Our CEO, Brian Fahey, recently gave an interview to Svetlana Snezhko and Anastasia Smaga leaders of the project Compliance Radio in Russia in partnership with Megapolis 89.5 FM.
The project consists of a podcast series bringing experts' opinion from all over the world about Conduct Risk, Compliance, Ethics and Regulation in Russia. On the Compliance Radio, you can hear from Compliance experts and enthusiasts who are contributing to the new, fast-moving and dynamic field of Risk and Compliance in Russia.
During the interview, Brian gives his perspective of Compliance in Russia and its importance, and explain why the country should look at Compliance as a competitive advantage for firms. This episode also covers, global compliance perspective, analyze the Goldman Sachs’ case and explain the importance of prioritize compliance and control functions.
Show Notes:
- Defining and understanding Compliance
- How to make Compliance effective
- Difference in perception of compliance in Russia and others European countries
- Areas of Compliance that companies should pay attention to
- Benefits to comply with international regulations for Russian companies
- Discussing the Goldman Sachs' case
"Most admired ethical companies in the world, what they ask for and what they request from their employees far exceeds what the legislation specifies." Brian Fahey.
This interview went live in October on the Megapolis 89.5 FM in Russia and this episode is currently available at Compliance FM. See below the full transcript of the podcast.
Svetlana Snezhko:
Hi everyone, it's compliance time at Megapolis 89.5 FM. Greetings from Integrity and Fibonacci who are in the studio as well. And I would like to introduce our special guest today from Ireland, Brian Fahey. Brian is an expert and professional in compliance. Particularly in capital markets with almost 30 years of experience. And he's also Chief Executive Officer of MyComplianceOffice. The platform and the company, delivering compliance solutions to the companies managing their risks. Hi Brian, we're glad to welcome you at our show today.
Block 1
Svetlana Snezhko:
Thank you. Brian let's start from compliance itself. In your opinion, how can we define compliance today and how shall we understand it?
Brian Fahey:
Well, fundamentally compliance is about adherence to rules. And rules kind of follow three broad categories. Obviously rules that better in legislation and that are sort of required to be enforced by the states. You have rules in the organizations that you belong to, whether it's your own company, it has policies, procedures that you are expected to follow. Even if you are a part of a local bridge club or a golf club or any other kind of organization, they tend to have their own rules. And as a member, you're expected to comply with those.
Brian Fahey:
And another related element that I think is quite important too, is there are social norms that affect our rules. Things that are expected in how you operate and function in society. And the good example is in the world of COVID-19 today, there's very much a pressure and a societal expectation to comply with rules such as social distancing and the wearing of masks and things like that that differ from one jurisdiction to the next. But compliance is really about adhering to all these types of rules. It's very much associated very often with legislative rules, but in reality it's broader than that.
Anastasia Smaga:
But why do we need specially compliance regulation in different companies and so on because companies... they already need to be a legislation. They already need to satisfy all these rules and they already have lawyers and other specialists who need to do all of these things.
Brian Fahey:
Yeah, it's a great question. I think the challenge always is... Legislative rules aren't enough for what is expected from society around actions of companies and individuals. And that's where society's norms come into place. But for companies that have a certain attitude towards risk, they may want to have a broader set of rules that they expect their employees and how they operate and do business. That is different or hopefully broader or depending on the risk appetite, much more emphatic in how they want their employees to operate and function in how they do business for the company. And typically, you will have yes, you must adhere to the laws, but you also must do other things that are expected from you as part of an employee of a company. So you must obey their expectations because they have a brand and a reputation and they want to appear in a certain way to their clients and prospects and the people that buy their products.
Brian Fahey:
So, it's not sufficient in nearly all jurisdictions in the world to just adhere to the legislative parts. I mean, the legislation unfortunately is often behind what is expected of companies to do. I mean, every time there's a scandal in the world, legislation comes afterwards. But in reality, society looks at us and says, "That's unacceptable." And the politicians are reacting often by putting in the legislation, subsequent to the fact. So most companies and the ones that are in the sort of most admired ethical companies in the world, what they ask for and what they request from their employees far exceeds what the legislation specifies.
Svetlana Snezhko:
Brian, and how do you think, how to make compliance effective not just a formal function in the company? Shouldn't this way a company orient to the ethical norms or first follow their legislative norms in your opinion?
