Operational Risk Management in a Period of Disruption – Will Normal Programming Resume Shortly?


In both normal times and uncertain times, policies and procedures seek to give all employees support in the carriage of business activities. The current COVID-19/coronavirus social and economic crisis is, however, putting to the test existing, proven and robust policies and procedures in all organisations, argues Peter Deans, of 52 Risks management, in this blog

Peter Deans, Creator & Founder of the 52 Risks management framework, argues that risk managers must put aside any desire they harbour to continue ‘business as usual’ without making adjustments that reflect the changing external environment. Peter offers eight key activities and priorities for operational risk and compliance managers in this period of significant disruption.


Why do policies and procedures exist? They provide a roadmap for the smooth day-to-day operation of business activities. They can provide guidance on how to be compliant with laws and regulations, ensure sound customer and business outcomes, help to streamline decision-making, and generally make business activities as trouble-free as possible. In both normal times and uncertain times, policies and procedures seek to give all employees support in the carriage of business activities.

The current COVID-19/coronavirus social and economic crisis is, however, putting to the test existing, proven and robust policies and procedures in all organisations. The normal operational rhythm has been disrupted, and new ways of operating many business activities are being developed in real time. Many business activities that have operated unchanged for many years are having to be redesigned and reshaped.

Risk managers are now asking themselves many questions: Should we continue to operate our existing enterprise risk or operational risk management frameworks (‘risk frameworks’) unchanged in this environment? Do we temporarily pause our existing risk framework for a while? Do we continue to operate our risk frameworks ‘as is’ but acknowledge the significant disruption to normal activities? Do we need to rewrite our risk frameworks to reflect an extended period of disruption?

Will ‘normal programming’ resume shortly – as the television service message used to say?

The goal for organisations of any size should be to have a dynamic, living and breathing set of operational protocols, policies, and procedures. These should enable a dynamic and flexible approach to doing business that readily flexes and adapts to a changing external and internal environment. The coronavirus crisis, however, is putting to the test the ability of organisations to adapt to a dramatically changing environment.

As has been stated many times, this crisis is unprecedented. Few governance and risk management frameworks can have contemplated the extent of disruption being experienced. Accordingly, risk managers must put aside any desire they harbour to continue ‘business as usual’ without making adjustments that reflect the changing external environment. A fresh approach (and clear head) is needed.

Key activities and priorities for operational risk and compliance managers in this period of significant disruption will include:

Deferring any low priority or non-essential operational risk activities. Existing risk and governance frameworks, reflecting compliance and regulatory requirements, require a range of scheduled periodic activities. This will include, for example, annual or biannual product reviews. Risk managers should look to have many of these deferred to free up the business unit and risk resources for more urgent, higher priority activities.

Liaising closely with internal governance forums and regulators to discuss and agree on revisions to approved governance frameworks in this period. Regulators have already demonstrated significant flexibility in deferring or suspending the legislative agenda and regulatory change projects. All internal and external stakeholders recognise this period is not ‘business as usual’.

Focus on supporting business functions and activities that are being significantly redesigned in response to the crisis. These business functions will have a very different operating model for an extended period. Seek to quickly complete abridged risk assessments so that business changes can be quickly implemented (or even defer completion of the risk assessments until shortly thereafter). Look to redirect operational risk resources temporarily or permanently from business activities that are substantially quieter (or have ceased to operate) in this period.

Maintain strong oversight of key compliance and customer outcomes. All financial institutions will need to continue to ensure that expected customer outcomes are delivered in this period. Financial institutions now see record levels of financial hardship across their consumer and business loan portfolios. In addition, new arrangements are being quickly designed and put in place. High priority needs to be given to ensuring these are robust processes – an important role for compliance and operational risk managers.

Look to bring forward automation and process efficiency initiatives that can support a leaner and more nimble organisation. It will be necessary to cancel or defer many initiatives that may disrupt critical business activities or cannot be funded due to profitability challenges. However, there will be some initiatives that can help the organisation operate more effectively and efficiently in this period. These should be reprioritised and brought forward.

Review management reporting to governance forums and business partners to ensure focus on business-critical activities that have already been disrupted. Risk committee members and executives will want to understand the changing risk profile of the business.

Conduct a review of material third party arrangements. Risk managers and internal stakeholders should be urgently seeking to identify any suppliers, vendors or third-party business partners that have been impacted and/or may be encountering financial stress.

Monitor the impact of restructuring and downsizing. The short-term financial impact of the economic shock of the coronavirus will inevitably lead to significant cost-cutting. It will be incumbent on risk managers to ensure that nothing ‘slips between the cracks’ in this period, and that the organisation is fully aware of the changed risk profile post-restructuring. Risk management functions themselves will also be the subject of restructuring. This will all require significant change management and operational risk support.

A new rhythm will need to be developed for an extended period of disruption ahead. Once the external environment begins to normalise – and it is unlikely that it will return to its previous state – a new operating model may need to be developed for risk governance.

In the medium to longer term, the priorities of both the risk management function and the organisation will likewise evolve. The lasting effects of the coronavirus crisis are not yet known, however there will undoubtedly be significant medium and long-term change for many businesses. For example, those with extensive outsourced and/or overseas operations may look to reassess this operating model. Organisations will inevitably be looking to adopt greater automation – continuing a trend evident for many years.

In summary, normal programming is unlikely to resume in the short, medium or long term. The challenge – and opportunity – for risk managers is, however, unchanged. They should seek to assist and guide their respective organisations through what will be an extended period of change and disruption.


Peter Deans is a former Chief Risk Officer and industry leading risk management specialist. Peter retired from banking & finance in 2019 after a career of over 32 years at several Australian and international banks.

Peter was awarded Australian Banking & Finance magazine’s Chief Risk Officer of the Year award in 2014, 2015, 2016 and 2018.

Peter is now a risk and strategy consultant supporting companies in the financial services, corporate and start up/technology sectors.

Peter is also the Creator & Founder of the 52 Risks management framework (www.52Risks.com) and a Non-Executive Director of The Regtech Association in Australia.


GRC Solutions resources

So be good for goodness sake: workplace behaviour at end-of-year events

As we head into the silly season, it’s worth keeping in mind that silliness is no excuse for poor standards of behaviour or even misconduct at work functions.

We’ve all heard stories about office parties where a worker has embarrassed themselves and/or others, or caused harm to others, because they’ve had too much to drink or just gotten carried away.

We’ve also all heard stories of employers firing staff because of such inappropriate behaviour.

Perpetrators of misconduct often ruin otherwise enjoyable events for the majority and may even cause lingering damage.

But behaviour at work functions is more than just an issue of “fun” – it can also be a serious compliance problem.

Workplace codes of conduct and anti-bullying and harassment laws can extend to conduct which takes place outside what is traditionally considered “the workplace”. This means staff behaviour at work functions held at off-site venues are included in the scope of the law. In some situations, travel to and from such events may also be covered. Laws and policies may also apply to posting online about work or work events, for example, uploading pictures of colleagues or commenting on other people’s posts.

Employers are responsible for providing a safe work environment for staff (including volunteers and contractors) as well as clients. A safe work environment means one which is free from bullying and harassment. Your organisation could be held liable for inappropriate staff behaviour at work functions.

Most people have no issues treating others with respect and professionalism while having a good time. Others might need a reminder.

Ensuring all staff members are informed of and understand the standard of behaviour expected of them at these events helps everyone to have a great time and can go a long way towards preventing lingering legal or reputational consequences.

GRC Solutions is an award-winning provider of compliance training. To find out more about our Diversity & Equality course which details how your workplace should manage and prevent bullying, contact us today.

The hits keep on coming: string of penalties issued for Personal Data Protection law breaches


An administrative error by the Singapore Accountancy Commission (SAC) has led to the unauthorised disclosure of personal data of 6,541 people. SAC is a statutory body under the Ministry of Finance of the Singapore Government.

Past and current candidates for the Singapore Chartered Accountant Qualification, staff of accredited training organisations and other administrative personnel have had their personal information, including their contact details and examination results, disclosed by accident, without their consent, in breach of the Personal Data Protection Act (PDPA).

