Oonagh van den Berg is an award-winning Compliance Officer with over 19 years of experience across various fields in Financial Services. Oonagh has built various compliance risk frameworks, led teams across the industry, and developed & maintained many regulatory and industry body relationships. She is the founder of the global compliance community platform RAW Compliance. GetID decided to take an interview from Oonagh and talk about upcoming AML-regulations, trends in the industry, and digital ID framework in the European Union.
Thank you for agreeing to this interview, Oonagh! It’s a pleasure. How did you start your career in compliance? Why this sector?
I always loved Law and wanted to be in the Legal profession from a young age; largely influenced by my own mother. That being said, I was not overly academic at school; I was much more interested in sports. But I was lucky enough to get a place at university to read the law which then led to a traineeship at the ECB (European Central Bank). Frankly, That would be where I fell in love with Financial Regulation but also where I learned very quickly that if you didn’t understand the products you couldn’t apply the regulatory requirements in the way they are meant to work and operate – i.e. to mitigate risk.
As a result, I joined the JP Morgan Asset Management business in the Product Development team while learning how to build basket funds and how to assess the composition of the products for investment risk. This is where I accidentally discovered that there was a department called Compliance which covered everything I wanted to do and more!
What I love about Compliance is being able to blend the academic with the practical – and always think outside the box and look at new ways about doing things. I am also quite social; so you get to blend all this interacting across the business, externally with regulators and within the industry – which is something that rarely happens across other functions.
Please tell us about the Raw Compliance. How and when did you decide to start the company? What does your company do on a daily basis?
RAW Compliance was incorporated in September 2020. The decision to start came from a lack of support in networking and development in our industry without a price tag or a sales strategy. If we want to drive innovation we need more experience and knowledge to be shared to create the ability to have the a-ha moments needed.
RAW stands for Real Authentic Awareness. At RAW we want to be Real about the challenges and issues we are facing through Authentic discussions on what is actually happening; so through this Awareness sustainable change begins to happen both through innovation and culture transformation.
RAW Compliance provides a global platform for compliance professionals, and those interested in compliance, to build a global community to develop new skills, learn from experts, collaborate, network and try new initiatives by offering:
- Mentor-Mentee Programs
- Thought Leadership Op-Eds
- In house, virtual, and online Compliance Certifications
- Book Discussions
- Trainings through access to the RAW Training Hub
We share updates on these initiatives on our Monthly Newsletter – the C Letter!
We know that you do bespoke 1-2 day offsite compliance and culture workshops and training events to C-Suite Board of Directors and Senior Management. Which companies did you work with?
Our In-house bespoke training was provided through our sister company VRS – Virtual Risk Solutions which is legally separate from RAW. We offer these training services across the board to multiple firms- from traditional banks to fintechs to crypto firms. We also work with some entities outside the financial sector and offer it to individuals on a one-to-one basis.
This is not the only sort of training that is available at RAW Compliance. RAW has partnered with leading industry providers to bring you training which we believe delivers on this commitment and more.
On which industry events can we expect to see you in person in the near future?
This changes week on week and I can’t really keep track of it – but if it involves AML, Market Abuse and Culture I’m generally involved somewhere 😉
Do you know anything about upcoming AML- regulations changes? Can you enlighten us?
The Crypto Space continues to evolve. We have seen the FATF changes on Proliferation Finance being brought over to crypto AML in July 2021; which was an expected move. In addition, we are beginning to see less forms apply the €1000 Euro threshold for the application of CDD toward VASPs with many opting for zero basis. Outside of crypto we have seen big moves in Africa over the past 6-7 months on new regimes in Nigeria and Ghana and this is a fantastic shift. Australia’s AML regime still needs a lot of work if we are going to move forward with the innovations аnd proactive controls needed to support the detection of illicit activities.
There is a mindset shift required and new blood needed. To ask those who have been involved in running the frameworks without earlier detection of these risks, to now fix them – has failed in banks over and over again worldwide.
Also bringing in consultancy firms to work a “quick fix” is not a solution – you need to go back to basics and rebuild the foundation to support the new technology which must be implemented in symmetry as you build your sustainable “future proof” systems
What are the most important compliance trends these days?
Culture – if the Culture is broken you will never fix Compliance.
What are the common mistakes companies make when it comes to non-compliance and penalties?
Thinking that once the regulator or monitor is out, the heat is off and you can go back to the more relaxed approaches. It screams insincerity and usually results in the start of mass job layoffs.
If this remediation had been done holistically, yes it would have some areas to enhance further and streamline- but the amount of ineffective and inefficient silo remediation without technology is beyond shocking. And then it has to be corrected every 2 years on inspection findings. I think these findings should come with much harsher penalties, including personal liability.
Would you advise companies to have an in-house compliance team or to outsource it? Can you please explain your choice?
Depends on the current needs of the firm. Managed services is a good way for fintechs and crypto firms to find their Compliance legs and ramp up the risk mitigation controls. But at a point with business growing, it needs to (well most aspects) come from an in-house initiative. I am a supporter of outsourced activities such as KYC and CLM with right controls in place. They can be administratively over engineered at times, and you should be looking for optimal risk controls here, that sit in a few Managed Services firms such as VRS and Lysis Group.
The EU is setting a framework for digital ID acceptance. What do you think about it? Is it a trend? Will the regulation change because of digitalization?
Personally, I believe this is the future, however, the implementation of it is going to be difficult for various aspects – including inconsistency in the composition & recordkeeping, documents being kept up-to-date by corporate registries, and also data protection playing a challenging role in the sharing of information overseas.
There have been discussions about the implementation of an LEI which is a legal entity identifier, but again how that’s going to be implemented, how the costs are going to be absorbed, and if this is going to be globally used is also another discussion.
Lastly, you have countries that don’t even have centralized corporate registries but they do them at a state level such as Indonesia; so if you look geographically these are the challenges in each geographic location that can be resolved. The biggest challenge here is the fact of who is going to pay for this?
What do you think about biometric recognition technology? Why are there so many arguments about it violating the civilian’s privacy?
Where there is a plus, there is a negative. The challenges are raised by the utopian approach taken by data protection rules such as GDPR. It’s brilliant for the individual – it causes mayhem for investigations and for sharing client data for review. The key issue is to ensure the data is used only for the agreed purpose for which it’s collected. This is an ongoing issue, especially in the social media space.
Tell us more about the RAW 2021 Awards. How often do you host it? How to get nominated?
Each day at RAW Compliance we interact with professionals across the compliance community and are blown away by not just the passion but also the competency of those around us. We want to pay it forward by taking a moment to thank those professionals and acknowledge their contribution to our industry, through our RAW Compliance Awards. This led to the creation of two categories of RAW Awards:
The opportunity to nominate the most deserving compliance officers in our industry is here now! Toggle through the form to skip to the Category you would like to Nominate for:
GROUP 1 : INDIVIDUAL AWARD
GROUP 2 : FIRMS / VENDORS
GROUP 3 : IN-HOUSE TEAMS
GROUP 4 : PROJECTS
Thank you so much, Oonagh! It was an honor.