"We aim to be best in class"
Interview with Julian Kirsch, Head of Risk and Compliance
Julian Kirsch, Head of Risk and Compliance at Aryza, discusses current challenges in regulations and risk management, the implementation of regulatory guidelines into the Aryza products, and why it is important to always be a step ahead.
How many different regulatory requirements must Aryza keep track of?
Julian Kirsch: I would hate to try and put an exact figure on the many rules and regulations firms like ourselves need to be compliant with. We monitor diligently the regulations that affect us as a company and those that our customers must comply with, such as those from the FCA for example. This includes legal regulations, regulations in the areas of personnel and health, and accounting standards, etc.
What does your role as Head of Risk and Compliance look like in this context?
Julian Kirsch: My task is to ensure compliance at a global level, to adequately manage our risks in all the regions where we operate. This poses a significant challenge, as the requirements may vary greatly from region to region. It is important to have the right organisational structure, the right colleagues, and partnerships that assist us with the implementation of requirements.
What does ‘vary greatly from region to region’ mean?
Julian Kirsch: Even from an internal point of view, we consider our own employees and the different employment laws in place together with health and safety requirements. For example, our colleagues in Mauritius face specific legal requirements related to 'monsoons'—something we obviously don't have in the UK or our other European locations.
Is there an approach to manage this under one umbrella?
Julian Kirsch: Data protection is a good example, as the rules and regulations are are different in each region, especially outside the EU. We believe that the GDPR standard is very effective. Therefore, Aryza has decided to commit to this standard as definitive across all regions. This is sometimes much more than we would need to do. However, we aim to be best in class and establish best practices that apply across the regions we operate in.
Regulatory requirements, as you mentioned at the start, also need to be implemented in our products. How do we proceed?
Julian Kirsch: We have an established risk committee that involves members of the executive team, department heads, product owners, and legal and compliance (ISO and DPO officers). Here we focus on current challenges and changes and what we can do to mitigate risks. Since we are ISO-certified, there are very specific controls to ensure that these changes are implemented in our products in a timely manner.
Do you have an example of the implementation of regulatory requirements?
Julian Kirsch: Consumer Duty is a directive from the FCA that requires financial service providers to focus on consumer protection to a much greater degree than before. Our products themselves are not regulated by the FCA, but they are used by our clients, who are partially regulated by the FCA. Thus, we need to keep an eye on these legistlations and ensure that our products meet these requirements.
How important are certificates like ISO and SOC?
Julian Kirsch: Such certificates are now expected by customers in the markets we operate in and are often part of contractual agreements. However, I believe these should never be seen as a tick box exercise, companies should not only operate within the framework of these requirements but should strive to exceed them. Certification should be a byproduct of the standards a firm has in place.
According to the Allianz Risk Barometer, cyber risks are currently ranked number one, followed by business interruptions and natural disasters. Is this also your perception?
Julian Kirsch: Cyber risks are at the top of the agenda for many companies. Therefore, we take information security and data protection—whether it's our own or our customers' data—very seriously. This is also reflected in our risk profile.
Has artificial intelligence become a risk factor?
Julian Kirsch: AI is certainly another instrument in the toolkit of hackers. As technology advances, the risks increase. At the same time, AI is a tool to effectively combat cyberattacks. If used responsibly and with a focus on security by companies, it will be a great help.
What are the biggest future challenges?
Julian Kirsch: The regulatory landscape is constantly changing, and I don't think that will change in the future. Simply keeping up is not a great place to be for ourselves and our customers. It’s about staying one step ahead. For this, we need to plan early and be proactive. We have our risk committee for this purpose. My role is to ensure that we remain complaint across our organisation and in the delivery of our products and services to our customers.