Leaked personal information puts individuals at a high risk of identity theft and becoming victim to fraud. Singapore’s privacy and data protection regulator, the Personal Data Protection Commission (PDPC), has the power to impose significant penalties on entities who breach the standards for collecting, using and securing personal data. It is currently investigating the SAC incidents.

The PDPC recently reported that the total amount of data privacy breach fines had hit a new annual high – more than the cumulative amount for the past three years. And the penalties continue to fly hard and fast.

Earlier this month, it was revealed that the PDPC had fined delivery start-up operator Ninja Logistics $90,000 for a breach affecting up to 1.26 million individuals’ data.

A complaint made to the PDPC in 2018 led to an investigation into a feature on Ninja Logistics’ online delivery tracking function which, when manipulated, could reveal the names, addresses and signatures of customers whose parcel delivery statuses had been “completed”.

The PDPC imposed the fine although there was no evidence that any actual harm had resulted from the personal data being made available in this way. Crucially, the PDPC found it “inexcusable” that Ninja Logistics had not taken adequate measures to secure the personal data in its possession.

Singtel was also revealed to have been fined $25,000 for a design flaw in its My Singtel mobile app that left personal data of up to 330,000 subscribers, including customers’ names, billing addresses, billing account numbers, mobile phone numbers and customer service plan information, at risk of exposure to malicious actors. Again, the regulator did not need evidence of actual third-party collection, or damage or harm suffered as a result of any unauthorised disclosure, to levy the fine – it was enough that Singtel had failed to meet its data security obligations during the relevant period.

Singtel has claimed that the app’s security had since been strengthened with improved data encryption and new standards.

GRC Solutions offers off-the-shelf and bespoke privacy and data protection compliance training for businesses in Singapore. Our courses include the PDPA, the EU General Data Protection Regulation (GDPR), California Privacy and more. Contact us today for more information.

Bribery still an issue in Singapore

Singapore famously adopts a zero-tolerance approach to bribery. But bribery still occurs, as evidenced by some high-profile cases this year. Bribes both large and small have also attracted media attention recently, highlighting the exacting manner in which authorities crack down on corruption.

Among the more prominent cases were two involving the shipping industry. In February, a senior procurement officer at Keppel Shipyard pleaded guilty to 54 of the 305 charges of corruption and money-laundering laid against him, admitting to taking over SGD$700,000 in bribes.

In August, a director for the marine logistics and transportation company Hai Hup Huat was accused of offering 310 bribes amounting to SGD$178,150 to over 40 people, including boarding officers and shipping agents.

Under the Prevention of Corruption Act, bribery is punishable by jail terms of up to five years and/or a fine of up to SGD$100,000.

But smaller bribes also drew the attention of the Corrupt Practices Investigation Bureau (CPIB).

In April, a man who was stopped for drink driving tried to avoid arrest by bribing the attending police officer SGD$1,000. The police officer did not comply with the offer.

In September, a man admitted to paying at least SGD$800 in bribes to an airport check-in worker to overlook excess baggage weight on a Tigerair flight. The man was running a side business, buying gold in Singapore then selling it in Chennai, India. Rather than pay to use a courier service, he sought to carry the gold out of Singapore himself, avoiding excess weight charges by bribing the airport worker, an acquaintance of his.

In October, a Vietnamese national who had already been arrested for participating in unspecified “vice-related activities” was charged with bribery after she allegedly offered to bribe a police office to let her out of custody.

If the large bribery cases are the most eye-catching ones, it’s the smaller cases that indicate the breadth of the problem and what is at stake here. The perennial challenge is to avoid normalising acts of corruption – overlooking acts just because they seem negligibly small – and instead to instil a culture of compliance with anti-bribery and corruption laws and regulations everywhere, including our workplaces.

Sources: Company Director bribe, Keppel shipyard bribesDrink driver bribeAirport bribeCustody bribe

GRC Solutions is an award-winning provider of compliance training. To find out more about our Anti-Bribery & Corruption course, contact us today.

Top 5 employee induction tips

The first few days of introducing a new hire into the workplace is the best time to build a mutually beneficial professional relationship. While they’ve passed the application process and pressure of interviews, it’s what happens during orientation that will influence performance in the long run. With this in mind, here are some top tips on setting the groundwork for retaining fresh talent that adds value to your team:

  1. Prepare your induction infrastructure

Even the smallest details such as having computer logins ready and some friendly faces to help a new person settle in, can make all the difference. For managers, taking the time to cover logistics such as an entry pass, quick tour of the facilities and fire exits communicates that your organisation values safety and compliance. Establishing this ‘tone from the top’ from the beginning has a direct influence on employee conduct in the long term.

  1. Cultivate corporate culture

Establishing whether a person will be a good fit for the organisation can be made clearer during the recruitment process by having a casual ‘culture fit’ chat after someone has passed the initial interview. Beyond this, encouraging morale-building activities such as team lunches and checking in for feedback on how the person is settling in, makes for a smooth transition. The benefit of engaging effectively at this stage of the onboarding process is to increase employee retention. A study referenced by the Society for Human Resources Management reveals that 69% of employees are likely to stay with a company for three years or more if they have a positive experience during orientation.

  1. Clarify job roles and responsibilities

The induction process is an ideal opportunity to readdress the finer details of the job role and clarify any concerns. Facilitating an open flow of communication can be achieved through holding an informal meeting which covers how they can best meet the needs of the organisation, alongside how you can enhance their experience through flexible working arrangements for example. Additional strategies such as introducing a mentor to explain the ‘ins and outs’ on areas such as document control and cybersecurity measures encourage best practices from the outset.

  1. Embrace the ‘learning by doing’ approach

A structured onboarding program with comprehensive on-the-job training has been shown to produce a 62% increase in time-to-productivity ratios. In a supportive environment where it’s possible to develop the necessary skills and learn on the job, new employees are given the tools to understand how they are contributing to the organisation’s objectives in the bigger picture. As data published by Aberdeen Group illustrates, “employees are more likely to stay with a company, and to continue to strive to perform, when they are challenged by their job, enjoy the company culture, and feel supported and valued by the organisation.”

  1. Educate on internal policies and obligations

Developing a culture of compliance starts from the ground up and every workplace strives to have employees that have taken the company values on board, fit in with the culture and act ethically. The first step towards achieving this is a well-organised orientation program that includes compliance training on the company’s code of conduct and other internal policies and procedures. Information should also be provided on who to contact with questions or concerns about what regulatory obligations affect the employee’s specific job role.

In essence, these five tips illustrate that investing in comprehensive training that instils the values of a positive workplace culture, focus on compliance and setting goals for productivity, are going to ensure that your organisation is at the forefront of employee satisfaction and business success.

Sources: Society for Human Resources ManagementHarvard Business Review

GRC Solutions is an award-winning provider of both off-the-shelf and bespoke compliance training. For more information on how our courses can contribute to positive workplace behaviours in your organisation, contact us today.


Fines higher than ever under Singapore’s Personal Data Protection Act

Singapore’s privacy regulator, the Personal Data Protection Commission (PDPC), has issued over SG $1.29 million in data breach fines so far in 2019.

This running total exceeds the cumulative amount for the past three years.

A significant portion of the $1.29 million comes from the fines imposed on Integrated Health Systems (IHS) and SingHealth for their failure to adequately secure patient data which lead to the nation’s worst ever data breach.

The PDPC enforces the Personal Data Protection Act (PDPA), which sets out rules for what private organisations in Singapore can and cannot do with personal data. These rules include procedures for collecting personal data; prohibitions on disclosing personal data to third parties except when certain conditions have been fulfilled and requiring organisations to have certain standards of data security.

The PDPA was amended earlier in September to prevent entities from making copies of National Registration Identity Cards (NRICs) or collecting, using or disclosing NRIC numbers.

Organisations that have breached the PDPA face penalties of up to $1 million. Individuals who have breached the PDPA also face fines and imprisonment.

Many Singaporean businesses are also subject to other data protection laws, such as the EU’s General Data Protection Regulation (GDPR). Companies that breach the GDPR can be fined up to four percent of their annual global revenue or €20 million, whichever is higher.

