In this interview with Wendy Ennis, FCC Head at new virtual Bank “Mox” in Hong Kong, Financial Crime News wanted to hear about Wendy’s journey from an established large Bank and team to a new startup and virtual Bank, the opportunities challenges and the experience along the way.
Q1 What is Mox?
Mox is the Hong Kong virtual bank backed by Standard Chartered, in partnership with HKT, PCCW and Trip.com. We have the combined power of a well-trusted international banking group, Hong Kong’s telecom and lifestyle market leader and Asia’s largest online travel agency. Our aim is to deliver a suite of retail financial services as well as lifestyle benefits all in one place, growing your money, your world and your possibilities. We are set to open to Hong Kong ID holders (with a Hong Kong mailing address) in 2020 and have actually just announced the opening of our waitlist for pre-registration at mox.com.
Q2 When and how did you get involved?
I joined Mox in February 2019 from Standard Chartered Bank. I was previously part of the Greater China/North Asia (GCNA) Regional team, leading the GCNA Business Advisory & Governance teams for Financial Crime Compliance (FCC). I’d been on the peripheral of the FCC input into the venture as it prepared it’s application for a virtual banking license in Hong kong. It was impossible not to be swept up by the enthusiasm and innovativeness of the team on the ground as they explored how to build something that would resonate with the market and challenge the status quo of the traditional banking model. I saw an opportunity for a seat at the table on a once in a lifetime (for me perhaps!) development of a new bank’s FCC platform, while drawing on the expertise and some of the foundational elements of our parent bank.
Q3 What were the main challenges from a financial crime perspective in getting Mox to market?
We’ve certainly had our fair share of challenges in getting Mox to market but this is similar to what any new venture faces. My philosophy has always been that if it isn’t hard, then we haven’t pushed the boundaries far enough. Luckily we’re backed financially and from an expertise perspective by very strong partners. With that said, we’ve tried to re-think how we can manage our risk so it’s fit for purpose for Mox Bank, vs simply replicating a traditional bank or lifting in the SCB model. We are a virtual bank, so naturally our aim is to move towards an STP model as much as possible. The Hong Kong regulator has published clear guidance to Authorised Institutions (AIs) who wish to offer Non-Face-to-Face (NFTF) banking services to ensure that technology utilised for remote onboardings can effectively identify risks associated with identity authentication and identify matching. We’ve worked closely with our customer onboarding team and our vendors to ensure the initial collection of client information allows us to clearly and effectively identify risk but with a balance of consideration around the customer experience. Trust in our controls is equally important for our regulators and, naturally, our customers. Today’s identity verification technologies play an incredible role in authentication and matching through the use of biometrics. However, this is just one element of our overall solution to ensure a safe and reliable offering for our customers. Ultimately, our license requirements mirror any other AI in Hong Kong so we’ve had to carefully but quickly explore overall where we can push boundaries in the aim to build our foundational controls for today’s business and risk environment but with an eye to growth longer term.
Oh, and we’ve had to pass a full scale 3rd party audit across the entire Mox financial crime framework prior to launch!
Q4 What were the main challenges from a none financial crime perspective?
Perhaps our main challenges are not surprising as would be consistent across many start-ups. Firstly, finding the right talent in Hong Kong given competition. We are one of 8 companies granted a virtual banking license and we all want to bring in smart, fresh talent to help us grow successfully and uniquely. We’re also managing diverse stakeholders i.e. Various partners, Shareholders, SCB, Regulators and Mox’s own internal governance. While all may have specific top level priorities, they are all focused on us building a bank from the ground up that is secure, stable, reliable and customer focused. It’s a significant undertaking and a reality of any business. Again, we’re back financially and expertly by some strong names however, so it’s critical we navigate all stakeholders to deliver against our goals.
Q5 What’s different about how to go about fighting financial crime at Mox versus say a large Bank like SCB?
Ultimately, we’re all playing the same role to prevent criminal activities such as corruption, tax evasion, terrorism, money laundering, fraud, etc from being facilitated through the global financial system. At Mox Bank, we’re held to the same standards as a large scale bank like SCB. So from a foundational perspective, in understanding the risk of our offering and developing a robust framework and set of systems to identify and combat FCC risk, there’s no difference in our fight. Our medium differs however, in that our interaction with customers is virtual and thus, we have a strong reliance upfront on our onboarding technology to detect risky individuals during the CDD process. However, we’ve had an opportunity to build from the ground up and we’re in a unique period as it relates to these technological offerings to analyse risk, so we’ve been able to position regtech and machine learning out of the gates as business as usual. From day one, we’re focused on building our systems to look at behavioural analytics. We’re also starting small of course, without legacy systems or processes and hope that frees us up to stay lean and agile as an organisation. While more traditional banks are starting to explore an agile environment, it’s the only way Mox plans and develops. And I do feel this has not only helped us deliver on our financial crime program quickly, but it’s encouraged creativity and pushed debate on priorities around how we manage our risk for day 1.
Q6 What have you learned from this experience?
It’s been a great experience personally. In a traditional bank or company there are naturally specialised teams or departments that play key roles in the development of systems, policies or processes, while a BAU team then implements and runs the day to day. To a certain extent, even the most diligent employee can point to where their accountability starts and stops. Development at a traditional company is also typically a large investment, well planned with a protracted implementation, and post mortems are used to gather feedback on the implementation. At Mox, our small FCC team is playing both developer and (eventual) user, with the adage, ‘you build it, you run it’. Innovation and speed of delivery is critical to our success- we need to open our bank – but we also need to strike a balance with appropriate controls. So in our agile environment, mistakes happen quickly but are contained in relation to our short sprint cycles- if the design doesn’t work, we can adjust quickly. This has encouraged me to support a mindset that change is not just good, but critical to survival. My team and I have learned to continually asked ourselves two questions as we build- ‘does this specific process make us better as an industry partner in identifying risk’ and “how does this improve the user experience”. I’ve learned the importance of brainstorming as a business as usual activity. If I simply followed how I’d done everything before, though tempting, then we’ve lost an opportunity to pioneer how we manage risk. It’s been exhilarating, empowering and scary all in equal amounts.
