Transcriptie: Tom van de Laar – Financial Crime en Compliance

Welcome to Compliance Adviseert. We talk with experts, advisors, and business leaders about navigating risk and compliance challenges within the financial sector. Because the straight and narrow path doesn’t come with GPS. We’d like to thank our partners, Hyarchis, Partner in Compliance, Deloitte and De Volksbank. Your host is Jeroen Broekema.

Jeroen: Welcome to a new episode of Compliance Adviseert. I’m very, very happy you’re listening. Today, we’re speaking about financial crime and compliance. My guest is Tom van de Laar. Welcome, Tom!

Tom: Thank you, Jeroen, also for this invitation.

Jeroen: Wonderful, great to have you here. As a short introduction, Tom is the Head of Financial Crime Compliance and Deputy Chief Compliance Officer at Rabobank. Next to his job, he’s also a guest lecturer at Deposit Master Compliance and Integrity at VU, the Vrije Universiteit in Amsterdam. So that is a short introduction, but I’m sure there is much more to this short one than that. Maybe you can also introduce yourself and elaborate on what I just said.

Tom: Yes, thanks, Jeroen. I will do so. I’m indeed the Head of Financial Crime Compliance for Rabobank. We, of course, cover many different things. We cover anti-money laundering, counterterrorism in financing, sanctions are, of course, also very important in the geopolitics of today. Frauds, but also internal and regulatory investigations and speaking up is part of my remit. I do that for the Rabobank Group, so globally but also for the subsidiaries. And in that role, I partner up with the first line, with the support functions also in the first line. To put it very simple, my job is to protect and to support the first line of business. So that is what I do on a daily basis. And indeed, I have a side job, I teach at the University of Amsterdam, the Vrije Universiteit. There I focus on organizational integrity and leadership.

Jeroen: Your job is a lot of things, right? You just mentioned all those different things, like sanctions and fraud and internal investigations, dealing with the regulator, and then in many countries. How do you deal with so many different topics? How do you prioritise?

Tom: Luckily, I don’t have to do it all by myself, of course. I do it with a great team, that means that we have a global organisation, we have representation in different regions and locations, which helps us a lot to keep abreast with also local and regional developments. So close collaboration between regions, locations and the global head office. So that’s one. And second is just making sure that you have a good system of internal processes, but also risk management in order to keep abreast but also respond adequately if you see certain developments in the world.

Jeroen: As I said in my introduction, you’re the Deputy Chief Compliance, is that a role that you actually do when the Chief Compliance Officer is not there? Or is it in itself a job?

Tom: No, it’s indeed what you said. I replace the Chief Compliance Officer in case of a holiday or if there is another reason why she’s absent. It’s important that we safeguard continuity, and that’s why you also need a Deputy Chief Compliance Officer. And apart from my role being Head of Financial Crime Compliance, I’m part of the management team of compliance. Together with the Chief Compliance Officer and the management team, we focus on the effectiveness of the compliance program.

Jeroen: But that means in practice that you need to know about all the different topics that are currently going on, right? Because if you need to step up when she’s not there, you cannot just start there, right? You need to have all this information before.

Tom: Yes, you definitely need an understanding of the compliance topics, it is very helpful if you know a little bit about risk management and compliance. But more in general, I think it’s important that you understand the business and also understand economical and geopolitical developments. So it’s important to keep abreast with all the developments.

Jeroen: And about your background, before all of this, what have you done?

Tom: I studied law, so that’s where it started. I studied criminal law and European and international law at the University of Maastricht. I started my professional career as a criminal defence attorney. I think that was very helpful, in all honesty.

Jeroen: Why was that?

Tom: Being young, being on the spot, also pleading in front of courts, also a strategic mindset that you develop as a criminal defence attorney is very helpful, I think. So you learn a lot of skills that are also transferable to the job that I have today. I think it was a great start to work as an attorney and then move more into compliance and integrity management. My first role was in ordinary criminal law, but I gradually moved more and more also to financial and economic crime. And there is an opportunity that you fix things also outside court. So if you take it serious together with your client and just fix things, there’s a potential to also settle outside court. So that’s how I moved more and more into compliance and integrity management. After that, I started working in consultancy, in governance risk and compliance. Often indeed letters from regulators which required attention, so also as a sense of urgency in an organisation and also a need to change things and to change also the operations and to fix things. So that’s the common denominator in the things that I’ve done so far. A lot of focus on financial crime, compliance in general, but also behaviour and making sure that the underlying processes get fixed if they are broken.