According to the PDPC, it has already issued fines or warnings to 29 Singaporean entities this year, most of them as a result of complaints or notifications received from the public.

GRC Solutions offers off-the-shelf and bespoke privacy and data protection compliance training for businesses in Singapore. Our courses include the PDPA, the EU General Data Protection Regulation (GDPR), privacy training for Australia, New Zealand and the state of California and more. Contact us today for more information.

Main Street Banking & GRC Solutions – Podcast

Justin Muscolino, our Head of Compliance Training North America has been interviewed by Byron Earnheart – Main Street Banking in this very informative podcast discussion about compliance training.

Compliance training does not have to be boring. As a matter of fact, in the many years that we have been evaluating our faculty and our curriculum, one of the highest rated classes is Compliance. The faculty members contribute a great deal to this, to be sure, but the topic is one that must be discussed. And if that’s the case, then let’s make it interesting and actually beneficial to the bank.

British Airways faces record fine for GDPR breach

British Airways faces a £183 million fine (AU $329 million) by the UK Information Commissioner’s Office (ICO) for breaching the EU General Data Protection Regulation (GDPR).

The ICO found that hackers infiltrated British Airways’ website and app and directed customers to an identical-looking fraudulent platform which harvested their credit card details. Approximately 500,000 customers were affected.

The GDPR has been in effect since May 2018. One of the principal requirements under the GDPR is that businesses maintain certain standards of security to protect personal data they collect or hold. Businesses are also required to report security breaches to their regulator within 72 hours of becoming aware of the breach. While British Airways reported the breach within the required time frame, the ICO still found that it had failed to implement adequate security measures in and around its online booking applications to protect their customers’ data from a cyber attack.

This is the first penalty announced by the ICO for enforcement under the GDPR. The amount represents 1.5% of British Airways’ annual turnover. Under the GDPR, businesses may be fined up to 4% of their annual turnover.

This case demonstrates the need to exercise responsible data privacy management and for businesses to ensure they are aware of and up-to-date on current cybersecurity and technology risks.

While a final penalty amount is yet to be determined and British Airways does have an opportunity to appeal, it’s expected that regulators will take a firm stance on companies who aren’t investing enough into their data security policies. As explained by Information Commissioner Elizabeth Denham, “That’s why the law is clear – when you are entrusted with personal data, you must look after it. Those that don’t will face scrutiny from my office to check they have taken the appropriate steps to protect fundamental privacy rights.”

Sources: The Guardian; Reuters; Forbes

GRC Solutions provides both off-the-shelf and bespoke training on issues surrounding privacy and data protection. To find out more about our GDPR course, contact us today.

Introduction to Risk Management


Garuda breaches competition and consumer protection laws

Garuda Indonesia has been penalised for cartel conduct after a 10-year long legal battle.

In May 2019, the Federal Court of Australia ordered Garuda to pay a penalty of AUD$15 million for breaching Australian competition and consumer protection laws. Garuda was found to have engaged in various price fixes on the supply of air freight services. The Court heard evidence that Garuda and other international airlines had formed committees which agreed to set fuel, security and customs charges at predetermined levels. The Court ordered Garuda to pay an additional $4 million for imposed insurance and fuel surcharges from Hong Kong-based airports.

Regulators worldwide continue to take legal action against airlines for anti-competitive practices. The Australian Competition and Consumer Protection Commission (ACCC) has commenced legal action against 14 international airlines for engaging in price fixing between 2003 and 2006, with issued penalties totalling $132.5 million. Numerous international airlines, including Qantas Airways, Singapore Airlines Cargo and Air New Zealand, were found to have breached competition law. The ACCC’s determined pursuit of Garuda and the amount of the fines awarded illustrates the ACCC’s strong stance against anti-competitive behaviour.

In addition to cartel conduct, the ACCC has taken enforcement action against airlines for misleading consumers about their rights under Australian Consumer Law (ACL). Major Australian airlines like Virgin Australia and Qantas have given court-enforced undertakings to bring their policies in line with the ACL. Jetstar however, has been less fortunate, as blanket “no refund” statements on its website led customers to believe their flight tickets were ineligible for refunds. Jetstar admitted liability and was ordered to pay $1.95 million for making misleading statements about consumer rights under the ACL.

Source: Australian Competition & Consumer CommissionACCC


GRC Solutions offers award-winning compliance training in a range of areas, including Competition and Consumer Protection. To learn more about our courses, contact us today.



George Clooney impersonator charged with identity theft scam

An Italian couple has been arrested in Thailand after conning investors into believing that their clothing business was endorsed by actor and filmmaker George Clooney.

Francesco Galdeli and Vanja Goffi had set up a fashion company called “GC Exclusive by George Clooney”. They had claimed to investors that Clooney was involved in the business and that clothing produced by the company would be sent for export.

The real George Clooney took legal action against the pair for fraudulently using his name back in 2010 and they were sentenced in Milan to 8 years’ imprisonment. They managed to flee Italy but were subsequently arrested in July 2014 after they were found living in Pattaya, Thailand on an expired visa. But Galdeli successfully bribed prison guards with 20,000 Thai baht to cover their escape.

Galdeli and Goffi are known to have operated a range of other scams, including advertising fake Rolex watches online and sending customers packets of salt instead. It was not until June 2019 that Interpol, in conjunction with Thai and Italian authorities, was able to catch the fraudsters for good.

This George Clooney imposter scam isn’t the first time a celebrity’s name has been used to deceive victims. In 2017, a scammer posing as Bruce Springsteen defrauded a woman in Chicago out of US$11,000 by sending her Facebook messages which stated his marriage was ending and he had lost control of his assets. The scheme started relatively small, with the victim sending the fraudster $500 in iTunes cards over a few weeks. But things quickly escalated, with “Springsteen” sending a photo of gold bullion he claimed to have located in Dubai and asking the woman to send thousands in money transfers in order to cover shipping of the bullion to the US.

While many people may like to think they would never fall for such a ploy, the US Federal Trade Commission reported that in 2018 consumers lost close to US$488 million to all types of impostor scams. Whether it’s someone famous contacting you at random, or a member from a “government agency” calling to update your bank details, it always pays to question who’s really at the other end of the line.

GRC Solutions creates award-winning training programs on a range of legal compliance areas. For more information on our Privacy or Fraud Awareness courses, contact us today.

Compliance Evangelist & GRC Solutions – Podcast

Justin Muscolino, our Head of Compliance Training North America has been interviewed by Tom FoxCompliance Evangelist in this very informative podcast where they talk all about compliance training and how to help organisations. This podcast is available on Spotify, iTunes, YouTube and Megaphone.

Some of the highlights include:

  1. Why do organisations struggle so much with culture and what compliance training do to improve this?
  2. What do organisations often get wrong when it comes to training?
  3. What happens when organisations do not target their training?
  4. One of the issues that organisations face is measuring the effectiveness of their training benchmarking as to whether their compliance is working. How can a compliance professional use benchmarking?
  5. In a blog post on the GRC Solutions website we talk about ways to train compliance professionals on how to improve their cultures. How can you train compliance officers around this issue?
  6. What advice is there for companies trying to incorporate the right culture into their organisations?

Salt Adaptive product update

Counterfeit goods: fraud, terrorist funding and third party risks

Everyone loves a bargain, but the true cost of counterfeit goods to businesses and individuals is complex and often deeply chilling.

A US1.7 trillion-dollar problem and counting

We often think of the counterfeit goods industry as tourists browsing through “luxury” sunglasses, watches and handbags, care of a street vendor or maybe a clandestine showroom. But that’s only the tip of the iceberg – after all, it’s an industry that according to the OECD costs the global economy more than US$1.7 trillion. Just look at online retail, which allows consumers to connect with retailers of fake goods half a world away – most commonly in China, although India, Malaysia, Pakistan, Thailand, Turkey, Vietnam and South Korea are all also reported to be major sources of illicit goods.

