Speaker 1: Hi there. So we're back and we're ready to go. It's a new year. We've got new lineup of videos that you can expect from Compliance with Kudzai. I am well rested. I had a great festive season with family, friends, loved ones, but now I'm ready to get to work. And boy is it going to be a year filled with so many great videos. I'm just so many ideas and that's I think is the advantage of taking some time out to really just rest and think because my mind was exploding with ideas. And over the next few weeks, months, whatever, I'm going to be sharing those with you and making this great content. And you guys are going to continue learning with me. And as always, please do share your ideas as to what you would like to see from me as well. That really, really is helpful information for me. And as always, I will try my best to create those videos. So thank you for staying with me, being patient while I got this much needed rest, continuing to watch the videos as well. You know, I saw some of your comments coming through and responded as to as many as I could. I really, really do appreciate the continued support, even when I'm not posting videos. So the way it is over people, let's get stuck into this new video. And today I was thinking, we talk about a lot on compliance with Kudzai, but maybe just maybe let's start the year off with some basics. So today it's compliance risk management explained. So if you've ever said, okay, I want, I want to do compliance. This is what I think it is. Well, today I'm going to share with you exactly what compliance as a discipline in terms of risk management, all of that it's all about. And hopefully you will gain the clarity that you need as you move forward, because, you know, as with all things, if you're building something, you have to have a solid foundation. So today we're going back to the basics and talking about compliance risk management explained. Amazing. Okay. So what is compliance risk management or what is compliance risk? Let me start there rather. So compliance risk is the risk of a negative consequence being faced by an organization as a result of them failing to meet the obligations or act in accordance with various laws and regulations that apply to them as a result of the business activities that they conduct. So if an organization is a financial institution, they are laws and regulations that apply to that financial institution. It can be about market conduct. It can be about trading. It can be about anti-money laundering and counter-terrorist financing, data privacy laws, a multitude of laws. And even if it's not financial services, financial services is always a great example because it's a heavily regulated area. But pharmaceuticals, fast FMCG, fast moving consumer goods, mining, as long as there is a law that applies to the business activities that are being done by a certain organization or company, then that triggers a need for them to act in accordance with those laws. And so compliance risk is the risk that they fail to do that either through ignorance. We didn't know this applied to us or in some unfortunate cases, willfully and intentionally trying to get around the regulations and the requirements because they feel that it's going to impact our bottom line, whatever the case is, or they want to do a quick deal, whatever the case is. So compliance risk is what you will have to face as a consequence. If you fail to comply with the laws and the regulations that apply to your business. Okay. So what is compliance risk management? Compliance risk management is therefore the discipline or the art, if you ask me, of making sure that an organization is firstly aware of the laws and regulations that apply to it as an organization resulting from the business activities that it conducts. And then taking that knowledge about the laws and regulations, identifying what the potential risk areas are. So if you need to comply with requirement ABC and you don't do it, this is the consequence that you're going to face. If you need to comply with CDEFG in this law, this is the consequence that you are going to face. So it's about being able to identify overall all the laws that are going to apply to your business. And then specifically, what are the requirements when those laws that your organization needs to comply with? And then what are the consequences of failing to comply with that? And once you've identified what you need to do, the consequence of failure, what are the controls that we then get to put in place and say, what can we do within our operational processes, our technology, our people, management, education, training, all of that, what can we put in place to minimize and better manage the probability or the likelihood of this risk actually materializing? So for example, if you think human error is going to result in a breach of a regulatory requirement, then training your staff and employees on what they should and shouldn't do is going to minimize the likelihood that they will make those mistakes. And therefore, we have put in place a control, which is training as an example, to minimize the risk. So compliance risk management is really about how can we reduce, minimize, it's very hard to completely eliminate because life happens, technology fails, people make mistakes. How can we reduce, minimize, better manage our environment so that it's not just, you know, breach is left and center? They may happen, it might well happen once every 10 years, if you've got a controlled environment, you might be lucky and it never happens at all. But at least you need to be proactively putting in place processes, procedures, controls, training, technology, whatever the case may be, to help you limit the chances of that consequence that you've identified earlier on actually materializing in real life. So overall, that is compliance risk management. I mean, there's a whole lot sitting under there, the risk assessment process, the risk identification process, control design, and all of that wonderful, fun, beautiful stuff that I like to get my teeth dug into. But overall, as a high level kind of explanation, that is what we're doing when we're talking about managing compliance risk. We're managing our exposure to make sure that we are not facing consequences such as fines, penalties, having your license to operate taken away, having your products recalled, whatever the case may be. We don't want to face those consequences. So what controls can we put in place to minimize risk events from happening? So that is compliance risk management. So what's the role of the compliance officer in all of this and who actually owns compliance risk? I think this is one of the biggest areas of confusion, lack of clarity, like whose responsibility is this? Is it the compliance officer who owns compliance risk? So I'm here to clarify that for you just a little bit more. So the role of the compliance officer is to do everything that I've just described in the last few minutes. Identify the risks, see what the impact of that is for the business, and then you engage with the business and make sure that they're aware of their