Jeroen: I see I need compliance officers that have a legal background and others that don’t, obviously both can be really good compliance officers, I assume. But for you, has it been helpful, this legal background?

Tom: Yes, I think it’s helpful, but I’m more for the transferable skills.

Jeroen: What does that mean, the transferable skills?

Tom: To make it very practical, the analytical skills, for example, that you learn as a lawyer. Understanding the different components that also led to a certain situation, I think that is something that’s still very helpful also today, if you deal with issues or with developments. If you follow them and if you also want to implement it in your control systems. So I think that was very helpful. On the other hand, I think compliance is becoming more and more multidisciplinary. Just being a lawyer is helpful, but definitely having an understanding about the race, but also the opportunities of technology are super important. So you also see that in compliance we have a more and more diverse set of people with different backgrounds. That is great, I think. It makes it more fun.

Jeroen: And with regards to teaching at the university, do you have examples of things that you learned there?

Tom: I learned a lot from the students. One: they have to come in the evening, so you really have to like it, otherwise you won’t enrol yourself for this program. It’s a post-master, and it’s often time away from family. It also takes time to prepare, so I think it’s really great to sit with a group of professionals which are very motivated. So I hope they learn from me, but I definitely also learn from them. What is also great is that there is diversity in the group. It’s not just people working in the financial industry, but very diverse. So they could be lawyers, they could be working for supervisors, they could also be working in the non-financial industry. And that diversity is also very helpful, just getting different perspectives on our work.

Jeroen: The last sixteen years, I’ve been working in or for financial services, and I’ve seen a lot more attention to the role of compliance and compliance in general. I always wonder when I look at that fact – for me at least, it is a fact – why that is the case. Has trust eroded in society, has trust eroded in the financial services, or is there something else at play?

Tom: It’s not just one factor, but trust is definitely an instigator. It’s a combination of things, I think. There are situations of misconduct, and you have the emergence of the financial crisis in 2008. So those are important factors. It put governance issues and compliance issues but also culture and behaviour in the spotlight. And next to that, you have the response to all of that, so the political response but also regulatory and supervisory actions emerged further to all of that. They have been far-reaching, regulations have become more and more complex. So I think that also counts that there is a lot of attention to compliance. And I think lately you see also that the conversation is getting more steered towards how you become more effective and also more efficient, which makes an interesting dialogue. And then you see topics emerging like collaboration, collaboration private-private, collaboration private-public, but also the emergence of new technology systems. How can you use that to also augment human decision-making in the field of compliance? So I think these are all reasons why the profession got a lot of attention.

Jeroen: With Rabobank specifically, you have always had and still have a very strong local presence, right? Maybe it has become a little less than in the past where every village had a Rabobank, and they knew everyone, which were very high trust relationships. Maybe not always healthy from today’s perspective, but still very healthy from other perspectives. Because people know each other, trust each other. Has it been harder for Rabobank also to move towards really modern compliance? Because there was a strong trust element, or probably is, within your organisation?

Tom: Rabobank is trying to keep the best of both worlds, so trying to stay very close and also local, in a way. So it’s also how you interpret being a cooperative bank in today’s world. So that’s one aspect. And there are different initiatives to make that very much meaningful. And indeed, the intention point is, “Can you also simplify, being more decisive, for example, and simplify your governance structures?” So if you follow Rabobank, you know that we have also made steps in that regard.

Jeroen: Yes. That’s very interesting, because I also find it an interesting topic with smaller banks, and you guys are a really big bank. But smaller banks sometimes have a very strong culture. Which is from a trust perspective often great, but from a compliance perspective not always. So it’s an interesting topic for me. The other interesting topic I wanted to dive into with you is around measuring success. Because you mentioned in the beginning, and I alluded to it earlier, there are so many things you work on. How do you measure all the things you do, to have your first line, which is to have the whole organization actually do what we all expect them to do?

