Roles and responsibilities of a Compliance Manager

  • December 04, 2018

We interviewed Sheraz Afzal of The Money Shop UK to find out more about what it takes to be a successful compliance leader and the challenges of managing large teams across different regions.


Could you tell us about yourself and your journey to becoming Risk & Compliance Director at the Money Shop?

I started in financial services immediately after university, when I joined the graduate scheme of a big bank. A feature of my time with RBS was the wide exposure to a lot of different roles, from operations, project management through to internal communications and front line retail branch management. Experiences from this time live with me right through to the present day.
I started to specialise in risk and compliance during the course of my time with Welcome Financial Services. We had a particular challenge at Welcome that required a significant restructuring of the business, and I was responsible for leading the PPI work between Welcome and the Financial Services Compensation Scheme (FSCS).

I joined the Money Shop in 2014 at the height of the regulatory scrutiny of the high-cost, short term credit industry. I remember being asked by Welcome’s CEO why I was “jumping out of the frying pan into the fire” and it was been the most rewarding and stretching part of my career so far.

For the last 10 years, I have worked in what could be called “regulatory distressed” firms in a regulatory role. The principal challenge has been the lack of a playbook – each regulatory or conduct issue is new, and presents its own set of questions to a team. But often a challenge can become an opportunity; the absence of a defined playbook means that you have a licence to try new approaches. Lots of regulatory scrutiny means that you get lots of feedback, which means you can learn very quickly if you are open minded. I tend not to think about success or failure; instead, I create a hypothesis and test the assumptions that underpin that theory – either way, progress is made because you learn whether your assumptions are true or false.

What do you think are the top qualities that make for a successful leader within the risk and compliance space?

In most business-specialist roles (from Finance, IT and Risk & Compliance), you start off needing strong technical skills. To an extent, these remain valuable – it means that you can add value to your team’s life by helping them achieve their goals, and it’s the first step on the road to respect and trust.

I regard myself as a business leader, who happens to specialise in risk and compliance. A business exists to turn a profit. Any risk and compliance lead must see their role in this light. Position the disciple in this way; good business people are always managing their risks – the technical tools we bring to the table help people do their jobs more effectively. Really understanding how the role helps the business achieve its goals creates the gravitas and credibility you need to achieve your goals.

How do you overcome the challenges of managing large teams across different disciplines and regions?

What we regard as “work” would be (to someone like Aristotle) indistinguishable from “play” insofar as most of our output is words whether in written or oral transmission (I find it difficult to explain to my children what I do for a job!). A great deal of words are used before any action is taken, such as writing IT code, or launching a new product in the market.
So the challenge in leading a large, multi-geographic, multi-disciplinary team can be described as influencing all the conversations taking place through the thousands of different emails, meetings and conversations. There are some themes that I consistently use –

  • Give people a forum for these conversations to take place and thereby give them a purpose. I see project governance fulfilling this role. I have invented a number of spurious workstreams for no other reason than giving a group of people that forum for these conversations to take place. It brings a focus to the conversations that would happen anyway.
  • Consistency of message. I strongly believe in narrative. Each project is a story, with a start, middle and an ending. The easy parts of the narrative are the start and finish. The middle is the longest and often where the game is won or lost. A narrative that divides the middle into chapters is vital, and the message remains constant during that chapter. When you then change your key messages, you are signalling that you have turned the page to a new chapter, and a sense of progress and momentum is maintained.
  • Read the tempo – in an ideal world, the project board or steering group should act as the heart beat for the endeavour. The project board will suck in update and information, and then pump back out direction, and new actions and tasks. Sometimes, it’s necessary to maintain a steady, relaxed rhythm. Other times, there’s a need to up the tempo and create urgency and intensity. If you can get the timing right, great results can be achieved.

In summary, I visualise a large team as a river busily running its course, tumultuous and rapid. How best to manage the river? It’s mostly with subtle adjustments that influence its course – the placing of a boulder here creating a diversion that relieves some pressure, or shoring up the banks over there that prevent some flooding. Every now and again, drastic measures are required like building a dam, but such drastic measures are costly, in time, money and emotion. Be aware of the price of such moves.

A river takes a different form depending upon location. It can be deep and slow moving in one region and then shallow and fast flowing in another. Over the course of time, I find that team can change a great deal. In one significant project, in the early days when we were thinking through our plans, and defining the solution statements, the art was to harness the creativity, which we did by organising a governance structure that was heavy on meetings – allowing the ideas to be documented, shared and developed. Eight months later in that same project, when we were in the delivery phase, we actually cancelled all meetings and said “just go and get stuff done”. Naturally, some meetings still took place (meetings being like cockroaches) but the key message was that the time for conversation was over and activity was prioritised.

How do you ensure through your leadership that your team performs to the highest standard?

You need to be crystal clear on what your expectations are. You cannot expect people to achieve a standard that is unknown, or indeed unmeasurable.

I also think that it’s helpful to have a defined method to achieving those expectations. For example, I am very evidence-based; if and when decision is needed, we look at the evidence. If we do not have any evidence, we find some. If evidence cannot be found, we extrapolate from some basic first principles. We then test and learn from the evidence we have created from the test.

I think that version 5 will always be better than version 1. Getting to version 5 means that you have to get though versions 1 to 4 as quickly as possible. I believe that the enemy of good is better, and the enemy of better is best. Get version 1 out there, learn about it, and then get version 2 out there as fast as possible.

The reason that you should understand your method is that you can then understand if your team can work with that method. My current teams thrive in this working method, but this wasn’t always the case. If someone shares the same professional values, then the working method gets the best out of them. Conversely, if someone doesn’t share the same professional values, then that working method could be bewildering in the rate of change, and ‘cold’ with such a focus on evidence and data. So it’s vital that the working method that you put in place is right for your team. There’s no point playing a back 4 if you don’t have any full backs!

What do you think the future holds for risk leadership?

The speed of change in technology that we currently see is unprecedented. New communication media, new distribution channels, and the sheer number of people and firms actively seeking to disrupt the industry means that the risk profile of firms is constantly changing. Firms need to identify controls to these new risks as quickly as these risks are emerging and being identified.
As a result, I think the old stereotypes about risk and compliance folk are being turned on their head. The days of the stuffy, conservative nay-sayer are long past us, and risk & compliance professionals need to be as dynamic and as innovative as those setting up new businesses and products to protect both firms and consumers from the harms of unintended consequences.

Thank you Sheraz

Sheraz Afzal is a risk and compliance leader with a career spent in retail banking and consumer lending. Since February 2018 he has been Risk and Compliance Director at The Money Shop UK.

Find Sheraz on LinkedIn.




£ k