And that’s just the consumer level. Business’s supply chains are rife with counterfeit goods, often unknowingly. Legitimate businesses have been found selling everything from counterfeit apparel and accessories to counterfeit toothpaste, wine, vitamins and more.

Risky business

Firstly, and most obviously, there are intellectual property (IP) issues associated with dealing in products that are clearly imitations of someone else’s designs.

The counterfeit goods are generally not of the same quality as legitimate products or as thoroughly regulated. Many are even actively dangerous. Dealing in counterfeit goods puts your customers’ health and safety at risk – not to mention the host of reputational and legal risks you and your organisation could face should the worst happen.

One of the reasons that counterfeit goods are sold so cheaply is because they tend to be manufactured under forced labour conditions and/or by persons who have been trafficked. This might be a good time to remind you that some jurisdictions, including Australia, require businesses to report on the risks of engaging in modern slavery through their supply chains, making this a regulatory compliance consideration as well as an ethical one.

Finally – and perhaps most disturbingly – the production and sale of fake goods have been shown to have been used as a method of fundraising by organised crime and terrorist organisations. Apparently, it’s even more profitable than drug trafficking. For those entities who have anti-money laundering/combating the finance of terrorism obligations (AML/CFT), that should ring a few alarm bells. And even those who don’t should be aware that dealing in property owned or held by terrorists is an offence with severe penalties in many jurisdictions.

So how can I ensure my business stays clear of fake goods?

Due diligence is king. Vet your customers and third parties, including your suppliers – remember, their actions could have real, significant implications for your business. Always know your product. Ensure your quality control standards are up to par and are being enforced.

It’s natural to be tempted by something that seems like a good deal. But if it’s too good to be true… remember the risks.

Contact GRC Solutions today for more information about our off-the-shelf and bespoke online training modules on Anti-Money Laundering, Fraud, Modern Slavery, Third Party Risk and more.


GRC Solutions has won the top compliance training and custom development awards in the Asia Pacific at the LearnX Live! Awards 2019.

The LearnX Foundation’s annual awards represent the industry standard in the region.

GRC has good form at the awards, having won for our online compliance training every year since 2008.

This year, we won platinum for Best Learning & Development ProjectCompliance for the Banking Code of Practice course we developed with the Australian Banking Association. It’s our twelfth win in a row in this category.

The course brings to life the Code’s best banking practice standards, using scenarios and a sleek, modern design to flesh out precepts on ethical behaviour, responsible lending, greater financial protection and increased transparency. It is now being used by ABA member banks throughout Australia.

LearnX also awarded us platinum for Best Learning Model (Bespoke/Custom) for our work with Western Australia’s Department of Mines, Industry Regulation & Safety (DMIRS) on a suite of continuing professional development (CPD) e-learning modules.

DMIRS needed to transform its existing face-to-face training manuscripts into fully fledged online training. This involved drawing on GRC’s writing and editing expertise, as well developing voiceovers and interactions.

Managing Director Julian Fenwick says the accolades consolidate our place as “leaders in governance, risk and compliance training”, and reflect the “high standards” of our in-house account management, content development, legal and client services teams.

Congratulations to our clients ABA and DMIRS, and to all the winners!

7 Tips for Creating a Successful Compliance Training Program

In this blog post, Justin Muscolino, GRC Solutions’ Head of Compliance Training in North America, gives tips on how to create a successful compliance training program. This blog post has been created in partnership with eThink Education.

Many organisations struggle with constructing a solid compliance training program. It’s not a hard chore, but it requires attention and research. The common perception is that we need to do what the regulators want and focus less on the real risks that are paramount to an organisation. Regulators want organisations to mitigate risk and control it in such a fashion that there are no concerns. Sometimes regulators will suggest or recommend a topic for inclusion, but if it doesn’t make sense from an organizational structure then why include it? A few regulators will require certain training topics, which obviously need to be included, but beyond that, it’s purely about the risk profile of an organization.

It’s one thing to have all the components in a training plan from a risk perspective, but you still need to build effective training.

Building effective training doesn’t have to be difficult, but in order to achieve the main goals of mitigating risk and increasing employee learning retention, you want the materials to be impactful and meaningful. Include these elements to ensure a memorable compliance training program.

How to Create Impactful and Meaningful Compliance Training

  • Retention. The best way to grasp this concept is to look at the Learning Pyramid. This shows how people best retain information. Utilise an approach that works best for your target audience.
  • Creativity. With every training, regardless of if it’s classroom or online, you want to be creative with the subject. Try incorporating pertinent case studies or regulatory actions that best suit the audience.
  • Interactivity. Engaging your audience is important. It not only helps with retention, but it allows them to be part of the training delivery. Exercises that incorporate real-life examples and get employee involvement are also crucial.

Increase Efficiency

Another consideration in a solid training plan is to create efficiency. Here are a couple of things to keep in mind to make the efforts efficient:

  • Budget. Always ask for more funds than needed. During the year, the training plan will change, and you might be asked to add more initiatives due to regulatory changes, updated policies and procedures, new products and services offered, new systems and management mandates.
  • Exclusivity. Review all the training entries to determine if there are any overlaps of topics between departments. It’s always a great idea to train more than one department at a time if there is a workflow that impacts both areas. It’s also great for relationships between departments.
  • Time-saving. The goal is also to save time since you are taking staff members away from their desk. So, if you can produce one training that covers multiple topics and they are related, your audience will appreciate it. For example, if you have two regulations to discuss and they are somewhat intertwined, it’s better to have an hour and a half spent than two hours.
  • Avoid overtraining. Determine which topics as a percentage of the training plan are included. The goal is to see if there were any concentrations that may lead to overtraining.

Creating an efficient training program is not a difficult chore, but it must be done right and you have to put forth the appropriate due diligence for it to be successful. Remember, after you create a training plan it becomes a living document. Meaning, during the course of the year it will change based on new rules & regulations, industry advances and don’t forget, changes internally. And lastly, the ultimate goal of a training program is to have a positive shift in compliance culture.

An article written by Justin Muscolino
Head of Compliance Training
North America

Cybercrime transactions and other fraud trends

An April 2019 report from SWIFT, the global financial messaging service provider, reveals that 83% of investigated fraudulent transactions in the last two years were paid out through banks in South East Asia.

Fraudsters, hackers and other cybercriminals are increasingly using beneficiary accounts (also known as “money mules”) to move the proceeds of crime around and eventually withdraw it from the financial system. Mule accounts can be accounts opened under false or stolen identities, but increasingly, they belong to legitimate customers who give criminals access to their accounts, usually in exchange for money – for example, international students who sell their bank accounts to criminals when they depart a country.

According to the UK’s fraud prevention service, Cifas, the number of under-21s acting as money mules has increased 26% since 2017.

What does this mean for financial institutions?

“KYC” means more than knowing the person who opened the account. It’s crucial that you monitor accounts for suspicious transactions and activity. You also need to ensure you stay up to date with trends in money laundering and cybercrime so that you know what your systems should be looking for.

In February 2016, hackers infamously used fraudulent orders to steal USD $81 million from Bangladesh Bank via the SWIFT payments system. Since then, cybersecurity professionals around the world have been working to close vulnerabilities and standardise data breach response protocols in order to prevent future attacks. But trying to stay ahead of malicious actors is a constant challenge due to their persistence and their willingness to adapt and change tactics.


The SWIFT report noted an increase in the usage of EUR and GBP in fraudulent transactions since the 2016 Bangladesh Bank cyber heist. USD remains the currency most commonly associated with fraudulent transactions (70% of investigated transactions), being the currency used in the majority of all cross-border transactions.

Value of transactions

SWIFT also noted a decrease in the average value of individual fraudulent transactions, from USD$10 million to a range between $2 million and $250,000, because fraudsters are trying to fly under the radar and avoid triggering anomaly detection systems. However, where fraudsters used existing payment corridors, the transaction amounts tended to be much larger than the average amounts sent over them in the 24 prior months.


The attack on Bangladesh Bank occurred in the evening prior to a series of non-working days in the various countries involved in the payment flows, in order to maximise the window before the fraudulent transactions were detected. However, more recently, attackers have started to issue fraudulent payments during working hours on business days. Cashing-out of these payments often occurs within a matter of hours.

