View All Episodes

Episode Description

This episode of The Signal is a compliance special, featuring Paul Caulfield, General Counsel and CCO at Third Bridge, and Kapil Kirpalani, CCO for APAC at KKR. At the heart of their discussion are the importance of corporate culture, ongoing dialogue with regulators, and the future of the compliance landscape.

Episode Transcript

Catherine: [00:00:05] Welcome to The Signal, a podcast presented to you by Third Bridge, the world’s leading independent research provider, exploring how some of the globe’s most investable industries are facing upheaval. My name is Catherine Ford, and I’m a journalist with a 20 year track record of reporting on a wide range of financial topics such as capital markets, developments and M&A. In this episode of The Signal, we will explore the world of compliance, the biggest challenges investors are facing and how the field has evolved and will continue to do so. Joining me today are Paul Caulfield, Third Bridge’s General Counsel and Chief Compliance Officer and Kapil Kirpalani, Chief Compliance Officer, Asia Pacific for Private Equity Fund, KKR. Hello to both of you and I’m really glad to have you both on board to discuss something that I know is affecting a huge amount of investors at the moment. Before we start off the conversation, Kapil, can I ask you for a few words of introduction about yourself?

Kapil: [00:00:57] Thanks Catherine. It’s great to be here today. I’m from Hong Kong. I cover the Asia Pacific region for KKR. We have 8 offices in 7 continents that we’re actually looking at opportunities in. It is exciting for me to be rooted in Hong Kong but very frequently across the region.

Catherine: [00:01:18] Well, I’m certainly looking forward to hearing from your on the ground experience. Paul, can I ask you to introduce yourself as well?

Paul: [00:01:24] Sure. Great to see you, Catherine. Kapil, great seeing you. My name is Paul Caulfield. I am the GC and CCO here at Third Bridge, typically based out of New York and joining you from Mumbai in our Mumbai office at this time. I’m a former Manhattan prosecutor of mostly worked within the regulated financial services space, Citibank and actually Israel’s largest foreign financial services firm throughout the Americas. So great seeing you and looking forward to the podcast.

Catherine: [00:01:52] Let’s get started, Paul, with a really brief introduction to compliance and all the areas that it encompasses and why it’s so incredibly important in today’s business environment.

Paul: [00:01:57] Pick up the page of the Financial Times today or Wall Street Journal, and you’ll see insider trading cases. You’ll see fraud cases, whether it’s tied to something that is traditionally within the SEC’s enforcement insider trading. It’s been around since the advent of the Securities Exchange Act of 1934. But also look at what’s going on with crypto. 

Catherine: [00:02:18] Kapil, the importance of compliance has obviously increased over previous years. It’s moved from something that is passive, reactive to the circumstances to something that needs to be much more responsive, much more active. Why has that development happened?

Kapil: [00:02:32] Catherine, the development has really evolved because the world has become so complicated. Today, compliance has to work being sensitive to the macro outlook, compliance has to work being sensitive to all the unknowns that we have. So take, for example, COVID uncertainties, domestic policies within governments, food and energy shortages, even what the Fed does in terms of rate hikes. All of that impacts business and therefore impact the likelihood that a business may have to adopt its corporate governance, its financial controls, and the way it grows, the way it handles supply chain risks, sanctions, geopolitical risks. 

Catherine: [00:03:16] Thank you. Paul, both you and Kapil have spoken about some of the things that could go wrong when it comes to compliance. Could you just in a couple of sentences, sum those up for me? So these are the things that we are dealing with on a day to day basis. 

Paul: [00:03:29] Number one globally would be tied between insider trading and data privacy data. Data privacy is probably more coming out of the EU and China in particular. Insider trading, I’d say more actually on the EU and the SEC side or the US side.

Catherine: [00:03:48] Kapil, do you agree is that what sort of comes over your desk as well?

Kapil: [00:03:50] Absolutely. I think Paul’s spot on. But I also think we need to be mindful about the global energy transition. So ESG risks, which are becoming increasingly front and center for the FTC, also technological risks as they relate to the regional data law provisions that could be China, that could be the importance of IPR in Europe, which does impact the Asia-Pacific region. I think another risk that we see is also the combination of market dislocation and consumer patterns, both of which have changed because of COVID. 