Brian Fahey:
Yeah. That's the million dollar question about how to make that effective. It does start like all of these things at the top of the organization and the board of directors. What kind of company do they want to be? If you are in the board of [inaudible 00:05:21] they were creating the executive management level, I mean, they wanted to create an organization that did what it did, and deliberately avoided rules and expectations. So it has to come from the top around what you want to be as an organization. And from there, the challenge about making that effective is very challenging. So first element is the tone from the top. You certainly then want to have written policies and procedures about what your expectations are from people. Training is obviously a very critical aspect then, so that people understand that. But as people mature, one of the things that they find they have to do is to add and make sure that they do monitoring of those policies and procedures. That's actually where MyComplianceOffice is actually in the space of the monitoring of this.
Svetlana Snezhko:
Yes Brian I agree with you. And last question in this block. I know that you have great and broad experience of interfering with different companies, cultures, people. What do you think what is the difference in perception of compliance by Russian people and others in Europe, or you're state, for example?
Brian Fahey:
So long as I can take a long answer on that. I mean, there's a lot of history in around where cultures have been and what their history is. And it makes a very significant difference into what their culture of compliance is. I mean, you've got legislation, you've got culture within the firm that you may be trying to change, and you've got culture within the company, excuse me, within the country that you're operating in. If you're a global company, you have people in various countries around the world and you are... that cultural aspect is different. So, history plays an important part. You have somewhere like Japan, which is naturally, and historically has always been a very compliant culture with rules and expectations. You have, Russia has got its history between individual type behaviors and then collectivist behaviors where people are part of our broader community and they abide for those reasons.
Brian Fahey:
But it's interesting about countries, and independent judiciary plays a very important part in culture. You find a lot of the ex British colonies have very high degrees of financial services regulation. And some of that is the independence of the judiciary and the set up originally by the British way back when. And this applies to the Australia, New Zealand, Hong Kong, Singapore, South Africa, America, Canada. And that they tend to be financial services centers because of a high independent judiciary and a lot of regulation around that. And so Russia isn't at that level of particularly degree of legislation and more importantly enforcement and monitoring of those legislations. And as I said, monitoring that, and then having enforcement. Because enforcement is the biggest impact generally on compliance effectiveness.
Anastasia Smaga:
And on everything actually, not only in compliance. Thank you very much for your answer. We'll continue discussing compliance in our next block, stay with us on Megapolis FM and we will discuss another very interesting issues.
Block 2
Anastasia Smaga:
Integrity and Fibonacci here with your compliance on Megapolis FM. And today Brian Fahey is a Chief Executive Officer of MyComplianceOffice, and we are discussing compliance view from different parts of the world and from different parts of different approaches to compliance. And we would like to discuss also different areas of compliance. Everybody know, Brian, that... Well, actually compliance rised from anti-corruption issues, but later it became broader. And what would you say? What are the areas of compliance that companies should pay attention to? And maybe responsible business conduct also, and maybe the most important fields of law that you may mention, or some special areas of corruption that should be paid attention to.
Brian Fahey:
So, one of the biggest areas certainly is that anti-corruption anti-bribery in a global context across all industries. It has been, since the mid 2000s, the focus area has been absolutely as ballooned in terms of focus for the regulators. And it came from a regulation that of course has been around since the... I think since the '70s. And it's really only when it started being enforced in the mid 2000s that... and large fines were getting put, that has changed things very significantly. So anti-corruption is a very big one. In financial services anti-money laundering, of course, has been very... has had a lot of focus in the last number of years. A lot of these are trying to avoid some terrorism financing and are certainly looking to identify bad actors in that area.
Brian Fahey:
Industries as are in specific areas that they are... Certain industries have a much higher likelihood of potential for egregious issues, from very significant issues. And so financial services has always had that. Certainly is the movement of money. It's particularly around when there's really large sums of money. That's the area of focus that most regulators will have. And that's where particularly capital markets within financial services has always had a lot of focus. If you have a potential for great rewards through the movement of money or abuse of market practices or inside information, they tend to have great rewards. And that makes a desire for those bad actors to go against the rules of compliance. So that is a high topic area. When you're operating-
Svetlana Snezhko:
Brian, speaking globally. What key industries you can mention, which relate to compliance corruption risk?
Brian Fahey:
Well, anyone that's operating in areas of high corruption, and these tend to be things like any energy. That is seeking energy in different countries, oil and gas, certainly areas where you are operating in countries that are considered more risk of corruption. And there are various indexes for that that you can use around the world. And you can look at the transparency corruption index for example, and see where countries operate. So, they have been monitored and identified by experts to say, "If you are operating in this area, you're more likely to be exposed to corruption and bribery." So areas that industries that operate in that and things like drilling for oil or gas are very good examples of... they tend to be remote and potentially get more risk of bribery and corruption. So that's a very good example.
