Voice-over: This is Leaders in Finance, a podcast where we find out more about the people behind a successful career. We speak with the leaders of today and tomorrow to discuss their motivations, their organizations, and their personal lives. Why?
Because the financial sector could use a little more honest conversation. We’d like to thank our partners for their ongoing support. They are Kayak, EY, Mogelijk Real Estate Finance, Roland Berger, and Lepaya.
Your host is Kees de Wit.
Kees: Welcome, listeners, to an extra episode of the Leaders in Finance podcast. My name is Kees de Wit, and I’m speaking to you live from Amsterdam, right after our very first Leaders in Finance Risk event. This is also my very first podcast recording for Leaders in Finance.
Today, I’m here with three people who not only attended the event, but also made a big contribution to it. I want to reflect with them on today’s event, especially for listeners who didn’t attend, to give them a sense of what was discussed. But first, I’ll briefly introduce my three guests: Owen Strijland, Managing Director at Protiviti; Carina Kozole, CRO at ING NL; and Daniël Smidts, Managing Director at Corporator.
Welcome, everyone. Before we dive into the event, I’d like to give you the opportunity to introduce yourselves a bit more than I just did. Carina, can I ask you to start?
Carina: Sure, I’d love to. Yes, as you already said, I’m Carina Kozole. I’ve been in banking my whole life, and I also wanted, since I was a little child, to become a banker. I spent the largest part of my career, over 20 years, at UniCredit, both in sales and in risk management positions. Then I moved to a German fintech, N26, where I was the CRO. And since the 1st of August, I’m very proud to be the Chief Risk Officer of ING NL. We’ve just moved with the family and kids from Germany to the Netherlands, and I’m not only diving into the Dutch banking market, but also into the Dutch culture.
Kees: Thank you. To get an idea: how has the move to the Netherlands been? Do you like it?
Carina: I like it very much. It’s quite an open culture, so it makes it very easy to adapt. It’s also a culture where everyone speaks English very well, which makes moving easier. But now, after the first three months, you do start to notice some cultural differences, which were unexpected for me, to be honest. Because I thought: neighbouring countries, so the working culture should be quite similar.
Kees: Very nice to hear. And I think it really adds to the experience we just had with Greg Shapiro, who did an amazing keynote at the end of the event. Thank you, Carina.Daniël, can I hand it over to you?
Daniël: I also just returned to the Netherlands and moved back from Norway, also with the family. So I probably have the same challenges of reintegrating. I’m originally from the Netherlands, so that helps, maybe. I’ve been working in GRC advisory for most of my career, and in financial services for about 20 years. For the last two to three and a half years, I’ve been working for a software company called Corporator. It’s a Norwegian company, and we landed here in the Netherlands about a year ago. We’re expanding in the Benelux and Southern Europe, and we coordinate that from our office in Zeist.
Kees: Thank you very much. Owen?
Owen: Yeah. Hello, I’m Owen. I’ve been working in financial services since I started my career. It’s a bit strange, though, because my education is quite technical: I have a data and technology background. Now I work at Protiviti, building the consultancy practice. I started there about 14 years ago, and for the last 15, 16 years I’ve been supporting the CRO agenda across pretty much all topics.And it was a good event. I really enjoyed it. Loads of different backgrounds.
Kees: Nice that you start with that, because that’s something I’m really curious about — and maybe you can continue on that. How did you like today’s event?
Owen: As you know, I went to Jeroen with the idea: we need something like this. Because when talking with multiple CROs, I recognized that they were all doing the same role, but they all thought they were completely different. Pension funds, banking, payments — everyone said they were different, but in the role, they’re actually very similar. That’s also why I wanted a panel with a good reflection of the financial market, but with three completely different CROs at the table. And I think that worked out really well.
Kees: Yes, thank you for bringing that up. And I think we’ll continue on that as well when we talk about your panel. But first: Carina, did you also experience a big diversity of roles present at the event today?
