Podcast S7E1 | Top Compliance Priorities 2024

Podcast S7E1 | Top Compliance Priorities 2024

Podcast S7E1 | Top Compliance Priorities 2024 1280 720 Risky Women
In this episode of Risky Women Radio, host Kimberley Cole kicks off Series 7 by discussing the predictions for 2024 in the field of risk regulation and compliance. She is joined by Carol Beaumier and Bernadine Reese from Protiviti, who share their insights on the compliance environment over the past decade and the evolving role of the Chief Compliance Officer.

They highlight the key priorities for 2024, including the need for proactive risk assessment, horizon scanning, managing digital risks, effective compliance monitoring, and adapting to changing resourcing needs. The discussion emphasizes the importance of staying ahead of emerging issues and adopting a holistic approach to compliance in order to navigate the external and internal challenges that lie ahead. This episode provides valuable insights for risk and compliance professionals to effectively address the evolving compliance landscape in the year ahead.

Carol Beaumier is a senior managing director in Protiviti’s Risk and Compliance practice. Based in Washington, D.C., she has more than 30 years of experience in a wide range of regulatory issues across multiple industries. Before joining Protiviti, Beaumier was a partner in Arthur Andersen’s Regulatory Risk Services practice and a managing director and founding partner of The Secura Group, where she headed the Risk Management practice. Before consulting, Beaumier spent 11 years with the U.S. Office of the Comptroller of the Currency (OCC), where she was an examiner with a focus on multinational and international banks. She also served as executive assistant to the comptroller, as a member of the OCC’s senior management team and as liaison for the comptroller inside and outside of the agency. Beaumier is a frequent author and speaker on regulatory and other risk issues.

Bernadine Reese is a managing director in Protiviti’s Risk and Compliance practice. Based in London, Reese joined Protiviti in 2007 from KPMG’s Regulatory Services practice. Reese has more than 30 years’ experience working with a variety of financial services clients to enhance their business performance by successfully implementing risk, compliance and governance change and optimising their risk and compliance arrangements. She is a Certified Climate Risk Professional.

00:01 Compliance predictions for 2024 with industry experts
05:36 Importance of internal and external factors
11:42 Lessons learned (or not)
19:05 Next 10 years and technology evolution

Protiviti - Top-of-Mind Compliance Issues for Financial Institutions in 2024

Protiviti is a global consulting firm that uses technology, innovation, data and analytics to create unique solutions that transform the field of risk management and solve industry wide problems.

Podcast S6E2 | Top Compliance Priorities 2023 1920 1080 Risky Women

Podcast S6E2 | Top Compliance Priorities 2023

Podcast S5E1 | Compliance Priorities for 2022 1920 1080 Risky Women

Podcast S5E1 | Compliance Priorities for 2022


Kimberley Cole 0:01
This is Risky Women Radio, a show that connects, celebrates and champions women in risk regulation and compliance. We’re here to share the insights on the biggest issues in our industry and hear inspiring journeys from our global members. Sign up to our newsletter at riskywomen.org. I’m Kimberley Cole, your Chief Risky Woman.

Welcome to Risky Women Radio. Today we are kicking off Series 7, and we are going to look at our predictions for 2024. This is the third year that we have done our predictions. And we have once again our stars of the show Carol Beaumier and Bernadine Reese from Protiviti. And before I let them come in, and introduce themselves, I just want to say how excited we are to have this happening in what is our 10th year of Risky Women. So it’s a great way to start the year. And it’s a great way to think about what are those risks and opportunities that we see for the year ahead. So welcome, Carol and welcome Bernadine. And can I get you to say hi, and introduce yourselves? Maybe start with you Carol…

Carol Beaumier 1:17
Of course. And first of all, let me say on behalf of Protiviti, we’re delighted to have this association with Risky Women and all of the great work that you do. I’m Carol Beaumier. I’m a senior managing director with Protiviti I’ve been with the firm since we started 20 plus years ago now, I have worked in the regulatory space, both of my consulting career and in former lives working in financial institutions. And as a regulator, I spend a lot of my time in the financial crime space, not just in the US, but working with my Protiviti colleagues across the globe.

