Podcast S6E11 | Complexity of Compliance APAC: Debra Au

Podcast S6E11 | Complexity of Compliance APAC: Debra Au

Podcast S6E11 | Complexity of Compliance APAC: Debra Au 1400 788 Risky Women
Jenny Wong of Protiviti and Debra Au, Head of Legal for DBS Hong Kong, explore the complexity of the compliance landscape in APAC as part of the Protiviti 2023 Top Risk Report.

Debra AUManaging Director, Head of Legal, Compliance and Secretariat, Hong Kong and China at DBS Bank Hong Kong. As part of the Hong Kong Management Committee member, Debra heads up  the HK Legal Compliance & Compliance Secretariat teams and is the HKMA  s72B Senior Manager, HKEx Compliance Officer of DBS HK. Debra joined DBS  Hong Kong since June 2022 after 18 years serving as the Compliance  professionals in the Merrill Lynch, Goldman Sachs, Newedge/Societe  Generale and HSBC.

Jenny WongManaging Director at Protiviti. Jenny boasts a rich 18-year track record in management consulting, with expertise spanning Hong Kong, Japan, and the wider Asia-Pacific region. She is celebrated for her ability to craft robust, adaptable, and cost-effective business transformation models tailored specifically for clients within the insurance and financial services sectors. Jenny excels at driving the identification, development, and implementation of change programs aimed at propelling operational excellence, efficiency, and regulatory compliance.


00:01 Compliance landscape and career journey
04:42 Regulatory challenges and adapting to technological changes in APAC
10:02 Compliance function evolution and AI adoption in finance
16:48 Leadership and overcoming stereotypes

Protiviti is a global consulting firm that uses technology, innovation, data and analytics to create unique solutions that transform the field of risk management and solve industry wide problems.


Kimberley Cole 0:01
This is Risky Women Radio, a show that connects, celebrates and champions women in risk regulation and compliance. We’re here to share the insights on the biggest issues in our industry and hear inspiring journeys from our global members. Sign up to our newsletter at riskywomen.org. I’m Kimberley Cole, your Chief Risky Woman.

Jenny Wong 0:22
Welcome to Risky Women Radio broadcasting live today from Hong Kong. I’m Jenny Wong, Managing Director of Protiviti, and today we will explore the complexity of the compliance landscape as part of our Protiviti 2023 Top Risk Report. Today I have the pleasure of speaking with a special guest Debra Au. Debra is the head of legal compliance and Secretariat at DBS bank for Hong Kong, Macau and China. Debra has had a vast and enduring compliance career for 18 years, just to name a few of her career highlights being the Chief Compliance Officer for Hong Kong and Macau at HSBC, where she was instrumental in guiding the bank through the DPA and skilled person review. Debra’s compliance knowledge and experience was further developed from her time at Goldman Sachs and Société Générale. Debra, thank you so much for joining us today. And welcome to the show.

Debra Au 1:24
Thank you. Thank you, Jenny, for having me.

Jenny Wong 1:27
We would love to hear in your words about your story and your career journey. Debra, what is the biggest risk that you’ve taken in your career? And has it paid off?

Debra Au 1:41
Yeah, the biggest risk I taking in my career is the switch from my career in Soc Gen, as a pure compliance, and then when I stepped into HSBC, I actually getting myself into the frontline role into the COO office.

Jenny Wong 2:05
I’m sure during that big switch, and along the way, you’ve had obviously mentors and people who’s inspired you. So we would be really interested to know Debra throughout that journey, who’s inspired you the most?

Debra Au 2:25
I think is my mentor, my life mentor, really, someone you know, my my previous office, Eileen Flaherty, who actually inspired me the most, that the career advice that she gave me, and also, my other mentor called Gary DeWaal, who is very quite a distinguished New York lawyer, both our lawyers in US, one in Chicago and one in New York. And their combined career advice for me is, don’t limit yourself and take control of your own path. So that is one of the reason why I would love you know, being being in legal compliance or risk as the support function or control function previously being seen as cost center. I really want to understand the vast majority, you know, why we always being, you know, boxing into the boxes, as a control person where we don’t know the business. So that that is one of the reason why I put myself above my comfort zone and jump into a bank, which is, you know, shoving the precedent case as DPA, and then really rolling off nicely to try to understand what exactly is a problem in the business and how to help to provide inputs to contribute to the bank and subtle the crisis or challenges where the bank and financial industry is first and foremost facing.

Jenny Wong 4:39
That is some really good career advice. So diving in, more into our topic today, Debra, what do you think are some of the biggest regulatory compliance challenges facing the Asia Pacific financial institutions?

Debra Au 4:57
I really think you know, with the recent years of geopolitical uncertainty and the business, you know, evolving so fast, if you look into the market, if you are close to the business, you see Bloomberg everyday is changing the chart, you know, and the walls, you know, unexpected. I do think the biggest regulatory compliance challenges for APAC is to diversify, you know, jurisdiction with diversified regulatory requirements and landscape that the financial institution needs to comply with.

