry. So I guess starting with Stacey, can you take us on your kind of career journey and some of the key highlights and then tell us what you’re up to today.
Stacey English 2:31
So I’m now director of regulatory intelligence at Theta Lake, which provides compliance and security for modern collaboration platforms. I’ve been in financial services regulation for over 25 years, I started out as a regulator, I became a practitioner in major banks and insurers, and ultimately moved into technology. And that’s where we ended up in in Thomson Reuters and we met Kimberley. So I think I was always destined to work in financial services, even at university I worked in a bank and during the holidays, and you know before had to pay for it. So always going to be my career path. And that practical experience allowed me to join the regulator. And that’s where I moved straight into regulation. And I had the privilege of being on frontline supervision, looking at mis-selling, looking at some of the worst misconduct in the market. And so ultimately, I was auditing the regulator itself. So really that final final line of defense, and that’s where I qualified as an accountant, and you know, the best opportunities, the best grounding for this career, I think, and endless opportunities. But I took a sort of brave decision to move out into industry because I really felt that I needed to have the practical experience of what compliance teams were going through to do that job effectively. And I had every intention of moving back to be a regulator. So I spent several years in some of the biggest insurers and banks, I had the privilege of working for the Lloyds of London, the biggest insurance market, for example. But at the height of the financial crisis, I found myself in that banking culture that’s been so widely analysed and discussed. And I thought there has to be a better way to compliance. And as someone who’s quite risk averse, I took a very brave decision at that point to move into a technology startup. That startup was Complinet which was doing some amazing things for the compliance industry. We were building out a tracker for tracking regulation and analysing all the regulatory developments. And that’s where I met Susannah. And that was long before the word regtech even had a name. Yeah, that was real technology to help compliance and regulation. And obviously, that was ultimately then acquired by Thomson Reuters. So I found myself moving for that startup back into that big corporate world. I spent a decade there, building a team to provide that analysis of regulatory developments and leading some of the world’s leading industry research. You mentioned the Cost of Compliance there. And a decade of that it took a brave decision, again, to move back out into a startup. I felt that you know, 10 years of cost compliance was, it’s time to move on. Sad to leave it behind behind, obviously. But I had some opportunities. I was helping Cambridge with their regulatory Genome Project, for example, which is making regulation machine readable and lots of other opportunities. And for the last few years, I’ve been part of Theta Lake, which is an absolute joy. And we were lucky enough to recruit Susannah late last year as well.
Kimberley Cole 5:24
So I mean, lots of interesting things there. And also interesting to hear about some of the sort of risks that you took on your career. But Susannah, so tell us about your career journey to Theta Lake.
Susannah Hammond 5:37
Yeah, goodness, well, Stacey’s saying she was always destined for financial services. I fell into it completely by accident, because my degree is material sciences and metal ceramics and polymers. I did work for IBM for a year before I went there. But in R&D, I was doing CAD CAM design and all that kind of cool stuff. Got to the end of university had absolutely zero idea what I wanted to do. So my holding pattern was to join Arthur Andersen, which I realize perhaps is not the greatest CV moment in anybody’s life anymore. And I became a chartered accountant, because I thought getting other qualification holding pattern, figure out what you want to do that sort of thing. And I ended up after that, going for an interview at Warburgs, dear old Warburgs. And I was actually being interviewed to work in the finance department. And about halfway through this interview, the very nice chap who’s the head of HR looked at me and said, Hang on one minute, and you’re thinking, Oh, my goodness, what on earth and I just said, and he wandered out and came back in with John Mayo. And for those of you who have a long memory, John Mayo was the former senior managing partner of Linklaters and Paines, as it was called then, the architect of a day. I mean, he was the Mr. City, the leading lawyer in the city he created so much. And he was head of compliance for Warburgs. And the head of HR introduced the two of us. Two hours later, I was offered a job to come into compliance at Warburgs. Didn’t really look back from there. But I mean, talk about not exactly a straight line path or ever what I intended to do, but from dear old Warburgs, I did a number of very senior compliance roles, mostly international compliance, to be fair, and risk. And I did HBOS, head of compliance at GE Capital bank, all that sort of thing. And then talking about brave decisions, I’d done a lot of head of compliance roles. And to be honest, I was knackered. It’s a big full on role to be head of compliance. And there was Alex Viall, who was one of the founders of Complinet who I’ve known since I was at Warburgs. When he was, I think, probably a Barings at that point, he might have been at the regulator. We had a standing joke that every six months he asked me to come to Complinet. And finally I turned around said, Well, yeah, all right, then. And the rest almost is history with Complinet and it’s absolutely world class cutting edge technology at the time. And even now, people have incredibly fond memories of Complinet, they still remember the name, they still know it. And that’s 15 years old now perhaps. And then from Complinet, Thomson Reuters regulatory intelligence, and I was there 15 ish years. And then yeah, time rejoined Stacey doing fun things, and Theta Lake and big company back to a small company. I’ve done startups before I did a start up merchant bank called Caspian, which was fun at the time. And, yeah, kinda nice to be somewhere small and agile again. That’s really quite a lot of fun.
