At Bonova Advisory we interview C-suites, Influencers and Industry Thought leaders on various pining topics within Business, Finance and Technology.
This week I had the pleasure of interviewing Mastercard’s Chief Compliance Officer Karen Griffin on strategies to build a sustainable financial crimes program in an era of ever increasing sophisticated financial crimes.
Karen, can you tell us a story about what brought you to this specific career path?
It was by accident! At the time, I was working for a technology company in a senior supply chain role. The company had a strong focus on talent development and my profile was added to the HR database. When a new lead compliance position was opened in Law, the General Counsel asked HR to identify qualified candidates. I was told the story later by HR that when they queried the database against the requirements of the role, my name popped out. I was initially reluctant to interview for the position given I am an engineer and a business professional by education. But my manager was persistent and encouraged me to interview. What I learned in the process was that the General Counsel was interested in hiring a business person in the role who understood the control environment, was process-driven and had engaged with customers — in essence, someone who knew how work gets done. I was sold, and the rest is history as I have since successfully applied my engineering paradigm to the otherwise legal compliance framework.
Can you share the most interesting story you have come across in the field of financial crimes and money laundering?
Naturally in compliance, I have come across a lot of wild and incredible stories. The one that has really stuck with me is of a senior business leader that I knew and who was arrested on allegation of having committed financial crimes. I often reflect on the consequences to this individual as I help organizations navigate the compliance landscape.
What internal controls have you set up to help your Financial Crimes Program succeed?
My focus is to build a super highway where the business can execute with confidence. I work to bring clarity on the rules of the road, speed limits and protective guardrails to untie the hands of the business to grow with confidence.
The first step is to really know the boundaries. And then Mastercard relies on a system of monitoring and testing to provide assurance in a “trust but verify” operating model. Overall our compliance system centers on three critical factors: 1) a clear set of rules 2) near real-time detection and prevention capabilities, and 3) minimizing the burden on the business to speed decision making.
We are laser focused on automation and technology solutions to drive repeatability and consistent performance, minimizing surprises.
Can you share 5 tips that others can use to help build a sustainable Financial Crimes Program?
1. Establishing a compliance framework such as the 7-element closed loop system which is considered best practice. The framework is the foundation of a comprehensive compliance system.
2. Running six sigma process design principles to identify control points that are both necessary and sufficient.
Integrating a robust gap assessment and continuous improvement process to map out the strengths and potential weaknesses.
3. Layering in a deliberate risk assessment process to eliminate blind spots.
4. Recruiting data analysts and subject matter experts to conduct robust monitoring and testing within a trust-but-verify model.
How often do you conduct assessments about the Financial Crimes Program?
We have a continuous assessment and monitoring process that includes risk assessments, onsite reviews, ethics surveys, quality assurance, monitoring and testing, and independent audits. These assessments are scheduled and conducted in periodic intervals.
What advice would you give to aid in global monitoring for Financial Crimes?
Four key pieces of advice:
Be sure to conduct a comprehensive risk and controls assessment. This provides the knowledge of where the key controls are that must be monitored and tested to ensure that the controls are both designed appropriately and operating effectively.
Know your customers and know your third parties — this is table stakes.
Invest in data integrity up front. Work with the IT department to pull together a roadmap for data usage. Any lapses in data will compromise the value of your monitoring and testing and will put your results into question. For example, free form text fields make it extremely difficult to aggregate the data and difficult to run queries. Use hard coded drop downs wherever you can.
Make sure your corrective action is well defined and part of a formal root-cause analysis and improvement process.
Leveraging the right technology can be key to reduce risk and increase operational efficiency within an AML (Anti-Money Laundering) program. What are some applications of technology enablements that have helped you? What would you recommend to others?
We have implemented an innovative digitized “know your customer” tool that provides near real-time updates to customer profile attributes as a critical component of our Anti-Money Laundering Program. This tool also provides updates on our state-owned entity designations in support of our Anti-Corruption Program.
We have also created a Compliance Data Mart that brings together data feeds from key corporate systems. On the front end, through data analytics, we are able to automate the data feeds to compliance tools reducing the burden on the business and increasing the accuracy of the information. On the backend, we use data mining and analytics to identity outliers. With this approach we eliminate blind spots and flag exceptions as they occur. This intelligence is web enabled — available at the touch of a finger.
You are a person of great influence. If you could inspire a movement that would bring the most amount of good to the most amount of people, what would that be? You never know what your idea can trigger. 🙂
In line with compliance, I’d like to engage in a movement to create a public, private, partnership to leverage and share our collective third party due diligence information. I envision one day to have a consolidated “global clearing house” where participants could collectively populate information in a central place that would display results we each have conducted for identified third parties.
Each of us within our respective areas, conduct due diligence on third parties based on specific criteria that meets our business needs. This includes, for example, understanding the qualifications and associations of the third parties, its business reputation and relationships, if any, with government officials. Yet, each year, organizations continue to spend hundreds of thousands of dollars independently and in a vacuum to vet some of the same third parties and then additional time and resources are spent to monitor their performance and behavior. This work takes time to execute, it’s expensive and it creates friction in the business model.
The “global clearing house” would allow us to leverage information and to post updates as we learn about bad actors in real time to drive transparency. This would also send the message that we have joined forces globally, arm-in-arm, and we are on a mission to stamp out ill intended third parties.
The clearing house/inventory could be the starting point to collect baseline information and to rule out engaging certain third parties prior to initiating a costly and time consuming due diligence review in a silo. By revealing a third party’s past behavior, we can minimize exposure in the future.
Can you please give us your favorite “Life Lesson Quote”? Can you share how that was relevant to you in your life?
It’s from a Carly Simon song — “Take a look around now, change the direction, adjust the tuning, try a new translation”
These lyrics have always resonated with me, and here’s why…
I grew up in a large family — there’s 10 of us. I remember going to the drive-in movies in our Volkswagen bus, and I would be way in the back trying to see the screen over the heads of my older siblings. But rather than the traditional parking at the drive-in, my dad would pull the bus in and park side-ways so everyone of us had a front row seat.