Carina: Yes, I liked it very much, because there were, let’s say, the chief officers of the more traditional banks, then there were the neo-banks, and then there were completely different industries — but everyone with a strong focus on risk management. And what I also really liked, speaking about diversity, is that you could see the different backgrounds of the CROs. There isn’t just one route anymore — and I think this is really evolving. In the past, there was one way to become a CRO. Today, you see so many different backgrounds shaping CROs. And I think that’s exactly what the industry needs to cover all the risks, and also to see the unseen.
Kees: Yes, thank you very much. And I would like to add that what I found really amazing today is that 50% of the speakers were women. I’m very happy with that diversity as well. Daniël, a question for you too: how engaging was the day for you?
Daniël: Did I like it? I think this was a great event and a very needed event for financial services in terms of the risk profession. I’ve been talking to Jeroen since I’ve been back in the Netherlands. He lives in the same town as me, so we always had this idea: where can we do a risk event? And I think when Owen and Jeroen came to us and said, “Well, you know, we’re going to do this,” we said: we want to be part of it and make it happen. And I think that’s exactly what we did.
We brought risk professionals together within the Netherlands in financial services, and I think it turned out really great. The only thing that struck me was that technology is such an important area within risk, and you still see some hesitation to really talk about technology, including some AI discussions. But what can technology really bring into the risk function? That stayed a bit on the surface. And I hope we can go deeper next time. But I’d also love to hear your view on that, around the table.
Kees: Carina, maybe you can add something, because you gave a speech titled Looking Back on a Transforming Risk Landscape. We also had Chris Wolterpoetze, who did a keynote, and he told us that with 30 years of experience in risk, he couldn’t work anymore without AI. Then the audience got a question: who thinks AI is more important than human experience? And nobody raised their hand. The truth is somewhere in the middle, I think. What’s your opinion on how the whole risk landscape has changed?
Carina: From a technology point of view, for sure it has changed a lot. And this is not only about AI. It’s also about automation, digitization, the way you work, and the way you think. That has completely changed, especially for the risk organization.
I think the reason people are still a bit reluctant to talk too much about technology is that we’re currently in a phase like when the internet arrived. Now it’s AI. So there’s a certain reluctance around it. And there’s also a lot of experimentation. But experimentation isn’t the easiest thing for risk managers, because it doesn’t happen in a sandbox if you’re in a real bank. It happens in real life.
So what we’re doing a lot is training our people, and I’m training myself as well. I’m taking courses on what AI can do. I’m practicing a lot. I’m using it, and like Chris said, my life would be much more difficult without AI because I let AI do a lot of repetitive tasks and things like that.
But it’s not like you work for 20 or 30 years as a risk manager in one direction, and then suddenly AI arrives and everyone immediately changes. You need to bring people along and make sure things don’t go wrong. That’s exactly what we’re doing at ING. So I’m pretty sure that next year, when we reconvene, many more people will be speaking about technology and risk.
Voice over: You’re listening to Leaders in Finance with Kees de Wit.
Kees: That’s maybe a good bridge to the second panel we had. Daniël, you attended the panel titled Navigating the Next Decade, Top Risks and How Tech Can Help. Any takeaways from the panel you were part of?
Daniël: Yes. I think the main thing, and that’s also where Irene started, is that tech can help in many ways, but it also comes with a huge risk, especially the reliance on non EU IT service providers. And those choices, and the risks they bring, can be modelled through scenarios.
And I think Sven explained that very well in our panel: what they’re doing to prepare for impactful events, like when big tech isn’t available anymore for our services. And if we take it a bit further than what Damla asked the audience, what are the alternatives to Microsoft, it was very silent. Is there? That’s the question. Is there an alternative? And I think right now there isn’t really an alternative yet. But we shouldn’t just sit back and say, well, there’s no alternative, so we’ll wait for one to appear. No, we need to be more proactive. And I know the on premise discussion has been put aside for years, but as a software provider we see that the on premise discussion is back, alive again, like it was 10 years ago.
