Risky Women Podcast | Complexity of the Compliance Landscape Jenny Wong, a managing director at Protiviti, engages in a conversation with Debra Au, a managing director and head of legal, compliance and secretariat, Hong Kong and China, at DBS Bank Hong Kong.Watch the video podcast as Jenny and Debra delve into the regulatory compliance challenges confronting financial institutions in the Asia-Pacific (APAC) region. They discuss the adoption of compliance measures in response to technology advancements, anticipate future challenges, and conclude by sharing Debra’s sources of inspiration and the best career advice she has received.Listen now Read transcript + Kimberley ColeThis is Risky Women Radio, a show that connects, celebrates and champions women in risk regulation and compliance. We’re here to share the insights on the biggest issues in our industry and hear inspiring journeys from our global members. Sign up to our newsletter at riskywomen.org. I’m Kimberley Cole, your Chief Risky Woman. Jenny WongWelcome to Risky Women Radio broadcasting live today from Hong Kong. I’m Jenny Wong, Managing Director of Protiviti, and today we will explore the complexity of the compliance landscape as part of our Protiviti 2023 Top Risk Report. Today I have the pleasure of speaking with a special guest Debra Au. Debra is the head of legal compliance and Secretariat at DBS bank for Hong Kong, Macau and China. Debra has had a vast and enduring compliance career for 18 years, just to name a few of her career highlights being the Chief Compliance Officer for Hong Kong and Macau at HSBC, where she was instrumental in guiding the bank through the DPA and skilled person review. Debra’s compliance knowledge and experience was further developed from her time at Goldman Sachs and Société Générale. Debra, thank you so much for joining us today. And welcome to the show. Debra AuThank you. Thank you, Jenny, for having me. Jenny WongWe would love to hear in your words about your story and your career journey. Debra, what is the biggest risk that you’ve taken in your career? And has it paid off? Debra AuYeah, the biggest risk I taking in my career is the switch from my career in Soc Gen, as a pure compliance, and then when I stepped into HSBC, I actually getting myself into the frontline role into the COO office. Jenny WongI’m sure during that big switch, and along the way, you’ve had obviously mentors and people who’s inspired you. So we would be really interested to know Debra throughout that journey, who’s inspired you the most? Debra AuI think is my mentor, my life mentor, really, someone you know, my my previous office, Eileen Flaherty, who actually inspired me the most, that the career advice that she gave me, and also, my other mentor called Gary DeWaal, who is very quite a distinguished New York lawyer, both our lawyers in US, one in Chicago and one in New York. And their combined career advice for me is, don’t limit yourself and take control of your own path. So that is one of the reason why I would love you know, being being in legal compliance or risk as the support function or control function previously being seen as cost center. I really want to understand the vast majority, you know, why we always being, you know, boxing into the boxes, as a control person where we don’t know the business. So that that is one of the reason why I put myself above my comfort zone and jump into a bank, which is, you know, shoving the precedent case as DPA, and then really rolling off nicely to try to understand what exactly is a problem in the business and how to help to provide inputs to contribute to the bank and subtle the crisis or challenges where the bank and financial industry is first and foremost facing. Jenny WongThat is some really good career advice. So diving in, more into our topic today, Debra, what do you think are some of the biggest regulatory compliance challenges facing the Asia Pacific financial institutions? Debra AuI really think you know, with the recent years of geopolitical uncertainty and the business, you know, evolving so fast, if you look into the market, if you are close to the business, you see Bloomberg everyday is changing the chart, you know, and the walls, you know, unexpected. I do think the biggest regulatory compliance challenges for APAC is to diversify, you know, jurisdiction with diversified regulatory requirements and landscape that the financial institution needs to comply with. Jenny WongYes, and I think that, you know, that that’s definitely one of the top considerations for a lot of the institutions nowadays. Moving on, I like to also get your thoughts, Debra, how do you see the compliance function changing, to adapting to the technical, technological paces, such as digital growth, entry into new markets? And also customers needing faster, easier and more efficient interaction with their financial institutions? And what are some of the consequences, would you say, of not keeping up with that pace with the business? Debra AuWell, I do think, you know, if given the world is changing, right, we’re not now using, you know, really new ways of working, like we’re now having the interview online, which is not, you know, usual 10 or 15 years ago, which, you know, I don’t want to quote how long I’ve been in the industry and in my age. So I do really want to highlight is, I can see that even the next, you know, five or whatever, very quick, near future, we don’t use PowerPoint presentations, in our governance forms for