Christiaan Visser

Jeroen: Thank you very much, Christiaan Visser, partner at Deloitte, for taking the time to speak to Leaders in Finance in the lead-up to the Leaders in Finance Compliance event on September 18th. We really appreciate it.

Christiaan: Thank you for having me.

Jeroen: You’re a partner at Deloitte—could you tell us more about your role and your background? And what is your relation to compliance in the financial sector?

Christiaan: Within Deloitte, I lead the regulatory and compliance practice—a team of about 90 people focused on conduct, prudential, and sustainable finance regulation. Together with other teams at Deloitte, both in the Netherlands and abroad, we address a wide range of industry challenges from a regulatory perspective.

I joined Deloitte ten years ago, after 15 years at ING. I’ve now been active in the regulatory and compliance domain for 25 years. I started as a legal counsel, moved into risk management and compliance, and what has always fascinated me is how regulation can be more than a constraint—how it can actually build resilience and long-term trust in financial services.

Jeroen: That raises the question: what is it about risk and compliance in financial services that interests you? Is it the topic itself, or more the consulting aspect—advising and solving complex problems? Or is it a bit of both?

Christiaan: It’s definitely both. What makes compliance so interesting is that you are not just the “checker”, you are a partner to the business, helping them succeed responsibly. Twenty years ago, the focus was on regulatory pressure and establishing the basics. Today, compliance is much more about ensuring resilience: the ability of financial institutions to absorb shocks, adapt, and continue to serve clients and society without losing trust.

For example, AML regulation initially felt like a burden, but it has made institutions much stronger against reputational and financial crime risks. Duty of care rules strengthened consumer trust. And more recently, regulations like DORA for operational resilience or the upcoming EU AI Act show how compliance is now at the center of preparing institutions for future shocks. That evolving role is what keeps it fascinating.

Jeroen: That makes sense. You work closely with many Chief Risk Officers and Chief Compliance Officers. Based on those interactions, what are some of the main challenges they’re currently facing?

Christiaan: One of the biggest challenges used to be the sheer volume of regulation and how to manage it efficiently. That remains relevant. But increasingly, the problem is overlap. ESG -irrespective of the role of Compliance in this domain – is a good example:

• Under MiFID II, firms must take clients’ sustainability preferences into account in advice.
• Under CRD, banks must integrate ESG risks into governance and risk management.
• Under SFDR, firms must disclose how they handle ESG risks and impacts at product and entity level.

Each framework has a slightly different angle, but together they create a complex puzzle. Without coordination, you risk duplication, inefficiency, or even conflicting interpretations. Compliance adds value by making this complexity manageable and turning it into a coherent framework that strengthens resilience rather than undermines it.

At the same time, technology is evolving so quickly—AI is a perfect example—that financial services must keep up or risk being left behind. Compliance then faces the tension: how do we move fast enough to remain relevant, while staying in control? That balance is at the very core of resilience.

Jeroen: Has there been a development in the compliance space in recent years that caught your attention—or concerned you?

Christiaan: Yes, the shift from compliance as a tick-the-box exercise to compliance as a business partner. Ten or fifteen years ago, AML or customer protection rules were often handled in isolation. Now, compliance is part of the bigger question: how do we remain viable as an institution while resilient to shocks—regulatory, technological, and reputational?

Take ESG regulations such as SFDR or CSRD. They’re not just about mandatory disclosures; they are about credibility. Getting them right ensures clients can trust what is being promised, while protecting the organisation’s license to operate. Compliance therefore plays a critical role in building both societal trust and organisational resilience.

Jeroen: That’s interesting. So, does that mean we need more compliance professionals with business experience?

Christiaan: Absolutely—though it also works the other way around. Business professionals moving into compliance bring a practical perspective, while compliance experts in business roles carry resilience thinking into strategic decisions.

The traditional silo between first and second line is becoming less productive. Independence remains vital, but genuine resilience comes from collaboration: understanding the business model, spotting vulnerabilities, and designing compliance frameworks that protect and enable growth. A financial institution that is only compliant but not viable will not serve clients or society well.

Jeroen: You already touched on technology, especially AI. Weighing the pros, cons, and potential risks—do you ultimately see it more as an opportunity or a risk?

Christiaan: It’s both. Technology creates opportunities, but only if risks are managed well. The EU AI Act is one example of how regulators are setting boundaries. But compliance can’t simply wait for full clarity. Institutions need to build resilience now—by setting principles and guardrails that allow safe experimentation, monitoring outcomes, and adapting quickly.

Think of how Basel rules once created resilience against financial shocks. We now need something similar for digital and AI risks. And compliance sits right at the heart of that challenge.

Jeroen: There’s much more we could discuss, but this is a great place to start, especially with you leading one of the major panels at the event. Before we wrap up, I would like to shift gears slightly. Still on compliance, but from a different angle: do you have any tips for people just starting out in the field? Whether at a consulting firm, a bank like ING, or advice you would’ve given to a younger Christiaan Visser, what would you tell newcomers?

Christiaan: Two things stand out. First, understand the fundamentals of regulation and risk management, without that, you won’t have credibility. Second, and more importantly, understand the business you’re in and the broader context surrounding it. Compliance adds real value when it strengthens the resilience of the organization, and that requires insight into how a bank, insurer, or asset manager operates and how this plays a role in the broader eco-system.

If you only see yourself as someone who prevents risks, you will never become the trusted partner the business needs. But if you understand the strategic challenges in your industry and how regulation —whether it’s DORA, ESG, or AI— hinders or enables it, you can help design compliance that doesn’t just protect but also enables resilience and long-term trust.

Jeroen: Thanks, Christiaan Visser, partner at Deloitte, for taking the time to speak with Leaders in Finance ahead of the Compliance Event on 18 September. Looking forward to seeing you there.

Christiaan: Thank you very much. Looking forward to it as well.