Tom: Yes, that’s key, I think. Making sure that what you’re allowed is part of your compliance program, together with the first line is actually working and preventing also issues of non-compliance and also detecting issues in a timely manner. So on the one hand, of course you have your risk management processes. You set your business strategy, but you also set your risk appetite, you perform risk assessments to identify top risks. Where is the real risk that you want to manage and also, is there maybe a risk outside appetite? What is your risk response? If you define that, you can also measure it, to see if you’re successful mitigating the risk and bringing it back to your appetite. So that’s one way. But I think there are more indicators you can look at. It’s also the training completion rate, so you can look at that as well. You can look at the internal and external audit rates, are they successful or not? So your internal audit belief that you are actually effective in managing risk, your employee server rates, that is also very important. But also just working on a shop floor, getting also information from the people who are doing the job. And making sure you get information first hand. Are you able to timely address issues of non-compliance, are you quick enough if something is emerging? The number of compliance breaches. I think there are multiple indicators to measure effectiveness.

Jeroen: I can imagine. I still think, just for the challenge of this discussion, that the biggest thing you can do is having the right mindset culture or whatever word you want to use. This is relatively vague, but it’s great if things don’t come to you. You do internal investigations as well, within an organisation of 50,000 people, around that number. You always have rotten apples everywhere, wherever you go. But still, the fact that you have a culture that prevents that, you don’t see it when it’s not happening often, right?

Tom: Yes, so it’s important to have feedback loops. I’m also responsible for Speak-Up. It’s important to see if these are incidental if something pops up, or whether you see something which is more systemic. And it’s an important feedback loop, to also see if there are certain behavioural patterns that you want to address. What is the current pattern, and how do you want to replace it with a different and more sound pattern? So I think that’s how we go about. Also, don’t make it overly complicated, so identify also certain trends or certain issues, and also be fast if you see that something needs to be fixed more structurally.

Jeroen: Yes. You mentioned Speak-Up, that’s a program to make sure that the people feel–

Tom: Whistle blowing.

Jeroen: Right. How do you motivate people to actually speak up?

Tom: Always attention to the topic, also making sure that there’s a good risk culture where people feel that they can discuss issues among themselves, with their managers and also that they have multiple channels where they can report if they believe that a situation they are in is not safe enough. I think that’s important for every organisation, that you have those internal processes and the people have a way to address their concerns.

Jeroen: Related to Speak-Up, but also broader speaking, the fact that we had covid, a lot of people working at home and still, I guess it’s the same at Rabobank, that a lot of people still work from home. Has that changed things? Are people less willing or more willing? Does it have an effect at all?

Tom: We don’t see it in numbers, so the situations have changed, maybe. I’m not sure if I can see a lot of data, but there are different situations that are being reported. So that’s true, but I don’t think that working from home leads to a situation where you have less oversight of potential issues. Maybe even more, because you don’t always see what’s happening on the work floor. But you also have an understanding of people’s personal lives, as a colleague, maybe more than before.

Jeroen: That’s an interesting take on it.

You’re listening to Compliance Adviseert.

Jeroen: When it comes to three lines of defence, I always find that a very interesting concept in itself. I wanted to discuss this topic with you, if that’s okay for you. But first of all, is it a concept that you use a lot within Rabobank? You introduce yourself as second line.

Tom: Exactly. You have the three lines of defence model or the three lines model, I have different ways to refer to it. But yes, I’m working for a financial institution, and as a financial institution, you have to work with the three lines model. So it’s an obligation by law. I think for financial institutions of our size, it also makes sense to work with such a model. I can maybe make a comparison with a football team, to explain how it works exactly in real life. So the first line is the players up front, it involves business and support functions. And of course, as a business, you set certain goals and you continue to look for opportunities to score. But you also protect your own goal. So that is the process of setting a business strategy, but also managing risk. If you look at your first line responsibility, it’s all about delivering products and services for your customer base. And you have business strategy, you have risk appetite statements, you have more product proposals, you have the implementation of new systems, and so on. And I would say the second line is more in the midfield. So they are not up front, but more in the midfield. You support your first line, you provide a framework, you have a countervailing voice, you advise your business, and you proactively challenge in case of risk taking. And then you have an audit, and that is the goalkeeper. So they provide independent advice and assurance to make sure that your governance processes and your risk management are in order. So that’s maybe a way to look at it.