risks. They own the risks because it all sits within the operations of the business. They're the ones who are day-to-day making trades, making decisions, determining strategy, which country they're going to be in, what products they're going to sell, which mineshaft is going to be sunk away, all that good stuff. The business makes those decisions and they need to make those decisions with awareness of what the laws and regulations are, what risks they face. And our job as compliance officers is to advise them of if you want to do this, you can go ahead and do it, but first you need a license, first you need these permissions, first you need to put these controls in place to make sure that customers have got no detriment. They need to have this information and sign up to that and consent to this. That is our role as compliance officers. And then the business then needs to implement that as they implement their strategy, launch their products, whatever the case may be. So the business owns the risk. We advise them based on the knowledge and expertise that we have as compliance officers around the laws that, okay, these are the parameters that you need to set around these products. This is how you need to protect customers. The type of disclosures that you need to make before and after pre-sale, post-sale, all those type of things. Your agreements with customers have to have this type of language so it's not too complex. You know what type of customers are targeted. Is it a complex thing that should be for sophisticated customers or, you know, it's just kind of a simple product that everybody can understand so you don't need to ring-fence it in any sort of way. So all of those type of things based on the information in the regulators, in the regulations, are what we need to be advising the businesses and all of that. And then they need to take what we've given them. And obviously we're working this journey with them. We don't just kind of be like, do this, do that, and walk away. It's very much a collaborative effort. You have to be part of the conversation at all times and making sure you're advising them as they go along. And in the event that something does go wrong intentionally, unintentionally, negligence, whatever the case may be, we then have to help the business with surviving that process. Whether it's about how do we minimize the damage? How do we notify customers and the regulator that this is happening and make sure that they don't have any consequences? How do we ring-fence this and protect, you know, stop the damage from becoming a big thing and keep it as a small thing? You know, we walk that journey, advise the business, and then how do we fix this so that it never happens again? Fingers and toes crossed. And what was the reason this happened in the first place? And we walk that journey with the business and plug those holes, close those gaps, and make sure that the control environment is adjusted to make sure that that thing, whether it's a data breach or a big transaction going through without sanction screening, and it turns out that there are sanctioned entities involved, whatever the case is, wherever the breach happened, we need to be part of that remediation process. So the role of the compliance officer is really to work with the business, helping them understand where their risks lie, how to manage their risks, how to minimize the damage if a risk does occur. But ultimately, the ownership of the risk sits with the business, and it's not, oh, compliance belongs to compliance, because compliance is not sitting there in the operations, pressing buttons, doing trades, so we can't own the risk. The business has to own the risk. So I hope that has given you a lot more clarity around compliance, risk management, compliance risk, who owns the risk of compliance, and obviously, you then have your regulators, and they have their roles. They're the ones that are putting in place the laws and the regulations that apply to certain activities. If you're familiar with the cryptocurrency space, you know that came into play over the last few years, and regulators have been looking at the approach and being like, oh, should we regulate? Shouldn't we regulate? And globally, there's been question marks, but there's now been a shift to regulating this activity, and now whoever's been conducting in it, whether they've been at a platform level or actually trading in cryptocurrency, are going to have to have licenses and permissions and be subject to supervision by regulators. So regulators are the ones that are responsible. It's like, okay, this is the market that we need to control as a whole, where all these players are. What rules do we need to put in place to make sure that everybody is playing fair, there's no one who's got an unfair advantage, there's not going to be detriment, and they're not going to cause instability, which can cause things like the financial crisis of 2008. So that's the regulator's role. Create the rules of play for everybody operating in that specific industry, have oversight, supervise, tweak things if they think things need to be tweaked. If there's innovation such as cryptocurrency and all of that that's been happening lately, they need to have a look at that and decide if it needs to be regulated, and if the decision is yes, put in place laws and adjust accordingly. And then we as compliance officers have to stay on top of all these developments in the industries in which we work in that, oh, these new regulations are coming up, this has changed from the old position, and make sure we are communicating that to our business and advising them in their day-to-day operations, as well as a strategic level when they're talking about what's our five-year plan, whatever, what the impact of that regulation or potential upcoming regulation is going to be to the plans of the business in the future. So that is it, ladies and gentlemen. I hope you fully understand when you say I want a career in compliance that this is what you're signing up for. You could then also specialize into a specific subject matter. If you're saying I want to do this but in the AML space, then it's everything that I've just described to you but pertaining specifically to a subject matter like AML, or data privacy, or fraud, or anti-corruption, whatever the case may be, depending on your interest. But overall, the subject matter, the parameters, the overall understanding of how it works from a compliance risk management perspective is exactly the same. All right, if you do have any questions, if something wasn't clear, you feel like I didn't go deep enough, please ask in the comments. I'll be happy to elaborate and clarify in there. I'm always reading them. Like I said, even when I was on holiday, I kept abreast of the comments on the video. So post your comments. Please do like the video, share, and of course, don't forget to subscribe to the channel. All right, until next time, guys, and remember, put that notification button on because I will be posting a lot more great videos for you in the near future. Absolutely. All right. Bye, guys. Thanks for watching.