Other vulnerabilities

The Kaspersky Security Analyst Summit held earlier in April in Singapore featured presentations on new types of payment system scams targeting ATM networks and digital authentication checks. These scams are a step up from “jackpotting”, which is where criminals would install malware on individual ATMs to make them spit out money.

Are you and your staff up-to-date on the latest trends in Fraud, Cybersecurity and Anti-Money Laundering? Contact GRC Solutions today for more information on our online compliance training modules.

Additional sources: Straits Times, Forbes, SecurityIntelligence

1MDB case: Trial into global corruption scandal begins

The trial against former Malaysian Prime Minister Najib Razak has continued to unveil the depth of corruption involving 1Malaysia Development Berhad (1MDB). Over two hearings at Malaysia’s High Court, Mr Razak has so far pleaded not guilty to seven charges relating to criminal breach of trust, money laundering and abuse of power surrounding the theft of US$10.3 million from 1MDB subsidiary SRC International (SRC). With a total of 42 charges levelled against him and multiple companies involved worldwide, the repercussions are set to be ongoing.

Both the US Department of Justice and Malaysian prosecutors have taken legal action, with an estimated $US4.5 billion in total misappropriated from the state investment fund 1MDB. In his capacity as both prime minister and finance minister, Najib was able to use his position to allegedly divert funds into personal accounts and provide for a lavish lifestyle. US-based investment bank Goldman Sachs has also been brought into the scandal. Former employees are said to have falsified statements relating to illegal bond transactions with 1MDB and taken advantage of lenient compliance procedures.

The assistant registrar at the Companies Commission of Malaysia gave technical evidence on corporate records during the first day of the trial. SRC, its subsidiary Gandingan Mentari and Ihsan Perdana, which was a corporate social responsibility partner for 1MDB, have also been implicated. But while many officials involved in the money laundering have been caught, the suspected mastermind behind the entire scheme, Jho Low, remains at large. A second trial will begin in November, focusing on reports that Razak deliberately tampered with the final audit report for 1MDB to mislead the Public Accounts Committee and avoid criminal action. But with 3000 pages of evidence submitted by the prosecution, it appears that this expansive corruption case is unlikely to go unpunished. It serves as a reminder to all government and financial organisations that checks on power and due diligence over where funds are being directed cannot be underestimated.

GRC Solutions is an award-winning provider of compliance training. To find out more about our anti-bribery and corruption or anti-money laundering courses, contact us today.

Source: Channel News Asia, Malay Mail

GO1 & GRC Solutions Partner

GRC Solutions is excited to announce a partnership with GO1. This collaboration brings together one of the leading providers of compliance training with one of the world’s fastest growing marketplaces for eLearning.

GO1 Premium users will now have access to an ever-growing list of titles from GRC Solutions that address critical governance, risk and compliance topics. GRC Solutions makes learning interventions that are suitable for Singapore, Australia, New Zealand, Malaysia, Hong Kong and the United States.

As global leaders in governance, risk and compliance training, GRC Solutions aims not only to train staff, but also to develop and improve the compliance culture across a business. “The GRC Solutions team is excited to be working with GO1! This collaboration will help advance our message around the importance of education in supporting positive workplace cultures”, said Dean Rogers, GRC Solutions’ Head of Sales and Marketing.

About GO1

Go1 Logo partnership
GO1 is  an established leader in online learning and education, and works alongside some of the largest companies in the world covering a wide range of industries and regions. Inspiring education and learning is at the very core of what they do. Their mission is to unlock positive potential through a love for learning.
To learn more about GO1, please visit www.go1.com.


The business of ethical decision-making

What do we mean when we talk about ethical decision-making in a professional context, such as business ethics?

‘Ethics’ is really just a set of rules for behaviour.

They may be specific rules, such as “Always declare any conflict of interest before your board starts discussing a relevant issue”. They may be general rules, such as “Always try to look after your client’s best interests”.

You can say that ‘ethics’ is a set of rules/standards that are applied to evaluate the ‘rightness’ or ‘wrongness’ of actions in a particular context. For example:

  • Medical ethics refers to the rules of behaviour which apply in the health care sector.
  • Legal ethics refers to the rules of behaviour which apply to lawyers.

Ethical rules differ from legal rules:

  • There is often no explicit punishment, penalty or right to sue associated with a breach of ethical rules – whereas there are with legal rules.
  • Ethical rules are – to an extent at least – adopted voluntarily by people they apply to – but you can’t opt out of legal rules.

That doesn’t mean that legal rules and ethical rules necessarily cover different subjects. Sometimes there are ethical rules and legal rules that are the same as each other.

But even if they don’t lead to explicit punishment, breaches of ethical rules can have consequences:

  • If you breach the ethical rules of a profession, you might be fined or even disbarred from practice by the profession’s governing body.
  • If you behave unethically in society, you can be shamed, shunned, reviled, held up to ridicule, lose your customers, lose your advertisers, lose your sponsors, lose your staff, or suffer productivity loss due to loss of staff morale.


GRC Solutions offers award-winning compliance training in a range of areas, including ethical decision making. To learn more about our courses, contact us today.

How to develop a summary for your training needs analysis

In this excerpt, Justin Muscolino, GRC Solutions’ Head of Compliance Training in North America, explains how to develop a summary for your training needs analysis.

When creating your summary for a needs analysis, you need to understand the organizational goals and objectives as well as regulators’ expectations. In the financial industry there are several regulators, but your organization will only have a certain number depending on the products and services offered. Your summary should include which regulators are applicable and what products or services need to be covered.

Do your regulators require certain compliance training topics to be trained on? This should be identified in your summary, along with the relevant rules and regulations. In addition, organizational locations should be cited.

You will also need to identify how you will handle non-Full Time Equivalents (non-FTEs) in addition to existing staff. Will new hires, consultants, contractors and part-time staff be trained the same as FTEs or will there be a separate curriculum?

Lastly, you should outline the methodology that you adopt to perform our needs analysis. Is it a risk-based approach? If so, provide some details about your approach. For example: ‘a risk-based approach was used to identify the key risks within the organization, prioritizing the compliance training program around these risks.’

The summary should be detailed, providing an overall view of what and how you are targeting full compliance coverage through training.

The data derived from your needs analysis should be featured in your training plan. There should be a column devoted to acknowledging the sources from which the training entries originated (i.e. risk assessment, audit, or examination). This is covered in detail in the training plan section.

The key is to show a linkage throughout the process. If an audit or regulator conducts an examination, you will be able to show a detailed audit trail of each training entry.

You can find the full whitepaper here: Conducting a Needs Analysis and Developing a Training Plan


Written by Justin Muscolino
Head of Compliance Training
North America

University admissions bribery scandal

In the US, an FBI investigation known as ‘Operation Varsity Blues’ has found a network of celebrities, business executives and other powerful figures at the centre of a university admissions bribery scandal.

A Californian tutoring organization called the Key is alleged to have made $US25 million by charging parents to secure their children spots in elite Ivy League schools. The Key’s founder, William Singer, is believed to have set up a separate sham charity to launder the money he collected, which he used to help his students cheat their way into securing spots in prestigious colleges.

Singer has pleaded guilty to all his charges, including fraud and two forms of bribery. However, Singer is not the only one under scrutiny. The bribery ring is bringing down multiple parties, including parents and universities. Some parents paid hundreds of thousands, and sometimes millions of dollars per child to a fixer who would channel that money to bribe certain college officials.

The accused parents include American television stars Felicity Huffman and Lori Loughlin who have lost contract deals and suffered immediate reputational damage as a result of the scandal. Some parents who are prominent business executives have been suspended from their positions while their children, now students, find themselves in an uncertain limbo regarding their continuing enrolment.

Universities such as Yale, Stanford and Georgetown are also facing lawsuits from students claiming that they and others were denied a fair chance at admission. The universities are accused of failing to maintain adequate protocols and security measures that would guarantee the sanctity of the college admission process.