Catherine: [00:04:30] I’d like to take a step back and talk to you both about you as people. What brought you into compliance, understanding how you work within the organization, because I think it is a role that requires a certain type of personality, a certain way with operating within the business. Kapil, maybe I could ask you first of all, how did you end up in that role? 

Kapil: [00:4:50] Sure, I was really set on being a doctor. Don’t. Don’t tell anyone. But I still wake up some mornings wondering what if?

Catherine: [00:05:01] So how on earth are you now a compliance officer?

Kapil: [00:05:04] The takeaway there is go with what interests you and what you’re good at. And that’s what occurred to me when I was 17. I was reasonably good at reading, writing, debating and so I thought law would be a sensible degree. The in-house move was the real transitory phase of my life. After spending a number of years serving clients in Europe and Asia doing mainly corporate M&A, the in house was attractive because it meant as we worked through 2008 and 2009, the financial crisis gave birth to compliance as we know it today, and the regulatory environment was more breadth, more challenge, more complication. And I was fortunate to be given the opportunity to understand it, get the firm I was with licensed.

Catherine: [00:05:56] Does it take a certain type of personality then? 

Kapil: [00:05:59] I think the person ideally suited for the role is someone who can strike a balance between commercial acumen as well as someone who can reasonably apply what’s in front of them. You can read and write all you want, but what you read and wrote years ago is going to change and it will change so quickly. In today’s environment, it may actually become irrelevant. So what you do need to do is have the ability to communicate and build relationships with deal teams who will come for advice and then apply what the best mechanisms are from a legal and compliance perspective to protect the business. Say, for example, appropriate sanction screening or appropriate gift and entertainment threshold. So, those that are best in compliance from where I’m sitting are those that are thoughtful, commercial and patient because the environment keeps changing.

Catherine: [00:06:52] Paul, are you also someone that never really thought they’d go into compliance but then looked at your strengths and thought, this is the path for me? Or how do you find yourself in that role? Because I also know that you don’t just work with Third Bridge, but you’re obviously also a professor at university.

Paul: [00:07:07] That’s right. So my dad’s a doctor, my mom’s an NP, nurse practitioner and the minute I saw a scalpel go into a hip and the hip open, I knew I was out. There was no chance I was becoming a doctor. So, no, I’m generally where I thought I was going to be. As I moved through education, I was a teacher, went to law school, thought I was going to be a professor or a local lawyer. Coming out of the Manhattan DA’s office, I will say 9/11 being the second week of work, being down there and seeing that tragedy, that terrifically wrenching event occur, it remains very personal. What can happen when things go wrong. And so within the past 2 hours, I’ve just finished a presentation here in Mumbai. And we talked about it. We talk about why do we do what we do? Well, the reason why is we say something if we see something. We still say that globally here at Third Bridge. And we’ve poached it from the NYPD because of that awful event.

Paul: [00:08:12] And when we’re here in places like Mumbai, we talk about the 2011 terrorist event to two hotels within just a few miles of where I’m sitting right now. And we say, if you see something, say something, and here’s why. And within the financial services space and within my space of the expert network and the kind of business intelligence that we offer, we have to then kind of translate that and really make sure it’s clear what the risks are for, say, insider trading, what the risks are if you are stealing and misappropriating intellectual property. I 100% agree with Kapil that you have to be business minded and really understand how the businesses operate. That’s one reason why I do travel quite a bit to understand how the regions operate as opposed to the global because they are very different. A regional compliance program or a regional business set of operations cannot be compared to how one company, KKR or Third Bridge operates at the global scale. 

Catherine: [00:09:17] So, Paul, what does your day look like, an ordinary day or is there even an ordinary day in the job that you do? What’s your remit? What are the things that you have to deal with?