Jeroen: And the referee is the regulator?

Tom: Indeed. So then you also have referees, the internal audit is a referee, the external audit is a referee, your supervisor is, of course a referee. And I think all these functions are equally important, indeed. I think your earlier point, a model has flaws, every model has a flaw. So the three lines model is not in every situation ideal. The bottom line is that it’s maybe helpful, and you also have to tailor it to your exact situation. So I’m working for a more complex company, but you can imagine that if you are working for a smaller company, a start-up, maybe it’s less helpful to apply it very strictly. But then I think it’s very important that you focus on a sense of responsibility in the first, second and third line, or maybe just for your working force, making sure that you have a sound risk culture and a good collaboration model.

Jeroen: That’s a great explanation, I’m tempted to ask a lot of questions around the football team, because you’re one team, but some of you are challenging one another. That’s not always appreciated. We could go all of those directions, but the theme of this podcast, we said at the beginning, is financial crime and compliance. On the financial crime side, we’ve seen a massive influx of people. With Rabobank or maybe in general, are these people ultimately compliance or are these first line people? Because there, I see a gray area between the first and the second line. At least, that’s how I look at it, but maybe I’m wrong.

Tom: It’s not just people working in second line that are working in compliance, that’s my view. So indeed, to your point, you have your real business and the business is in the end responsible for every risk that is emerging for its day-to-day activities. So it doesn’t matter whether it’s financial crime or any type of risk, but that’s where the risk ownership lies. But you have support functions, like operations, like legal and others. And they also help business in the first line to manage balancing on the one hand the profitability and the business strategy with also the risk that emerges from those activities. And you could indeed say that if you are working in a controlled environment, if you are responsible for the control effect of this, in a way, that is also a sort of a compliance function. So I see that point very much. The second line is definitely also a compliance function, which is positioned more independent, also to give proper advice and also, if needed, give a countervailing voice.

Jeroen: Right, that makes sense. So people that are doing the know your customer work for onboarding new clients, these people are in the first line, I guess?

Tom: They’re in the first line.

Jeroen: Always, right?

Tom: Yes.

Jeroen: And the second line is going to check whether the procedures and everything are in place and whether it works.

Tom: Yes.

Jeroen: So in other words, the thousands of people that work with the major banks here in the Netherlands are mainly first line, right?

Tom: Mainly first line.

Jeroen: Although, from my feeling, they are doing semi first line work. But they are often still client-facing, in a way. So that makes sense. And the third line, I don’t hear much about it, do you have any feeling of how many people are active with that, for example? Tell me more about the third line.

Tom: The third line is equally important if you compare it with the first and the second line. So they also have a role to play in the collaboration model. They provide independent assurance and also advice, also proactively to the organisation. And again the comparison with sports, you have the rules of the game. And indeed, in that same analogy, you need your internal audit, you need your external audit, and you need your supervisor to see if you play accordingly. And I also think it’s very helpful to have the third line, to provide feedback to the organisation and also give you cues where you need to improve.

Jeroen: Before this podcast, and we’ve met a couple of times before, you often speak about governance, that that is an important part of your work. Can you first of all tell me what exactly you mean by that?

Tom: Yes, we’ll discuss governance and also the link with compliance. So governance for me is a system of processes, checks and balances. That’s also alike with the three lines model, not just one size fits all. It also depends on the complexity of your organisation, but I think they are very interdependent, governance and compliance. So governance is a system of processes and checks and balances where you want a balance, your business strategy and also manager risk. And if you look at compliance, we have compliance to manage compliance risk, and to adhere to internal and external norms. And I think an inclusive reproach would be that you have a set-up of governance where you actually take compliance interest fully on board. So I see there is a clear relationship. If you would ask about good governance, I think it’s important that it’s not overly complex, for example, that you also work with a proper delegation model and proper mandate for your working force, which also installs a sense of ownership. Individual ownership, but also collective responsibility in the different teams. So these are all important aspects, and I think therefore it’s very important to work together, with legal, with your first line, a corporate secretary, for example, to set up a sound system.

Jeroen: You mentioned not making things too complex, overcomplicating things. You mentioned it earlier as well. Is the assumption right, did you often think that people try to make it too complex?

