Directing The Flow Of Information – An Interview with Jones Lukose of The International Criminal Court

Second in a series of interviews with leaders in the fields of Risk, Compliance and Information Governance across the globe.

Jones LukoseJones Lukose, MBA, PhD is the Information Management Officer for the Criminal Court in the Hague and has over twenty years of experience developing and implementing strategies to achieve operational effectiveness and regulatory compliance for engineering firms, in energy and utilities sectors as well as for international and judicial organizations in Africa, Europe and the Americas. I interviewed him this past February to learn more about his unique insights into information management fundamentals and its future.

Jones, your work and research has taken you to many corners of the world including Kenya, Rwanda, Botswana, Jamaica, Uganda, the UK and now the Netherlands. It’s there you presently direct an important Information Governance program for the International Criminal Court. What do you consider the most common theme in the information management challenges you’ve faced across so many unique cultures and how has that experience shaped how you think about solutions for international organizations?

I have worked in organisations where data is everywhere but the common challenge has been that it seems no one is directing its flow. There is a lot of evidence of information collected and stored that does not fit with the organisation’s strategy. The organisation may say that it is going in a particular direction but the data it holds does not provide the required evidence or proof.  My experience in this regard has led me to reconsider my role in the organisation as an Information Manager. In such environments, it is my first priority to help determine the real purpose and value of data to the organisation. In other words lend a hand in crafting the strategy of the organisation by leveraging information management.

How can we, as information management practitioners, as data stewards, effectuate best practices in our workplace in the face of constant, sometimes paradigm shifting changes in technology?

We now live in a world where small sets of information can alter the economies of the most powerful organisation and states on the planet. It is a world, where small streams of sensitive information can digitally leak and cause violent reactions from people living far and beyond the source. Tiny words or images transported via exotic technology can lead to wide-spread panic across whole populations even wars. A world where information is fragmented infinitely raising an infinite number of world views and identities. It is a world where the same information is interpreted differently in space and time. It is a world where information is presented in constant flux with the only constant being surprise.

Whatever your personal convictions, I challenge you to consider that we need a new way of looking at information management. It won’t help to retreat to our old maps and models because the more frustrated we become. We need new information management techniques to navigate the chaos, filter the wrong and point us to the significant. The new information manager will thrive and even love to embrace the chaos of information by applying new lenses and insights. He or she should be ready to be inspired to experiment and try out new ideas and solutions.

Perhaps the information manager of today needs to invest in uncommon skills such as engineering, mathematics, statistics, physics and chemistry to remain relevant. But it is now very possible to visualize the behavior of information management teams and predict their performance using tools that align the required core values to information management practice. An examination of the way employees handle information flowing in the organisation reveals how core values such as respect, transparency, accountability, integrity, innovation etc. are embraced, shared and lived. A value based approach is therefore very effective in establishing positive information management practices in organisations today that can endure the test of time.

In your roles as both a consultant and practitioner your focus has been primarily on guiding entities that serve the public, whether it’s energy, utilities or justice. Is it difficult to balance the need for transparency with the internal privacy, operational and data security demands of the organization? How do you prioritize such competing factors?

We typically think of information governance as a description of who does what with information and who reports to whom. Information Governance however, is much more than a formal system of internal tasks and reporting relationships; something that shows up on intranet sites and bulletin boards. IM Leaders understand that IM governance schemes must be carefully matched to the organization’s purpose and environment. Good IM governance also creates the links between authority, responsibility, accountability and organisational data/information. IM governance influences behaviour and helps shape an organization’s culture over time, much like a skeleton gives shape to the body and allows stability in motion. This dimension guides the IM practitioner in understanding how to judiciously use information as an enabler of change, but more importantly how it can be aligned appropriately to nurture effective behaviour and reporting relationships.

I seek principles and use them as values that transcend technology, methodologies and techniques. Without principles, valuable information is mishandled, individuals lose their way and organizational anxiety ensues. This creates confusion, conflicts, paralysis, and cannibalization of energy. As part of leadership I set clear principles and manage these proactively rather than in damage control when a crisis occurs. I am mindful of information handled within the organization and inspire other staff through my own behaviour.

Sometime priorities are not arrived at rationally but via experience and intuition. In the modern approach, the information manager needs to assume that in complex systems prediction and prioritisation is impossible; the information manager accepts greater indeterminacy and ambiguity. In light of this, the modern information manager needs to rely greatly on intuitive feel for situations, and trusts in the character, creativity, and abilities that they and others bring to the profession. It is essentially a “dance” but created by “jazz artists” that intuitively trust in each other’s abilities and skills to produce something of higher value than the sum of their individual abilities.

The International Criminal Court has a fantastic public facing portal where court documents are indexed, redacted and made available to the public once authorized by the court. I can only imagine that the responsive documents, evidence and court created documentation in these historic cases is voluminous, especially considering document retention requirements. How has providing this robust tool for both keyword search, metadata and contextual filtering improved people’s interaction with and perception of the court and how much do you think the tool has helped raise awareness about it’s critical mission?

Continue reading


Exclusive Interview with Risk and Compliance Officer and Professor of Financial Law Miguel Mairlot

First in a series of interviews with leaders in the fields of Risk, Compliance and Information Governance across the globe.