Paul: [00:09:27] The great thing about my job being global, it does kind of chase the sun. So early parts of the weeks, we’re working quite, quite closely with the partners in Shanghai and Beijing, Hong Kong, Mumbai, and really spending the early part and the later part of the days working with them, spending quite a bit of the day with the UK team, about half or ish day with the US team and then really trying to balance it. It’s important if you think about where the risks are, the risks aren’t where you’re physically located. It depends on what your assessment is of your enterprise. And so it’s very varied. This is not a 9 to 5 job by any stretch. That’s one. Two, it really depends. I’m the General Counsel and the Chief Compliance Officer, so I have a wildly talented legal staff, same with my compliance group and really understanding what each of them need to do in their regions and empowering them. That’s kind of part of the teacher or the coach that I kind of take on as a very serious responsibility.

Catherine: [00:10:29] Kapil, from your perspective, what is sort of your remit? Because obviously, in contrast to Paul, who has a global remit, you’re very much focused on the APAC region. Does that have an impact on sort of the things that you deal with? I know that when we had our conversation before this podcast, you spoke about China being a key area of focus for you. Talk us through sort of some of the challenges that you encounter on a daily basis, some of the things that you deal with, but then also some of the things that are dealt with on a global basis.

Kapil: [00:10:58] Sure. I caveat one comment and say that I’m managing Asia Pacific, but I have a lot of inroads into the US and that’s very important because HQ, that’s where they’re thinking about policy, that’s where they’re thinking about growth and they can’t do that without my team’s contribution, whether that’s legal, compliance or otherwise. And so maybe I’ll walk through a day and show you how it comes full circle. In the morning I may be working with the China team, looking at a business and how it will perform from a controls perspective next year as China exits from the zero COVID policy. Then the next sort of hour I’m with the Korea team. We’re thinking about new data security and privacy laws, how we’re handling sensitive data. Before I know it, I’m on the phone with the team in Mumbai, thinking through how our portfolio company is going to manage the food shortage brought about by the Russia-Ukraine war. By evening I’m on the phone with the US, thinking through the geopolitical risk. Inevitably this is US and China. So the conversation is as varied as how do we think about export controls? How do we think about sanctions? How do we think about Taiwan? And so the day is definitely Asia focused, there is always a circle back to New York, Washington, San Francisco, wherever the business heads for that particular issue sit. And I think that certainly something that is going to become just part and parcel of working at a global institution.

Catherine: [00:12:39] Certainly sounds like neither of you sleeps an awful lot. So that’s something to keep in mind. I’d like to spend some time talking about relationships between you and local regulators. Obviously, both of you have roles that aren’t just focused and don’t just interact with one regulator. How do you manage that process? Is that something where you’ve got deputies or people within your team that work directly with regulators, or is that something where actually you just rotate around and interact with all of them individually? Kapil, maybe I can come to you first.

Kapil: [00:13:08] We’re dealing with all the regulators in the region. The way I have structured KKR interaction is to make sure that there’s an ongoing dialogue and that sounded very odd to peers in the US when I started many years ago. And my argument for them is the SFC, MAS may be in this part of the world, actually appreciate regular updates, regular touch points. Because if you have a relationship during the good times when things may be a little bit contentious, you have something you can fall back on. You can have an open dialogue with someone you’ve been talking to for a while. Our licensing officers, those in the enforcement vision, you don’t want to be speaking to them for the first time during an exam, a request for information. So one of the things that I’ve done is I’ve split the relationship. To your question, I take members of my team, I introduce them, I make sure they have air time with the regulators as well. So the regulator can also know there’s no key men risk. 

Catherine: [00:14:17] Some really interesting points that you mentioned there, this regular contact, but also this building of relationships. Paul, how does that sit with the strategy that you pursue?

Paul: [00:14:25] I would replay Kapil’s answer. I think it’s really important for the listener to go back to what Kapil said, and I’ll give an example. I was in New York with a regulator’s roundtable with CEOs and Chief Risk Officers, and I was a CRO at the time. And over the course of the I think it was the half hour kind of meet and greet, there were questions that were so, there was some fright, some reticence to ask the regulators these questions. And so I just posed a question. I said, look, without judging, I’m just kind of curious, do you know the name of the regulator that is assigned to your firm? And there were really few hands that shot up. And this was kind of a safe space. It wasn’t being recorded or anything. It was truly trying to get best practices. And what I’ve done is what Kapil does. We are not regulated in Third Bridge. I’ve been in regulated financial services for more than 15 years. So while we are not regulated in Third Bridge, we act as if we could get a knock on the door the very next day. My experience has been, know your regulator, do communicate the good, the bad and the ugly with them. Because what happens is when you do have that one ugly incident that is coming up, you have a reserve of goodwill that will serve you almost immeasurably as you work through the issue, whatever it is. 