Kimberley Cole 8:37
Really interesting there. You both had sort of chartered accounting backgrounds, you’ve moved from regulators, banking, into regtech, as it is. I guess, thinking about that, and thinking about the skills that you think, you know, most interesting or important, and what things in the regulatory and compliance space do you feel that are needed for the ultimate compliance professional? And I know, that’s a very broad question. But I guess thoughts from you to start with Stacey?
Stacey English 9:15
Yeah, I think we’ve to do as well, like we do is that ability to analyse information quickly and determine what’s needed. Now, whether it’s as a regulator giving advice, or whether you as an expert in the industry, keeping up with change, and giving that advice. So communication skills really important. Being able to write obviously, but liking writing and sharing information in interesting ways. But also people skills wherever I think that makes your role, doesn’t it? It’s when you’re in compliance, and you’ve got to, it’s important that you’re collaborating, for example, with technology teams, or you’ve got to interface with a regulator. It’s that ability to understand people and communicate and I don’t know how you describe the skill of being personable, good, having integrity and just being a good colleague, but that’s been something I’ve always looked for it when I’ve recruited my team. And that’s why Susannah, I continue to recruit.
Kimberley Cole 10:09
Anything else. You think that’s the sort of key attribute or skill? Susannah?
Susannah Hammond 10:15
I’d say there’s there’s sort of almost two layers of skills, you have to have the subject matter expertise. That’s the sort of base plate. But on top of that echo what Stacey said, you have to be able to cut through the noise and be articulate about the key things that actually matter. And to pull the threads and say, Well, you’ve got 200 pages of consultation, say, actually, what are the three things you need to do? It’s that ability to take the noise, and analyse it down into actionable good or better practices, or actually, these are the three things you need to worry about. And that ability to, I suppose the American phrase cut to the chase, is absolutely critical. Because then once you can do that, you can communicate that to the chief executive to whoever. And I think that is a really important skill to have to be able to see through all of the extraneous stuff. And let’s be frank, there’s an awful lot of stuff out there, and actually pick out these are the important things, these are the things you need to worry about. These are the things you need to do something about.
Kimberley Cole 11:26
And thinking about all the roles that you’ve had. And because I do think it’s really interesting to this look at the entire ecosystem that exists across the, you know, risk, regulation and compliance landscape. Would you recommend your roles, or of the roles that you’ve had which ones have you kind of loved and would you recommend to others? Susannah, do you want to kick off?
Susannah Hammond 11:51
Which ones have I absolutely loved? That’s a good question. That has been very, very dependent on the culture of the organisation. And I’ve been through some interesting cultures. And I’m now figuring out whether or not I really ought to name names and shame people completely. Let me give you one vignette, GE Capital bank, when I went to them as head of compliance for UK and Europe, between me accepting the job and starting, they’ve knocked two zeros off the balance sheet, and they fired the chief executive. And they were in severe regulatory trouble, which they hadn’t told me about to start with. So I spent a year, 18 months basically fixing them. And I was thinking, this is not what I came here to do. I was supposed to be building this and doing this and doing that. And it was sheer hard graft. And of course you do it. And of course, you get that real sense that you have done something you have saved something you have made it at least a bit better. But did I enjoy it? Probably not to be perfectly frank. And then compare that to when we were building Complinet and Thomson Reuters Regulatory Intelligence, when the culture was great, the people were great, there was a common goal. And it was fascinating work. Absolutely fascinating. I’m not sure that completely answers the question. But yeah, two very different roles.
