Exclusive Interview with Risk and Compliance Officer and Professor of Financial Law Miguel Mairlot

First in a series of interviews with leaders in the fields of Risk, Compliance and Information Governance across the globe.

Miguel Mairlot interview with Rafael MoscatelMiguel Mairlot is the Risk and Compliance Officer for Lombard International Assurance and a Professor of Financial Law.  I sat down with him at the beginning of the year to learn a little more about his experience in the field of Risk and Compliance and pick his brain on issues like GDPR, the future of privacy rules, the role of A.I. in “fintech” and any advice he can offer millennials looking to get started in the business.

What is it about the business discipline of Risk and Compliance that originally attracted you to the field and keeps you interested?

I spent the first 10 years of my career working in litigation, specializing in banking and finance laws. My expertise and knowledge of the MiFID regulation (Markets in Financial Instruments Directive) led me to work on its implementation for various financial institutions. At that time, legal and compliance tasks were usually performed by the same department. Although I’m interested and continue working on several aspects of the MiFID regulation, I devote most of my time on issues related to money laundering and the detection of serious tax fraud in the event of repatriation of assets.

How do you think companies should approach implementing GDPR and what do you think will be the greatest challenges here?

Any company subject to GDPR should take great care when implementing the requirements set out by this new regulation. Before its entry into force, data protection was not a top priority for many European companies. Now, the paradigm is about to change, due mainly to the hefty fines which can be imposed and the potential reputation damages which may result from a violation of the GDPR provisions.

Among all these tasks, raising awareness among employees about the risks related to the infringement of the rules set out by GDPR might constitute the biggest challenge since this new piece of legislation is considered as a important cultural change in Europe.

The implementation of GDPR will require the revision of internal procedures, the appointment of a Data Protection Officer in some cases and a mapping and assessment of all the data processes, as well as contractual changes. Among all these tasks, raising awareness among employees about the risks related to the infringement of the rules set out by GDPR might constitute the biggest challenge since this new piece of legislation is considered as a important cultural change in Europe.

Last year, New York introduced the Stop Hacks and Improve Data Electronic Security Act (SHIELD) bill which among other things updates breach notification requirements. There have also been efforts to pass bills similar to the EU’s “Right to be Forgotten” requirements. Given some of the geopolitical shifts around the world, including Brexit and a US administration emphasizing deregulation, do you see support for these regulations increasing or waning?

The inflation of the legislative texts which took place in Europe since the last financial crisis has no precedent. Complying fully with all the national and European laws and regulations becomes increasingly complex and costly for companies. Data protection does not constitute an exception to this rule.

Even if its provisions were heatedly debated by the GAFA before the European commission during the drafting process of GDPR, this text constitutes the last bastion that protects European data users against their potential abuses.

The decisions given during the last few years by the European Court of Justice (namely Maximillian Schrems v Data Protection Commissioner; and Google v Spain) are in line with this trend. For theses reasons, I believe that any change in the Data Protection regulation that would reduce the rights of the data users would necessarily create a political crisis and lead to a reconsideration of the democratic legitimacy of our institutions.

The Financial Services and Markets Authority (FSMA) is one of the two authorities, along with the National Bank of Belgium (NBB), entrusted with the supervision of the Belgian financial sector. In the United States it is FINRA, the Financial Industry Regulatory Authority and the SEC responsible for insuring compliance for our banks, insurance companies and publicly traded organizations. We all know the benefits of regulating our financial environments but what do you see as the challenges in working with these groups on increasingly complex compliance issues?

In order to build a strong compliance program, it is of utmost importance to work towards good communication with regulators. Since last year, any individual employed in the financial sector who observes an infringement against the financial legislation rules which the FSMA is responsible for enforcing, can report it directly to the FSMA. The whistleblower’s identity is kept secret and the law protects any individual who, in good faith, reported the infringement. Even if we can be pleased about this recent development, regulators should also have sufficient staff to perform – on a risk-based approach – on-site controls and exercise the ability to impose sanctions in the event of non-compliance. Otherwise, it becomes difficult to convince any employee or management about the importance of complying with applicable rules and regulations if no significant sanction is ever imposed by the regulators.

The news is full of articles about the future of A.I. and Robotics in the financial sector, some more realistic than others. How should Financial Institutions approach introducing Artificial Intelligence and Robotics into their environments and will it have a positive impact on compliance in the long term?

Financial institutions have been leveraging software to detect suspicious transactions related to money laundering and identifying counterparties subject to sanctions for years. Some of them already make use of predictive models. The use of A.I. or Robotics may present many opportunities for financial institutions if certain tasks or low risk decisions can be made using these new technologies. In addition to being cost-effective, these solutions could improve the efficiency of a compliance monitoring program and help mitigate risks in a more efficient manner. However, I seriously doubt that regulators would agree that all compliance tasks may be entrusted to an A.I. tool or any other form of Robotics, mainly for liability purposes. To my knowledge, no robot has been held responsible (yet) by a regulator or a court for a violation of a legal provision.

What is your advice for young professionals, millennials, entering and trying to succeed in the field of Risk and Compliance?