Bernadine Reese 1:53
Hi, my name is Bernadine Reese, managing director at Protiviti, in our London office. Like Carol, I extend our congratulations to Risky Women and Kimberley for your 10 years of fantastic achievement. So I’ve focused in financial services for most of my career, and regulatory compliance more broadly for a good number of those years. As you’ll see, it’s a full and packed agenda for the compliance officer. And there’s plenty keeping us busy on a number of topics that we’re going to discuss today as well.

Kimberley Cole 2:24
That’s fantastic. And I mean, you’ve both had long and distinguished careers in compliance. And before we get into the 2024 priorities, I thought it would be fun to sort of reflect briefly on the compliance environment over the last sort of 10 years. And what do you see is the real the difference in terms of what we were focusing on then versus maybe the role of the Chief Compliance Officer and how those things are different today. But yeah, I’d love your thoughts. So Carol, do you want to kick off there?

Carol Beaumier 2:55
Yeah. So when I think about what the environment was 10 years ago, what I recall is that the industry at the time was very much focused on implementing the myriad regulations that came out of the great financial crisis. That included looking at governance and conduct issues that were very apparent leading up to and during the crisis. And we probably at that time, have a think about it started ushering in a period of personal accountability, whether that was potential clawbacks or personal financial penalties or even being barred from the industry in an extreme. I also think it was just about the same time that FinCEN issued, its seminal advisory on the culture of compliance and the importance of culture in maintaining an effective anti money laundering programme, certainly a supplement that picked up a lot of steam across the globe, and, and something that we still talk about a lot today. So those are the things that come to mind first, for me.

Kimberley Cole 4:02
Really interesting. And what about for you Bernadine, what have you sort of seen the shifts over the last 10 years?

Bernadine Reese 4:08
Yeah, always interesting to look back Kimberley and I’d start by saying that the compliance agenda has always been packed. If I think back 10 years ago, it was a busy agenda. It’s equally if not more busy now. But I think looking back over those 10 years, the compliance agenda at the time covered well known issues, pretty much all of which are actually still familiar to us today and with us, so financial crime, compliance, governance, trading and business related issues like market abuse and customer protection. But today’s compliance officer is deeply involved in a much wider range of issues that weren’t on the agenda 10 years ago, and that’s driving a lot of those emerging issues that we’re seeing.

Kimberley Cole 4:53
Yeah, and I think last year when we spoke, a lot of what we covered there was that increase have that sort of 360 degree view that the compliance officers taken, which is, you know, incredibly interesting, but also challenging. So I recommend everyone goes back and has a listen to that as well. And I want to come back to that historical perspective later. But let’s move on now to the current priorities as you see them for 2024. And I really liked how you kicked off your report that you do annually, reflecting on whether your 2023 predictions were accurate. So what prompted that approach?

Carol Beaumier 5:35
So we can thank LinkedIn for that toward the end of last year, as people started publishing predictions for 2024, for one of my LinkedIn contacts, posted a note that said he wasn’t reading any more top 10 lists, until the author’s proved that their prior predictions have been accurate. So that seemed like a pretty fair ask to us. So before we started putting together 2024 lists, we decided we’d look back at the predictions that we made for 2023, and see how well we had done. So we did that. And we concluded that with the exception of crypto, which we did mention, but with the benefit of hindsight, probably could have drawn more attention to we were actually on target. So we feel good about our 2023 predictions, we stand behind them. And we hope that we’re as accurate this year.

Kimberley Cole 6:30
That’s fantastic, I love that. And obviously, everyone can go back and listen to last year’s podcast and see what they think as well. That’s terrific. And this year, you’ve identified even more priorities, you’ve gone for 15 versus 10. And you’ve organised the priorities differently than you did last year. So tell us more about the thinking there.

