The Ever-Evolving Role of the CCO

Published On September 17, 2021

Emmanuelle Bury-Lucas had just one day in her new role as Chief Compliance Officer at BNP Paribas Americas before COVID hit and she was forced to rethink her strategy. Radar caught up with her to discuss how the last 18 months have been, and what’s ahead for one of the world’s largest banks.

What is life like as Chief Compliance Officer at one of the largest global banks? What are some of the major challenges of guaranteeing compliance across regions, and at such scale?

I was actually appointed Chief Compliance Officer a day before the state issued remote working rules. 

So, the team I had just met were all suddenly working remotely. For a global bank, with global operations, like BNP Paribas, the biggest challenge remains managing the regulatory differences across jurisdictions. We would certainly welcome greater consistency to allow us to be more effective in our framework and our controls across regions.

It is very complex to maintain the magnitude of controls we have in place by business, country, and legal entity when each regulator has its own stance. The second challenge is ensuring constant dialogue and coordination across legal entities and the regions in which we have offices, and the other regions in which we are present. It requires collaborative skills, listening capabilities, and a solution-driven mindset. It is time-consuming, but it’s an absolute necessity to ensure smooth and timely communication and understanding of complex matters. We face the same type of complexity in the deployment of our tools. It is valuable to have one single compliance platform across geographies to ensure harmonized implementation of our policies, and to ensure operational efficiencies. Of course, the timing of deployment and inclusion of local regulatory specifications require strong governance, and takes a long time.

How important is company culture to encourage compliance?

Culture is a paramount factor to drive prudential outcomes. It shapes the way business is conducted. It is all about driving between the authorized lanes, and driving within the authorized speed limit. The sounder the culture of the bank, the better the prevention of compliance risks.

Over the past six years, I think we have continuously developed our cultural framework at the bank. We have implemented strong controls and surveillance, and we continuously enhance them as regulators raise the bar. 

We maintain the tone from the top by discussing conduct and ethics codes at Exco meetings, reviewing incidents and delivering trainings.

Most importantly, we communicate extensively to our employees on our mission and purpose: societal engagement.

How do Chief Compliance Officers and regulators work together to manage risk?

Regulators are without doubt a major stakeholder for regulated financial institutions like ours. We both share a mission to promote a safe, sound, competitive and accessible banking system as well as a stable financial market. Regulators set the framework for almost all our operations, and I strongly believe that being forthcoming in our relationship with regulators is essential.

It is key to understand their concerns, and address them. We regularly seek their guidance on new rules and new activities. In addition, we share our concerns on potential new assets we see arriving on the market or from emerging players.

How can banks foster better relationships with regulators?

The best way to foster a good relationship with regulators is to meet regularly, be transparent, and have candid and honest discussions. This, for me, is the best way to have a sound and trusting relationship.

How have the responsibilities of compliance professionals changed in the past few years? Are they playing more active roles in certain aspects, for example: workplace misconduct?

Yes, absolutely. It is fundamental that compliance is involved in conduct cases at firms. In large organizations like ours, we need to have a very clear allocation of responsibilities according to expertise. The whistleblowing line is under compliance’s responsibility, but information on potential incidents may come from other sources, through the controls implemented by the business. 

We allocate investigations or analysis on the basis of expertise, so, for example, a potential fraud incident would be investigated by the fraud team, a market abuse complaint by the market surveillance team, or a harassment complaint by our human resources department.

Then, we review conclusions in dedicated committees. The process and reporting of breaches has grown in maturity over the past five years, in our firm, and across the country.

The collegial management at a senior level is now well embedded into our governance. This allows us to build a global picture of all breaches by employees in order to identify potential patterns of behavior. Compliance plays a central role in this.

How has the world of compliance changed over the years, in particular since the onset of COVID? What is BNP Paribas’ approach?

It’s true that the COVID 19 pandemic was so sudden, we had to adjust quickly and efficiently, and like many of our peers, we have been working in crisis mode for several months. During the crisis, we issued compliance guidance on an ad hoc basis.

I think what’s particularly interesting is that this new way of working is here to stay. Remote working will increase, facilitated by digitization, which has proven that we actually can work effectively and efficiently from home, continuing to serve our clients at full speed. So from our perspective, there is no immediate rush to come back into the office. 

At the peak of the crisis, 90% of our staff (14,000) were successfully working from home. When you have achieved that magnitude of employees working from home successfully, you really can consider continuing. However, the new ways of working will have long term impacts on not only how we do business, but also on how we ensure compliance. Over the past year, there has been a steady increase in the number of staff returning to our US offices on a voluntary and rotational basis. As we continue to monitor the Covid-19 situation closely, we plan for our wider return of all staff to the U.S. offices in October.

