Tech upstarts, cyber take-downs and thoughtful bankers: what finance firms really need to know about risk | Doris Honold COO of Standard Chartered

Having held risk and chief operating officer (COO) roles at emerging markets bank Standard Chartered, most recently as group COO, and as a new (Nurole-recruited) non-executive director at online peer-to-peer Zopa, Doris Honold’s experience straddles new and old financial institutions. She has 25 years of financial services experience under her belt, gained from roles in Frankfurt, Tokyo, Singapore and London. At SC she helped to improve productivity, and is a leader on financial crime, cyber and operational resilience risks. A former Fulbright scholar, Doris is fluent in German and English, with conversational Japanese; she has also enjoyed curating SC’s extensive art collection. Doris started her finance career at Dresdner Bank in Frankfurt, working her way up to managing Dresdner Kleinwort’s global market risk.

You’ve held executive roles and are now a new NED at Zopa, you bring two very different perspectives for financial services firms. What are the main risks finance boards need to think about around the tech-driven change in the financial industry?

The first and biggest risk that comes to mind is cyber, and the second is, how to become more agile. The huge tech advances over the last five to ten years - from AI and machine learning to fast paced mobile technology - mean start-ups have found easier, cheaper ways to provide excellent client service for financial products and other client needs. Banks need to find more agile ways of working, including in the areas of strategy and governance. Historically, board meetings have all been long, face-to-face events, put in the diary a year in advance, with very rigid governance. It’s time to critically analyse if this is the right way to operate in this new environment, where everything is moving a lot faster.

Everything is riskier too; how can boards help firms deal with cyber security risks?

The fact is, at most firms, attempted cyber attacks are inevitable. How successful those attack are is as much down to preparedness as it is to luck, with hackers constantly looking for vulnerabilities, and coming up with new strategies all the time. So boards need to be thinking about protection and response: if there’s a cyber incident, how resilient is the business to withstand it, or to contain the damage? Can key client services continue, do they have sufficient back-up facilities etc?

It’s also important not to be intimidated by IT jargon. The focus has to remain on the fundamental questions: what are the most critical assets and how are they protected? It’s too expensive to protect everything to the same level; boards need to know which are the corporate crown jewels, what are the right security standards, and prioritise accordingly. In the end it boils down to how safe are the critical information assets from being stolen, being manipulated, or being out of service?

Are traditional banks responding to tech start-ups marching in on their domain?

A whole range of really innovative, fast-moving companies like Monzo, Revolut, TransferWise, and Zopa are presenting a challenge for established banks. I have accounts with both Monzo and Revolut - I wanted to test the client experience and I’m a fan. I think most traditional banks still need to respond faster, and learn from these companies; they need to create more of an innovative spirit in an archaic, highly-regulated industry where everything that’s happened over the last 10 years has pushed towards more controls, more governance, more double-checking, and not towards a culture of innovation and experimentation.

The whole financial industry was - quite rightly - reined in to be more thoughtful after the 2008 crisis. But small, young, modern companies are showing the rest of the industry you can be fast moving, creative and experimental and create something with the right outcome for clients. This needs to become the norm across the whole industry.

How can finance boards protect themselves from the risks of tech competition?

I don’t think you can - the world is moving fast and tech innovation will only accelerate. Financial boards need to recognise that they need to have an agile environment so people in the workforce are open to continuously learning and adapting. That way, R&D and products will do so too. Also, be open to joint ventures and/or collaborations with tech companies.

If you had to invest in a new financial business today, would you plump for a traditional business focused on an emerging market, like SC, or a disruptor like Zopa in a developed market?

A tough question! For my personal portfolio, I’m already heavily invested in SC with all my stock and options, so my next investment will probably be something new. I still see a lot of growth in emerging markets and, for maximum growth, I’d likely pick a start-up with a client base in an emerging market for the big opportunity. But that’s incredibly high-risk, and it wouldn’t be my advice for everybody.

Has the financial sector learned lessons from the banking crisis?

I think so: finance professionals are a lot more reflective and respectful of ethical standards; banks are also doing a lot with educating their staff and setting new standards. The new regulation forced them to change how they look at risk; it’s a lot more advanced and holistic than it was before.

But what about the downsides to all the new regulation - is there anything that you would change?

All the new regulation was needed; it was the right thing to bring it in. But my one concern is that a lot of the rules are now so prescriptive - with set stress testing parameters, and very detailed instructions on what to do - that I worry that a bank’s incentive with regards to doing its own risk assessment has gone away. And that’s important, as every bank has a different portfolio and therefore different risks.

It lends itself to an environment where risk professionals could operate by process rather than their own professional judgment. This is not a good thing in my opinion and, in the long term, I worry that this might result in losing risk expertise in the industry.

How does Brexit feature in your calculation of risk management?

It’s more operational work than traditional risk management - a lot of companies had to establish a new legal entity, and now it’s a case of moving operations from one entity to another, transferring existing people, finding new talent, client communication, updating contracts. It’s a lot of work!

Can banks ever reverse their post-crisis reputation?

Yes - I believe so. Trust barometers are already showing an increase for financial institutions. Bankers aren’t evil people, they understand their role is to support individuals, organisations, countries and, ultimately, economies in their financial growth. I see banks better understanding their bigger purpose now. With the tighter regulations, and people reflecting more on the impact of their specific actions, I think trust will continue to improve.

How have you found the Nurole experience?

I was hugely impressed by Nurole, it all worked seamlessly and it’s very professional. The process is all online; I entered my interests and qualifications, synced it with my LinkedIn profile, answered the (very good) questions explaining why I was suitable and what I could offer to boards. I like the way you register your interests and it’s up to you to make the first move from the huge range of roles on offer - there’s no annoying calls from headhunters who always phone at the wrong time with things you’re not interested in.

In fact, going for my Zopa role was the best experience in interviewing ever - very organised and easy to arrange. I’ve recommended Nurole to quite a few people.

How does a banking executive role fit with becoming an NED?

When I was applying for the Zopa role I spoke to my boss [at SC] and he was very positive about it; for my own professional development, but also because the threat (or competition) from tech companies and disruptors means you need to really understand how these firms operate.

Let’s finish with a few quick-fire questions...

What’s the best professional advice you would give?

A career is very long. There’s no rush for anything.

What was your biggest break?

I started my career as an electrical engineer at the German railway; the best decision was to leave.

What are you reading now?

I’m a big reader - I’m currently reading Game of Thrones, I haven’t seen the series yet, I’m finding the book intriguing.

What’s your favourite quote?

Albert Schweitzer: the key to happiness is good health and a bad memory.

Favourite holiday?

Hiking in the mountains.

What do you do to have fun?

See my friends, just hanging out with them.

When did you last cry?

In October - when my mum passed away.

What’s your favourite app?

WhatsApp.

When does your alarm go off and how many hours of sleep do you have on average?

Alarm goes off at 6am, I go to bed at 11pm.

If you are looking for senior executive and non-executive director roles, Nurole's innovative recruitment platform can help.