Svetlana Snezhko:
Okay Brian. We usually used to mention compliance risk, but reviewing your site, and we will speak about it in details further, I have noticed that you devote more attention to conduct risk. How would you identify what is the conduct risk, and can we say that it is an essential part of compliance today?
Brian Fahey:
Yeah. And it goes back to... You create these rules and policies and procedures in an organization, but people have been doing that for quite some time and they don't actually... people don't ever follow them. That's the challenge. And you'll get rogue actors, as we call them in different divisions and departments, who do things that are against these rules. So there's been a lot of focus around culture in an organization. And there's a goal to shift the culture so that the pressure within the company and the culture of the company is not to do these types of activities, that can affect consumers that can affect investors, or other parties negatively.
Brian Fahey:
And in that context culture, to be able to do that you're looking to monitor the conduct of these individuals and indicate and say to them, "That's not acceptable." And so you're looking at the risk of misconduct across three areas for particularly for financial services organizations. One is what the employees are doing, two is what the firm is doing itself in terms of its trading, investment banking, its loans that it gives out, all of those activities, and thirdly it's then who are they investing in and who are they doing business with? And that gets into... that's the third party due diligence.
Anastasia Smaga:
Well, there are a lot of really details and we can discuss it for hours, but the most important is about the... you have mentioned already the cultural issues. And it's incredible how compliance can increase through culture. The average level of also legal service and legal guidance, yeah and then the company's.
Block 3
Anastasia Smaga:
Dear Megapolis FM, and dear listeners, we're again with you and Brian Fahey extremely professional in compliance with us. We are talking about compliance in Russia, and compliance in the world, and the different approaches to compliance. We have already mentioned that there are different levels of compliance around the world. And how do you think Brian... Is it important for Russian companies to be compliant, not only to Russian legislation and the Russian maybe regulations of different fields, but to international regulations also, and different approaches of maybe even of Western companies?
Brian Fahey:
Sure. Firstly, I'd say that there's a lot of research showing that companies that are operated ethically and with a high degree of ESG environmental, social governance aspects to them outperform their competitors. And they tend to be able to last longer and produce more returns for their shareholders. So that's the first broad reason why an advocate for being compliant, having a good culture is beneficial for the individual firms. The second part is actually, there's now institutional investors into firms and who they select from ESG, environmental, social and governance is also a key aspect of what they want to look for.
Brian Fahey:
So they are sort of a financial benefit for the shareholders and returns for them, for any company. I will also say like in financial services, I think it's very interesting to see where are the big financial services centers around the world? Where does all the money and benefits to the state come from, from financial services activities. And it tends to be in all the highly regulated areas. It's the US, it's the UK, it's Hong Kong, Singapore, Tokyo. These are places that have really high levels of legislation enforcement, monitoring, and all the benefits come back to the state. For-
Svetlana Snezhko:
A lot of companies from Russia do have such experience, or maybe your colleagues... What impression do you have about Russian companies?
Brian Fahey:
We spend a lot of time with partners trying to get Russian firms in particular to use our platform. And we found that they didn't really have, and weren't creating budgets for a monitoring solution like ours. And they didn't feel the pressure from an enforcement perspective. And so we do find it's sort of they're at that level of maturity that we see outside of highly regulated financial jurisdictions.
Svetlana Snezhko:
Brian, and globally, how would you assess the level of compliance in Russia? And are there any obstacles for its development?
Brian Fahey:
Well, it is somewhere in the middle of its maturity cycle. Obviously it's gone through a lot of change anyway as a state, but it has a ways to go. And it is related to those aspects around sufficient registration, sufficient budgeting of monitoring agencies and not yet where it needs to be on enforcement of these legislation to ensure that behavior adapts and changes to it.
Svetlana Snezhko:
Yes, compliance is developing now in Russia and we hope it will continue and to reach the global level. So let me remind you that today we're talking to Brian Fahey owner and founder of MyComplianceOffice, and we will continue in our next block. Stay with us on Megapolis FM.
Block 4
Anastasia Smaga:
Thank you. Our Integrity for this very interesting news and we're all impressed by this extremely big penalty. Question to Brian. First of all, what can be the impact of such a great penalty of three and three billion amount that I can not imagine in my mind actually, but what will be the impact I think on the whole world, because it's something amazing?