Jenny Wong 5:43
Yes, and I think that, you know, that that’s definitely one of the top considerations for a lot of the institutions nowadays. Moving on, I like to also get your thoughts, Debra, how do you see the compliance function changing, to adapting to the technical, technological paces, such as digital growth, entry into new markets? And also customers needing faster, easier and more efficient interaction with their financial institutions? And what are some of the consequences, would you say, of not keeping up with that pace with the business?

Debra Au 6:21
Well, I do think, you know, if given the world is changing, right, we’re not now using, you know, really new ways of working, like we’re now having the interview online, which is not, you know, usual 10 or 15 years ago, which, you know, I don’t want to quote how long I’ve been in the industry and in my age. So I do really want to highlight is, I can see that even the next, you know, five or whatever, very quick, near future, we don’t use PowerPoint presentations, in our governance forms for example, with the use of AI, technology, regtech and fintech, we may have some real time data. And then we can just use dashboard, real time clicking the button, compliance can do a real time tracking challenge to the business to the front line. And then we hold up a bit of our second line of defense roles, stewardship, to a hair to, you know, to our roles as a second line of defense. So if we don’t keep up the pace, and we’re not moving up enough to close to the business, and the consequence is that the business and us will lose touch will not be seen as the strategic business partner. So some of the quick, evolving landscape, like I want to use some sort of metaphor is that recently, I just, you know, finished my vacation from Greenland, and I passed through a couple days in Iceland. In October, I’m still able to drive and walk in the city of Grindvik in Iceland. Where else can get in November. You know, the whole city have to evacuate, Blue Lagoon with no tourists while a month ago, it still flourish with tourism. And a lot of people walking around everywhere and myself is actually enjoying the city with the prosperity in Iceland. And today, you can see with almost 20,000 air freight per day, and the whole city evacuate and the earthquake erupt. Everyone is like an empty Dead City now. So I think that agility is key and then keeping up the pace with what’s happening. And then close to the business is very important. Otherwise, how can you know, Iceland been able to interpret the earthquake is coming and they give us, I mean, give them, the warning signs to evacuate people from the city to the safe place. I think same amount of force applies.

Jenny Wong 9:43
I really liked that analogy. I think that’s just the emphasis to your point is just how quickly can we adapt and agility is really key in for us to keep up with the business. So Debra, looking ahead, I mean you’ve you’ve already touched on it a little bit. What do you think, or how do you foresee the compliance function forming in the next five to 10 years? How’s that going to differ from today? And, you know, you’ve already mentioned earlier AI, what role will AI play, and what will be the keys to success for us?

Debra Au 10:23
So, I think the cornerstone, really is to, you know, in the next five years, your compliance function is to maintain private public partnership, which is, you know, to work with the regulators together. Because technology is evolving, you know, every day who can imagine AI, then Gen AI, and so forth you know we are using today, right? I don’t want to use the word ChatGPT because in Asia it’s diversified, it’s generative AI. And now, what role AI can play or will play, I think it will be a majority of roles that help us do our work much more efficient, effective, and the human touch, still wouldn’t be able to, you know, completely supersede because the essence or the crux of compliance function is to give and provide quality and strategic advice, being the trust and value strategic partners to the business, and that I don’t think AI or generative AI will be able to master it. So as long as a good compliance officer keep up the pace with business, strategic partnership. And then also externally with the other hand, is public private partnership as the cornerstone, maintain a good balance act, and keep up ourselves with mustering the use and know how of AI and generative AI can help to do our work much more efficient and effective. You know, the next time in 10 years, I can only see risk compliance, second line of defense function will be even much more a key impactful role for the financial institutions, because we are helping them to grow business safely, and then to secure their success.

Jenny Wong 12:48
So it sounds like compliance will continue to play a very key role partnering to the business while utilizing AI to increase the efficiency. So it sounds like hopefully, I’ll be able to keep my job in the near future. Debra, you’ve also mentioned this a little bit already, but our friends at the regulator, what are some of the keys to maintaining a good relationship with them, especially in the current changing dynamic environment that we’re operating in?

Debra Au 13:22
I think fundamental is really the partnership and trust that we need to build. Work together in collaboration, and in a collaborative way, with the regulator together. On the key priority is where we all want the community, the industry to move forward to a better place to the better, you know, success and keep all these agenda, you know, in a transparent and collaborative way, in partnership, I think that’s kind of the cornerstone to maintain good relationship with the regulators.

Jenny Wong 14:11
Sounds like you’ve got the recipe sorted out there, maintaining the good relationship with our regulators and with the business.