Tom: It is complex. I think the art is actually to see if you can come up with solutions which are not overly complex. And indeed, simplify a little bit. We also discuss the attention to compliance in this volatile world, it’s quite complex to work in the field of compliance. But I think it’s important how you come up with solutions in big organisations which are rather simple, as simple as possible.

Jeroen: Governance starts, or at least it’s a very important part of governance, is at the top of the organisation. Supervisory board, non-executive director levels/the board itself. A discussion that I hear a lot is whether the compliance role should be a part of the board. Do you have an opinion? Because this is quite a debate, people have pretty strong opinions about this. Almost everyone I meet agrees that there is at least a direct line with the supervisory board, from the Chief Compliance Officer. But having a Chief Compliance Officer on the board, there are a lot of opinions. Do you have one?

Tom: My answer here also is that there is not just one model. It’s important that the compliance function has the required status, has the authority also to be successful, and if you then position the compliance function in your organisation, I think it should either be elevated to the executive committee or actually just below. It’s a key position and in that position you work very closely with your board and executive management. And I think in this role, it’s also very important that you have the capabilities to lead and manage change. Because it is a complex field. So that’s how I look at it, it could either be directly to the CEO and could be just below, but in any case, you should have direct access to your managing board and your supervisory board. And it’s not just for the CCO a role, but it’s also my role as being the head of financial crime and compliance, but also maybe the privacy officer. You have access to all relevant information and also access to people if needed.

Jeroen: I can totally imagine that that’s crucial, whether you have someone in the board or not, but there is direct access to people and information. I think that’s absolutely crucial, and would also be way more important than the fact that you have someone in there or not. My opinion would be that having someone in the board sounds like you have more impact or influence, but you may actually have less influence. Because you have put your signature on all kinds of policies and strategy from the board, whereas just one layer below, you can actually challenge that much easier. I would say your influence would be stronger not having you on a board as a Chief Compliance Officer. 

Tom: Interesting view.

Jeroen: This is just my little less humble opinion, but that’s just how I think about it currently. But I may change it at some point, speaking to people.

Compliance Adviseert.

Jeroen: I wanted to talk also with you about technology, because there is so much going on in that world, and we can go into different angles, you can take it wherever you see fit. But first of all, do you agree and see that technology is playing a bigger and bigger role within your organisation?

Tom: Absolutely, undoubtably. So there are more and more tools available which can support compliance professionals in first and second line, but also in the third line. We discussed the third line as well. So yes, I think it’s important as a compliance professional that we look into that, see if there are tools available which help us to make better decisions. But I think that’s the order, it’s not just applying technology for the sake of applying technology. I think it’s important that technology should enable or augment human decision-making. I think that’s important. So the very first question, if we look into this, because there are multiple opportunities in the surveillance or on monitoring capabilities, is: what is the goal? Why do you want to apply this technique? Is it indeed that you want to replace your more traditional transaction monitoring system with the new possibility of AI or networking analysis or entity resolution? Or do you want to integrate data in your ecosystem? So it’s important to look into all of these types of questions. And I also think there is a relation with the governance as well. If you introduce that, how do you govern it, how do you take decisions? Is there maybe user training required? Do you need feedback to improve? All these types of questions I also think are very important if you’re exploring working with these new techniques. And in the end, I think it’s all about making sure that it benefits not only your organisation, but society at large and doesn’t harm. And for that, I think you have to look into all these types of questions.

Jeroen: Right. Do you have examples where you see tech playing a really nice role for you? Examples where you are still in doubt whether tech is going to cause more issues for you? I mean tech from the outside world, for example in financial crime.

Tom: Yes, I think there are already great examples where it’s just more administrative work and where you can do it in a more automated fashion. So that could indeed be in the case of identification and verification requirements. We already have solutions for screening and monitoring that we can apply. And you also see more and more solutions being introduced for alternatives in more dynamic ways to monitor risk. So entity resolution, for example.

Jeroen: What is that? Just to make sure I get it.

Tom: Network analysis. That means that you’re trying to connect dots, so to say, and understand if there are maybe relationships with some other actors you have in your portfolio, so that you see the broader picture.

Jeroen: With clients, for example, with transaction monitoring, those kinds of things?