Brian Fahey:
Yeah, it is. And it's very punitive. That means Goldman Sachs when he made 600 million from this originally. And they've actually so far beyond the fine, which has just occurred, they spent 5 billion in total. So it's nearly twice to fine that they've had to pay just related to this single incident and single bad actors that were operating and making this very egregious situation happen. I think it's sort of putting additional emphasis on you can't have corruption and bribery, even in remote jurisdictions without getting impacted on it. And the impact continues to be for any US organization is not willing to do and take the risk around doing certain types of businesses not just in America, but across the world.
Brian Fahey:
That's the biggest impact, it's not just putting legislation in one country, but it's putting that impact to that country. But it's putting legislation in a country that is hugely impacting all around the world. And FCPA is the leading legislation to do that. And so the impact it has been making on any corruption and bribery is continuing, and this is going to make it even more, a bigger risk for organizations that know, "Yeah we need to do something about this."
Anastasia Smaga:
Actually, this is what we have talked already about. About different companies from all over the world, why do they need to be compliant with the regulations from other countries and so on. This is the answer because they can have partners or they can be part of some big structure, or they can be partners of somebody who is part of big structure and so on and so on. So this is just more than world and everything becomes more and more transparent. And this is now how we live. Thank you, Brian. We will come back to our discussions about compliance and we will discuss your incredible platform, incredible products in our next block. Stay with us in Megapolis FM.
Block 5
Svetlana Snezhko:
We continue our show at Megapolis 89.5 FM. It's compliance. And today we're talking to Brian Fahey. Brian is the own and founder of MyComplianceOffice. So Brian, now it's time for you to share with us... to open your secret of this product. And can you please share with us the benefits and who can become the customers of your platform?
Brian Fahey:
Well, thank you. Always like to talk about my product. But it is something we've been building out for quite some time. Fundamentally, it's about looking to monitor the cultural aspects of the company. So when you define your policies and procedures and you want employees and you want your systems to follow things, it's basically monitoring those activities and finding out where there might be potential conflicts, where there may be issues, and ensuring that the company is displaying to its employees and even to outside parties, that they are following these policies and procedures and that they take compliance very seriously, that they are really trying to change and shift and ensure that their culture follows what they want from the top of the organization down. And demonstrate to the outside market that they are truly an ethical company.
Brian Fahey:
So we sell mostly in financial services, but we also sell to various other industries. And they are industries that are sort of more on the forefront of the shift in culture that they want for their organizations. But at the end of the day, it is a compliance software. It is monitoring and saying, "Well, we said you need to do this and we're monitoring and it doesn't look like that's happened." Or we're monitoring to say, "You said you want to do this activity. And actually this is a conflict for you. And you did not know about it because it was happening in some other division," and we were able to tell people about that. So it's pretty extensive, but does go back to the three areas of potential risk for misconduct. People, the transactions the firm does that might be at times inappropriate, and then who they do business with. Whether they be vendors, whether they be customers. And ensuring that the three of those things that come together and there aren't misconduct across the organization and those things. And that's fundamentally what we do.
Svetlana Snezhko:
Brian, you have mentioned several times, such word as monitoring and controls. If this is an IT solution, how does it help to implement that compliance culture that we always speak about?
Brian Fahey:
Typically, it touches every single employee and they are required to interact with the solution and do activities at least once a year, but very often do not. So then it's very much their interaction with something and getting feedback around, "Well, this isn't appropriate." It's a declaration very often, "I would like to do something. Is there an issue with this?" And the software saying, "Well, actually there may be an issue here." And it certainly brings forward to the employees outside the training that they received, where it really sort of matters in terms of the business that they're doing, or actions that they are taking. And they get to understand why it might not be right for the organization or for them. And so, it's that cultural impact that we are proudest of in what it makes. And it-
Anastasia Smaga:
Is there an option to have a record that these program have prevented simply you of doing something, but if the employee has done nevertheless, is there an option to record this?
Brian Fahey:
Well, if somebody knows what they're doing and knows to avoid all the policies and procedures and doesn't do what they supposed to do, then certainly they can still do these things outside. It's not a perfect system for monitoring all the activities, but the reality for any organization is if you put this kind of system in place, let's call them the person who wants to do bad things, they are much more likely to go somewhere else. And that is because the system is monitoring a lot, it'll catch a lot of what's going on. It's possible that it can do... You can still do something outside of it, but to really is that the bad actor person will go somewhere else. And that makes a really big difference.
Anastasia Smaga:
Very interesting. And another question about Russia, we have already discussed a bit, the very specific area and very specific markets in Russia. What would you say... How much is it applicable for Russia? Is it a good solution for Russian companies, is it related to Russian legislation somehow, or some procedures that can be implemented in Russia? Is it useful for Russian companies?