Kimberley Cole 14:23
This episode is brought to you by Protiviti. Protiviti is a global consulting firm with deep expertise in transformation, risk management, and compliance, partner with Protiviti and face the future with confidence.

Jenny Wong 14:39
Debra, I’m now going to move on and I’m going to have to put you on the spot a little bit. I’d like to know in one word, from your opinion, what’s the most important trait that a CCO a chief compliance officer should have?

Debra Au 14:57
Okay, I think if you asked me this question a couple of years ago will be very different from now. I think a couple of years ago or you know, if you are having your career in compliance for long you think technicality for compliance to know how of the graduation be able to know the rules regulation inside out, maybe the most precious. But now, I will say it is not, to me, the most important, I think, know how is the basic, but strategic and thought leadership is, is the future that each CCO must have. Because we need to look ahead, keep pace with the business, partnering with the regulator, being forefront and having the forward opinion. Not being reactive, but more proactive compliance is really to the important trait of a CCO, that today, if you are the CCO is a must to have.

Jenny Wong 16:26
Sounds like an ever changing function compliance in the next few years. And I mean, I just have to give you guys a world of credit to be able to function in this in this environment. Debra, so looking into the year ahead, what is going to be your top priority?

Debra Au 16:56
I think my top priority is to keep on upskilling and upskilling and reskilling people, changing the old school compliance, allow me to use the word, mindset with, you know, from a reactive compliance mindset to much more a proactive mode. Because previously, we always use the word reactive perform. Now I would say compliance have to proactive, prevent, and preempt. Because we cannot get ourselves into the loop. If you see the history of each financial institution that moves from crisis, or some legacy history, is there no longer, you know, the luxury to be reactive and that we perform, we need to be proactive to prevent and protect.

Jenny Wong 18:15
Sounds like you just need to be 10 steps ahead every time. So that’s that’s definitely going to be an interesting journey for all of us. And Debra, as a final question, what is the one book that you would recommend to all the upcoming leaders within the risk and compliance space?

Debra Au 18:40
So there is a book that I really want to introduce to everyone, which is the book called, from Harvard Business Review, is Stop Worrying About What People Think of You. So I think later on I will the whole book name, and it’s a recently published book in under Harvard Business Review, and it talks about the idea of FOPO theory is fear of people’s opinion, I think, compliance and especially for female, if you are in the Risk and Compliance areas, and you are one of the female leaders in the chair. We tend to be very humble, because we female. And for new leaders, we try to always observe what are the old folks think of things, but because of that, we tend to think too much. And we limit our potential and try to let the Asian brain or others to take control of what we really think. So sometimes we may, you know, so one a bit because as a as a recent compliance, we might want to observe and a little bit conservative. But now with the evolving changing landscape, I do think the, the need to start taking back the control of ourselves in order to be comfortable, and able to speak up is very important. And recently, I learned from my one of our manager, he did say something, which also inspire me quite a bit. So he gave me a feedback and say Debra, you know, I think you’re a driven and aggressive person. And, you know, my immediate reaction when I head the work aggressive. And I found that, oh, why do you use the word aggressive? And he said what’s wrong with that? We need female on the table to our senior leaders to be a bit aggressive. But in my mind, the Asian mind, brain, I equally you know, think aggressive, equal sign to stereotype. So flip side of the coin? Yeah. Why? It has to be stereotype. So, so yeah, I think there’s always two sides of the coin. And I think this book will help a lot. And I highly recommend.

Jenny Wong 22:06
I really liked that last point. On the example you gave about the aggressive, I can certainly relate to that. And that resonates a lot to me as well, just as a senior female leader walking into some of these conference rooms nowadays. You know, it’s like, well, what is wrong with coming across as as aggressive? It’s, it’s, you know. So, thank you so much for your time, Debra today. You’ve certainly inspired me a lot. I’ll definitely go and look into purchasing that book and hopefully get even more inspiration from that book. So once again, thank you so much for your time, Debra today really enjoyed our discussions and all the best in the future.

Debra Au 22:56
Thank you so much, Jenny. And thank you Protiviti and Risky Women for having me. Thank you.

Jenny Wong 23:03
Thank you.

Kimberley Cole 23:07
Thank you for listening to this episode of Risky Women Radio, be part of the ongoing conversation and learn more about our events and other programs at riskywomen.org

Back to top
Privacy Preferences

When you visit our website, it may store information through your browser from specific services, usually in the form of cookies. Here you can change your Privacy preferences. It is worth noting that blocking some types of cookies may impact your experience on our website and the services we are able to offer.

For performance and security reasons we use Cloudflare
Click to enable/disable Google Analytics tracking code.
Click to enable/disable Google Fonts.
Click to enable/disable Google Maps.
Click to enable/disable video embeds.
Our website uses cookies, mainly from 3rd party services like Google. Define your Privacy Preferences and/or agree to our use of cookies.