First in a series of interviews with leaders in the fields of Risk, Compliance and Information Governance across the globe.
Miguel Mairlot is the Risk and Compliance Officer for Lombard International Assurance and a Professor of Financial Law. I sat down with him at the beginning of the year to learn a little more about his experience in the field of Risk and Compliance and pick his brain on issues like GDPR, the future of privacy rules, the role of A.I. in “fintech” and any advice he can offer millennials looking to get started in the business.
What is it about the business discipline of Risk and Compliance that originally attracted you to the field and keeps you interested?
I spent the first 10 years of my career working in litigation, specializing in banking and finance laws. My expertise and knowledge of the MiFID regulation (Markets in Financial Instruments Directive) led me to work on its implementation for various financial institutions. At that time, legal and compliance tasks were usually performed by the same department. Although I’m interested and continue working on several aspects of the MiFID regulation, I devote most of my time on issues related to money laundering and the detection of serious tax fraud in the event of repatriation of assets.
How do you think companies should approach implementing GDPR and what do you think will be the greatest challenges here?
Any company subject to GDPR should take great care when implementing the requirements set out by this new regulation. Before its entry into force, data protection was not a top priority for many European companies. Now, the paradigm is about to change, due mainly to the hefty fines which can be imposed and the potential reputation damages which may result from a violation of the GDPR provisions.
Among all these tasks, raising awareness among employees about the risks related to the infringement of the rules set out by GDPR might constitute the biggest challenge since this new piece of legislation is considered as a important cultural change in Europe.
The implementation of GDPR will require the revision of internal procedures, the appointment of a Data Protection Officer in some cases and a mapping and assessment of all the data processes, as well as contractual changes. Among all these tasks, raising awareness among employees about the risks related to the infringement of the rules set out by GDPR might constitute the biggest challenge since this new piece of legislation is considered as a important cultural change in Europe. Continue reading