How were you able to pivot from financial services audit, risk and compliance to Head of Compliance at Ocrolus?
It was a gradual and deliberate process for me, having started my career at large corporations and moving to more entrepreneurial companies with time. This path enabled me to gain the appropriate technical experience and exposure to smoothly transition from very formal and structured organizations to the reality and culture of a startup.
While working at Charles Schwab, I was exposed to a highly regulated environment both in Enterprise Risk and Internal Audit roles. While Schwab is a great company that offers many growth opportunities, I yearned to have more influence on improving the processes I would typically only evaluate as part of various audit reviews. For this reason, I knew that I wanted to eventually move to a smaller company.
After Schwab, I worked at LendingClub, a great balance between requirements driven by large financial institutions combined with a more technology-focused company mindset. Next, I worked at a highly innovative, technologically advanced and fast-growing startup, in a role primarily focused on security-related compliance.
Joining Ocrolus to lead the company's Compliance function was the perfect next step in my career, allowing me to combine all of my previous experiences to help build out a program that meets both the needs of our customers from the financial services sector and the needs of a modern, technology-focused company.
How does compliance at a FinTech company differ from compliance at a financial services institution?
One primary difference is the regulatory landscape in which FinTech operate compared to larger and more traditional institutions. Compliance obligations need to be analyzed both through the lens of your product offering and looking out for your customers and what is important to them. Many FinTech startups, especially those not interacting directly with the consumer but providing infrastructure support to the financial institutions, are not directly regulated by the same bodies as, for example, banks. However, even if not regulated directly, a FinTech infrastructure company like Ocrolus needs to be able to help its customers meet their regulatory obligations.
For Ocrolus, these are primarily areas related to addressing the risks associated with protecting the data our customers entrust us with in line with applicable laws and regulations. Another layer of complexity that results from our role in the financial ecosystem is our ability to satisfy varying requirements that customers impose upon us via contracts, resulting from their internal policies and requirements, which are often their implementation of at times vague or generic regulatory requirements.
Another significant difference is the level of involvement in design and implementation of policies, processes and controls required from a Compliance function at a startup. It is a lot more than monitoring compliance with various regulations and policies. A large part of the role involves building a strong foundation for governance and risk management, educating the organization and providing advice when needed to different teams across the company. This, in turn, needs to be combined with adequate monitoring. It becomes a much more engaging and involved role with exposure across the company - horizontally and vertically.
What are some of the necessary skill sets needed to work in compliance at a fintech?
The ability to think outside the box in finding solutions to non-standard problems and address them in a fast-paced environment is key. Always thinking about the risks first and identifying mitigation strategies appropriate for your company’s reality is critical, as is the ability to make decisions fast to adapt to changes and new ideas. With a small team, it is always challenging to get a good idea of everything happening around the company and staying abreast of your constantly moving landscape, in the company and the world at large.
As the Head of Compliance at Ocrolus, what checks does your team conduct to make sure Ocrolus is compliant in all of their functions and processes?
One very important aspect is building relationships with leaders of all other functions across the organization, including the C-Suite, and interacting with them on a regular cadence. This is key, especially for smaller and fast-paced organizations, and allows Compliance to become aware of the changing risk landscape. It helps with both preventing and/or detecting potential compliance issues. Being involved in conversations related to designing products, systems and internal processes is a great way for Compliance to provide timely advice.
Another very important aspect is regular monitoring of processes and key controls. We are building out that program at Ocrolus to ensure that, as a Company, we follow the various requirements imposed on us, as well as our internal policies and procedures. Periodic focused reviews are also needed to evaluate areas based on identified risks.
Last but not least, employee training is critical in achieving compliance goals and objectives. Every company is only as strong as its employees, and all of us have a role to play in maintaining compliance across Ocrolus. Making sure everyone understands this, starting from top management down to every employee, is one of the keys to success.
What new initiatives are you looking to build out at Ocrolus in the next 6-12 months to continue to be risk averse?
A comprehensive compliance testing and monitoring program is definitely one of the main initiatives that we will be growing for our global operations.
Also, continuing to build a strong set of controls mapped across key industry frameworks and requirements will help us build a stronger, more resilient system and continue to build trust with our customers and partners.
Reach out to Aneta on LinkedIn.