example, with the use of AI, technology, regtech and fintech, we may have some real time data. And then we can just use dashboard, real time clicking the button, compliance can do a real time tracking challenge to the business to the front line. And then we hold up a bit of our second line of defense roles, stewardship, to a hair to, you know, to our roles as a second line of defense. So if we don’t keep up the pace, and we’re not moving up enough to close to the business, and the consequence is that the business and us will lose touch will not be seen as the strategic business partner. So some of the quick, evolving landscape, like I want to use some sort of metaphor is that recently, I just, you know, finished my vacation from Greenland, and I passed through a couple days in Iceland. In October, I’m still able to drive and walk in the city of Grindvik in Iceland. Where else can get in November. You know, the whole city have to evacuate, Blue Lagoon with no tourists while a month ago, it still flourish with tourism. And a lot of people walking around everywhere and myself is actually enjoying the city with the prosperity in Iceland. And today, you can see with almost 20,000 air freight per day, and the whole city evacuate and the earthquake erupt. Everyone is like an empty Dead City now. So I think that agility is key and then keeping up the pace with what’s happening. And then close to the business is very important. Otherwise, how can you know, Iceland been able to interpret the earthquake is coming and they give us, I mean, give them, the warning signs to evacuate people from the city to the safe place. I think same amount of force applies. Jenny WongI really liked that analogy. I think that’s just the emphasis to your point is just how quickly can we adapt and agility is really key in for us to keep up with the business. So Debra, looking ahead, I mean you’ve you’ve already touched on it a little bit. What do you think, or how do you foresee the compliance function forming in the next five to 10 years? How’s that going to differ from today? And, you know, you’ve already mentioned earlier AI, what role will AI play, and what will be the keys to success for us? Debra AuSo, I think the cornerstone, really is to, you know, in the next five years, your compliance function is to maintain private public partnership, which is, you know, to work with the regulators together. Because technology is evolving, you know, every day who can imagine AI, then Gen AI, and so forth you know we are using today, right? I don’t want to use the word ChatGPT because in Asia it’s diversified, it’s generative AI. And now, what role AI can play or will play, I think it will be a majority of roles that help us do our work much more efficient, effective, and the human touch, still wouldn’t be able to, you know, completely supersede because the essence or the crux of compliance function is to give and provide quality and strategic advice, being the trust and value strategic partners to the business, and that I don’t think AI or generative AI will be able to master it. So as long as a good compliance officer keep up the pace with business, strategic partnership. And then also externally with the other hand, is public private partnership as the cornerstone, maintain a good balance act, and keep up ourselves with mustering the use and know how of AI and generative AI can help to do our work much more efficient and effective. You know, the next time in 10 years, I can only see risk compliance, second line of defense function will be even much more a key impactful role for the financial institutions, because we are helping them to grow business safely, and then to secure their success. Jenny WongSo it sounds like compliance will continue to play a very key role partnering to the business while utilising AI to increase the efficiency. So it sounds like hopefully, I’ll be able to keep my job in the near future. Debra, you’ve also mentioned this a little bit already, but our friends at the regulator, what are some of the keys to maintaining a good relationship with them, especially in the current changing dynamic environment that we’re operating in? Debra AuI think fundamental is really the partnership and trust that we need to build. Work together in collaboration, and in a collaborative way, with the regulator together. On the key priority is where we all want the community, the industry to move forward to a better place to the better, you know, success and keep all these agenda, you know, in a transparent and collaborative way, in partnership, I think that’s kind of the cornerstone to maintain good relationship with the regulators. Jenny WongSounds like you’ve got the recipe sorted out there, maintaining the good relationship with our regulators and with the business. Jenny WongDebra, I’m now going to move on and I’m going to have to put you on the spot a little bit. I’d like to know in one word, from your opinion, what’s the most important trait that a CCO a chief compliance officer should have? Debra AuOkay, I think if you asked me this question a couple of years ago will be very different from now. I think a couple of years ago or you know, if you are having your career in compliance for long you think technicality for compliance to know how of the graduation be able to know the rules regulation inside out, maybe the most precious. But now, I will say it is not, to me, the most important, I think, know how is the basic, but strategic and thought leadership