Catherine: [00:15:45] How do you go about building those relationships? Because obviously there’s you know, you can’t just say, let’s go and have a beer and sort of build a relationship that way. It has to be much more subtle than that, I would imagine. Kapil, talk us through that process.

Kapil: [00:16:00] The trigger for any regulatory outrage is a new business opportunity. So take for example in Hong Kong where we’ve had an SFC type one and four license. Recently we applied for type nine, and that was the trigger to schedule a meeting with the SFC. And we sat down and they said, well why do you want one now? And so explaining certain growth strategies, explaining certain growth as it relates to staffing meant that when we submitted our application they had kind of seen the reasoning before. So at each point it may be a new license, it may be a new strategy. KKR for the first time is also looking at what we call NGT, new growth technology, crypto, blockchain, things that we’ve never invested in in this region. So similarly, we had an outreach to the regulator to say we’d like to talk about digital asset compliance and brainstorm with you best practices around getting comfortable, say, around AML and KYC and making sure that our standards across a private equity deal are equally applied to a crypto or a blockchain deal where we need to take a very nuanced approach. 

Catherine: [00:17:17] Thank you very much. Paul I’d like to drive the conversation forward now by having a closer look at some of the trends that we’re seeing in compliance. What are some of the biggest challenges that you face when it comes to compliance?

Paul: [00:17:29] I would go back to politics is local, so is risk. I think you really have to understand what the risks are based on your region, based on your business line, based on your legacy. There are companies that were fined early after something like Patriot Act or after Dodd-Frank. And so they developed scar tissue by enforcement. And then you have those that actually looked at those enforcement actions, were proactive and tried to stay in front of it. Those are really the two ways that one adapts. The culture is very, very difficult when you’re global and it is important to if you’re going to export or import, importing into Asia, the US sensitivities, the British, the London sensitivities to securities enforcement and what the expectations are. I think you really do need to understand what the current environment is in the region, one. Two, that you’ve got a senior level that is going to follow through with what the tone at the top is, as they say, and that that tone, those set of expectations, really gets pushed through to the middle, the belly of the company. And it really is clear that everyone really does understand that there isn’t a compliance department in which compliance resides. 

Kapil: [00:18:52] We have to tailor the approach just because we have such a diversity of ethnic groups internally, educational backgrounds, ages. The crypto and the blockchain deal team are half my age, whereas the infrastructure team are a little bit older and you have to approach both with the same set of compliance standards, but a completely different sort of communication angle. And they’re all trying to achieve the same type of return. So there is a definite need to tailor everything in this space while legal diligence, compliance diligence, all of the thresholds that we seek to maintain in our business are pretty uniform. How we go about making sure we’re in maintenance mode successfully across the different businesses is quite different.

Catherine: [00:19:44] Obviously key to implementing those best practices are your teams. And we’ve spoken a little bit about sort of the different people that work with you. But Paul, maybe you can give us a bit more insight about the team that works with you.

Paul: [00:19:58] The team is global. So what I what I have is many compliance departments throughout our different jurisdictions. They have the same remit. They just might have different support responsibilities. On the legal side, it’s a balance of outside counsel and in-house counsel. It’s a little bit different, and for them it’s the interpretation of the new regulations that are coming down and trying to decipher rather quickly not just how they affect us, but also how they affect our clients. There was a SEC alert, for example, back in April that really talked about what our clients should be focusing on when they work with expert networks and the like. Well, we devoured that and then made sure that our teams internally, not just compliance, understood what our clients are feeling. So if and when that alert came up, we were able to be pretty articulate about, hey, we understand it and hey, here’s what we’re doing to manage those risks as a service provider of yours.