Owen: And Daniël, if I can add to that: what I find very interesting, with my technology background, is that the discussions are mainly about brand names we all know. We quickly say Google, Amazon, Microsoft, but that’s just the software layer. If you look at the infrastructure, the hardware we’re actually using, and what we run those servers on, I think we haven’t scratched the surface yet of our interdependence within the financial services industry and beyond.
I still remember when the first computer arrived, because I was already helping as an 11 or 12 year old with configurations. And we still do it today. If financial institutions want to register controls, manage risks, they all need IT, they all need software, and it’s all interdependent.
So it’s not only those famous brand names that are a concern. It’s also what we’re running it on, where it’s hosted, and who maintains it. DORA, just to name one thing, makes it very clear: yes, there is dependency. We can’t do without it right now. But being aware of the risks, and at least being prepared to act when they occur, is crucial.
We talked a bit about serious gaming and simulations. That’s a good start to understand what we need to do when it happens. Because if we don’t know, we can’t do anything about it.
It’s the same as when the internet goes down and my doorbell doesn’t work anymore. Then my neighbour has to knock on the window. We need to go back to those kinds of scenarios where we say: the doorbell isn’t working because it runs on an Amazon service, so now we knock on the door. So, Carina, really, in simulations, how are you preparing for those kinds of scenarios? I know there are…
Carina: Yes, for sure there are. We are definitely doing all these crisis scenarios and simulations. And what is super helpful in these simulations is that you’re not only bringing together risk, tech, and operations. You also need HR, you need comms, and you need supervisory affairs.
So you really need to bring a broad group together. And I’ll tell you why. Every bank has plans for every service we deliver. We have business continuity plans and things like that. But those are often written from the books. When you actually run a scenario, suddenly you start thinking differently.
I had that this year in Spain when there was a power outage. The first question was: what do we do with the employees who are still in the office? That wasn’t trained in the scenarios. Do we send them home when there are no traffic lights and public transport isn’t working, or is it safer for them to stay in the office?
That wasn’t trained. And suddenly these kinds of questions take a lot of time, time you would rather spend on actually solving the crisis.
The other topic is how we design those crisis scenarios. We bring together a much broader group. Why? Because you need a diverse group of people from other countries, from other jurisdictions, with different backgrounds, to help you think through what could really happen.
I always tell my people: as risk managers, we need to think in the unthinkable. And that’s much easier when you bring in diverse perspectives. So that’s one part: rethink the scenarios you work with. Then, in the scenarios, bring together many different people. And after that, do proper lessons learned and keep improving your scenarios and simulations.
Kees: Thank you very much, both, for these valuable insights. It makes me think of something Ebbe said as well, with his slide of skiing: life is about risk. So we will always have risk. And maybe it’s about agile risk management, being able to respond. Owen, you did a panel discussion as well about the CRO as a decision maker. What do you think? What did you hear today? What has changed in the decision making of a risk manager?
Owen: Yes, of course, it’s the panel, but also the whole day, that brought new light, I hope, to many of us, and also to me. What I thought was true is this: the CRO becomes a dealmaker in between clients, business, regulation, and internal operations.
It’s much more than trying to stay away from risks. It’s engaging with risk, but doing it very consciously, and being clear on who does what when a risk occurs, or when we need to analyse new kinds of risks.
It’s not the CRO who does all of this. The CRO facilitates it. And I really liked Sarah’s remark that she’s working with a CEO who is also a CTO. So he knows a lot about the product. And still, she’s able to help him and challenge him on what to do next, because she’s also involved in strategy.
So I think the CRO has almost become, and I wrote a bit about it, a sort of CEO role. Because risk is so important in every decision you take. You have to take risk, otherwise you just sit still. But you need to be agile, aware, put it on the table, and practice it before it happens. That’s agility.
You can’t ski without learning how to fall in the snow, how to take off your skis, get back on your feet, and put your skis back on. You need to practice that. Not only by education, but by doing. And I really like the scenario point. You mentioned Spain. I was in Portugal at that moment, in the northern part.
