Annual Convention 2020 ERM Presentation

Annual Convention ERM Blog 2021

A lot of people think actuaries are boring.

If you said this to (most) actuaries they would argue against the stereotype. What do you think when you hear “compliance” though? I have to admit when I hear compliance, I think - boring.

Clive Kelly made the point that compliance suffers from poor branding in this respect, a bit like actuaries and risk officers, and there is more here to be considered beyond the stereotype.

To further challenge the boring stereotype – I’d venture that Clive’s presentation at the SAI Annual convention “Compliance and Risk – a match made in heaven?” was the only one involving singing convicts and babbling babies.  If you get a chance it is well worth a watch.

One of the key themes in the session is that, yes, compliance is about ensuring the company is legally and regulatory compliant, but he feels the need should be greater than just a regulatory need.

Clive discusses the many similarities between risk and compliance.

  • Good governance is central to both. Don’t tell me something is ok – show me.
  • Both have a dual role of police officer and counsellor.
  • Having a good understanding of the business is the most important part of the role he thinks – you don’t have to be a lawyer to be a compliance officer, the business knowledge is more important he thinks. This also applies to risk functions – having a good understanding of the business is key.
  • Specialisms have developed in the risk space – such as market risk or operational risk. This emergence of specialisms is also now happening in compliance, particularly in the areas of data privacy and protection or financial crime. 

As to where the functions sit - compliance could be seen as a sub-set of risk, and if so classifying it under operational risk makes sense. But Clive suggests there is value in having a separate compliance function (and thinks the next iteration of the corporate governance code will clarify this). If there is a separate function though, it should look to take advantage of the synergies on offer – through governance and committee structures, a common risk taxonomy, aggregate reporting where appropriate and co-ordinated second line testing with both functions.

Looking to the future, Artificial Intelligence technologies will remove some of the mundane tasks of compliance officers. Clive sees this as a positive rather than a threat to the role - nobody wants to be involved in these box ticking exercises. The challenge will be to get Compliance involved in value adding. Showing value is being added is a common challenge to both risk and compliance – the aim should be to get asked into conversations rather than bringing yourself into conversations

One key area where he thinks compliance officers can add value in the future is in area of culture. Culture is coming in terms of review and inspection of culture. Culture should be focused on achieving better customer outcomes and he thinks compliance functions could become the voice of the consumer inside the organisation.

Coming back to the point about there being a greater need than regulatory compliance - rather compliance functions being seen as checking compliance with the legislation there is a role to assess compliance within the company’s own moral compass too.

Clive presented his paper, 'Compliance and Risk – a match made in heaven?” at the SAI's first virtual Annual Convention in 2020 on 8th December, 2020.  For those previously registered, please use your existing CrowdComms platform link. If you missed out, register now to watch recordings of the event. Please see the SAI's Catch-up to the Annual Convention 2020 page here.

Clive Kelly is an experienced international financial services professional having held roles as CEO, Chief Risk Officer, Chief Compliance Officer and Chief Underwriting Officer for the largest global insurers and reinsurers. He currently holds roles as Chairperson, non-executive director, Chair of Risk Committees/Audit Committees.

The views of this article do not necessarily reflect the views of the Society of Actuaries in Ireland, the Enterprise Risk Management Committee, or the author’s employer.