Tom: Yes, clients, beneficial owners. Those beneficial owners maybe have other entities as well.

Jeroen: Right. And examples where tech is a threat for you?

Tom: I think I’m going to answer that more generic, I think. You have to make sure that the technology that you apply doesn’t discriminate against people. I think that is important, and that is something that you have to manage.

Jeroen: That’s a great example, internally. But external threats from tech? For example in money laundering or cyber?

Tom: What you see with artificial intelligence, I’m not per se the expert in that, but indeed with artificial intelligence you see also the cyber risk threat becoming more and more serious.

Jeroen: And obviously, when we talk about tech, we should touch on the words artificial intelligence, is this something that you and a lot of people have been working on within Rabobank?

Tom: We have a lot of people working on technologies, including AI. I don’t know the exact number, but it’s at least 400–500 colleagues working in the financial crime space on technology. I can’t pinpoint how many exactly.

Jeroen: I wasn’t necessarily looking for the number, but this is a very important topic.

Tom: Very important, if you hear these numbers, it’s clear that it’s super important.

Jeroen: Right. In the AML space specifically, there is a lot of talk about applying strict rules versus a more risk-based approach, or an approach driven by a certain vision or idea versus really ticking the box, so with rule-based. Is this a helpful distinction? Do you use it a lot? I’m asking three questions at once, but do you also see this trend that we’re moving more towards a world where we focus on the actual outcomes and on a more risk-based approach than just applying rules relatively strictly? We always had some kind of a risk-based approach, of course. Because you can’t monitor every single transaction, for example.

Tom: Let’s start with risk-based. I think that’s the only sensible way to deal with this. In general, prioritization helps us to focus, and it’s the same thing if you work with risk. You put your focus on those risks that are the highest, and prioritize these. In that way, you become the most productive, and you prioritize tasks for the workforce and also are clear on what you will do and also with less intensity. So I think, looking for example in my field of financial crime and compliance, the risk-based approach is very essential in the effective implementation of an AML-framework. It means that we have risk management processes to identify the highest risk for the bank, understand how we are exposed to that risk, and then also take appropriate mitigating measures to bring back the risk within appetite. And I think the way of working is quite straightforward, so if you address those risks, you go to the next lower level of risk, that’s how you go about. And I think we should be in a position as institutions to explain why we make certain decisions, so why you delegate capacity on A and on B or A and B, but A with more intensity than B, for example. So that is key. Part of your question was also ticking the box versus this. Clearly, technical requirements are there, it’s important to be compliant, but I think it’s about the ecosystem and making sure that we are as effective as possible in that ecosystem. And therefore, it’s important to demonstrate that you have an effective framework and really work risk-based, and you can explain why you take certain decisions. So as an institution, I think it’s important that we distinguish between low and high risk and are able to distinguish between low and high risk. And of course, it will be super helpful in the collaboration, the opportunities, that we can reach the information that we have as a financial institution. Also, with information that other parties have or other private parties have, to become even better in fighting crime.

Jeroen: What I ultimately find very difficult in this debate is that you need to apply a risk-based approach because there is just too much data, too many clients to monitor all of it. And still, you’re expected to report any activity that looks weird. So there is some internal tension there by definition, it sounds to me?

Tom: That’s correct. And I think that’s a dialogue you also ask, “What do you see in the Netherlands and how is that dialogue being held?” What is maybe nice to mention is the report of DNB of last September, from recovery to balance. There, DNB argues to focus on effectiveness and also not be overly burdensome for customers.

Jeroen: Prevent, unbankables and stuff like that.

Tom: Exactly, yes. So also there you see clear steer also from the public party to focus on risk and take a more risk-based approach. So I think that’s great that we have that development and also the dialogue. And further than that, we started with round tables, also to see and explore opportunities where we can work a little more risk-based than we do today, and just having that conversation is already absolutely great.

Jeroen: Right. You already mentioned working together with partners a couple of times with the public-private dialogue. It is crucial in your view. Still, I think that’s difficult and harder if there are people who are suspected of crimes within boards. So having a good relationship working together, you should not be scared to be personal or liable, for example. Has this made public-private partnerships and cooperation harder over the years?