And the biggest risk outcome was that in the city where I was, all the diesel engines started to create electricity for hospitals and government buildings. The biggest issue became diesel fumes. The whole city was coughing. The air outside was foul, very bad, because everyone said: we have diesel engines to produce power.
And all of a sudden, that was the biggest issue. So now they’re looking at how to solve that, because for 10 to 12 hours, diesel was used to run electricity for most buildings. It was crazy. A blue sky, and then dark blue from diesel fumes. So yes, practicing creates agility. You’ve been there, you’ve experienced it.
Kees: Yeah. Risk can be anywhere and can be anything. To round up a little bit: at the end, the question got asked, who or what is a risk manager? There were several answers: an architect of resiliency, an AI strategist who cannot do without, but maybe a little bit without, a crisis commander, or maybe all of these. Do we miss some words here about what a risk manager is, or what a risk manager needs to have? Any thoughts, Daniël?
Daniël: One word: a leader. That’s a CRO. I mean, to your point where you started, you have different backgrounds at CRO level, and that’s needed. You need those different backgrounds.
And with different backgrounds, you can come into the CRO position because of your leadership skills. It’s leading the way. It’s taking bold decisions sometimes. It’s also making bold decisions about risk, whether to take it or not. And being honest about your strengths and weaknesses.
Whenever we make a choice and we fail, okay, let’s learn from it and continue. But the main thing I would add is leadership skills.
Kees: Leadership, thank you very much. Carina, for you?
Carina: Next to leadership, which is very important, it’s also storytelling. We heard today that the whole concept of the second line as only controlling is breaking up. Why? Things are moving so fast that you need a super strong first line, a super strong business with a good risk culture, so they decide from the start which risks they want to take and which not. Otherwise, you cannot control everything at the end.
So the CRO doesn’t need to come in and tell people: if you don’t do KYC correctly, you’ll get a big regulatory fine. If you don’t do this, we get capital add-ons. Of course it scares people, but it doesn’t always have that much impact.
What matters more is explaining that if we do it right from the beginning, we become faster, we protect society, we protect our colleagues, and we can grow faster. So these are things you need to do as a Chief Risk Officer. And yes, I would say: a storyteller.
Kees: Storyteller. A leader. Owen?
Owen: And I think: trustworthy. I’ve seen environments in financial services where people didn’t speak up, and that’s when you run the biggest risks. Because when you run into a risk, like we all said, you have to analyse it, and you have to look at your response.
So you need to be trustworthy, so that people come to you, sit down in that special chair. I’ve heard many CROs say their office is always open, and they have a chair where people can ventilate what they’ve seen or experienced. And that can only happen when you’re a leader and a good storyteller.
But I think you also need to be trustworthy for everyone in your organisation, so they feel they can come to you and talk to you.
Kees: Thank you very much. I would like to add: fun. In the run up to this event over the last few weeks, we talked about analytical people, people who are really in their head, thinking about mitigating risks.
But today was a really fun event. So I’d like to add fun, because I really, really enjoyed today at the Leaders in Finance Risk event. Over 120 people attended today, from more than 50 different organisations. So I’m very proud of that. So I would like to wrap up today’s episode. A big thank you to Owen Strijland, Carina Kozole, and Daniël Smidts for joining me. And of course, to all our listeners for tuning in. We look forward to seeing you again at the next risk event next year, at the AFAS. Thank you very much for listening, and see you next time.
Voice-over: You’ve been listening to Leaders in Finance. We hope you’ve enjoyed the episode, and we’d love to hear from you. What’s on your mind?
Who would you like to hear next? Send us an email or get in touch via our social channels. We’d greatly appreciate it.
Finally, we’d like to thank our partners for their ongoing support: Kayak, EY, Mogelijk Real Estate Finance, Roland Berger, and Lepaya. Don’t forget to check out everything else we do at leadersinfinance.nl. Thank you for listening.