Brian Fahey:
Yeah. We implement our solution all around the world. In many countries, it's in place, in around 80 countries. And it's not that it has to... It is a quite a flexible solution. And it's designed towards policies and procedures. And policies and procedures encompass legislation plus other rules. So it has to have that flexibility. So it's well able to deal with Russian legislation. When we've spoken to Russian firms, they're asking me any issue about some missing aspects that we need. We have all of that. And that if it is available in the Russian language too.
Anastasia Smaga:
So the company can put the necessary legislation in it itself?
Brian Fahey:
Yes, they can.
Anastasia Smaga:
Oh okay. I understand. Thank you so much. Stay with us on Megapolis FM. We will come back to you in a couple of minutes after the small pause for music.
Block 6
Svetlana Snezhko:
Compliance at Megapolis 89.5 FM. We are in our final block. And today we're talking to Brian Fahey from MyComplianceOffice. Brian, we have already discussed the trends a bit in the world. There are different level of compliance in different countries. What do you think then trends in the nearest future and tendencies in development of compliance?
Brian Fahey:
Well, the key for us is, I mean, historically what happens is a new legislation comes into place. Companies may then try to put in a solution through Excel or email or things like that. That's typically how they start. They typically find it doesn't really work for them. And especially when there's a higher volume of activity going on and that system can't do it. And so then they might buy an individual's solution to support that particular legislative area of concern. But I think the biggest trend that has really happened that we have seen in the last five years is these individual solutions do not talk to each other. So automation solves a particular specific need. But I think compliance is particularly challenged by, you need to know what's going on in another area. You need to have that data.
Brian Fahey:
So, if an employee has an issue over maybe inappropriate gifts, and if you are then getting an issue in another area around maybe trading activity, or maybe an outside business activity, are you seeing that entire picture? And in reality a lot of times this is one of the areas where bad actors can actually get away with things. Because systems don't talk, divisions don't talk to each other, and they don't know that, "Hey, there was an issue over here with that person." And it becomes very challenging. So having data in one place, having the various compliance elements in one platform makes a big difference in compliance automation trend. And lots more people are asking for, "Well, can it also talk to this system? How is it going to get the data from this system to do that check?" So this has had sort of the biggest trend away from just individual systems to a more integrated platform of compliance.
Anastasia Smaga:
And third parties check, it's also included in your platform. We have already seen it. And do you think this is also a trend for the coming years, or maybe, I don't know, the [inaudible 00:31:20] that every company will need to know more about its customers, about different other companies that it is dealing with?
Brian Fahey:
Oh, absolutely. It's a very critical part. Obviously things like AML started this process. But it is back down to FCPA and anti-corruption, anti-bribery, the UK Anti-bribery Act and the various Acts around the world. And you need to know who you're dealing with and working with. And if you don't know anything about that and don't make a judgment about it, you are subject to very, very large fines. So having an understanding of how you're doing business with not just when you onboard them, but on an ongoing basis and doing a risk analysis, understanding what has changed for that company, their financial issues, it becomes a very critical part. And of course, on an individual basis too, if you are banking with individuals and they're politically exposed persons. All of these areas around who are you doing business with? And what risk is that putting on your firm? If you inadvertently do business and you should have had a check, you can get a very large fine. So third party risk and assessment is a very growing area across the world.
Svetlana Snezhko:
Brian can you name several factors that will stimulate small and medium enterprises in the next five or 10 years to implement a compliance system?
Brian Fahey:
Yeah, well, it comes back down to enforcement and a fee... Particularly for the smaller organizations. I mean, they have a lot of things that they're doing. They're trying to grow their business. They're trying to make it profitable. They are less concerned with maybe environmental, social governance type issues. They need to feel some fear really that they are being going to be monitored and fined. So it's not an ideal thing to put forward, but a lot of smaller firms, they're managing their own risks and sometimes they don't judge the compliance risk as one of their biggest risk. So it does come down to enforcement and feeling that it's an issue.
Svetlana Snezhko:
Yes, that's a big issue still for small and medium enterprises. So thank you, Brian. We're running out of time. Thank you very for your interest in conversation. And I would like to remind that today, our guest was Brian Fahey, the owner of MyComplianceOffice. And if you follow the site at mycomplianceoffice.com you can find maybe more solutions for your business, for your companies. Thank you very much.
Anastasia Smaga:
It was very interesting. Thank you Brian, very much. Thank your company.
Brian Fahey:
Thank you very much. It was a pleasure. I enjoyed it.