Chief Risk Officer at Zodia Custody, Anoosh is a risk authority with expertise in enterprise risk management, GRC Frameworks and systems. Her experiences vary from the public sector, working in Zimbabwe for a German NGO, to the private sector, working in financial services, most recently for Citigroup across offices in Johannesburg, Belfast and London.
As risk regulations tighten, businesses have to stay on top of a complex matrix of compliance regimes. Exclusively at #RISK London, Anoosh will give her views on what organisations need to do to meet evolving regulatory standards in order to manage cross-border risk effectively.
We spoke to Anoosh to get an introduction to this important topic and to learn more about her career to date.
Could you outline your professional pathway so far?
My career started in the public sector in a German NGO in Zimbabwe. I left Zimbabwe to join Citibank in Johannesburg within the Treasury & Trade Solutions team where I helped the local business team develop corporate credit card solutions. I moved with Citi to Belfast to join the Enterprise Risk Management Team and after a couple of years in Northern Ireland, I moved over to London as the Governance Risk & Compliance Methodology Deputy Head. After the pandemic, I decided to take on a new challenge at Zodia Custody, where I am the Chief Risk Officer.
I was allured by the crypto industry and the proactive drive taken by the company to shape the regulatory agenda for crypto. Zodia is a FCA and CBI registered institutional crypto asset servicing firm, which is owned by Standard Chartered in association with Northern Trust, and it combines the multi-market expertise of a trusted custodian of traditional securities with the agility of a fintech company to provide secure and innovative asset servicing for digital assets.
What are the primary compliance frameworks that UK firms need to be concerned with?
The regulatory perimeter in the international space has accelerated substantially in 2022. Across the US, Europe, UK and Asia, there is a push for crypto adoption as crypto assets have transcended the retail sphere and have cemented themselves in the institutional space too.
For crypto businesses in the UK, there is a need to be alert of upcoming regulations in the EU (such as MICAR and FATF Travel Rule) and US (such as the Responsible Finance Innovation Act and Digital Commodities Consumer Protection Act to name a couple).
Many institutional businesses welcome the greater regulatory clarity and in the UK, we await the outcome of the Financial Services and Markets Bill which is going through parliament. The UK is focusing on a narrower scope (to drive innovation) by regulating a few specific crypto assets (largely stable coins used as a means of payment) and service providers (such as exchange and custody providers).
Whilst this is going through parliament, approximately 30 firms including Zodia, have registered as crypto asset service providers under AMLD5. From a retail space, the next likely action in the UK would likely cover investment risk warnings such that retail investors have clarity on what protection (or lack thereof) is included as part of their crypto portfolio.
What challenges do organisations face as they bid to improve their approach to managing risk violations?
From a crypto perspective, we see that there is a patchwork of regulation across jurisdictions (including the EU pre MICAR implementation) as a response to the speed of innovation in the space. This makes it trickier for multinational firms to identify and comply with their regulatory obligations, depending on the product/service they offer, from which jurisdiction and to which client type in which jurisdiction.
Beyond the regulatory clarity, there are also challenges in industry wide implementations of standards (before they become regulation). For example, Zodia is fully Travel Rule compliant (i.e. facilitates the capture and due diligence of ultimate beneficiary owners of crypto wallets) but is reliant on the adoption of this standard by other industry crypto asset service providers
The feasibility and cost of adoption is another factor to consider in the crypto space, given that crypto was intended to facilitate a decentralized universe with transparency and immutability. There is therefore a reliance on all of the crypto players to collaborate together and adopt industry standards – which is difficult for smaller firms/crypto native firms that are not scaled for the costs associated with compliance.
At Zodia, we identify our upcoming obligations and ensure we have a mapping of clear controls to ensure compliance and actions by when controls are implemented (if they are not already). These are tracked continuously with ongoing monitoring by the business owners and subsequent independent challenge from Risk and Compliance departments.
The event unites thought leaders and subject matter experts for a deep-dive into organisational approaches to handling risk. Content is delivered through five content hubs, each featuring insightful sessions, case studies, networking, high-level thought leadership presentations and panel discussions.
→ Session: “Managing Regulatory Risk Across Jurisdictions”.
→ Time: 15:05 – 15:50 GMT
→ Date: Thursday 17 November 2022
→ Venue: ExCeL London