An interview by Lori Strauss
From Compliance & Ethics Professional
Phyllis Skene-Stimac (email@example.com) is Executive Vice President and Chief Compliance Officer at MoneyGram International in Dallas. She was interviewed by Lori Strauss (firstname.lastname@example.org), Chief Corporate Compliance & Privacy Officer at University of Virginia Health System in Charlottesville, VA in February of 2015.
LS: Thank you, Phyllis for taking time to share with us your background and the valuable lessons you’ve learned in the Compliance field. Can you tell us about yourself and what led you to work in Compliance?
PS: I have been in the Compliance field for about 25 years. I started my career as a staff accountant at a financial institution and earned a degree in accounting. Through my participation in many regulatory projects, I was given the opportunity to focus more on the regulatory compliance world and to grow in the Compliance profession. Understanding how your company works is key to being an effective compliance professional. I was exposed to many different areas in the company before I started in Compliance. This gave me a broad view of the challenges faced by the institution, both from a compliance and business perspective.
LS: Your compliance experience has been with financial and money service companies. How do you see compliance in these industries differing from compliance in other industries, such as education, advertising, agriculture, or healthcare?
PS: There are actually more similarities than differences. Compliance is a repeatable framework that you can employ, regardless of the industry or governing rules and regulations. It is most important to understand the specific dynamics of your industry and the attendant regulatory requirements. In any industry, you must conduct a risk assessment on the vulnerabilities presented by your company’s processes, customers, systems, etc. One must then develop policies, procedures, and training to strengthen controls and mitigate those vulnerabilities or risks. Employee training is the first line of defense against threats to a company. Second, every company should have a robust monitoring program to aid early detection of problems. Finally, compliance professionals should engage the audit team, including external reviews, as the third line of defense.
LS: What were some of the factors that led MoneyGram to establish a global compliance program?
PS: As a publicly-held U.S. company, MoneyGram has obligations unique to the countries in which it conducts its business. However, there are commonalities across the various regulatory regimes. In addition, in a global business such as MoneyGram’s, it is important to have the ability to share information across departments and functions, even if the information may only be relevant in the short-term to a specific country. Therefore, you have to think locally and build your programs globally. These programs need to be scalable to meet the strictest standards of any country in which the institution is transacting. This is particularly important for MoneyGram, which is a company that started as a small company and grew its global footprint rapidly over the past decade. A global compliance program ensures the company is meetings its obligations worldwide.
[bctt tweet=”A global #compliance program ensures the company is meetings its obligations worldwide @SCCE” via=”no”]
LS: How has the globalization of your company changed what you do as compliance professional?
PS: I have been involved in international compliance matters for over 10 years, and I have traveled to more than 60 countries to meet with regulators, customers, banks, and our agents. It has given me a broader perspective of the world and the ability to adapt to different practices. The environment has also increased in complexity as we have expanded our footprint around the globe. This has required me to think broadly about MoneyGram’s compliance programs in order to ensure that the programs are scalable, efficient, and take into account the unique risks present in each geographic region, product, and category of customer.
LS: What are some of the best compliance practices you’ve seen in the various countries you’ve worked with?
PS: A strong governance structure is important. It is also critical to ensure that the compliance leaders are frequently communicating with regulators. Since the main purpose of compliance programs is to protect the integrity of the financial system, it is important to conduct regular dialogue between the regulators and companies. This ensures that the conduct the company is monitoring and reporting to the regulator is helpful in protecting the financial system as a whole.
LS: Since 2011, you’ve been MoneyGram’s Senior Vice President and Chief Compliance Officer, leading MoneyGram’s global compliance efforts to address federal, state, and international laws. Prior to that you served as Deputy Chief Compliance Officer at Western Union, where you had global responsibility for anti-money laundering (AML) and regulatory programs. What do compliance officers need to know or consider when they have international oversight of a company’s compliance program?
PS: First and foremost, leaders should consider the legal and regulatory risks that the company faces, to help ensure the company is fulfilling its regulatory obligations and protecting its customers. You need to make sure that you have the appropriate authority and resources commensurate with the size of the company and the risks presented. Lastly, it is important to have management that is committed to a culture of compliance as a top company priority.