A civil lawsuit has brought allegations against the parents, coaches and university administrators involved in the bribery ring. The scandal has cast an astonishingly wide net over different individuals and institutions, highlighting the pervasive, broad-ranging nature of bribery itself. Bribery isn’t just a white-collar crime; almost anybody in any industry, including the education sector, could engage in it. They can also be held liable for it and face grave penalties as a result.


GRC Solutions is an award-winning provider of compliance training. To find out more about our Anti-Bribery and Corruption course, contact us today.


SourceTransparency InternationalABC NewsThe Atlantic

eThink Education & GRC Solutions Partner

GRC Solutions is excited to announce a partnership with eThink Education, a leading Learning Management System (LMS) solutions provider. Through this alliance, eThink will be able to offer clients the ability to deploy highly effective compliance eLearning which can be customised to suit their employee training strategy.

As global leaders in Governance, Risk and Compliance training, GRC Solutions aims not only to train staff, but also to develop and improve the compliance culture across a business.

GRC Solutions creates modular compliance training programs designed to suit a range of job roles and levels within organisations. They believe that one size doesn’t fit all and that attaining speed to competence – becoming proficient in key concepts quickly – is essential for staff. Courses can be developed in micro and adaptive learning formats. They are fully mobile enabled and also offer text-to-speech narration.

GRC Solutions works closely with clients to customise training in accordance with organisational compliance policies and corporate culture. This helps to make practical legal and compliance topics relevant and engaging to learners. Courses developed on GRC Solutions’ platform can be delivered through eThink’s LMS environments, incorporating both the in-line multilingual feature as well as client-side edit capability.

eThink Education provides a fully managed eLearning solution for open-source Moodle and Totara, covering all LMS needs including implementation, cloud hosting, integration, consultation and management services. Because eThink Education and GRC Solutions both employ a value-driven and service-oriented model, this partnership ensures total client satisfaction in LMS design, course creation, and eLearning efficacy.

“We are excited to be working with eThink Education, a company that has highly personalised customer service at its heart. We hope the addition of our compliance training expertise and software platforms will enhance eThink’s client offerings substantially,” said Justin Muscolino, GRC Solutions’ Head of Compliance Training North America.

“GRC Solutions provides premium compliance eLearning courses, written by legal and regulatory experts, that are effectively tailored to meet the needs of our clients,” said Brian Carlson, CEO & Co-Founder of eThink Education. “We are proud to add GRC Solutions’ fully customisable content and platform solutions to our growing network of partner resources for our clients to take advantage of.”


About eThink Education 

eThink Education provides a fully managed e-learning solution including implementation, cloud hosting, integration, consultation, and management services for open-source Moodle and Totara. Managed by experts, eThink’s total solution provides a dynamic and customisable platform to meet specific institutional and organisational needs. With clients in various industries including healthcare, education, nonprofit, government and corporate, eThink can help all types of organisations to maximise the effectiveness of their e-learning programs for improved business outcomes. To learn more about eThink Education, please visit ethinkeducation.com.


How to begin developing a training needs analysis

A needs analysis should not be taken lightly. The overall goal is to ensure from a compliance training standpoint that all organizational risks are covered. During the needs analysis stage, the key is to gather as much data as possible to formulate your training plan. If certain data is missed, the organization, the Chief Compliance Officer (CCO), and you could be held accountable if the regulators come in for an examination. To cover all your bases, a solid project plan must be in place. Think of yourself as being a project manager: you need to lay out the approach, timelines, milestones, and the approval process.

There are four steps for conducting a thorough needs analysis:

  1. Understand the organizational goals and objectives
  2. Collecting data
  3. Analyzing data
  4. Discussions with key stakeholders

Understand the organizational goals and objectives

When creating your summary for a needs analysis, you need to understand the organizational goals and objectives as well as regulators’ expectations. In the financial industry there are several regulators, but your organization will only have a certain number depending on the products and services offered. Your summary should include which regulators are applicable and what products or services need to be covered.

Do your regulators require certain compliance training topics to be trained on? This should be identified in your summary, along with the relevant rules and regulations.

In addition, organizational locations should be cited.

You will also need to identify how you will handle non-Full Time Equivalents (non-FTEs) in addition to existing staff. Will new hires, consultants, contractors and part-time staff be trained the same as FTEs or will there be a separate curriculum? Lastly, you should outline the methodology that you adopt to perform your needs analysis. Is it a risk-based approach? If so, provide some details about your approach. For example: ‘a risk-based approach was used to identify the key risks within the organization, prioritizing the compliance training program around these risks.’

The summary should be detailed, providing an overall view of what and how you are targeting full compliance coverage through training.

The data derived from your needs analysis should feature in your training plan.

There should be a column devoted to acknowledging the sources from which the training entries originated (i.e. risk assessment, audit, or examination). This is covered in detail in the training plan section.

The key is to show a linkage throughout the process. If an audit or regulator conducts an examination, you will be able to show a detailed audit trail of each training entry.

This is an excerpt from our new whitepaper, ‘Conducting a Needs Analysis and Developing a Training Plan


Written by Justin Muscolino
Head of Compliance Training
North America



If the Corruption Perceptions Index (CPI) results for 2019 prove anything it’s this: no country is immune to corruption. In fact, out of 180 countries, not one earns a perfect score, with the average global score being 43 out of 100. Though Singapore was ranked third alongside Finland for having the cleanest record, the Asia Pacific region still faced scrutiny over recent high-profile corruption scandals which indicate that there’s room for improvement overall.

Transparency International (TI) started the CPI in 1995 and is the leading global indicator of public sector corruption. The CPI scores 180 countries with their perceived levels of corruption based on data about specific corrupt behaviour including bribery, diversion of public funds, use of public funds for private gain and nepotism. The CPI uses a scale of zero (being highly corrupt) to 100 (very clean) to rank countries. TI has previously recommended that the Association of Southeast Asian Nations (ASEAN) create an ASEAN Integrity Community which would cooperate to prevent corruption in cross-border transactions. Ethical political leadership and a dedication to maintaining transparency in trade deals have been recommended as key strategies to combat corrupt practices.

China, India and Indonesia all slipped down the list. China fell ten places from 77th place to 87th place with a CPI of 39 out of 100.

The 2018 Exporting Corruption report highlights that even when countries are perceived to have relatively low levels of corruption, they may fail to investigate and punish companies implicated in paying bribes overseas. Even if corruption isn’t prevalent within a nation’s own borders, their presence in countries that are rife with corruption still has the potential to have a negative impact. As the chair of Transparency International explained, “corruption is much more likely to flourish where democratic foundations are weak and, as we have seen in many countries, where undemocratic and populist politicians can use it to their advantage.”

TI also highlights the way that weak institutions and unresponsive political systems that lack a focus on compliance with anti-corruption laws can undermine democracy. In a context of international trade of goods, this failure to support democratic principles of governance perpetuates a culture of corruption and leads to over $2.6 trillion in loss annually.

No country should take a good score alone as a sign that they are doing enough to combat corruption. The CPI sends a powerful message about the need for constant monitoring and vigilance when it comes to stamping out corruption in public structures – and this of course has ramifications for the private sector, too.


GRC Solutions is an award-winning provider of compliance training. To find out more about our Anti-bribery and Corruption course, contact us today.

Source: Transparency International

Workplace bullying more common than you think

A missed invitation to the annual staff celebration. A group of colleagues snickering as you walk past. A snide remark about what you’re wearing as you sit down at your desk. By themselves, it would be easy to dismiss each of these incidents as the usual obstacles of navigating your workplace’s social hierarchy. But together they paint a different picture, illustrating that bullying at work is rarely obvious at first glance and so requires strategies to combat it which alter the culture and behaviour of employees at their core. The Protection from Harassment Act (POHA) protects workers against anti-social behaviour with both civil consequences and criminal sanctions for perpetrators. Below are a couple of common misconceptions you may have heard about workplace bullying:

“No one looks upset at work, so everyone must be getting along”

While you may be able to recognise someone being bullied if they’re being repeatedly shouted at by another colleague in the middle of the office, most bullying happens behind closed doors. Employees who are the targets of continuous anti-social and intimidation tactics both at work and/or online, could be too afraid to speak up. ‘Not wanting to cause a fuss’ or feeling as if their complaint will be ignored are some key reasons behind bullying being left unreported, which perpetuates a culture of silence and validates bad behaviour.

