The Governance, Risk, and Compliance (GRC) industry is critical to protecting organizations against various threats while ensuring adherence to regulatory standards. This industry is constantly evolving, adapting to new regulatory changes, and adopting advanced technologies like artificial intelligence to enhance compliance and risk management frameworks. The integration of these technologies helps in detecting and preventing financial crimes more efficiently, making the GRC sector an essential component of the corporate sector.
Rajitha Prabhakaran, Group Financial Crime Officer, exemplifies leadership in this challenging field. With a career rooted in Governance, Risk, and Compliance (GRC) since her early twenties, Rajitha’s journey began with the UK’s Financial Services Authority’s ARROW review. This pivotal experience shaped her approach to compliance, highlighting the delicate balance between stringent regulatory adherence and the operational realities of a sales-driven environment. Her expertise extends across various facets of risk management, from compliance monitoring to financial crime prevention, underpinned by her advanced studies in Terrorism, International Crime, and Global Security.
Rajitha serves at Domestic and General Insurance Services Limited, where she has dedicated the past seven years to enhancing the company’s compliance posture. Under her leadership, the firm has implemented robust compliance monitoring programs, advanced financial crime prevention strategies, and extensive staff training initiatives. These efforts have significantly reduced fraudulent activities and strengthened the company’s adherence to ICOB standards, ensuring a culture of ethical conduct and accountability within the organization.
Let’s explore Rajitha’s transforming leadership journey in the GRC sector:
Mastering the Balance Between Sales and Compliance
Rajitha began her career in Governance, Risk and Compliance (GRC) while still in her early twenties. She has been working in GRC since 2005, but her professional career truly kicked off in 2007 when she supported the UK’s then-regulator, FSA’s (Financial Services Authority) ARROW (Advanced Risk Review Operational Framework) review visit, a key supervisory mechanism of FSA.
During this review, the firm she was working for was fined for exposing its customers to fraud risks and security failures. This incident led to a wide-scale risk assessment of the key control failures, and Rajitha was appointed as the Local Compliance Champion of the offshore site due to her familiarity with the “regulatory speak” while facilitating the risk review. This opportunity, while exciting on paper, came with a host of unprecedented challenges.
For starters, there was no precedent for such a role, and Rajitha had to learn the ropes on the job. She had to build the compliance monitoring program from the ground up. At the time, in the misplaced interest of a positive customer experience and in a heavily sales-driven environment, Know Your Customer (KYC) compliance was compromised, and scrutiny was rather relaxed. Besides, compliance was a fairly obscure term and considered a dreadfully boring and punitive/costly venture without any ROI.
The concept of regulated compliance and ethical obligations did not readily resonate with the sales department because of the conflicting messages. The firm had a very strong ethical culture at the top but also had a subculture below the top where sales goals had to be met using hard sales tactics. Steering sales strategy compliance by eliminating the pre-existing pervasive subculture of historical business practices within sales functions compounded by ineffective oversight measures was painstakingly laborious to shift.
A too restrictive system of rules, controls, and compliance can negatively impact sales by putting unnecessary barriers in place, while an undisciplined sales process can incur costly violations. Rajitha’s first and most significant takeaway from this role, which she abides by even today, is to achieve the sweet spot between safety and flexibility by encouraging ethical conduct while evoking accountability instead of merely teaching compliance.
This stint in the compliance function empowered her with autonomy and the ability to integrate corporate management with governance through collaborative work ethics. She also developed a broad range of knowledge in various disciplines of Risk and Compliance. One constant lesson learned in these profiles is that challenges are inevitable and that no one steps into a job knowing everything. More recently, in order to advance her knowledge within the Financial crime realm, she obtained a Masters in Terrorism, International Crime, and Global Security from Coventry University, which she passed with distinction.
Her work was presented in the Coventry University Postgraduate Degree Show as an excellent example of MA-level writing. In 2023, she was awarded the Head of Financial Crime of the Year by the GRC World Forums, Women in Governance, Risk, and Compliance Awards. She has since represented D&G in many Financial Crime forums as a speaker and contributor.
Evolving Role in Risk Management and Compliance in Insurance
Throughout her career, Rajitha has worked extensively with various regulations and standards, with a primary focus on the Insurance Conduct of Business (ICOB) rules under the general insurance sector. Her journey in risk management and compliance began at Aviva Insurance, where she spent nearly a decade in various disciplines within risk and compliance, including internal auditing.
For the past seven years, she has been serving as the Group Financial Crime Officer at Domestic and General Insurance, where she continues to specialize in ICOB. ICOB has been the cornerstone of her work, particularly in the realm of general insurance. Here are a few examples of how she has applied these regulations in her work:
- Consumer Protection and Fair Treatment:
She ensured that all policies and procedures were aligned with ICOB standards to protect consumer rights and ensure fair treatment. This included comprehensive reviews of the sales processes and complaints processes.
- Risk assessment:
She conducted regular risk assessments to ensure compliance with ICOB regulations, identifying potential risks and implementing corrective actions where necessary.
