Latest Products

Future in Risk and Compliance

Thursday 11 May 2017


Recently, Morgan McKinley published
salary surveys on risk management and compliance. Sophie Peers, Risk and Compliance Manager at Morgan McKinley, spoke to GRC Professional about the expected future of risk and compliance in 2017.


What are some of the emerging trends in the risk and compliance field over the last couple of years?
Risk and compliance trends are generally impacted by the market conditions within Australia, where an increased demand for high calibre professionals continues to be on the rise.
To highlight some specific trends; the three lines of defence model is still being rolled out across a majority of organisations. A trend we have seen particularly within the domestic banks is that their second line of defence is heavily resourced, with most of the headcount performing what they refer to as ‘review and challenge’ type responsibilities. However, what this means in some cases, is that the accountability and ownership of risk management is sitting away from the business.

Over the last couple of years there has been a shift in mindset with most organisations now believing it is the responsibility of the business to manage their risk, not the risk teams themselves. The independent risk management function, exist to protect, support and advise.

With that in mind, we have seen two of the Big 4 banks restructure their teams and increase headcount in the first line. The impact being first line teams need to be much more commercial and product savvy. Finding people with an equal strength in both business and risk management knowledge has been a challenge for businesses. Many of the current second line incumbents are not suited to the first line requirements due to more generalist skills in operational risk rather than products and operations.

That has meant more people have moved into risk management from business roles, such as operations, legal, processing, credit etc. It is those sorts of positions that tend to blend most easily into risk and compliance. Those people who have traditionally sat in the second line as generalists, and who subsequently have learnt more specialist skills are also in demand.

Whilst organisations have traditionally acquired their talent from risk-based audit and assurance-type roles within the big four consulting firms, we expect that this will change in the future. As more emphasis is placed on the first line, we anticipate companies will be looking for more people to move within the organisation through internal mobility.

Another interesting trend is that operational risk, which was once considered an art, is fast becoming a science, with more emphasis on using data in the space. So, rather than operational risk in its traditional definition being ‘people, processes, and systems’, it is now more about the calculation of data. Determining how we can extract meaning from reporting, and how new systems and tools can be implemented, to make the life of risk and compliance professionals easier, while making processes more efficient.

What about the future of risk and compliance? Do you feel AI and automated solutions in the risk and compliance space present a threat to risk and compliance roles in the future? Is there something unique an individual can bring to the job that automation can’t?
Whilst I don’t believe that AI and automated solutions pose a threat to risk and compliance roles today, I do feel that it will influence the role of the risk and compliance professional in the future. Effective risk management involves the consideration of multiple factors, such as use of language or syntax when reviewing marketing material and this cannot always be satisfied through AI. We need to understand that we are dealing with people, and people can be inconsistent and unreliable. There will also be grey areas in legislation that require interpretation. There is no ‘yes or no’ in risk and compliance.

While businesses might start to use analytics to improve processes, I think risk and compliance professionals will remain vital. This is because the human element is paramount in some areas of the compliance life cycle, such as the interpretation of the grey areas in legislation as mentioned earlier. It is the reason I go to bed happy knowing my job is safe!

Is there anything in particular that has leapt out at you for 2017 when it comes to the types of risk and compliance roles in demand?
From a recruitment perspective, a lot of what happens is driven by the focus of the regulators. Much of what we have seen lately has been related to enhancements in technology. When APRA announced that they would be doing industry-wide reviews in the technology and vendor risk spaces, it increased organisations’ awareness of the potential threats when engaging with third parties, and the importance of doing capability assessments with their suppliers.

Interestingly, of all the roles Morgan McKinley recruited across risk last year, 65% were in the tech and cyber space. The remaining 35% was as a result of general attrition, and predominantly at the Analyst and Manager level.  Some industry sectors have been busier than others of course; however, technology risk is growing, and will continue to remain high on the agenda because it is an evolving area with ever emerging risks. In the last 18 months, the big four consulting firms have lost a lot of people to technology risk roles in-house, their training and background forming an almost perfect stepping stone into industry.

Organisations have also been prepared to consider people with pure technology backgrounds, providing they can demonstrate in the interview process that they understand risk methodology, can utilise some of their tech space knowledge, and, learn or hold a passion for risk. They have found this an easier path as opposed to trying to teach a traditional risk professional about technology.

Along with this increased demand, we have seen an uplift in salaries paid to secure top talent in tech risk. 

What are your predictions regarding salaries in risk and compliance for 2017?
Salaries across risk and compliance have remained consistent over the past few years, and it is likely that 2017 salaries will remain similar to 2016. This is partly due to the fact that there is a lot of stability in the market in relation to what is needed to attract candidates into roles – progression, flexibility, culture etc. However, if someone is moving from role A to role B, or organisation A to organisation B, they will expect to see a pay rise.

There is not as much money being shared around in terms of salary increases and bonus pools. Candidates are not typically receiving salary increases internally year on year, however, again in areas with specialism—such as technology risk, where there is a lot of competition, and financial crime—there is more being spent as can be seen in the latest 2017 Morgan McKinley risk salary guide.


Are there any commonly asked questions from risk and compliance professionals looking to move roles?
We are always happy to provide our insights into current market conditions within risk and compliance, something commonly asked from professionals who are either hiring new talent or seeking a new role themselves. Most are very confident that their skills are transferrable, and in some cases that is true. It is also important to understand that businesses seem to be running leaner, with risk and compliance teams doing more work with fewer resources, leaving everybody spread quite thin.

Generally speaking, employers will hire the person who is doing almost the same role in a competitor organisation as they believe the candidate will hit the ground running. The risk here is that this person will quickly tire of a role that does not stretch them and ultimately move on, perhaps sooner than expected.

Other commonly asked questions include:

  • Should I be studying towards any additional qualification/s?

  • Can you suggest ways to develop myself so that my CV looks ‘better’?

My advice here is that your CV and qualifications will take you so far, but it is how you actually behave in a business that counts, ask yourself: “When I leave, what am I leaving behind? What is my legacy?”


Are there any other future trends you expect?
Organisations are becoming increasingly aware that they will have to start developing more junior talent in risk management and compliance. There is often a gap between the Junior and Senior Analyst level, when professionals have moved from consulting into industry at different stages in their career. As time progresses, we should look for more diversity in the skill set and more development internally for those wanting to get into risk and compliance.

Another emerging trend for 2017 is conduct risk, culture and ethics management. For these areas, organisations would like someone who is proactive and can understand human behaviour and why culture and conduct is in jeopardy.  Teams are now questioning how we measure ethics, and how we report on the subject. The skill set and qualifications of these professionals are anything but traditional – behavioural psychologists, engineers and human resource professionals to name a few.  


Any advice or takeaways for risk and compliance professionals?
Move forward through consistent development, both professional and personal. Embrace the opportunity to learn, and as the environment evolves and grows, so should you. Don’t be afraid to leverage. Make use of inter-bank forums and associations like the GRCI that provide people with the opportunity to get together and share.

We are all busy. However, while few of us likely have the time to attend meetings and conferences every month, or even every quarter, do pick up the phone and dial in. It takes an hour of your time, and the information and connections you build with the community are invaluable.

Great people know great people. Ensure you mix with those people to whom you aspire to be.

The team and I are always available for a confidential discussion about you and your career. Please don’t hesitate to get in touch. 


Sophie Peers, Risk and Compliance Manager, Morgan McKinley