Catherine: [00:20:57] Let’s talk about the highs and lows of your work. What sort of things when they roll over your table, you’re like, that’s going to give me a sleepless night. What are the things that roll over your table and you go, Yes, I’ve been looking forward to working on something like that? Paul, from your perspective.

Paul: [00:21:14] So here, because it’s such a creative group to see a new product come down that is challenging intellectually as a compliance or legal professional, how are we going to protect and support and work with the businesses? I find that incredibly motivating. And so at the same time, I’m working with outside counsel and our in-house counsel on, say, a legal memorandum or opinion about it. It’s just trying to think through also as maybe a client, what does this mean? So that to me is a lot of fun part of my job.

Catherine: [00:21:50] And the stuff that keeps you awake at night.

Paul: [00:21:52] Everything else.

Catherine: [00:21:54] You clearly do not sleep much.

Paul: [00:21:56] No look in legal and compliance in these types of industries there’s just a lot going on. There is. And even those companies that right now are on the front page, you have to know how hard they’re working and something just slipped past. That’s more often than not the case that in my heart of hearts, that’s what I think is happening. And so what does keep me up at night is making sure that we have really made sure that the message has proliferated through the institution, because having one slip by is everyone’s kind of worst nightmare.

Catherine: [00:22:32] I would imagine, Kapil, that something that keeps you awake at night. Is there anything else having to deal with so many complex jurisdictions? Is there any jurisdiction, particularly where you’re like, anything going on in, I don’t know where, is a worry to me?

Kapil: [00:22:47] As I think, is obvious to the whole world, the US-China friction is causing a lot of tension for investing teams and compliance professionals. One of the things that keeps me up isn’t really what the law is, but how we will stay compliant both as KKR and for our portfolio companies. We take an example recently, China, the personal information protection law, the data security law and the cybersecurity law that all came together quickly. I think you would have seen recently the fine issued against DiDi – $1.2 billion. DiDi had failed to correct practices of sustained and legal over collection of sensitive and personal data, according to the Chinese regulators. The Chinese regulators came down hard on them on locations, family backgrounds, things that are part and parcel of being in the business that they’re in. So, the takeaway there is that the Chinese regulator will go against a prominent Chinese company to enforce vigorously laws that have just come into place that are very complex and that are material to the value of a company. So, apply that to KKR’s China Pipeline and there’s quite a bit there to look into and to make sure we can hand on heart, say we’ve done our best to stay compliant. That’s an example. The next could be sanctions, could be supply chain risk. There isn’t a day where there isn’t a new law or a new provision we need to be to be sensitive to. 

Catherine: [00:24:21] Now, you raised a really interesting point of, on the one hand, enforcement and then differences in enforcement depending on regions. Paul, maybe you can talk to us about do you see that that there are certain jurisdictions where the enforcement of compliance rules is done very rigorously and then there are other jurisdictions when it is enforced with less rigor, I guess, is the question.

Paul: [00:24:46] And the answer is yes. I mean, there are there are different jurisdictions based on different things that have happened. You know, the US and the EU in particular, Great Britain, they just are more aggressive in their enforcements. In the mid-2000s the Foreign Corrupt Practices Act was an act that was passed in the mid seventies. But that got kind of new life as somewhat global companies were looking to try and get more market share in new jurisdictions by bribing and the UK Bribery Act then comes about on its heels. That’s not coincidence. There’s a reason why these two jurisdictions are kind of the global leaders. 

Catherine: [00:25:23] Kapil, from your perspective, do you see this, that there’s a different application of rules in different regions? And if so, what kind of impact does that have on the competitiveness of a business working in different regions?

Kapil: [00:25:37] I don’t see a different sort of enforcement approach, I think all of the regulators are very focused on making sure that they can maintain a competitive regulatory sort of investment landscape. This is very much in line with Paul, I do see the different levels of sophistication and therefore understanding what an investor is trying to achieve, how an investor is thinking about application of new laws. The Chinese laws are very prescriptive, but how the regulator concludes a breach isn’t always very clear. In the same vein, we have the Korean regulator and Korean laws that are very prescriptive around data. But ?? is clearly more sophisticated. More recently, we’ve seen they actually want to understand how have you anonymized personal data? How do you actually store, share, manage data with service providers? Where does the data come from? They ask all these questions, whereas another regulator may just do their own diligence and make their own conclusions. So there’s a different level of sophistication that some of the regulators take. But there’s certainly rigor irrespective of  where you’re doing business.