Example: While at Aviva Insurance, she developed and implemented a robust compliance monitoring framework that enabled the early detection of non-compliance issues such as sales malpractices. This proactive approach not only ensured adherence to ICOB standards but also enhanced the overall risk management capabilities.
- Financial crime prevention:
She developed and executed comprehensive financial crime prevention strategies that comply with the ICOB, ensuring robust defenses against fraud and other financial crimes.
As the Group Financial Crime Officer at Domestic and General Insurance, she manages a team of seven financial crime analysts. As a team, they work with advanced analytics tools to detect fraudulent activities and isolate anomalies.
They also safeguard the company’s products and services from further abuse by continuously monitoring the risk of fraud from blocklisted customers. This initiative led to a significant decrease in fraudulent claims and strengthened the overall compliance posture.
- Training and Development:
She designed and delivered training programs to ensure that all staff are well-versed in ICOB regulations and understand their importance in everyday operations. At Domestic and General Insurance, she developed a series of training modules that are mandatory for all employees. These modules covered key aspects of ICOB compliance and financial crime prevention, resulting in a more informed and vigilant workforce.
Strategies for Effective Financial Crime Prevention
Rajitha has implemented several key strategies to ensure compliance with FCA AML standards and effectively prevent financial crimes. Previously, she worked as an MLRO for Aviva and supported the BMLRO in filing SARs with the then-Serious Organized Crime Agency (SOCA).
At D&G, she worked closely with the legal team to facilitate intelligence gathering about the rogue trader abuses the firm faced, resulting in a successful legal indictment and facilitating a successful NCA consent submission for a suspicious settlement.
One of the core strategies has been the integration of advanced technologies into the AML compliance framework. They leverage artificial intelligence and machine learning to enhance their transaction monitoring systems.
These technologies allow them to analyze large volumes of transaction data, identify unusual patterns, and flag potential suspicious activities with unprecedented efficiency and accuracy. A crucial aspect of the AML strategy is ongoing staff training and awareness programs.
Recognizing that technology alone isn’t enough, they train their employees on AML regulations, money laundering tactics, and the importance of vigilance. These sessions ensure that their staff are well-equipped to identify and report any suspicious activities.
They’ve also established a dedicated financial crime team tasked with continuously monitoring transactions, conducting investigations into potential financial crimes, and maintaining close cooperation with law enforcement agencies and regulatory bodies. This team plays a critical role in ensuring that any suspicious activity is promptly addressed.
Building Effective Compliance Monitoring Programs
Typically, compliance monitoring programs start by setting up a requirements library, which is an inventory of in-scope requirements used to identify the compliance risks of the organization. To establish the library, all the statutory, regulatory, strategic, and contractual obligations that apply to the firm must be identified. A single point of contact is established to ensure consistency and a single source of truth.
Once Rajitha has mapped the requirements, she conducts a risk assessment and evaluates inherent and residual risks and controls. She then prioritizes the residual risk to test the controls. This is followed by developing a compliance testing methodology and communicating it to the respective business unit. The testing schedule and timeframe are shared, and advance notification is provided. Testing is performed by reviewing evidence and ensuring compliance with standard operating procedures.
The results are communicated to the stakeholders, and approval is obtained from the affected business function on any issues or control failures identified. On completion, the final report is drafted and issued. Finally, an issues management process is implemented, and remediation is validated, to sum up an effective compliance monitoring program. In her current role, through a comprehensive risk assessment, gaps in the manual detection program were identified.
The transaction monitoring system was enhanced with AI-driven technology to better detect suspicious activities and high-risk customers, resulting in a significant increase in identifying fraudulent activities. This proactive approach ensured compliance with FCA financial crime prevention standards and reinforced the commitment to preventing financial crimes. At D&G, the focus is on enhancing underwriting controls, leveraging machine learning, and continuously assessing risk to identify, investigate, and prevent fraud.
Achieving Trust through Ethical Data Practices
Balancing regulatory compliance with ethical considerations and privacy concerns is a cornerstone of Rajitha’s role. She prioritizes a balanced and proportionate approach that aligns with both regulatory requirements and ethical principles without placing unnecessary barriers on genuine customers. When handling customer data, particularly in the context of due diligence checks, they adhere strictly to regulatory guidelines while also considering the ethical implications of their actions.
This involves ensuring that the collection, analysis, and storage of personal data are conducted with the utmost respect for privacy rights and ethical standards. They aim to harness the potential risks of the digital era into new opportunities for growth. They communicate clearly with customers about the purpose and scope of data collection, and they obtain consent whenever necessary.
Additionally, they implement robust security measures to safeguard sensitive information and prevent unauthorized access or misuse. The objective is to earn and sustain customer trust and prove that they are protecting customer data by using it to create value, enhance customer safety, and drive growth.
They continuously monitor regulatory developments and industry best practices to stay ahead of evolving compliance standards and privacy regulations. This proactive approach enables them to adapt their processes and procedures accordingly, ensuring a balance between legal and ethical requirements. Through these efforts, they uphold the highest standards of integrity and trustworthiness in their data management practices.
