09 Sep Risk & Regulatory Advisory meet Marcus Ellman

Posted at 12:23h in Uncategorized by

Risk & Regulatory Advisory meet Marcus Ellman

Marcus Ellman has been the CRO of Avanza Bank for the last 5 years. He has an interesting background from strategic analysis and M&A, operational risk, consulting and from the role as acting chief audit executive at Swedbank. This wide palette of experience gives him several interesting perspectives into risk management and governance in general worth reflecting on. Risk & Regulatory Advisory met Marcus for a coffee and a chat.

What do you believe is common pitfalls in ensuring an effective governance, compliance, and risk management? How can we avoid them?

I think that a common pitfall is for the business to think that compliance and risk is something that Legal, Risk and Compliance-functions (i.e., specialist functions) are dealing with, and that the specialist-functions are too far from the business to gain the required understanding of the business.

I have seen so many examples where specialist functions in isolation write policies and instructions based on external regulations without understanding the context and adapting them to the actual business and without anchoring them with the ones that is supposed to abide.

I have also seen many examples of where the business develops things that must be rebuilt because they failed to consider regulatory requirements in the design phase.

The easiest way to avoid such pitfalls is for the business to invest time and energy to understand the regulation that affect their area of responsibility (with support from specialist functions) and for the specialist functions to be out in the business to get a real understanding of the business model, processes, and procedures to be able to provide relevant support.

“I have also seen many examples of where the business develops things that must be rebuilt because they failed to consider regulatory requirements in the design phase”

I would argue that adapting to changed circumstances in the marketplace, new technology and altered customer preferences is key for a company to avoid the risk of becoming obsolete. I also hear a lot of people talking about that everything is going faster and faster these days and that it is important to keep up. What is your take on this?

I fully agree with you, and I think the only way to keep up is to establish a corporate culture of innovation with curiosity in new technologies and business models. Whatever business you´re in you need to be scrupulous in challenging yourself and not be afraid of killing (or improving) your own darlings; otherwise, you can be certain that sooner or later someone else will.
There is an often-quoted passage in Hemmingway’s “The sun also rises” in which Mike is asked how he went bankrupt, and he responds “gradually, then suddenly.” If you make sure to continuously challenge what you do and develop your business, I think that the risk of suddenly being disrupted is minimal.

“The talent you can attract when not being limited to a certain geography is incredible”

You currently also have a role as senior advisor to Juni. How is risk management different in Juni compared to other industries and company’s you have worked for?

What I love about Juni is the energy, competence, and cooperation across the company. Juni is a completely distributed organization, which means that they have a global recruitment base. The talent you can attract when not being limited to a certain geography is incredible.
From a risk management perspective, employing highly experienced and competent people is a great way of managing risks. By building a company from scratch you are also able to efficiently build in compliance into your processes from the beginning with is much more cost efficient that adapting your processes over time. This is of course an advantage that may diminish over time as you build legacy.