Catherine: [00:27:04] Let’s shift the conversation briefly to look at sectors and how sector specific compliance has become or is becoming. Paul from your perspective, are there some sort of sectors where you like? Well, that’s something where we know that compliance is particularly heavy the burden on us to provide certain pieces of information to the regulators is much, much greater. Can you share some of your experiences in that regard?

Paul: [00:27:26] Mostly within the publicly listed companies, when we’re in that space, seeking information about publicly listed companies, there’s just so many guardrails that we understand what is and isn’t appropriate. So that’s nice for me to have those guardrails. In the private sector space there are not the controls around publicly listed companies and insider trading. For us, we don’t care. We actually treat confidential information, potentially material non-public information the same whether it’s attributed to a publicly listed company or a private company.

Catherine: [00:28:00] Kapil, does that tally with your experiences as well when it comes to sectors?

Kapil: [00:28:04] It does. I think, though, we’re much more focused in the private market space. For us there’s less frequency with which we’re dealing with public companies. And I think in the private space you have challenges. Say, for example, cybersecurity, just given the different standards that you’ll see at companies and their ability to manage then perceived or actual data breaches, how they would react to incidents such as dawn raids, how they handle audits, risk assessments. Private companies are much more broad and they aren’t driven by public market standards so we do see a lot more divergence in standards. 

Paul: [00:28:46] I’ll add on health care companies, really making sure you understand when, say, drug trials are occurring. There are blackout periods and making sure the controls around those periods are in fact in place and people know. So any reporting of how the trials performed good, bad or neutral is not getting into the marketplace well before or before at all any public disclosures. With government related entities or those with government connections, making sure you’re similarly not getting information that is not public about some regulation that could be coming down and getting past high success rate of getting passed could proliferate a number of different trading opportunities that are outright illegal.

Catherine: [00:29:37] Before we wrap up our conversation with an  outlook on where compliance is going, two questions that I wanted to put to you. First of all, compliance officers are also sort of known as the police officers within the organization. You’re the people that make sure that everything that’s going on within the organization stays within a set of rules. But obviously that puts you at a slightly tricky situation because you’re often the people who also say no to something that someone really wants to do. How do you balance that, your internal stakeholders saying, but I really want to do that and it’s going to make millions for the business. But you’re saying, well, yeah, but hang on a minute, the rules say we can’t actually do that. How do you get the team on board and see things the way that you see them Kapil?

Kapil: [00:30:21] That is the fundamental rule. And then what you do is you embed yourself so they view you as an accretive contributor to the commercial goal, not as a yes/no guy. Therefore you are embedded into their process and in order to actually speak substantively as to what needs to be done. My first question to any deal team is where do you want to go? Where do you want to be? And I work backwards. Over the course of the investment we’re going to have to incorporate all these different elements. So let’s think through how we price that. So I’m doing my own sort of supply chain. And when I present that supply chain to a very sophisticated and diligent deal team they agree that I’m not playing good cop, bad cop, just playing another member of the deal team, and that really helps.

Catherine: [00:31:22] That’s a lovely way of looking at it, rather being the naysayer, being someone that’s actually working with them. Paul, does that strategy work for you as well?

Paul: [00:31:30] It does. I have shown in presentations the old DA badge I had and to purposely show that that’s not my job anymore. It was a great job and I loved it. But it’s not my job anymore. And in a presentation with our China businesses, I showed them the symbol that a friend had given me many years ago of the Mandarin symbol for diligence. And I actually replaced it. I said, this badge is not me anymore here. This is what I’m supposed to be doing. 

Catherine: [00:32:00] So, Paul, what is the biggest challenge that you’ve ever faced in compliance?