Kimberley Cole 13:12
I mean, I think that’s really interesting, I guess, maybe Stacey from your side, like thinking about it from that purpose, passion and impact. What would you recommend, in terms of thinking about roles with that lens, given some of the things that you’ve done for the audience?
Stacey English 13:31
I certainly would recommend this as a career, there’s never ending opportunities, there’s always something new, there’s always new products, there’s always new regulation it’s always changing. So you’re never going to get bored. And you’re never going to be short of work to do. I think, in terms of our particular role. Now, obviously, we’re that innovative, fast paced culture, which is great, if you’re suited to that, my being able to take that broader view. Sometimes, when you’re in a firm in a regulated firm, you can only really see what’s going on in that firm. But when you’re outside of it, either as a regulator, or as a thought leader looking across the industry, you get such a broad view of what’s happening. And you have that real privilege to be able to share best practices and advise firms on how they could do things better or what they need to do. I think that’s the bit I really love now about not being just in one particular firm and having that broad view.
Kimberley Cole 14:22
Before we jump into our key part of the discussion here around looking at modern communications compliance and the security report that you did. Maybe Susannah, can you kind of give us an overview of Theta Lake and what you do and what the vision is?
Susannah Hammond 14:40
I think Stacey’s much better place to do that. She’s been there two years, I’m the newbie.
Kimberley Cole 14:44
Stacey English 14:45
So, Theta Lake is backed by investments from Zoom and Cisco, RingCentral, Salesforce, and we provide the security and compliance for the modern collaboration platforms that we’re all so dependent on today. And we’ve got hundreds of partnerships certified integrations that allow us to capture and archive all of those new communications, the video, the chat, the messages, or we can send it to archives. And obviously, that’s so complex. Now, given the way we communicate that we’ve got emojis and text messages, and all the things that change the context of communications, which make it really hard for firms to meet their record keeping obligations, to actually capture all these channels, and all the rich context and different features around it. And then the other part we do is we supervise all the communications, so that with the use of patented artificial intelligence, we can detect and surface any regulatory, privacy, or security risks. So for example, if I was holding up in front of the screen now a financial document, but I wasn’t talking about it, you’d want to know that as a firm, if there was personal information sitting in a chat conversation that needed to be removed, that needs to be identified. So any sort of risk that lives inside of these communication platforms, we can surface so that yeah, then a firm can meet its oversight and supervision obligations. So really all designed so that when you’re using these new platforms, you can use them confidently and securely. And I can’t take any credit for the foresight of our founders, who knew we would be moving on to these platforms, but I don’t even think they saw the pandemic coming to know quite how quickly that Zoom and Microsoft Teams would be, you know, so fundamental to our workplace.
Kimberley Cole 16:24
Yeah, really, really opportunistic in terms of where they’ve landed. So you recently did this great report. Can you give me a bit of background on that report?
Stacey English 16:35
Yeah, absolutely. So this is our fourth annual report. So research started in 2018, when we were in a very different world was the pre pandemic, we weren’t using these platforms as much, we weren’t all remote. And we’ve been able to track the findings over time, this report, we had over 500 firms take part, everyone who took part had a senior role in compliance or security in a heavily regulated industry, predominantly financial services, and globally across the US, Canada and UK. So that gives us really credible insight to share those practices. And the firms can benchmark themselves against what everyone else is doing. So we know already that these platforms are absolutely fundamental to how we work. But what’s interesting is just how the mix of those communications and the way people communicate has changed. And the majority are using more than four platforms. So you think you’ve got Zoom in place and Microsoft Teams in place, and then you might have Whiteboarding and, and other video platforms and multiple platforms to manage. And that’s expected to increase. It was quite fascinating to me was how the way we communicate has changed. So there’s been a real move from traditional email to actually using video and chat, I think it was 81% are using chat more than they use email, which is quite astounding to think how that’s changed over time. 63%, using video as much as email, so a very, very changing environment. And that really, it has created challenges because firms are in a place where they’ve got the old compliance solutions that aren’t really designed for this. They’re designed for email. And they’re trying to sort of catch up now, and look at what they do to actually make those platforms compliant, meet all their obligations that still exist, the same obligations, same record keeping obligations, supervision. So that’s yeah, I think one of the key findings of that report is how things have changed.