Bernadine Reese 6:53
Indeed. So in terms of the numbers, I mean, I mentioned earlier how the compliance agenda is expanding rapidly into these new risk areas that would have been unfamiliar to compliance officers 10 years ago, or certainly wouldn’t have been within the remit. And many of those topics are now pressing issues in 2024. And so as we started our list, Carol, and I reflected that the compliance agenda is significantly impacted by a whole number of kind of macro issues now. So the remarkable march of big technology and the impact it has on our lives, the geopolitical situation, the emergence of new political priorities. But we also recognise that the economy, and the pressure to reduce costs can have a big impact on compliance teams as well. So we felt that in this year of all years, there was a need to recognise that much wider pool of priority items.

Carol Beaumier 7:50
We kind of carried that forward to why we split them the way we did this year, and we’ve always included both external and internal issues. But as we were putting together the list this year, it just felt like there were more internal issues that we wanted to call out. And I think as we discussed some of these, and we came clearer why, but we just thought it made sense to make them their own category this year.

Kimberley Cole 8:14
Yeah, I thought that was interesting that you structured it that way, the internal and external and external priorities still outweigh the internal factors. But why did you sort of think about it that way now?

Carol Beaumier 8:26
So I think that to maybe jump ahead a little and talk about some of the internal factors, what we started thinking about was the extent to which these internal factors really affect the overall effectiveness of a compliance function. So the internal priorities that we focus on this year were compliance risk assessment, horizon scanning, risk and change, digital risk, compliance, monitoring and resourcing. And when we started thinking about these, you know, we looked at risk assessment. And I think we would probably both say that risk assessments have tended to be a bit backwards looking or best case static and there’s really a need for them to be much more dynamic. Similarly, horizon scanning, poor horizon scanning means an institution really is not in a position to anticipate and to respond proactively just given the number of issues that compliance organisations have to deal with now, the risk and change the ability to kind of guide the organisation through the whole change process from implementation to sustainability of requirements needs to be a core competency today for a compliance function. I think going hand in hand with that, Bernadine already mentioned kind of the impact of innovation, particularly, as we’ve all talked about so much in the last year the impact of GenAI on Comm client’s functions, compliance monitoring, I also think of as something that can be a very valuable tool for proactively identifying and addressing risks. And then kind of finally, with resourcing, we were less focused here on headcount, and more focused on the realisation that the skills and experience that are necessary to maintain an effective compliance function today are very different than when we started out in the field and even different than what they were 10 years ago. So for us, all of these kind of had this underlying theme of needing to be proactive, to be successful in this space. And I think they underpin how organisations can deal with and respond to the external factors they have facing them.

Kimberley Cole 10:50
That’s interesting. And I guess, to that point, I mean, if you were thinking about best practice, what are you seeing in those sort of best practice organisations as to how they focus on some of these external or internal factors?

Carol Beaumier 11:07
So I think it is trying to kind of meld all all of these internal considerations together, to be in a position to be proactive. To not always be under the gun and responding to the latest regulatory criticism or the latest requirement that lands on their plate. I think that’s really key, especially in the complex environment that we’re dealing with today.

Kimberley Cole 11:32
Yes, agree, anything that you would like to add Bernadine in terms of things that you’ve seen across, you know, great examples.

Bernadine Reese 11:42
So I agree with Carol, I think that unless compliance teams have a fairly slick and regularly updated internal compliance function and team, there is a tendency to address some of the external risks in a very piecemeal way, or in a slightly reactive way. And that’s not how really, to get the best out of compliance. So the smoother things run internally, the perhaps a greater use of technology that’s available within the compliance team, the more teams are able to respond to some of these in a proactive joined up way, and get a better result addressing some of the external risks as well.

Kimberley Cole 12:23
This episode is brought to you by Protiviti. Protiviti is a global consulting firm with deep expertise in transformation, risk management, and compliance, partner with Protiviti and face the future with confidence.

Good chance to once again, do our sort of look back and look forward as part of our 10 year view. I want to ask each of you, what are the lessons that you feel that we’ve learned or that you wish we had learned maybe about managing compliance risk over the last 10 years?