I would advise them to question their own ethics. What is your take on issues like money laundering, sanctions, the fight against terrorism or data protection for instance? Compliance offers the opportunity to practice law in a more preventive and efficient way than ever before. Within an organization, your decisions will often be challenged by the sales or product department which does not always understand the underlying issues that can be raised by certain unethical or illegal behaviors. For these reasons, it is important to keep a long-term vision in order to achieve sustainability while ensuring business growth. If you have that vision, embrace the challenges and opportunities in this rewarding field.

In the next couple months, I’ll speak Jones Lukose of the International Criminal Court and with April Dmytrenko, a recognized thought leader in the field of information management, governance,compliance, and protection.

-Rafael Moscatel

Farmers Insurance Wins Industry’s Highest Award For Records And Information Governance

Earlier this month, Farmers Insurance Group, Inc. was honored with the highest award for Records Management and Information Governance, “Excellence for an Organization,” by ARMA International. The award recognized the achievements that our organization has made in the implementation and enhancement of our Records and Information Governance program as defined by the Generally Accepted Recordkeeping Principles® and the ARMA Maturity Model®. ARMA announced the award in InfoPro Magazine and at the ARMA Live Conference in Orlando.


Farmers recognized an opportunity to modernize its overarching Information Governance strategy. The organization invested in research, eDiscovery tools and policy development based on a holistic approach to Records and Information Management.

3 Key takeaways              

1 – Less Is More – In a world where employees are being bombarded with information in both their personal and professional lives, less is often more. An Information Governance framework should aim to mitigate risks related to records retention, legal holds, privacy and other challenges with clear, digestible policies and well defined initiatives.

2-  Gaps Are Opportunities – Treat gaps, vulnerabilities and risks on the horizon like shared opportunities for all stakeholders.  Help reshape the optics around a problem by encouraging colleagues to help build a better future state instead of harping on old pain points and finger pointing.

3-  Relationships Are Key – Success at relationship building requires the right cadence and can’t be taught in school. Don’t be perceived as demanding executive support for IG and trying to force it on your colleagues.  Focus on facilitating environments and spirited organic discussions that support IG dialogue and help determine consensus.  Build your case carefully by developing relationships with peers across the enterprise and synthesizing that expertise and collaboration into a real solution everyone can stand behind.

Information Governance, when properly introduced and deployed can help organizations make effective decisions that both protect their assets and reputation while reducing costs associated with records, data security, knowledge management and litigation support. To lead and become successful at these efforts you must remain an evangelist for the very process and approach.  In order to conquer indecisiveness and achieve you must coral the best independent minds around you, agree on your common goals and then address them methodically and professionally.

-Rafael Moscatel

Next Generation Records Management Comes to the US Federal Government

Fed RM 5Even the most vigilant observer of records management trends could be forgiven for not noticing, but over the last year or so, a revolution has come to Federal agency records management.

This revolution has been a long time coming and the seeds of change were probably first planted more than seven years ago with the Obama administration’s release of thePresidential Memorandum on Managing Government Records, as well as the resulting NARA/OMB joint memorandum M-12-18, which provided both a strategy and a set of agency deadlines for complying with the Presidential Memorandum.

The Universal Electronic Records Management Requirements

But despite the Presidential Memorandum and M-12-18, things really didn’t heat up until earlier this year with NARA’s profile-image-500somewhat surprising release of their Universal Electronic Records Management Requirements (UERM), a simplified, broadly defined set of high-level program and functional requirements for managing electronic records at all Federal agencies.

The UERM requirements…

View original post 683 more words

The Little Girl with the Big Voice – On PBS!

Honored to learn that PBS recently screened our film on the Golden Age of Radio. Thanks again Stanford University, George T. Marshall, the RIFF and Abby J. Moscatel for the opportunity to share this story leveraging the Doctrine of Fair Use!

The Most Important Records In The World Are Our Fondest Memories

Seattle U in NYC 1950s

My father turns 86 years old today. Like many of his generation, he has great pride in the achievements and potential of the human race, its awesome computing power and the marvelous scientific inventions it has recently given birth to. His memories are rich and full of detail, but the records that are most important to him are those that tell the story of his family, that remind him of the ones he loves. It’s wonderful that we now have so many new ways of creating and sharing those records, but for me it has always been the content that defines a good record, not the container it comes in.

Dad’s life has been subtle and yet epic. He was part of the first college basketball game where opposing teams scored over 100 points. In 1952, the same squad from Seattle University overcame Goose Tatum’s Harlem Globetrotters in a historical buzz beater. In his later years, he developed incredible friendships with great talents, helped elect a Governor and built a fine career as a doctor. While I may never experience all that my Father has, making sure I preserve his records helps the whole family appreciate not just Dad, but what Dad and Mom represent, the importance of hard work, self-reliance, treating everybody with dignity and the spirit of living life to its fullest.

It’s that poise and perspective that has always served Raymond Moscatel well in life and why I believe that at the end of the day, the only information and data that matters are the records that remind us of the people we love and how lucky we are to live another day together. Everything else on the periphery, is more or less a minor detail that will ultimately be lost to our collective history.

Keeping good family records, whether they be old movies, the family tree, scrap books or diaries is as critical to maintaining a family’s legacy as vital records are to corporations. By collecting and preserving these records we help pass on, not just the amazing stories and experiences of our ancestors, but their values, their compassion, and contextual reminders of what really matters in life.

Happy Birthday, Dad. To me you will always be the most interesting man in the world.

-Rafael Moscatel