LS: I imagine money laundering is your industry’s greatest compliance risk, but what other compliance risks exist for money transfer companies that compliance officers should be aware of?
PS: As a global company with a variety of third-party relationships, we also have robust programs around the Foreign Corrupt Practices Act (FCPA), anti-bribery, vendor management, privacy, data protection, fraud prevention, and counter-financing of terrorism.
LS: As the vice president of global AML operations, you had a major role in the rapid expansion of the AML function at First Data. You added more than 70 positions to the program within a year and significantly increased the company’s international compliance footprint. What compliance issues did you identify to support the additional positions?
PS: In a more recent example, in my role as Chief Compliance Officer at MoneyGram, I have overseen the addition of more than 150 new positions. Both at MoneyGram and First Data, these positions were added to strengthen previously existing compliance areas or to address new risks encountered as the companies’ footprints expanded into new markets. Although a company’s growth strategy may be driven by business opportunities, it is important that the compliance functions keep pace with the expansion. Moreover, since September 11, 2001, the regulatory obligations have expanded significantly, necessitating the addition of more personnel to support compliance functions. I take a pragmatic approach to assess the risks, opportunities, and resource requirements. This holistic approach helps the executive committee and board of directors understand what can be accomplished with the additional investment.
LS: Why do you believe the company approved these positions?
PS: The vision and objectives were clear. There was an articulated link between the new business opportunities and the need to mitigate the risks attendant to those new opportunities.
LS: How did these additional positions increase the company’s international compliance footprint?
PS: Regardless of the technology platforms a company may utilize to support the Compliance function, much of what needs to be done requires people. The international compliance footprint grew to adapt to new country requirements, more locations, and a diverse compliance staff.
LS: MoneyGram has launched home delivery services in Vietnam, money transfer services in India, self-service Kiosk and ATM services in Ukraine, and expanded charitable giving to more than 20 countries, and these are just a few of MoneyGram’s initiatives this past year. What compliance issues do you need to consider when interacting with so many different countries and what were some of the obstacles you encountered?
PS: Language and interpretation is always an obstacle in situations like these, and understanding the business plan and the customers is important. The more we know about the local environment, culture, and customs, the easier it is for us to design compliance programs that are risk-based and effective.
LS: Why do you believe it’s important to have Compliance at the table for new initiatives a company desires to pursue?
PS: You want to launch new programs and projects with a comprehensive assessment of compliance processes and controls. If not, you risk the company’s resources by back-tracking to add controls or worse, stopping an initiative because it wasn’t properly vetted.
LS: If compliance officers are not at the table for new venture discussions, what do you see as consequences for the company, and what do you suggest compliance officers do in this situation?
PS: The company runs the risk of not having a key compliance process in place or taking on a partner or product that increases the company’s risk exposure. This manifests itself through negative exams and regulatory assessments and, ultimately, creates barriers to business expansion. I recommend that you take charge and find out who in your company is responsible for new product delivery, M&A [mergers & acquisitions], and any other areas that would introduce new business opportunities, and that you meet with them to establish a line of regular communication and protocol for vetting opportunities with the Compliance department.
LS: How can compliance officers positively impact corporate culture?
PS: As compliance professionals, hold yourselves to high standards and evangelize the company’s code of conduct. Make sure that you are positioned within the company to keep your fingers on the pulse of the organization’s compliance culture. And, over-communicate to employees regarding how to report concerns.
LS: Where do you see the Compliance profession in 5 years?
PS: I see Compliance continuing to grow as central to most business processes. I also see a strong need for the Compliance profession to develop seasoned business partners who are more integrated into the day-to-day operations of the business.
LS: What do you believe is most important for someone new in your field to know about compliance?
PS: Compliance is best suited for people who are passionate about the profession. The real challenge can be in balancing the risk and rewards within your current business model and deciding when additional controls or resources are needed. First, you have to have faith in yourself that you’ve correctly assessed the risks and can effectively articulate your plan to address those risks. Second, you need to make sure that management supports the Compliance function, and that resources and governance structures are mature and in place to support you.
LS: Thank you, Phyllis for sharing your experiences with us.