Strengthening Anti-Fraud Measures in the Digital Era
In the coming years, several key areas of risk and compliance will evolve, necessitating proactive adaptation and strategic planning. Here are the key areas and how they are preparing to address these changes:
- Regulatory Change Management:
As global regulatory landscapes, particularly Fintechs, continue to evolve rapidly, it’s crucial for organizations to keep pace with these developments and leverage them. They are developing scenarios and frameworks that enable quick adaptation to new regulations, ensuring compliance without disruption to their operations. This involves continuous monitoring of regulatory updates and integrating changes into their compliance programs swiftly.
- Impact of AI:
Data is the new oil, and being able to harness it strategically using the biggest and most promising disruptor, Artificial Intelligence (AI), can be a game changer. AI can significantly reduce the time and effort required for data gathering and analysis. While AI might be a game-changer, it should complement the detection process of an investigator. Errors or breaches don’t prove culpability.
It basically should be an interplay of financial, technological, and human resources, which should come together for a response proportionate to the scale of risk. They are investing in AI-enabled technologies to analyze large data sets, identify patterns, and predict potential challenges.
However, they are equally focused on ensuring that AI is used ethically and fairly through human checks by developing staff skills to interpret results fairly and accurately. This includes making algorithms transparent and accountable and preparing for upcoming regulations that will mandate audits for AI fairness, ethics, and bias.
- Greater Cybersecurity and Anti-Fraud Focus:
Ensuring systems and controls keep pace with the sophistication of criminal groups emerging typologies, leveraging technology effectively, and continuously refining responses to address evolving threats such as social engineering techniques, Deep fakes, and Gen AI are used to trick firms, making fraud detection much more challenging.
As cybersecurity threats become more sophisticated and pervasive, they are enhancing their practices. This includes adopting advanced threat detection systems and implementing multi-factor authentication (MFA) across the organization, including online applications. These measures help protect their data and systems against potential cyberattacks and ensure compliance with stricter cybersecurity laws.
Transforming Compliance Culture in Financial Institutions
When Rajitha started her current role as the Financial Crime Officer, the firm did not have a dedicated financial crime team. For about a year, she was the sole member, building the foundations for the functions and processes of this team from the ground up. It was by no means easy, but her years of experience in risk and compliance helped her make the most of this opportunity.
Initially, there was a strong emphasis on treating customers fairly and putting the customer first. While this approach is essential, it can sometimes backfire when bad actors exploit their services by pretending to be genuine customers. It was crucial to shift the culture from unconditionally trusting every customer to recognizing the potential for fraudulent behavior.
They had to train their staff to identify and differentiate between genuine customers and bad actors. This change required a careful balance: continuing to prioritize fair treatment of customers while remaining vigilant against potential abuse.
To achieve this, they implemented comprehensive training programs focused on recognizing unusual or atypical behavior and red flags. By encouraging staff to look beyond the surface and question inconsistencies, they aimed to create a culture of awareness and scrutiny without compromising on customer service standards.
The impact of this shift was significant and bolstered their first line of defense. The number of suspicious alerts reported by their financial crime team increased noticeably, indicating that their staff were successfully identifying and flagging potential threats. This improvement not only enhanced their ability to prevent financial crime but also reinforced their commitment to both customer fairness and security.
Today, they are a team of seven financial crime analysts. Rajitha created a bespoke financial crime guidance document for claims, complaints, and first-line functions, as well as a business-wide online training module. Additionally, she developed tailored controls to address the inherent vulnerabilities to financial crime within the business. Her efforts have transformed their approach to financial crime, ensuring robust prevention and detection mechanisms are firmly in place.
To further strengthen her skills, she also completed a Master’s in Terrorism, International Crime, and Global Security. This advanced education helped her develop authoritative knowledge of financial crime and gave her greater confidence to discharge her duties with a nuanced understanding of the subject matter.
Pursuing Excellence in Risk and Compliance Management
In her continued pursuit of excellence in risk and compliance management, Rajitha aims to achieve several key objectives.
Firstly, she plans to integrate advanced analytics and artificial intelligence into their fraud detection processes. Leveraging these technologies will help them accurately identify potential threats and reduce financial crime.
Secondly, enhancing their training programs is crucial. Ensuring that their staff are equipped with the latest knowledge and skills will help them stay ahead of evolving compliance standards and regulatory requirements.
Thirdly, fostering a proactive risk management culture is essential. Encouraging all employees to take ownership of risk and compliance issues will help them mitigate potential problems before they escalate.
Lastly, strengthening collaboration with industry peers and regulatory bodies will allow them to share insights and best practices, collectively improving the standards of risk management and compliance.
In summary, her goal is to harness technology, enhance staff capabilities, cultivate a proactive risk culture, and foster industry collaboration to drive continuous improvement in their risk and compliance efforts. She finds it very rewarding and exciting to have a small but important role in the war against crime, fraud, and corruption.
Fighting against these illicit efforts does not always seem interesting because they use documents and online tools as their weapons to prevent these criminals from using financial institutions for their illicit purposes. What she does may not change the world, but she knows that by fighting fraudsters, she can protect the world of vulnerable victims of fraud, and through these efforts, she hopes to make the world of crime less lucrative and ensure consequences for fraudsters.