Kimberley Cole 18:31
Yeah, really, really interesting. And I mean, I guess, looking at those key regulatory challenges, Susannah, what are some of those areas in addition to what Stacey’s called out, that really exists for the customers?
Susannah Hammond 18:47
Well, I think two things, well several things, but primarily, firms have understood that this is a challenge. And it’s just how they have responded to that challenge that actually, in some cases, ended up creating even more challenges for them, which is never a good place to be. So some firms have basically said, all of this great functionality that, you know, Zoom, Teams, WhatsApp, RingCentral, whatever it is, you’ve got humongous functionality built into that. And let’s be frank firms will be paying for all of that great functionality. But because there’s some of the compliance challenges or concerns, that functionality has been switched off. So you’ve got in a work environment, you will use X, and it’s very tram tracked, very narrow, and probably actually not very conducive to getting things done in a world where you want to use chat as much as anything else. And so the great challenge and difficulty there is that if you have put those limitations on people, the great temptation for them is to go and use unmonitored channels. And we asked that question in the report and two thirds 66% said it was likely actually staff were communicating on unmonitored channels. Now, if you’re a head of compliance, your ears just exploded, this is not a good statistic to think about. So firms are going to have to think about how they can put those features back on, which will encourage everybody to play nice and be within channels that are being monitored, and therefore overseen and captured and all of the rest of it. And this isn’t theoretical, I’m sure everyone will have seen that $2 billion, that’s billion with a B dollar fines imposed in the US on banks. WhatsApp is the label that’s put on it, but it was the use of unmonitored channels. Now, for me, one of the key things with this one is these are big blue chip banks. And they had this collective blind spot about the use of WhatsApp. This wasn’t a rogue trader in a corner using WhatsApp to discuss whatever. This was at all levels of the firm. This was senior management, this was the Risk and Compliance functions were all using unmonitored channels. So I think there is a real need to reconsider the sheer breadth of where your record keeping obligations truly do apply. And then once you’ve got your head around that, understand, you’re going to need help in the sense of modern solutions to make sure you can not only have the functionality switched on, so folks are going to use in house capabilities. But also you’ve got to be able to monitor that and you’ve gotta be able to capture it, you’ve got to have the capacity to monitor the sheer volume there as well. So yes, there are challenges. But please don’t put in place policies and procedures that actually make your problem worse, because then you’re tackling even more issues once that all of that shakes out in the mix.
Kimberley Cole 21:51
Yeah, that’s very interesting. There’s unintended consequences of thinking that you’re providing a safer environment but creating more and more problems.
Susannah Hammond 22:01
Kimberley Cole 22:02
And Stacey, I think the report also covers more around the privacy and security challenges as well, how a firm’s dealing or trying to deal with those challenges?
Stacey English 22:13
Yeah, it’s interesting, obviously, data security and privacy is really important, because this is how you’re communicating with customers. And there’s lots of private data, customer confidential data or health information on these channels. So very much in line with what we’ve seen last year, there’s particular areas that cause concern, and they’re things like files uploaded in chat, for example, you know, when you send an email, and you’ve got a limitation on what you can send, there isn’t that limitation that you could attach anything, you could touch a giant database of all your customer information or all your financial information, and that could be leaked, and it could be a disgruntled employee, or it could be an accident, you put the wrong attachment on. So things like links that go into chat conversation, I’ve learned all this now how that will never go away that link unless you remove it, it’s persistent, it will stay there forever. And some of these chat conversations go on for years and years. And those links can become compromised. Some of you have malware in your system, or it’s a link to a site that you just don’t want that, you know, it’s a malicious site or a hate site or something. And of course, the screenshare is another one, we’ve all done that we’ve all shared the wrong screen, you’ve got someone else’s information open, you’ve got the payroll system open, and everybody sees it. And it only takes somebody to take a screenshot or have their phone and you, so there’s all sorts of privacy issues that if left unmanaged, but with the right safeguards around it, all of those can be alerted to so you know, you’re ahead of these risks and can manage them. But they tend to be the things that people are worried about. But if you’re using legacy tools, you’re not going to spot them, you’re not going to know they’re there, you’re not going to be able to find the personal information, you’re not gonna be able to extract it, you’re not going to know and you’re then you’re on the backfoot to somebody else telling you, oh, this information got out that the organisation so lots of understandable concerns about privacy and data security that can be thankfully managed. In terms of how firms responding to this, well as Susannah mentioned, lots of just turning the functionality off. So you say well, okay, let’s avoid that risk. Let’s turn off the chat. Let’s not send any chat messages. Let’s turn off the video. And then you’re in a situation where well, that’s just not productive, you know that that actually affects how you work you you want to get to send a quick message you want to get to collaborate on screen or a document. So it’s this say the unintended consequences, you turn everything off to control it. And actually it finds itself its way out through another unmonitor channel. So we always say is best practice are use the channels that use the platform that are all designed to be compliant with the right technology around it and you just don’t have this problem. Bt it’s a new area. It’s something that firms are really grappling with what to do.