Carol Beaumier 13:05
So I think a few things come to mind. One that I hope we’ve learned sometimes I’m not so sure. But one that I hope we’ve learned is that compliance really plays a vital role in partnering with business to do things right. I hope that we’ve moved away from kind of that traditional view that compliance is the cop there to stop the business from doing what it wants to do. I think this means that to go back to the prior comment about skill sets and experience, I think this means that CTOs really need to be adept at building partnerships and effecting change, so, again, it’s changed the dynamic the experiences that we’re looking for and a compliance officer. I think we’ve also learned as I suggested, in my response to your first question that we have ushered in a period where compliance officers can be held accountable for compliance failures. So I think that also requires resilience and courage often on the part of compliance officers and goes back to the support that you hope compliance officers have from the rest of the organisation. And then we’ve certainly learned that data and technology have never been more important to an effective compliance function. But I think we would all agree that we have a lot more work to do to be able to optimise their usage. So those are a few things. I’m sure Bernadine has more to add.

Bernadine Reese 14:35
Yeah. Thanks, Carol. So if I take the looking back first, and then maybe we can come to the looking forward and to some of the external risks that we’ve identified in the report? I think looking back they’ve definitely been valuable lessons learned. I think there are also lessons the industry doesn’t seem to learn no matter how many times we go through the same cycle. One of those relates to how we deal with regulatory criticisms and concerns. And we’ve seen this often whenever there’s a need for regulatory remediation, there seems to be a tendency to throw resources at the problem and add processes and controls, often with minimal concern given to integration and fixing the problem with the existing framework. And then victory is declared a number of those measures are rolled back and compliance is left managing the same very similar processes, more processes, sometimes with fewer people. And then we’re into history repeating itself very often. So something about breaking that cycle. And doing that better, I think is a key lesson learned looking backwards. Looking forward to some of the external risks. So in this survey, we identified nine, four of those were new to our list this year, and 2024. And five were still key priorities that we’d identified previously. And we didn’t rank these in any particular order. Given very different business models out there, no doubt, but new to the list were really a focus on ensuring good customer outcome, rather than designing and following processes without consideration of whether they achieved what was intended, and the impact on the ultimate customer, conduct and culture, and how the behaviours of management and employees impact really all aspects of compliance, including interactions and markets with customers and internally, and poor culture often results in poor behaviours that really heavily impact the rest of the compliance agenda and make compliance much more difficult if there is a poor culture. So that was a key one for us as well. We also added in new supply chain and third party risk management. So knowing who the business is dealing with, and outsourcing to and engaging with is increasingly important in so many different compliance issues like operational resilience and ESG, where we see growing focus on the regulators globally. And then Carol mentioned earlier, the extraordinary tale of the crypto markets and prosecutions in the US and really the emerging developments of crypto regulation has been such a key feature of the past year. And it’s definitely one where we expect to see and hear more over the coming year. And then if I take a few minutes to run through some of the issues that we previously identified as priorities, and we think still worthy of a place on the list this year. So artificial intelligence, where the launch of ChatGPT brought AI technologies to the forefront of public attention and caused a huge governmental and regulatory focus. We continue to see operational resilience as a key issue, especially with the rise and rise of cyber attacks, reliance on third parties such as outsources and critical technology providers, the geopolitical global position continues to drive significant expansion of the sanctions regimes globally, with sanctions evasion an increasing risk and regulatory enforcement very much in progress. And then alongside that, as technology is adopted by criminals, we’re seeing convergence of financial crime issues in many areas, and the need to address them in an aligned way. So for example, data harvested from cyber attacks might be used for fraudulent activities, or identity theft or to perpetuate financial scams. And then finally, our final existing item carried forward is environmental, social, and governance is continuing to be a huge agenda and drive a big regulatory action plan, much of which is not necessarily globally aligned at the moment. And the lack of reliable ESG data continues to provide yet further challenges for compliance teams as well. So that’s probably enough of a look for and I’ll stop there!

Kimberley Cole 19:05
So many big items on that list! And you were just making me think it would be so good to actually go through maybe some case studies on some of those things to show how intertwined everything is. And you just think of some of the big scandals that have happened recently. You mentioned crypto, but crypto was interesting even that that fake tweet came out saying that they’d made this change to the the rules that someone had packed into the systems of the regulator.