Tom: We discussed the topic of privacy, which is important, and new technology. So data and privacy are also important topics, but indeed, you touch upon the topic of trust, and I think that’s also a very important topic. So collaboration only works if you work as partners and if there is also a level of trust in that collaboration. Maybe there are situations where you have to be a little schizophrenic, to put it like that. But I think it’s important, and I think that’s happening, that we are explicit about it. I think you’re also in a situation, if you look at institutions, we are all focusing on – I’m talking about the Netherlands and the important partners – making the ecosystem better. I think it’s more difficult to find someone who doesn’t agree with that. So I think we have to make sure that it doesn’t distract from having this dialogue and focusing on effectiveness.

Jeroen: I’m not sure who said it, but it takes a network to fight a criminal network. I think that’s very true. Ultimately, you can only do it together by the private sector, public sector. You can never do it alone, the banks can’t do it alone, but the public sector can’t do it alone either. That makes sense, from what you just said. Last but not least, we’ve always asked our guests about tips for Compliance Officers, whether you’re a junior and starting today in the field of compliance or whether you’re a Chief Compliance Officer, in your case a Deputy Chief Compliance Officer, do you have tips for them?

Tom: My tip would be: make sure that you understand your business. You become more credible, and I also think a better partner. Whether that is in an advisory role or a countervailing role, for your first line. So that would be my tip.

Jeroen: But how do you do that?

Tom: Meet clients, for example. Just join your first line, understand the business, the products, and the services that are being provided. Sit next to people to understand also the underlying core processes. We touched upon the topic that it’s maybe helpful to have a legal background. Yes, it’s helpful, but I think you need far more skills. And I think having this interest in the real business, but also focusing on other types of skills like technology, capabilities and communication skills, are equally important to be successful in this job.

Jeroen: Can you make it more specific? Why is it important to meet clients?

Tom: I think it’s important to understand what’s in the heads of the clients. They are always passionate about their company, there are a lot of good clients also, you also learn how to ask your question, if you’re actually properly understood. So I think just having that basic understanding of knowing what your clients do and what’s important to them, but also building a relationship and also some understanding on the clients end of what we’re doing and why we are collecting certain information is super helpful.

Jeroen: Did you ever think, when you started your career, that compliance would become, from a business terminology, so hot and important, part of the business to be in?

Tom: I never really gave that a thought, because I think I was part of that journey. So I think I started working just before the financial crisis started. I was more a part of that journey. I saw the profession evolve. I think it only has become more and more fun, in honesty. So more complex, more fun, and I think we now arrived in an area where we’re looking for effectiveness, but also efficiency. So that’s great. You now saw this tendency to have more staff, I think, and now I also think it’s about how we can work smarter, going forward.

Jeroen: Is there something in this interview that you think I should have asked, or something you really liked to share? Then this is the right moment for that.

Tom: No, I think we touched upon a lot of interesting topics. I think we sometimes should be a little proud of things that we are doing already in the Netherlands. Also, if I compare it with our foreign colleagues. We talk a lot, in a more international context, for example Transaction Monitoring Netherlands. And I think it would be great, together with the partners, wherever they are, to see if we can let those initiatives flourish. Because I really believe that that collaboration is key. For that, we also need that legal framework in place. So that would be my last request.

Jeroen: Wonderful, that is a great positive note to end on. Tom, thank you so much for taking the time to talk to Compliance Adviseert. It was really interesting, and I also love the fact that you’re such an optimistic person who deals with risks all the time, but still looks at it from a positive perspective. So it was really interesting to listen to you, and thanks for taking the time. After the podcast, I will give you a small present, which even compliance officers can accept! I’m sure of that, I checked it many times. It’s not too expensive, but still, I wanted to thank you for taking the time.

Tom: You’re welcome, it was a pleasure!

You’ve been listening to Compliance Adviseert, made with the help of Hyarchis, Partner in Compliance, Deloitte and De Volksbank. Would you like to know more or leave us a comment? You can do this on our LinkedIn page. If you follow us there, we’ll keep you up to date with our new episodes. We’d be grateful if you could leave a review and tell others about this podcast. Also, don’t forget to check out the other podcasts on our channel, there is bound to be something for you.

Vul hieronder je e-mailadres in om op de hoogte te blijven van Compliance Adviseert