Kimberley Cole 24:57
Yeah, and I think it’s also that we demand in our business lives now the capabilities that we have in our consumer lives, and just trying to shut things down it just doesn’t help. And it’s frustrating and unproductive as you point out. I guess another one of the challenges, and maybe Susannah that you can talk a bit to, is just the immense amount of data and how firms can have oversight to that. Can you tell us a bit about that sort of challenge?
Susannah Hammond 25:30
Yeah. And it really is a challenge. I mean, you only have to just look into the world. Data is the new oil, the sheer volume of data, bouncing around everywhere is just vast. And none of that is a reason for firms not to be able to oversee what on earth is going on. But again, I mean, this is a bit of a thread through the whole conversation, you need the right tools to be able to do it. The last thing with unintended consequences, for instance, is to have stacks of false positives coming up, which makes your life even worse than when you started in terms of compliance oversight. And there’s a whole range of ways firms are looking at how they can do risk and compliance oversight and this sheer amount of data that’s there. And some of them are very simple. I mean, two thirds using a lexicon and keyword search. Yes, you need to have the right keywords. Yes, you need to be knowing what you’re doing. And having it set up properly. Over half 57%, are using machine learning, natural language processing, artificial intelligence. The one that made my blood run slightly cold when I was reading the results for this is 57%, again, are using manual approaches. My goodness, how are you making that fly? That for me, actually raises more red flags than it’s actually solving. So I think, if you as one of the listeners are using a manual approach to your compliance oversight, I think you really do need to think that through really pretty carefully, because not only are you creating a lot of problems for yourself, I suspect your regulator is going to ask you some pretty serious questions about all of that. And not only is it straight up, say email, you need to get right in terms of surveillance. And I mentioned a bit earlier that fines in the US they were the SEC fines on banks. Now, FINRA and other US regulators have got a real communications compliance focus as well. And they’ve had a number of fines very recently, where just straight up email surveillance has simply not been good enough. And one firm late last year, was fined for worse, they were looking at their emails, they weren’t looking at any of the attachments to the emails. Oops. So all of that has got to be rewound and redone. So you’ve got email you absolutely have to do. But picking up on what Stacey said, we’ve got chat, video, email, use of emojis, use of this use of that. But you as a head of compliance need something that means if your conversation starts in chat moves to video ends up with a round up on email is sprinkled with emojis throughout. Can you capture all of that? If for instance, you are trying to ensure, which all firms should be, that actually you’re not doing insider trading, or there’s market abuse going on. You need to be able to follow that thread, follow those breadcrumbs through that entire conversation, or else you’re not doing your oversight job at that point. And equally, if your system won’t capture emojis, your context of that conversation just went out the window as well. I mean, even this morning, Stacey and I had a chat conversation that involved emojis. Of course it did, because that’s how people work nowadays. But you’re gonna have to be able to capture that and then reproduce it should you need it. And that reproducing piece is not theoretical at all. And you may well have seen the Department of Justice again in the US just recently updated its expectations. Basically, you are going to have to be able to retrieve anything it wants pretty much swiftly and without delay. And there is personal liability associated with that if you can’t do that. And let’s be clear, the DOJ is not on its own with that. So, yes, there are a whole stack of challenges and yes, chat, video, email, use of emojis, whatever. If you can capture that properly, and have I would suggest a suitably AI enabled solution to oversee it. You are going a very long way to being able to not only be compliant but evidence you’re compliant. And I’m repeating myself here. If you’re still using a manual approach to oversight, I think you really need to look at that really pretty quickly to be perfectly honest.