Mindset switch:

  • As a manager, be proactive in ensuring that communications between employees are respectful and be aware of toxic ‘office politics’ which may indicate some employees don’t feel safe at work. Emotionally intelligent bosses make themselves approachable and knowledgeable about not only the tasks allocated to each team member, but also how they interact with each other and they will step in to resolve conflict where required.

 “I was just providing necessary criticism”

At some stage in your career, you’re bound to face some critique of your work. This should be with the aim of helping you improve and not directed as a personal attack. Bullies can mask their overly degrading commentary as ‘constructive criticism’, when its real impact was to damage the victim’s self-esteem and embarrass them in front of other colleagues. While a one-off comment from a manager about your output needing to be of a higher standard may not constitute bullying, assigning meaningless tasks unrelated to the job or unnecessarily overloading someone with work and berating them for not completing it on time could be.

Mindset switch:

  • If you have constructive feedback about someone’s work, have an open dialogue with thoughtful advice on how they can improve. Never make aggressive or unsubstantiated statements which criticize a team member personally.

Encouraging inclusive workplace practices and taking a zero-tolerance approach to bullying will keep employees happy and deliver positive results overall.


GRC Solutions is an award-winning provider of compliance training. To find out more about our Diversity & Equality course which details how your workplace should manage and prevent bullying, contact us today.

Source: Singapore Counselling Centre

Justin Muscolino joins GRC Solutions’ US operations 

GRC Solutions is pleased to announce that Justin Muscolino has joined our New York operations as Head of Compliance Training Operations in North America.

Justin draws on his longstanding experience in compliance, training and regulation for the banking sector. He was Macquarie Group’s Head of Americas Compliance Training and JP MorganChase’s Compliance Training Manager. More recently, he served as Head of Compliance Training at Bank of China.

Justin has also worked at the US regulator FINRA, where he helped create Examiner University, seeking to nurture and develop examiners’ skills to deal with financial institutions.

“I’m excited to join GRC after more than 20 years in corporate. After dealing with vendors throughout my career, I can lend my expertise to GRC on best practices when dealing with financial institutions,” Justin says.

“GRC is well-placed to provide premium quality compliance consulting and training to the financial services sector which attracted me to this opportunity.”

In January 2016 GRC Solutions opened our New York office with our unique adaptive e-learning technology. In Australia we have continued to win awards at the industry LearnX Awards for many years, including Best Compliance Program and Best Custom Project in 2018.

GRC Solutions was the recipient of a prestigious Brandon Hall Group’s Excellence Award and was a finalist at the Premier’s NSW Export Awards.

Three tips for your new year’s compliance checkup

Check list

January may signify the loss of sun-drenched beachside holidays as you readjust to business as usual, but it’s also an opportune time to refresh your organisation’s objectives and check in with staff to begin the year on a positive note. Setting ambitious sales targets and devising strategies for new clients may be top of the agenda, though it pays to do a compliance checkup along the way with these tips in mind:

1. Identify gaps in learning and compliance training

A training needs analysis may not seem like the most exhilarating activity at first glance. But it can go a long way towards ensuring that your training covers all the relevant areas and does more than just ‘tick a box’. Ensuring that company procedures are published and updated, and that staff at all levels have completed their relevant compliance training, will mean everyone is on the same page with common goals.

 2. Make your teams aware of compliance contacts and their responsibilities

Who can employees go to if they suspect an IT scam is making the rounds? What if simmering tensions between a few workers haven’t mended over the holiday break? It’s important that staff know what the Compliance Officer is responsible for and are comfortable enough to approach them or management when these types of issues arise. It goes back to establishing a culture that promotes clear lines of communication, but also the old saying that “prevention is better than cure”. This brings us to the third tip.

3. Review risk management procedures through assessing your workplace culture

“Risk management” and “due diligence” always come up when talking about compliance procedures. Your organisation’s workplace culture is where risk management starts – if employees are in an environment where their peers are acting with a compliance mindset, they’re more likely to follow suit. Implementing programs which demonstrate real-world scenarios that your employees can directly relate to is a great place to start. Bringing together multiple departments through workshops or discussion groups about their approaches to high-risk areas like fraud awareness are also a good way to check that your compliance policies are being adopted. Further training can then be adapted as required to fill any gaps in knowledge and embed compliance as a fundamental part of how workers carry out their everyday tasks.

Some key checkpoints:

  • Are new employees briefed on the importance of a collaborative and diligent workplace culture led by example?
  • Does your company have a fraud awareness plan and social media policy?
  • Do your meetings just focus on the numbers or is there also a focus on establishing good business ethics?

GRC Solutions provides a large library of award-winning online compliance training, as well as customisation and bespoke development services.

Client Services Administrator

Client Services Administrator

GRC Solutions is a recognised leader in the online compliance training market. A combination of sophisticated technology and expert content, our company is one of Australia’s key Regulatory Technology (RegTech) businesses. Due to growth, our organisation is looking to appoint a Client Services Administrator in our Singapore office.

In this varied role you will complete a variety of administrative and data management tasks, as well as the establishment of new clients and users. This requires a meticulous and unwavering attention to detail.

You will support and train our clients on the implementation and set up of our award winning Salt Compliance eLearning solutions and supporting our client base. To do this successfully you must be a strong communicator, well presented and experienced in dealing with external clients.

You will focus on the ongoing client management, acting as the client contact for software upgrades, technical support and general inquiries. Your role will support the ongoing success of our products and retention of our existing clients.

This is a client facing role and you will be dealing with some of Australia’s and Singapore’s largest corporations.

Primarily this role will entail:

  1. Implementing Salt Compliance eLearning solutions at client sites
  2. Conducting client site training to administrators of the compliance training software
  3. Working with clients to ensure successful implementation and use of the compliance training software
  4. Providing help desk support to client administrators and users
  5. Maintaining client relationships
  6. Liaising with other business areas to escalate problems
  7. Other duties as assigned

The ideal candidate will have a passion for client service and technology.

Selection Criteria:

  • Relevant tertiary qualifications
  • Demonstrated communications skills
  • Sound judgement and discretion
  • Excellent presentation skills
  • Demonstrated ability to build rapport and maintain effective client relationships
  • Multi project management
  • Cultural change awareness
  • Evidence of ability to support and implement business and account management plans

Attitude & Essential skills:

  • Excellent communication skills, fluent English, both verbal and written
  • Ability to explain complex concepts to non-technical users
  • Ability to communicate with people at all levels
  • Strong problem-solving skills to resolve issues with a thorough and methodical approach
  • Proven ability to think ahead, set priorities and work under pressure to meet deadlines
  • Proven organisational skills
  • Interest in technology
  • Customer focussed
  • Experience with help desk support
  • Willingness to function as part of a team
  • Professional presentation
  • Documentation skills

Technical Skills

  • Database experience
  • Proficiency in Excel
  • eLearning experience advantageous


  • Location: CBD
  • Hours: 9am-6pm
  • Days: Monday – Friday
  • Must be resident in Singapore

Please submit your cover letter and resume to careers@grcsolutions.com.au 

For further information visit our website: https://grcsolutions.com.sg

1MDB case: Goldman Sachs denies wider implications

anti-money laundering The CEO of US banking giant Goldman Sachs has rejected claims that illegal bond transactions conducted by three of its staff with beleaguered strategic development company 1Malaysia Development Berhad (1MDB) would damage the firm’s longstanding reputation.

CEO David Solomon has maintained that speculation over the organisation’s plummeting market value “is completely unfounded” and reiterated their culture valuing “good work and integrity”.

But former Southeast Asia chairman Tim Leissner, a key player in the scandal, has claimed the trio’s conspiracy was “very much in line of its culture of Goldman Sachs to conceal facts from certain compliance and legal employees”. Leissner’s allegation highlights the dangers of internal fraudulent activities driven by complicit colleagues. As Leissner pleaded guilty to bribing foreign officials, he revealed that the group took advantage of the organisation’s secretive culture and factions between departments to pull off the scam.