Miguel Mairlot interview with Rafael MoscatelMiguel Mairlot is the Risk and Compliance Officer for Lombard International Assurance and a Professor of Financial Law.  I sat down with him at the beginning of the year to learn a little more about his experience in the field of Risk and Compliance and pick his brain on issues like GDPR, the future of privacy rules, the role of A.I. in “fintech” and any advice he can offer millennials looking to get started in the business.

What is it about the business discipline of Risk and Compliance that originally attracted you to the field and keeps you interested?

I spent the first 10 years of my career working in litigation, specializing in banking and finance laws. My expertise and knowledge of the MiFID regulation (Markets in Financial Instruments Directive) led me to work on its implementation for various financial institutions. At that time, legal and compliance tasks were usually performed by the same department. Although I’m interested and continue working on several aspects of the MiFID regulation, I devote most of my time on issues related to money laundering and the detection of serious tax fraud in the event of repatriation of assets.

How do you think companies should approach implementing GDPR and what do you think will be the greatest challenges here?

Any company subject to GDPR should take great care when implementing the requirements set out by this new regulation. Before its entry into force, data protection was not a top priority for many European companies. Now, the paradigm is about to change, due mainly to the hefty fines which can be imposed and the potential reputation damages which may result from a violation of the GDPR provisions.

Among all these tasks, raising awareness among employees about the risks related to the infringement of the rules set out by GDPR might constitute the biggest challenge since this new piece of legislation is considered as a important cultural change in Europe.

The implementation of GDPR will require the revision of internal procedures, the appointment of a Data Protection Officer in some cases and a mapping and assessment of all the data processes, as well as contractual changes. Among all these tasks, raising awareness among employees about the risks related to the infringement of the rules set out by GDPR might constitute the biggest challenge since this new piece of legislation is considered as a important cultural change in Europe.

Last year, New York introduced the Stop Hacks and Improve Data Electronic Security Act (SHIELD) bill which among other things updates breach notification requirements. There have also been efforts to pass bills similar to the EU’s “Right to be Forgotten” requirements. Given some of the geopolitical shifts around the world, including Brexit and a US administration emphasizing deregulation, do you see support for these regulations increasing or waning?

The inflation of the legislative texts which took place in Europe since the last financial crisis has no precedent. Complying fully with all the national and European laws and regulations becomes increasingly complex and costly for companies. Data protection does not constitute an exception to this rule.

Even if its provisions were heatedly debated by the GAFA before the European commission during the drafting process of GDPR, this text constitutes the last bastion that protects European data users against their potential abuses.

The decisions given during the last few years by the European Court of Justice (namely Maximillian Schrems v Data Protection Commissioner; and Google v Spain) are in line with this trend. For theses reasons, I believe that any change in the Data Protection regulation that would reduce the rights of the data users would necessarily create a political crisis and lead to a reconsideration of the democratic legitimacy of our institutions.

The Financial Services and Markets Authority (FSMA) is one of the two authorities, along with the National Bank of Belgium (NBB), entrusted with the supervision of the Belgian financial sector. In the United States it is FINRA, the Financial Industry Regulatory Authority and the SEC responsible for insuring compliance for our banks, insurance companies and publicly traded organizations. We all know the benefits of regulating our financial environments but what do you see as the challenges in working with these groups on increasingly complex compliance issues?

In order to build a strong compliance program, it is of utmost importance to work towards good communication with regulators. Since last year, any individual employed in the financial sector who observes an infringement against the financial legislation rules which the FSMA is responsible for enforcing, can report it directly to the FSMA. The whistleblower’s identity is kept secret and the law protects any individual who, in good faith, reported the infringement. Even if we can be pleased about this recent development, regulators should also have sufficient staff to perform – on a risk-based approach – on-site controls and exercise the ability to impose sanctions in the event of non-compliance. Otherwise, it becomes difficult to convince any employee or management about the importance of complying with applicable rules and regulations if no significant sanction is ever imposed by the regulators.

The news is full of articles about the future of A.I. and Robotics in the financial sector, some more realistic than others. How should Financial Institutions approach introducing Artificial Intelligence and Robotics into their environments and will it have a positive impact on compliance in the long term?

Financial institutions have been leveraging software to detect suspicious transactions related to money laundering and identifying counterparties subject to sanctions for years. Some of them already make use of predictive models. The use of A.I. or Robotics may present many opportunities for financial institutions if certain tasks or low risk decisions can be made using these new technologies. In addition to being cost-effective, these solutions could improve the efficiency of a compliance monitoring program and help mitigate risks in a more efficient manner. However, I seriously doubt that regulators would agree that all compliance tasks may be entrusted to an A.I. tool or any other form of Robotics, mainly for liability purposes. To my knowledge, no robot has been held responsible (yet) by a regulator or a court for a violation of a legal provision.

What is your advice for young professionals, millennials, entering and trying to succeed in the field of Risk and Compliance?

I would advise them to question their own ethics. What is your take on issues like money laundering, sanctions, the fight against terrorism or data protection for instance? Compliance offers the opportunity to practice law in a more preventive and efficient way than ever before. Within an organization, your decisions will often be challenged by the sales or product department which does not always understand the underlying issues that can be raised by certain unethical or illegal behaviors. For these reasons, it is important to keep a long-term vision in order to achieve sustainability while ensuring business growth. If you have that vision, embrace the challenges and opportunities in this rewarding field.

In the next couple months, I’ll speak Jones Lukose of the International Criminal Court and with April Dmytrenko, a recognized thought leader in the field of information management, governance,compliance, and protection.

-Rafael Moscatel