Spotlight on Griffin’s Chief Risk Officer and Chief Compliance Officer, Anna O’Shaughnessy
Anna O’Shaughnessy is Clausematch’s Most Loved Compliance Professional of 2022 and one of FinTech Magazine’s Top 100 Women in FinTech. We sat down with her to learn more about her professional journey, her leadership style, and her advice for compliance officers in the fast-moving world of fintech.
We can’t think of anyone who deserves recognition more than Anna O’Shaughnessy. Wearing both risk and compliance hats, she is a steadying force in our business. When it comes to integrity, Anna sets the tone and her knowledge and passion have been vital in embedding a compliance-by-design culture at Griffin. Most importantly, she never loses sight of the human side of compliance and makes it feel relevant and important to our team members in every area of the business.
We caught up with Anna to learn more about her compliance journey, the changes she would like to see in the industry, and what advice she would give her younger self.
Where did your compliance journey begin?
The truth is that I never really intended to go into compliance, but now I am thrilled I did! My journey started as a regulator for the Prudential Regulation Authority (formerly the Financial Services Authority) where I led the team responsible for new bank authorisation and supervision, among other roles. After that, moving to a client-side compliance role felt like a natural progression. In essence, compliance is about interpreting the desired outcomes of regulators - so the fact that I understand how a regulator thinks and works is extremely helpful.
Fintech innovation moves fast, which means there isn’t always a defined set of regulatory requirements to follow - and when that happens, people are understandably apprehensive about making a judgment call. But if you understand how the regulator works, what they’re trying to achieve, and how they interact with the people working at firms they supervise, it gives you the confidence to interpret their objectives and priorities and make those judgment calls.
What has been the most surprising aspect of your journey?
When I first left the PRA, I genuinely never thought a career in compliance could lead to being part of a leadership team at an exciting company like Griffin. That has been a really surprising and delightful aspect of my personal journey, but it also speaks to how far compliance has come as a field.
When I first left regulation in 2012, the world was still reeling from the financial crisis and compliance was definitely moving up the priority list for firms. But it was - and sometimes still is - viewed as a time-consuming tick-box exercise. It was something firms knew they had to do, but it wasn’t seen as adding value. There’s been a huge shift since then; more founders and CEOs recognise that compliance is an integral part of their business, and that their Chief Compliance Officer needs to have a seat at the leadership table from day one. This was certainly my experience at Griffin, and I'm delighted to work for a company that sees the inherent value of compliance.
How important do you think it is for compliance professionals to connect with the rest of the business on a human level?
If you want to be a great compliance officer, you can never be invisible! Hiding behind emails and policies won’t cut it. The best compliance officers are visible and actively work with people to find solutions.
Of course, it’s more challenging to be “visible” when you work remotely. When I was in the office daily, I would try to spend 20-30 minutes every day just walking the floor speaking to people, being available for any questions, listening to them talk through anything that was on their minds. I would get so much value out of this time - it’s amazing what people will share with you in a more relaxed setting.
In a remote-first work environment, I’ve had to find new ways to be present and available for people. For example, I run regular compliance office hours via video call - the structure is informal, anyone at Griffin can drop in and out to ask questions or just listen in. We also have dedicated #compliance channel, where I try to be as responsive and involved as possible.
But whether you’re communicating in person or online, another important trait of a great compliance officer is how they respond to what they are told. People will come to you with very serious matters, and you have to remain calm and reassure them that you can work together to find a solution. Catastrophising will only make things worse. It will also make others more reluctant to come forward in the future. To be effective in your role, you need to be sure that your colleagues are comfortable sharing their concerns with you promptly. So creating that human connection - building trust and being a safe harbour in a crisis - is an absolutely vital part of the job.
How do you see the role of compliance changing in the next five years?
I think compliance will continue to move up the priority list and become an integral part of every firm’s strategy from the start. Griffin is already doing this - as a member of the Executive Committee, I get a high-level view of what’s happening across the business and I’m there to offer the compliance perspective early on, when it matters. This means compliance is always factored into our strategic planning and decision-making, on everything from selecting new suppliers, embedding a healthy culture, launching a new product, and deciding which clients to do business with. This is how it should be. In the long-run, treating compliance as an afterthought is a very risky and usually costly approach. Prevention is always better than cure.
Of course, there’s still some work to be done to get all businesses to think about compliance in this way—as a trusted enabler rather than a barrier to success. As an industry, we are not quite there yet but we are moving in the right direction.
What do you see as the biggest compliance challenges for fintechs?
Traditional regulation was created for traditional financial services firms: banks, insurance firms, investment firms, and building societies. Now fintechs are disrupting the space with new business models and innovative digital offerings for customers—and sometimes the regulations take time to evolve.