is, is the future that each CCO must have. Because we need to look ahead, keep pace with the business, partnering with the regulator, being forefront and having the forward opinion. Not being reactive, but more proactive compliance is really to the important trait of a CCO, that today, if you are the CCO is a must to have. Jenny WongSounds like an ever changing function compliance in the next few years. And I mean, I just have to give you guys a world of credit to be able to function in this in this environment. Debra, so looking into the year ahead, what is going to be your top priority? Debra AuI think my top priority is to keep on upskilling and upskilling and reskilling people, changing the old school compliance, allow me to use the word, mindset with, you know, from a reactive compliance mindset to much more a proactive mode. Because previously, we always use the word reactive perform. Now I would say compliance have to proactive, prevent, and preempt. Because we cannot get ourselves into the loop. If you see the history of each financial institution that moves from crisis, or some legacy history, is there no longer, you know, the luxury to be reactive and that we perform, we need to be proactive to prevent and protect. Jenny WongSounds like you just need to be 10 steps ahead every time. So that’s that’s definitely going to be an interesting journey for all of us. And Debra, as a final question, what is the one book that you would recommend to all the upcoming leaders within the risk and compliance space? Debra AuSo there is a book that I really want to introduce to everyone, which is the book called, from Harvard Business Review, is Stop Worrying About What People Think of You. So I think later on I will the whole book name, and it’s a recently published book in under Harvard Business Review, and it talks about the idea of FOPO theory is fear of people’s opinion, I think, compliance and especially for female, if you are in the Risk and Compliance areas, and you are one of the female leaders in the chair. We tend to be very humble, because we female. And for new leaders, we try to always observe what are the old folks think of things, but because of that, we tend to think too much. And we limit our potential and try to let the Asian brain or others to take control of what we really think. So sometimes we may, you know, so one a bit because as a as a recent compliance, we might want to observe and a little bit conservative. But now with the evolving changing landscape, I do think the, the need to start taking back the control of ourselves in order to be comfortable, and able to speak up is very important. And recently, I learned from my one of our manager, he did say something, which also inspire me quite a bit. So he gave me a feedback and say Debra, you know, I think you’re a driven and aggressive person. And, you know, my immediate reaction when I head the work aggressive. And I found that, oh, why do you use the word aggressive? And he said what’s wrong with that? We need female on the table to our senior leaders to be a bit aggressive. But in my mind, the Asian mind, brain, I equally you know, think aggressive, equal sign to stereotype. So flip side of the coin? Yeah. Why? It has to be stereotype. So, so yeah, I think there’s always two sides of the coin. And I think this book will help a lot. And I highly recommend. Jenny WongI really liked that last point. On the example you gave about the aggressive, I can certainly relate to that. And that resonates a lot to me as well, just as a senior female leader walking into some of these conference rooms nowadays. You know, it’s like, well, what is wrong with coming across as as aggressive? It’s, it’s, you know. So, thank you so much for your time, Debra today. You’ve certainly inspired me a lot. I’ll definitely go and look into purchasing that book and hopefully get even more inspiration from that book. So once again, thank you so much for your time, Debra today really enjoyed our discussions and all the best in the future. Debra AuThank you so much, Jenny. And thank you Protiviti and Risky Women for having me. Thank you. Jenny WongThank you. Kimberley ColeThank you for listening to this episode of Risky Women Radio, be part of the ongoing conversation and learn more about our events and other programs at riskywomen.org Speakers Image Debra Au Managing Director and Head of Legal, Compliance and Secretariat, Hong Kong and China at DBS Bank Hong KongDebra, as part of the Hong Kong Management Committee, heads up the HK Legal Compliance & Compliance Secretariat teams and is the HKMA's 72B senior manager, HKEx compliance officer of DBS HK. Debra joined DBS Hong Kong in June 2022 after 18 years of serving as a compliance professionals with Merrill Lynch, Goldman Sachs, Newedge/Societe Generale and HSBC.Debra began her career in the compliance department at Goldman Sachs, where she focused on compliance, anti-money laundering and financial crime following the 9/11 terrorist attacks in the U.S. She then joined Societe Generale to continue her compliance career, and worked in various entities at Societe Generale, including the brokerage, capital markets and global banking businesses.In 2015, Debra decided to further enrich her career development by switching her second-line-of-defense experience to join the business front. She joined the HSBC HK office of Global Banking and Markets (GBM) under the COO, focusing on supporting the ASP GBM business with her compliance professions on