In a complex and constantly changing risk and compliance environment, Gloria Luk, associate director of enterprise risk services at Deloitte China, says her job keeps her in touch with the new regulations that are fuelling an unprecedented demand for risk and compliance professionals.
"My role means I work with securities and asset management companies as well as the banking sector, so I am able to see the different aspects of risk and compliance," Luk says. She adds that this covers the various risk and compliance regulations set by the Hong Kong Monetary Authority for banks, and those set by the Securities and Futures Commission for securities brokerages.
Luk, who studied accountancy at the Hong Kong University of Science and Technology, says one of the most enjoyable features of her work is the opportunity to meet clients and work with them to produce solutions. "There is a good balance between working in the Deloitte office and visiting clients' offices," she says. She adds that she also enjoys the teamwork aspect of her work, which involves exchanging ideas and developing client training programmes.
Luk says she needs to spend a lot of time reading and analysing new regulations and compliance information. She also relies on internal networking within her department, together with knowledge- and experience-sharing, to stay abreast of developments.
In a nutshell, Luk says her work focuses on helping clients mitigate risk and assisting them with the processes and procedures to ensure they meet compliance requirements. "In some ways, risk is an abstract topic. It is not easy to manage, or to understand where risks might occur. I have to learn a lot about the operations of the financial institutions I work with," she says. "Financial institutions, like firms in other sectors, have exposure to diverse risks, which require different solutions. This is something I find intriguing."
Luk says she works within a team to help companies implement risk and compliance requirements involving different departments. "When we are working with clients on mitigating operational risks across different departments, and often in different countries, it can be quite a challenge," says Luk, who has also worked in Deloitte's audit department.
From a risk-management perspective, Luk says a key area is assisting firms with their risk strategies and objectives. "Without having a top-down risk management and corporate-governance framework, it can be very difficult for middle management to implement processes and procedures. It is important that management sets a good direction and ensures messages are clearly communicated," she says.
She adds that as banks and financial services companies strive to generate profits while complying with regulations, she and her colleagues offer advice and solutions on a range of areas including privacy, solvency, corporate governance and operational risks.
"Sometimes the risk and compliance issues in different sectors can be similar, but often they can be unique to a particular company or business line," Luk says. "There is always something new to learn and share with colleagues and clients."
She adds that another part of her job is helping clients interpret regulation guidelines and proactively keeping them up to date with new regulation requirements.
Increasingly, she says, banks and financial services enterprises are seeking assistance with the risk and compliance aspects associated with technology. "As banks introduce new products and services through mobile platforms, areas such as e-banking guidelines, personal privacy data and cyber-security have become very important," she says.
In client presentations, the topic of social media is often raised and the risks generated by staff deliberately or inadvertently posting messages that could damage reputation or operations.
"When stories appear in the media about cyber-security attacks or unwanted attention caused by something appearing on social media channels, this is often a trigger-point for us to stress the importance of best practices," Luk says. Quite often, she adds, management overlooks the threat of reputational damage.