Interview with Paul Greetham, Interim Head of Risk, Control & Audit at Prudential Global Data Services

Paul Greetham

We spoke to Paul in October 2017:

Paul is currently interim Head of Risk, Control & Audit at Prudential Global Data Services. He is an experienced UK Executive operating within the Stockbroking, Wealth Management, and Pension Sector for the past 29 years. Culminating in the CEO for a top 5 Execution-Only Broker, he developed the stakeholder skills required to work within a heavily UK regulated business and with overseas shareholders.

Hi Paul, thank you for talking to us today. This issue of Perspectives focuses on Regulation, an area that is front of mind right now what with MiFID II and GDPR to name a few. Is it just bad timing or are we going to see the frequency of major regulations increase?

PG: There is definitely a coming together of events, however, we need to remember MiFID II was originally scheduled to land in January 2017, this original date was always seen as being aggressive and was delayed by 12 months. This provided the opportunity for the enhancement of IT systems to provide the additional reporting requirements and for firms to develop their internal controls, oversight and monitoring framework. As a result, two significant regulatory changes are landing at similar times.

Regulations will continue to adapt to the environment within which we operate. They focus on ensuring the financial sectors operate in a fair, transparent and effective market, and take responsibility for ensuring safe keeping of assets and client security.

Do FinTech and challenger banks have an advantage or disadvantage against incumbents when it comes to regulations like GDPR?

PG: There is a definite advantage in terms of no legacy data or multiple IT systems to update. However, they all face the same problems in ensuring they understand the data being held, its storage, location and employee awareness.

GDPR as an example will be a challenge for all firms, and more of a challenge for those with large data archives holding unstructured personnel data. From my experience, new entrants have the potential for adapting quicker to change from a technology perspective. Existing firms are potentially in a stronger position with respect to regulatory experience within their teams and more mature processes and controls.

With the focus on, and budget set aside for Regulation, does this stifle Innovation?

PG: Ensuring the firm operates within the regulatory framework is the cost of being in the business. Granted the costs are not small, however, the change in regulations provides opportunities to be innovative.

Regulation of the Financial Services all seems a bit gloom and doom but could RegTech make it easier for both the regulated and the regulators equally?

PG: RegTech should be bringing the innovation into applying regulatory changes. The development of new technologies to aid the detection and prevention of money laundering can lead to simpler client take-on processes, thereby improving customer experience whilst assisting firms in meeting their regulatory obligations.

RegTech provides Senior Executives with an opportunity to introduce new capabilities that are designed to leverage existing systems and data to produce regulatory data and reporting in a cost-effective, flexible and timely manner without taking the risk of replacing or updating legacy systems. It has the potential for enabling firms to meet the regulator’s needs. On the other hand – it provides the regulators with a view of what could be achieved!

What will help organisations be successful in the eyes of the Regulators?

PG: Good corporate governance. An effective governance and reporting structure are essential to demonstrate that the Executive teams have an understanding of their operational environment. It supports the decision-making process of the Management and Executives.

In all cases, the governance structure has to be appropriate for the size and complexity of the organisation. It is never one size fits all. The principles remain the same and the embedding within the organisation needs to be clearly articulated, with Executives and Management demonstrating by example.

However, regardless of the technology or level of documentation, people remain the critical component and all staff play an important part in ensuring corporate governance is being followed and the integrity of the firm is being maintained. 

Engagement with the oversight functions needs to be encouraged, with the risk SME providing guidance and support. Risk management is, however, the responsibility of all staff, not only those with oversight or management duties. The challenge faced is how this can be brought to life, and how it is to be applied to the role the team member is undertaking.

Thank you for talking to Perspectives, Paul!