Kimberley Cole 30:00
I think it’s quite fascinating because especially when you talk about the communication through emojis, maybe I’ll add in this link, but someone sent me this six question test of, could you understand what A Gen Z person was saying to you with the use of words or emojis? And some of it was like, not what I would have interpreted the messages to be. So it’s quite a funny one in terms of that generational use. And one of them was, if you use just the standard smiley face, like the, you know, if you were going to deal with the colon brackets, that’s seen as not positive enough by the younger generation, you need to use the big smiley face, or they think that you’re being quite negative about whatever you’ve sent them. I don’t know how you kind of get AI to learn this stuff. Quite interesting!
Susannah Hammond 30:57
Well, I should confess, I mostly just use the thumbs up because I know what that’s going to signify.
Kimberley Cole 31:05
Yeah, so really interesting. So obviously a great report, we’re gonna put the link in the show notes. Let’s go to the key takeaways. What should our risky women listeners, take away from the report?
Stacey English 31:19
I’ll start. Okay. A couple of things I think, not necessarily findings of the report, but something I would suggest we need to be more aware of is compliance teams and technology teams work together. I think that’s a bit of a change. And actually, everything’s so closely combined now. So that technology needs to understand where compliance are coming from, what is it that they need, what the expectations of them, because obviously, they’re answerable, and compliance needs to be involved in those decisions earlier. I think they’re no longer separate departments. There’s so much overlap. So that’s something doesn’t mean compliance has got to become techies. But I think those worlds need to be closer. So I think I’d be looking to build some relationships there and understanding. And then, obviously, we’ve talked a lot about having platforms, communication platforms, make the most of these platforms that you’ve got. They are designed, the Zooms, the Microsoft Teams, the RingCentrals, those big platforms, and many others, are designed for compliance. Don’t be locking them down and pushing people out to do other things that aren’t monitored – that’s far more risky. I think it’d be my biggest takeaway.
Kimberley Cole 32:17
Interesting. Any other takeaways from you, Susannah?
Susannah Hammond 32:21
Yeah I think I have two main ones. One is, and I know lots of folks will have done post pandemic reviews. But I think even with the post pandemic reviews, the sheer speed with which things like chat have been adopted and video being adopted is still something of a surprise to a number of people. So I would suggest you do need to look at the legacy solutions you have for overseeing all of that, for capturing all of that being able to retrieve what you’ve captured. Have a look at that as part of whether you add to a post pandemic review or just your annual review of the solutions you’ve got, I really would have a long, hard look and make sure you are able to not only be compliant, but, I’m again repeating myself, but evidence your compliance there because the regulators are looking, let’s be completely clear. And that links into my second point is please learn the lessons from the enforcements that have gone public. We already know that the regulators in the US are widening their search. It’s not just the SEC anymore, FINRA still has a communications compliance focus. We know the UK regulators are looking we know BaFin is looking, I heard from a friend the other day that the MAS is potentially looking so Monetary Authority of Singapore is looking. Regulators around the world get very nervous if they think there is something happening they do not have line of sight to. And if firms are not seen to have learned the lessons from the headline grabbing fines in the US, they’re really going to be on their backfoot. And the regulators will be much harsher with those that haven’t started looking, checking, making sure unmonitored channels aren’t being used. And the other bit I would weave into that is in a number of jurisdictions, there’s personal liability is a big potential. Now in the swathe the fines in the US we saw bonuses being taken away, we saw knuckles wrapped, or individuals have already been held at least partially accountable for those fines. Again, if firms aren’t seen to be doing something now, before the regulator’s start saying, Well, how do you know, monitored communications aren’t happening somewhere else? I think you would be in real regulatory jeopardy. So please look at those fines in the US. Please learn those lessons. And if you can get ahead of the regulator asking you questions, that’s the best possible outcome for you.