This is where a skilled compliance officer can make all the difference for a young fintech. A great compliance officer won’t get bogged down trying to make an existing regulation fit a use case it was never intended for. Instead, they will use their knowledge and experience to interpret what the regulation is trying to achieve. They’ll analyse the regulator’s broader principles and objectives and any relevant published expectations and guidance, and use these to decide on a course of action. They will document their analysis and their decision to show they took all reasonable steps to do the right thing. Then they will monitor to make sure the right outcomes are being delivered and take prompt action if they are not.
It’s becoming increasingly hard to find good compliance officers, so I would advise fintechs to start the process as early as possible. If you’re a regulated firm and you’re hiring a compliance officer just before you go live, it’s too late. You need to hire someone from the very early stages to support you through any authorisation processes and embed best practices from the outset.
For more insight on building a compliance strategy, check out Anna’s recent blog “Four tips for getting compliance right in fintech startups”
Are there any innovations in the industry now that you are particularly excited about?
I am really excited about Cable, a company that provides automated financial crime assurance over your company’s financial crime prevention controls. I have experience of running manual assurance, so I know firsthand how time-consuming and limited in scope it can be. Cable thinks that anything less than full and ongoing monitoring of financial crime controls leaves room for errors that can potentially cause harm to customers, not to mention massive potential losses of money, time, and reputation. So instead of relying on dip sampling of, say, 100 customer accounts, Cable’s technology can continuously monitor 100% of customer accounts. So firms can get complete assurance about whether their financial crime controls are working effectively and feel confident that any regulatory breaches, control failures, or financial crime risks will be surfaced in real time. I strongly believe that automated assurance is the next big evolutionary step in financial crime prevention and I’m excited to see new technology elevating the expected standard for assurance programmes at firms.
What three words best describe your leadership style?
My fellow Grifflings will probably laugh at this, but I would say I’m a reluctant leader! If there’s such a thing as a natural-born leader, that’s not me. I’m getting more comfortable with carving out my own unique style, but it’s a journey and I’m still learning. I think every leader is a work in progress.
The other two words would be “demanding” and “nurturing”, which might sound like a contradiction at first. But on one hand, I hold people to high standards of performance, and on the other, I support and nurture them to help them achieve those high standards. I also like to think I lead by example, and I'm always ready to roll up my sleeves with them to get the job done. I like to look out for people who are willing to try new things and take a more innovative approach as well; I think that should always be encouraged and rewarded.
What’s the single worst piece of career advice you’ve ever received?
Someone once told me to decide who I wanted to be at work and “live” that persona while I was at work. As if, like a superhero, I could just pull on a disguise as I went through the revolving door into the office every morning? I look back and think, “who were they expecting me to be at work, other than myself?” Now I realise that there’s a huge amount of emotional labour involved in being someone other than your authentic self five days a week! It’s exhausting, and a huge waste of energy that could be better spent actually doing your job.
What motivates you to get up for work every day?
Keeping everyone safe is what keeps me motivated. Our customers, my colleagues, and the firm itself - it’s my job to keep them all safe. I see it as the core of my role and I take my responsibility very seriously. Sometimes I remember that if I don’t take action or drop the ball on something, I could be putting people at risk, and that reminds me to stay focused and bring my best to work every day.
If you could give your past self advice, what would it be?
I would remind myself of something my father always said: remember who won the race between the tortoise and the hare.
I've always been very ambitious, and eager to be recognised for my potential. But like many people, there have also been times in my career when things have not gone to plan or I’ve found myself burnt out. I was made a director at a previous company when I was still quite young, because my manager believed in my potential. It felt like a dream come true, but the reality was it was too much too soon and I did not cope well. That hit my confidence hard and felt like a huge setback. But that experience taught me that it’s ok to say no if you’re not ready - and that admitting you’ve taken on too much is a sign of strength, not weakness. So, I would remind myself of my father’s question: remember who won the race?
I would also remind myself of something my mother says about me quite often: that I am fiercely independent. I would tell my younger self that it is okay to ask for help and to rely on others. You don’t have to do everything - and know everything and carry everything - all by yourself. When I do ask for help from my amazing colleagues, I feel we always find a better answer together and have a lot more fun getting there!
Finally, what do these awards mean to you?
I’m grateful and humbled! I’m honoured to be recognised for my work on a personal level, but it’s also great to see compliance in general getting some love from the industry. At Griffin, we take a compliance-by-design approach, which means that we embed compliance in our platform, culture, and everything we do. I really hope that this approach is going to become the norm across the fintech space, and recognising contributions of our compliance teams is an important part of making that happen!
Congratulations to fellow Most Loved Compliance Professional winner Mosi Platt, Senior Security Partner for GRC and assurance at Netflix (US), and all the incredible women who made FinTech Magazine's Top 100 Women in FinTech list.