Paul: [00:32:05] The challenge is also the motivation. It doesn’t stop. It just it’s always evolving. There’s something new that comes about. The PIPL out of China is something that keeps you up at night because you then have to figure out, all right, what am I going to do about it? And if I’m in New York making sure that we’ve got China legal, who is devouring it and then interpreting it for the rest of us. This SEC, you see this interesting strategy that the SEC is taking on shadow trading. It’s basically, very quickly, if I have information, inside information about Company A, but I make a trade on Company B and they’re completely unrelated, but they’re competitors, there is this emerging enforcement kind of thread that the SEC is taking that is or could be insider trading, even though I had no material non public information about Company B. 

Catherine: [00:33:00] Kapil, the same question to you. What’s the biggest challenge that you’ve faced in working in compliance?

Kapil: [00:33:05] There are two that are of equal importance. One is translating compliance risk to commercial risk. Say, at a high level, you identify books and records deficiencies, which means tax has been underpaid or unpaid, which means the company is going to owe money that KKR will want paid back post-closing if we go ahead with the investment, which means are you accurately representing the right valuation? Again, working backwards based on findings and then communicating we found X and that’s a huge challenge and that’s a fairly universal challenge across the business lines. The second is a little bit more in line with something we spoke about very early in that things are constantly changing. Just this week we have, say for example, President Biden considering executive actions on US investments in China reversed CFIUS, the NCCBA. This wasn’t as actively discussed a few weeks ago. You’ve got the approval of the semiconductor bill. Now, again, the CHIPS Act. What does that mean for investments in China? And then other people’s actions that play on compliance and reputational and regulatory risk. Speaker Pelosi wants to go to Taiwan. Everyone is talking about it. Does that mean you’re going to antagonize a Chinese regulator who’s just then going to come down hard on US investors in China, we don’t know. So there’s just a lot of news. There are a lot of events that impact controls, that impact how we need to think about legal and compliance risk to businesses in the region. 

Catherine: [00:34:50] I’d like to wrap up our conversation by just giving our listeners an understanding of where compliance is heading. It’s obviously an incredibly complex topic. It’s also a topic that seems to be evolving continuously. And one of the biggest challenges, obviously, is to keep track of those evolutions. Paul, if there was one sort of takeaway for our listeners, one thing that you feel that they should be aware of when it comes to the future of compliance, what would that be?

Paul: [00:35:15] I would say where someone like me has a law degree and has enjoyed a career in compliance. I think the new compliance officer will understand technology and have a computer science background. Insider trading is so easy to find within the SEC because they have sophisticated tools to find the minute there’s an aberration in the trades, that’s done through technology. I think it’s just going to get more and more technically savvy. And the lawyers, unless we go and get our own computer science degrees, I think the computer scientists are going to start to have a field day with compliance.

Catherine: [00:35:53] Thank you very much. Kapil, your thoughts?

Kapil: [00:35:55] There is no predefined skill set. In building a team a manager should look to have breadth. Someone with the technological set that Paul just referenced, someone with the commercial mindset so important to winning hearts and minds of field teams. Someone with dual qualification because that’s just about every SBA that we signed needs to make reference to two sets of laws. I don’t think there is a one size fits all, but I do think the strongest compliance teams going forward are going to have breadth.

Catherine: [00:36:29] Thank you very much to both of you. Unfortunately, that’s all that we have time for today. But I’d like to take this opportunity to say once again a huge thank you to Paul and Kapil for sharing their experiences and insights and thank you to you listening to this episode of The Signal presented to you by Third Bridge, the world’s leading independent research provider. Join us again in a fortnight for the next episode. And in the meantime, please rate review and follow our podcasts. Indeed, if you like it, tell a friend. Find us on Spotify, Apple Podcasts, or wherever else you get your podcasts from, plus From me, Catherine Ford, that’s goodbye. And until next time.

Key Takeaways

  • Best practice does not stop within the organisation; ongoing dialogue with regulators is paramount
  • Ensuring the senior bench reinforces the compliance ethos through to the belly of the organisation is crucial
  • US-China friction is causing a lot of tension for compliance teams

Episode Guests

Paul Caulfield

Third Bridge’s Chief Compliance Officer

Kapil Kirpalani

Chief Compliance Officer, Asia Pacific at KKR