Kimberley Cole 34:55
Yeah, good takeaways there for everyone to think about. And obvious everyone should read this report. But when do you start working on the next report so that we can get everyone focused on helping whatever you need for that?
Stacey English 35:09
That’s a great question. I would think the summer. So UK summer, I think probably June, July time, we’ll have our next questionnaire go out. And so yeah, anyone who would be able to take part in that would be greatly appreciated.
Kimberley Cole 35:22
Excellent. Well, we’ll share that when you get that underway, and get views from our risky women audience. So now our kind of last section, which is just our risky women wrap up great to get some thoughts from both of you. So I guess one that we ask everyone is are you optimistic, pessimistic or neutral with your outlook for the year ahead? So Stacey?
Stacey English 35:45
I think I realistic. Some things just can’t be influenced. But I think the financial services industry has come through pandemic really well. We are where we are. We’ve transformed into hybrid working amazingly. And for that reason, I think yeah optimistic.
Kimberley Cole 36:02
Excellent. And, Susannah?
Susannah Hammond 36:03
I would echo the optimistic but I think that’s not without the headwinds. I think technology, good uses of technology, the right solution for the right problem, will transform and continue to transform what we do. What I do see is that a number of firms have legacy IT infrastructures, legacy solutions, they are going to have to take some pretty big decisions about actually, we need to upgrade. And I know that costs money, and I know the economic reality and all the rest of it. So those are my headwinds, but I think you get the technology, right, the world is your oyster. So for that reason, I’m optimistic.
Kimberley Cole 36:45
Great! The other thing we love to get off all of our guests is either a book to read, something to watch, or a podcast that you recommend. So Susannah, do you want to start?
Susannah Hammond 36:59
Well, Kimberley pre warned me on this question. So I actually had to look up the name of the book, because I’ve just finished it. And it’s excellent. It’s called Lessons in Chemistry by a lady called Bonnie Garmus. And I won’t give too many spoilers, but it is about a very unconventional woman who totally succeeds. And I’d thoroughly recommend it.
Kimberley Cole 37:17
Sounds great. And Stacey?
Stacey English 37:19
So I’m going to recommend a podcast series. And that’s Compliance Clarified. And that is something that Susannah actually started and has turned into the most amazing followers and readership. And I know, she’ll be back as a guest. And I’m sure she misses leading all those podcasts. But what a fantastic series to get off the ground and start and how practical useful.
Kimberley Cole 37:41
Well, I think she should come as guest presenter for Risky Women. So we’ll steal her away. But we love a good other podcast recommendation, because I’m an avid podcast listener. So thanks for that one. That’s great. And then my final question, to leave us with some inspiration for our risky women. I guess just a key message or a thought, or a quote, that will leave us with an optimistic thought.
Susannah Hammond 38:09
Well, for me, it’s believing yourself and believe in your intellect. Never actually doubt the fact you have a brain and you’re not afraid to use it.
Kimberley Cole 38:18
Stacey English 38:19
For me, one I’ve always been, I’ve always remembered he is you set the tone, as a manager, or part of a team, how you show up and your outlook and your manner actually affects everybody else. And I think when you become a parent, that’s true as well. If you’re down and negative, then probably everyone around you is. And if you if you even if you’re not feeling it if you set the tone, and you’re positive, actually, that can have such great results. So I would say you remember you set the tone and related to that you can always restart your day. So if you’ve had the worst morning traveling in, you can always just restart and refresh.
Kimberley Cole 38:50
That’s a very nice thought to leave us with. So yes, set the tone and even from a gray and dreary London and it’s a bit cold. It’s great to be here. And I do get inspiration when I come in and just from the environment to the buildings, etc. So it’s been absolutely fabulous speaking to both of you, I’m so pleased that we finally managed to coordinate this because I think we’ve tried for several years. So it’s brilliant, and I look forward to doing more with you and speaking again.
Stacey English 39:23
Absolutely. It’s so great to speak with you and we’d be very happy to speak again.
Susannah Hammond 39:28
Thank you very much. That was great!
Kimberley Cole 39:32
Thank you for listening to this episode of Risky Women Radio, be part of the ongoing conversation and learn more about our events and other programs at riskywomen.org