financial crime and deferred prosecutions agreement (DPA)–related matters.In September 2017, Debra was appointed to the role of Hong Kong head of financial crime compliance (FCC) due to her long-standing experience in dealing with financial crime–related regulatory matters. In 2019, Debra successfully led the HK FCC team as well as the businesses in HK in passing the s166 Skilled Person review with an eminent result that helps the group in negotiating with the Financial Conduct Authority (FCA) in the U.K. for further narrowing the scope of the mandatory regulatory review.In July 2020, Debra was appointed to the role of chief compliance officer for Hong Kong and Macau, covering all compliance-related matters, including regulatory, financial crime, conduct, fraud, investigations and surveillance.After nearly seven years of successful contributions to the HSBC, Debra decided to further enhance her career and take on a bigger role covering the legal and compliance secretary arenas as the head of legal, compliance and secretariat for HK, Macau and China since June 2022. Image Jenny Wong Managing Director at ProtivitiJenny boasts a rich 18-year track record in management consulting, with expertise spanning Hong Kong, Japan, and the wider Asia-Pacific region. She is celebrated for her ability to craft robust, adaptable, and cost-effective business transformation models tailored specifically for clients within the insurance and financial services industries. Jenny excels at driving the identification, development, and implementation of change programmes aimed at propelling operational excellence, efficiency, and regulatory compliance. Her keen eye for scrutinising and optimising expenditure ensures that both short-term and long-term strategies align seamlessly with organisational objectives. Jenny also excels in nurturing relationships with key executives, offering invaluable strategic counsel, governance, and guidance on executing business priorities in the face of an ever-evolving corporate and regulatory landscape. Risky Women Podcasts We partner with Risky Women Radio, a podcast celebrating a global community of women in risk, regulation and compliance. Learn more Topics Risk Management and Regulatory Compliance Digital Transformation Technology Enablement Industries Insurance Banking and Capital Markets Payments Mortgage and Consumer Lending Asset and Wealth Management Find out more about our solutions: Regulatory compliance Disruptive technologies, regulatory pressures, evolving customer loyalty, and pressure to enhance economic returns are just some of the challenges organisations need to overcome by innovating and managing their compliance risks to succeed over the next decade. Compliance transformation Design a target operating model that brings together a vision for people, processes, and technology to enable your business strategy. We help you build the capacity to transform by establishing a culture that drives shared responsibility and innovation. Compliance risk management Optimise and automate procedures using data and analytics for forward-looking, predictive controls, applying regulatory compliance expertise for more efficient responses to enforcement actions or issues to allow your business to focus on growth and innovation. Risk and compliance analytics We enable clients across industries to extract insight and translate it into prudent risk detection. We empower intelligent decision-making and help you immunise against current and emerging threat vectors, all while navigating through a complex regulatory and business environment. Leadership Jenny Wong Jenny is a managing director with over 12 years’ experience specialising in financial services, finance transformation, and change management. She is a key member of the global enterprise solutions team working on client engagements for Protiviti and Robert Half.  ... Learn More Featured insights PODCAST Podcast | Risky Women - The Transformation Journey Welcome to episode one of our Risky Women Transformation series where Lucy Pearman talks change, innovation and what’s next in the world of governance, risk, and compliance. Listen to the episode on the Risky Women website here. Want To Learn More... PODCAST Podcast | Risky Women - Regulatory Change Transformation: Diane Minunni Callan In this episode of our Transformation Series on Risky Women Radio, Protiviti talks with Diane Minunni Callan, Head of Compliance – Enterprise Corporate Office, Regulatory Change & Academy of TD Bank about their ongoing development and enhancement... PODCAST Risky Women Podcast | Top Compliance Priorities 2023 Kimberley Cole speaks with Carol Beaumier and Bernadine Reese from Protiviti. We’re thrilled that they are back again to talk about the top of mind compliance priorities for 2023.Carol Beaumier is a Senior Managing Director in Protiviti’s Risk and... PODCAST Risky Women Podcast | Talent Management and the Nature of Work Tonya Hummers, Managing Director at Protiviti, speaks with Sarah Olthoff, Senior Vice President and Chief Business Risk Officer at Discover Financial Services.Watch the podcast as Tonya and Sarah discuss resiliency and adaptability as key traits for... PODCAST Risky Women Podcast | Risk Analytics: Ximena Zambrano Shaheen Dil, Senior Managing Director of Protiviti, in conversation with Ximena Zambrano, Senior Vice President and Head of Model Validation at Wells Fargo on the evolution of risk analytics and technological advances in data science (AKA are... Button Button