Having A Conscience | With No Top-Down Compliance Culture

By Coral Erkkila, Compliance & Risk Manager


With my children leaving the nest it was time to head out on my adventure. I had been working in the Trustee industry for several years and was a qualified financial advisor under the FMA.


I decided to travel to the Pacific because of the Trustee Industry with six trustee companies based there. And with an interest to change my lifestyle and ‘going troppo’ was an ideal choice. For the first year, I worked for one of the trust companies, however, in my second year I secured a job as the Compliance & Risk Manager for a private bank where I remained for approximately 6 years.


Life as a Compliance & Risk Manager


Two weeks into my role someone senior in the organisation asked me my thoughts on an AML compliance matter. I considered the question posed and gave my reply to which the response was “I didn’t realise we’d hired a Compliance Manager with a conscience” It was then that I realised that this would be the most challenging role of my career.


For the first few years, there was very little, if any support from the top-down as far as Compliance was concerned. It was almost as if I was there on paper, employed to meet a regulatory requirement but not accepted as having or adding value to the business.


Not having the support from the top down to encourage a strong compliance culture meant that there were constant challenges in training the staff, funding being one of them and getting their buy-in to implement new processes and improve the overall standards. It felt like being isolated within the company as though compliance was considered a low priority or an evil necessity.


During the first few years, other major challenges presented themselves and in early 2016 I was settling into my new role, getting familiar with all aspects of the operations of the bank when due to a worldwide de-risking phenomenon we suffered the loss of our main correspondent bank and as a result, were nearly forced to close.


This experience highlighted one of the most important risks that faced our bank (loss of correspondent partners through de-risking) and the importance of achieving and maintaining a good reputation both on the island and internationally. Fortunately, with the support of the majority of our clients, and a lot of hard work in sourcing further correspondent partners and perseverance we managed to avoid the worst-case scenario, closure.


New regulations, total overhaul


My second year saw a new set of regulations introduced under the Financial Transaction Reporting Act 2017 which meant huge changes to requirements and a total overhaul of all policies and processes to meet those requirements.


I found myself writing the bank’s Risk Appetite statement, Risk Management Framework and everything else that fell under that umbrella. This was a huge challenge and learning curve for me and through a lot of research and hard work managed to create a framework that not only met our regulatory requirements but the bank’s overall strategy.


2018 brought the country’s Mutual Evaluation by the Asia Pacific Group (APG). The bank was one of the entities selected to participate in the question/discussion sessions with the APG panel. The process highlighted the need to work together with regulators to achieve high standards and a good reputation not only for the bank but also for the country as this could affect our business long term.


Our bank employed approximately 10-12 people with four staff forming the senior management team, three men and myself.


Male senior managers were always included in decisions affecting the bank, where I was often excluded. On one occasion a strategy planning session was organised which was to include all the Board members as well as senior management. It came to my attention through an email that there was a query about whether or not I should be included. It was apparent that my opinion was considered unimportant and of little or no value.


On numerous occasions, I was not advised by other senior managers of risks posed to the bank. Often, I only found out a long time after the fact and then only because I overheard a conversation and queried it.


An example of this was a ransomware attack threatening the bank and wanting a bitcoin payment. When I queried why this hadn’t been brought to my attention, I was told it was on a need-to-know basis. When I challenged this decision, I was simply dismissed.


Learnings


I have learnt to be strong and stand up for what I believe to be true, be unafraid of voicing my opinion and share my passion for Compliance with those around me. Maintaining standards even when others drop theirs. Persistence, persuasiveness is required and an understanding of the balance between compliance/risk and the growth required for a business to succeed.


Highs


Having faced a multitude of challenges presented in this role and coming out the other side having achieved great results and still feeling passionate about Compliance & Risk.


Building a very strong relationship with regulators, working together to create a strong AML environment, and improving the overall reputation of the bank resulting in a strong Mutual Evaluation for the country.


Becoming aware that the FBI had tried to open three new accounts with our bank … like a mystery shopper, checking if we were weak in our AML requirements and procedures. I had declined all three new accounts.


Being the sole person responsible for setting up strong procedures and policies in a high-risk business with predominantly high-risk customers and after having a very thorough external Audit by a New Zealand company, receiving great results.


Attending the FIU/ACAMS conference in Wellington each year and meeting numerous like-minded people who are passionate about the work they do.


Lows


Constantly battling to try and get buy-in by senior management to support and encourage a strong compliance culture


Regular roadblocks, making it difficult for me to do my job, achieve my goals and lift the overall standards of compliance within the bank. As a female, not being included and feeling undervalued in the male dominated senior management team.


Towards the end of my contract, an internal applicant with next to no Compliance & Risk knowledge, with no experience or training was appointed as my replacement and I was expected to train her. Unfortunately, while processes can be taught it is impossible to make someone think for themselves, be willing to query and investigate scenarios and be passionate about Compliance & Risk.


In my opinion, this role required a person with at least 3-5 years of compliance and risk experience, someone who was strong and who would not be afraid to stand up and voice their opinion and certainly not a ‘yes’ person. The appointment appeared to be a move to eliminate the independent nature of the Compliance role.


As a result, I noted this as a Risk to the bank in my last Audit & Risk Committee report.


Coral Erkkila, Compliance & Risk Manager
Coral Erkkila, Compliance & Risk Manager


Read more about AML compliance with Dr AML, in 'Exposed: the Pandora Papers shine a light on New Zealand's AML compliance failings'.