We will need to accompany the hybrid work model with an increased focus on digital tools. Compliance teams will have to define new working protocols, and their related controls — all of which designed in accordance with the regulatory guidance.

How invaluable is technology in helping compliance teams review alerts, and escalate to the correct channels?

Technology has always been of paramount importance to effective oversight, and its importance increases as more and more processes are automated and diversified across the bank.

We always make an effort to stay abreast of proven innovation in order to reduce noise, help identify pertinent issues, and adjust to the new tools used by our clients and teams. 

Our Head of Market Surveillance would say technology is a human force multiplier that enables us to hire experts instead of armies. I think that’s really what we’re trying to achieve. 

There have been significant advancements in compliance technology, in both third party offerings, such as Behavox, and in-house development over the last decade that allows the compliance community to become creative and precise, tailoring controls to risks.

Compliance experts now have the tools to automate their own experience, and their risk tolerance. An example is the use of artificial intelligence. We have our systems learn to differentiate between email blasts to larger audiences and more personal communications.

We go beyond simple keywords to have our systems differentiate between the nature of the communication reviewed, in an ongoing effort to eliminate noise, and only focus on risk events.

As more communication channels are utilized among staff, and across the industry, we will need to adapt in order to not get drowned out, by simple volume, and continue to apply a risk-based approach. Sophisticated technologies also help simplify workflows.

With the aid of neural networks, we are able to aggregate and feed one surveying system from numerous sources, which then allows the tool to be able to digest and make correlations according to the rules that we at compliance have designed.

I think that’s really how technology can be a fantastic lever for compliance risk management.

What is BNPP’s strategy to meet evolving global compliance supervision needs and regulatory requirements?

For managing upcoming supervisory needs we have a very simple process: we hold annual strategic sessions with all departments to systematically review our trajectory on three key pillars: Regulatory Priorities, which are usually issued between February and May; Emerging Risks like crypto assets, Environmental, social, and governance (ESG), fairness lending, or social media; and Business Strategy to anticipate and accompany the business growth in new client segments, new activities, new countries or new products.

I think the greatest challenge that we face besides technology is skillset. It’s important to identify if we are missing skillsets in order to address new regulatory requirements or the new emerging risks. Talent acquisition is a big piece of that.

How can compliance enable the front office, and help generate profit?

Incidentally, I come from the business. I was in business for more than 12 years. So I have had a different perspective aside from compliance. I think it allows me to have candid discussions with business leaders in terms of how we as compliance professionals can help them and how we can better protect them, and their growth.

Businesses are realizing the importance of compliance not only to ensure compliance with regulations but also to maintain an ethical business framework.

A sound and robust compliance framework reduces the regulatory and legal issues, protects the firm’s reputation, fosters customer trust, and employee engagement. Ultimately, compliance strives to serve the company’s mission.

Compliance is critical for long-term business growth. We constantly advise the business with different, and complementary ‘lenses’ other than their own.

We are a strong voice in our reputation committees and some of our compliance controls are deemed critical for our clients, and are key to attract and retain them.

How have you seen your role evolve?

Since the onset of COVID, I think it’s been very impressive to see how we have been able to adjust so abruptly to this new environment.

We have been astonished by the commitment of our teams, and I think it’s reflective of the culture of the bank, and how we work together, and also reveals the resilience of the bank, and its employees.

Particularly over the past years, I’ve been struck by the expansion of the senior management’s responsibilities in general. 

We now have to be fluent in several dimensions: climate change, crypto, artificial intelligence, and social justice and diversity. We also have to look forward at the medium term impact of any decision that we make, whilst continuing to excel in our domain of expertise. 

This acceleration of change, the pace of innovation, the challenges of data and new dimensions of corporate responsibility have gained in momentum to make it a significant challenge to keep up with it all. Hence, I would say my role has evolved toward managing diverse teams, ensuring swift communication among them and within other areas of the bank and other departments. We have to work together, and share much more with other departments than ever before.

Working collaboratively, solving complexities, investing in data management and operational efficiency, and managing and inspiring diverse talent have become the most critical skills to the job. 

What does the immediate future look like for BNPP?

I think one of the key features of the future will be digitization.

We are moving forward at an accelerated pace by digitizing business across the world, changing the way we manage our skillsets.

How critical is it to keep aware of what is happening across the sector, what your competitors are doing, and other innovations in the marketplace? 

It is absolutely critical for very large players like us, to keep in touch with the market and what it is doing. We constantly monitor the market with the help of firms like Behavox.

There are always dynamic and interesting discussions around how we can improve our own systems and what could or should be, our next move in terms of innovation.

Click below to watch the full video interview.