Carol Beaumier 19:38
You raise a great point. I think, Kimberley because I think as we’ve found, as we’ve written on some of these other individual topics, that inevitably we’re blending a number of these topics because they do all converge.

Kimberley Cole 19:52
Yeah, especially as you said now with technology and some of the outsourcing projects and obviously here In the UK with the whole post office scandal is another very interesting one that brings together a lot of those elements that you said, from technology to culture to outsourcing. So yeah, I mean, maybe we do another, another session where we do case studies and learnings that we found through…

Carol Beaumier 20:19
We’ll have to come back!

Kimberley Cole 20:20
…looking at other areas. But everyone should also in the shownotes, we will put where to find the report. So if anyone actually wants to read the physical report, they can easily find that. And we often also put out some other reports on the Risky Women website from Protiviti, that you might like to view as well. But so it’s been fun looking at, obviously, our year ahead and what you see coming up and also this reflection on 10 years. So I think what I would maybe like to end with is there’s still a look forward, but maybe in a few words, you could describe how you think compliance risk management will change in the next 10 years. So this is a big ask to kick off with. So maybe Carol, do you want to give us your views of predictions 10 years ahead?

Carol Beaumier 21:17
So I’m gonna take a very upbeat point of view and say that in 10 years, maybe fewer, I hope that all compliance organisations have their own team of GenAI assistants, who helped them with risk assessments with compliance monitoring, with horizon scanning, so that the CCOs and the senior compliance people can really spend their time being the strategists and the expert advisors who guide their organisations on the best way to comply.

Kimberley Cole 21:48
Excellent. That’s fantastic.

Bernadine Reese 21:49
I love Carol’s optimistic notes. So if I think forwards 10 years, I’d hoped that we’d have more global alignment on regulation and probably greater sources of reliable data, to enable compliance officers to develop a technology rich data led approach to compliance, and to enable a truly global compliance approach to be adopted in a number of areas to improve those internal risk management and compliance risk management processes, and allow that greater focus on emerging risks and what could be improved and what can be done better from an external perspective as well. So I doubt we’ll have achieved all of that in 10 years. But wouldn’t it be lovely to be a lot closer than we are now?

Kimberley Cole 22:37
Well, it’ll be interesting, we can always come back and listen to this 10 years later and say, see what’s happened. So with that, I will say a big thank you to both you, Carol. And you, Bernadine. It’s been a pleasure for our third year in a row and may long it continue to talk about the predictions for the year ahead. So thank you.

Carol Beaumier 23:00
Thank you, Kimberley, always great to have the discussion with you.

Bernadine Reese 23:04
Thank you so much. It was lovely catching up as well.

Kimberley Cole 23:06
Pleasure. And this, as I said, with our 10 years, we have lots of celebrations planned. If you go to our website, which is www.risky women.org, you will see all of the things that we have coming up, you can join our membership and get access to members only events. We’ve got some fabulous what we’re calling Rev Up sessions, which will help you develop your superpowers and build on the extraordinary skills and capabilities that we already have in the network. But we’re focused on everything from media training, we’re going to launch a fun writing skills competition to get some more compliance content out there from all of our membership. And obviously, it’s about the community, the network. There’s a range of directories. There’s a whole great list of women to watch you can use as mentors and just general inspiration. So please take a look at the Risky Women website and come along and be part of our tribe. Thank you all for listening.

Back to top
Privacy Preferences

When you visit our website, it may store information through your browser from specific services, usually in the form of cookies. Here you can change your Privacy preferences. It is worth noting that blocking some types of cookies may impact your experience on our website and the services we are able to offer.

For performance and security reasons we use Cloudflare
Click to enable/disable Google Analytics tracking code.
Click to enable/disable Google Fonts.
Click to enable/disable Google Maps.
Click to enable/disable video embeds.
Our website uses cookies, mainly from 3rd party services like Google. Define your Privacy Preferences and/or agree to our use of cookies.