As a separate point, I’ve also learned that partnering with regtechs is not a silver bullet and expectations need to be managed when entering into a partnership with one. Regtechs are without a doubt not in short supply of smart people and smart technology but yes, we need to support regtech so innovation in our industry continues. It’s important to be aware that regtech’s may not have the breadth of SME knowledge that an established vendor will have. They may not have an out of the box solution so your purchase becomes more akin to customisation. Or they may not have an army of developers on the ground where your company is located so you need to collaborate and build virtually. Thus, it’s ok to not re-invent your entire program at once as while it’s worth the exploration, it is an investment of activity from both the company and the vendor. So I’d recommend to consider to start with even one use case and solve for that problem in partnership – what’s most important is to take the first step. Innovation can be an evolution vs a destination.
Q7 What would you do different? – What do you know now you wish you knew before you started the Mox project?
It’s early days for Mox so still much to learn as we move towards our launch but as mentioned earlier the reflection of what’s working and what’s not working is part of my/our day to day processes and has allowed me to tweak my approach as I go, which I’ve done many times along the way in everything from people management to process design. I’ve changed roles many times in my career so I’ve become ‘comfortable being uncomfortable’ and believe that mistakes or ‘re-dos’ can be a sign that I’m appropriately challenging the status quo. However, early engagement with stakeholders who are not part of MOX, or who are more cautious with change is critical and an area I’ll continually remind myself to prioritise. It’s easy to evangelise a new initiative and a new way of doing things as the only way forward. But change is hard for many people, and personal pride and professional reward is more often linked to successful, error-free implementations. People need ample time to understand the larger objectives and explore the boundaries that could allow for ambiguity and flexibility. I’ll continually challenge myself on early socialisation of ideas.
In terms of what I will do differently from an FCC perspective, we’ll continue to refine our approach and systems to manage risk once we go to public launch. We are just on the start of our journey and must remain nimble and vigilant to protect both the bank and the larger ecosystem from nefarious activities. Even the recent FATF paper on COVID-19-related Money Laundering and Terrorist Financing Risks and Policy Responses is a reminder that we are opening a bank in unprecedented times and we’ll need to adjust our approach for both known and new threat scenarios.
Q8 How has COVID 19 affected the Mox project?
Of course, at Mox Bank we’ve faced the same challenges as everyone is widely reporting on LinkedIn and other social media platforms around working from home, increased stress levels, concern for family overseas in seriously infected areas etc. However, I go back to my earlier mention of Mox embracing an agile work environment. We’ve stayed on track for our goals and delivery. Working in an agile environment, with developers overseas, means we’re used to 2 week sprint planning cycles to focus our efforts and priorities, grooming sessions post sprints to discuss what’s next, what worked/ didn’t work and regular and concise daily catch-ups across specific teams (‘product squads’ and business owners alike). We’ve had a busy 18 months so the pandemic has also brought some of us unexpectedly more balance to our days- not shorter work days, but a re-structure of schedules for both work and life outside of work, Monday to Friday. However, like most companies, we’ve missed the informal discussions and face to face interactions and we’re looking forward to returning to the office this week. Hopefully, we’ll take forward with us some of the positive new habits of how we’ve stayed on plan while working flexibly.
Q9 What’s next for Mox?
Our Hong Kong public launch in 2020 is our key focus right now- we’re excited to help our future Hong Kong customers grow their wealth.
Q10 Final Thoughts? Any regrets – Would you recommend others to try something like this. What is the right stage to do this etc?
No regrets- every challenge or success supports my learning. And this move has been an interesting one for me, I thought I was coming in as an FCC expert but if anything, I’ve learned I’m closer to the start of my journey if I want to explore innovative ideas to identify risk. I would recommend the experience to anyone, but understand that everyone is on a different spectrum as it relates to how they feel comfortable managing their career. And that’s good- we need a balance of innovators and traditional practitioners in the 2nd line, as we are set up in Mox. I’m not sure there is any right stage in a career to do this. Again, a balance of all levels of experience may bring the best results. Junior members have a unique ability to ask innocent and thought-provoking questions of why we are approaching a challenge in a certain way and those more senior in their career can provide invaluable experience of what has worked that only comes from depth of knowledge. I would encourage everyone however to explore ways to get comfortable being uncomfortable in their roles – not everyone will have the opportunity to join a new venture but there’s always an opportunity to challenge the status quo.
Wendy Ennis is the Head, Financial Crime Compliance, Mox Bank. Originally from Canada, Wendy has lived and worked in Asia for close to 17 years, with long stints in both Singapore and her second home, Hong Kong. Prior to her current and exciting role in helping to build Mox, Wendy was the Greater China/ North Asia Regional Head of Business Advisory and Governance at SCB. Prior to SCB, Wendy spent some enjoyable time with JPMorgan working in various roles across the three lines of defence, originally an enthusiastic sales person before expanding her skillset in a middle office role running an onboarding team and then moving across to the world of FCC. Wendy is passionate at work about exploring the balance between controls and innovation. When not working, Wendy spends her time relentlessly answering questions for her 3yr old daughter.