1MDB has been embroiled in an ongoing global scandal which saw US$4 billion in misappropriated funds allocated to former Malaysian Prime Minister Najib Razak and his associates. International investigations have followed, targeting fraudulent accounts across Europe and Asia. Authorities in Singapore and Switzerland have also enacted penalties on banks with connections to 1MDB which failed to maintain their anti-money laundering controls.

As Goldman Sachs faces fines of US$2 billion and falling share prices, it’s a timely reminder that internal policies on anti-money laundering must be holistically adopted by an organisation to avoid criminal repercussions. Cases like this illustrate the importance of starting company-wide conversations about how to ensure all work practices remain both legally and ethically compliant. Transparent communication between compliance and finance teams is essential to building a workplace culture which truly values its ethical obligations and reputation for honest dealings.

GRC Solutions provides a range of award-winning compliance training courses covering anti-bribery and corruption and anti-money laundering policies. Please contact irene.chua@grcsolutions.com.sg for more information.

Source: Straits Times

ADCC has work cut out for them as fraudsters get creative

More than a year has passed since the Hong Kong Police Force set up the Anti-Deception Coordination Centre (ADCC). Its seven-member team was tasked with five major functions:

  1. To formulate and implement the strategic directions to combat deception
  2. To provide a 24-hour telephone support service for the general public
  3. To enhance coordination between the Police Force, other government departments, and local and overseas stakeholders
  4. To coordinate anti-deception publicity and educational campaigns
  5. To monitor and analyse the trend of deception cases and provide risk evaluation

In its first six months the ADCC was notified of:

  • 229 commercial email fraud cases
  • 60 phone scams
  • 93 romance and social media scams
  • 24 investment fraud cases

But the issue of fraud remains immense, and the ADCC have their work cut out for them. In the last year thousands of Hong Kong bank accounts have been used to collect and launder about HK$4 billion by local and international fraudsters. Fraudsters using online banking services from mainland China are believed to be behind many of the accounts.

A Hong Kong public housing tenant was defrauded out of HK$137,000 by two men posing as mainland Chinese immigration officers. The fraudsters accused her of money laundering and instructed her to transfer money into two designated bank accounts as part of the ‘investigation’.

Further complicating the problem of fraud is the rise of virtual currencies such as bitcoin. Fraudsters are increasingly exploiting the anonymity of virtual currencies by demanding payments in bitcoin. Earlier this year, about 300 Hong Kong men seeking sexual services reportedly lost about HK$10 million in just six months. The fraudsters posed as foreign women who were studying in the city. They demanded bitcoin payments before a meeting would be arranged. But no one ever showed up to meet the victims. In some cases, fraudsters coaxed personal information from the victims which they used to further blackmail them.

The Police Force’s Cybersecurity and Technology Crime bureau has set up a dedicated unit to monitor the crimes involving bitcoin and the ADCC is also set to expand. As scams become increasingly inventive, the public also has a duty to remain cautious and vigilant.

GRC Solutions offers a range of Fraud online training for staff at all levels within an organisation – please contact irene.chua@grcsolutions.com.sg for more information.

Sources: Hong Kong Police Force – ADCC, Hong Kong’s new police anti-fraud squad freezes HK$99 million, Fraudsters used ‘thousands’ of Hong Kong bank accounts to launder HK$4 billion in one year, Public Housing Tenant Loses HK$137,000,Hong Kong men looking for sex on WeChat, scammed out of HK$10 mil in six months


GRC’s Top 5 Tips to Overcome Diversity Challenges

Today, diversity is typical in most workplaces. With new technology, businesses can connect with clients and customers from all over the world. Internally, the business landscape is recognising the benefits of diversity including wealth of knowledge, experience and different perspectives. By embracing those differences, we can spark innovation, problem solving, insight and creativity.

While diversity may be the new norm, the possible challenges of diversity must be addressed. Neglecting deep-rooted stereotypes can lead to various workplace challenges including:Diversity

  • Communication issues stemming from the failure of different groups to understand one another
  • Increased tension and conflicts between different groups
  • The tendency for individuals from similar backgrounds to stick together, hire similar individuals and choose similar individuals to work on projects together
  • Discrimination and harassment in the workplace

These challenges can often snowball, lead to a decrease in productivity and in some cases legal consequences.

Here are some ways that will help overcome diversity challenges:

Take a look at your recruiting and hiring practices

Ensure job advertisements and job descriptions are neutral and bias free to attract a wide variety of candidates. Make sure candidates are interviewed by various individuals within the organisation.

Establish mentoring opportunities

Challenge preconceived notions by providing employees with the opportunity to be mentored by individuals from different cultures, backgrounds and ages to improve communication and build relationships.

Promote team work

Encourage employees to focus on each other’s strengths and create cross-functional teams so that individuals from different backgrounds can work together. For example, its important you work on eliminating generation gaps. Employers should encourage and support employees to ensure they feel that they have a voice and seat at the table.

Make inclusion a priority

It’s important for an employer to go beyond diversity and strive to have an inclusive workplace, where all employees feel their differences are respected and valued for their different skills and ideas. An employer can support inclusion by providing accommodations to employees’ cultural requirements, like prayer times or religious holidays.

Provide Diversity Training

Diversity training can go a long way in encouraging employees to be accepting of differences and value the opinions of others. Awareness training helps foster and strengthen diversity initiatives in the workplace.

Regardless of your business type, it’s important to keep an open mind. By doing so, you can find a common ground where everyone can respect and embrace diversity.

GRC Solutions offers Diversity and Equality online training for staff at all levels within an organisation – please contact irene.chua@grcsolutions.com.sg for more information.


https://www.wonolo.com/blog/challenges-of-cultural-diversity-in-the-workplace/ https://www.forbes.com/sites/lyndashaw/2016/03/20/7-ways-to-handle-diversity/#35d214486e9a

Anti-money laundering news in Asia

Anti-moneyMoney laundering provides the lifeline to most criminal activity, enabling criminals to spend ill-gotten gains without being detected. They put a lot of effort into trying to ensure the proceeds of crime can’t be traced to them. These days, with cross-border transactions being faster and easier than ever, money laundering almost inevitably involves moving funds between countries, often several countries, on the way to their ultimate destination. No jurisdiction is immune and major financial hubs are particularly at risk.

Ahead of the release of our new and updated Anti-Money Laundering courses for new jurisdictions, here’s a quick recap of major recent anti-money laundering news in Asia:

Hong Kong

In August, the Hong Kong Monetary Authority (HKMA) fined Shanghai Commercial Bank Limited HKD$5 million for breaching anti-money laundering and countering the financing of terrorism (AML/CFT) laws. The breaches related to obligations to monitor business relationships, which involves examining customers backgrounds and the purpose of their transaction. The HKMA said the penalty would “send a clear deterrent message to the industry”.

Less than a week later, the Hong Kong anti-fraud squad reported that it in the 12 months since its inception, it had uncovered thousands of bank accounts used by local and international fraudsters to collect and launder HKD$4 billion in illegal funds. Many account holders were believed to have been Chinese nationals recruited by mainland Chinese money exchangers to launder proceeds made from commercial email scams, online romance scams, investment fraud and phone scams.

Over 3,000 bank accounts are said to have been involved, many of which had been open for more than year before being used to layer and structure illegal funds.


A lawyer for former Malaysian Prime Minister Najib Razak was charged last week with money laundering offences relating to MYR 9.5 million of funds received from his client.

The charge sheet shows that Mr Muhammad Shafee Abdullah, who is Najib’s main defence lawyer, is accused of receiving proceeds from illegal activities from Najib’s personal bank account in 2013.

Najib is the subject of an ongoing investigation into 1MDB, a state investment fund he set up when he took power in 2009. The investigations seek to ascertain how billions of those funds ended up in several individuals’ personal accounts, including those belonging to Najib and some of his family members, via a complex network of what appears to be money laundering activity, including transfers to and from shell companies.

The US Justice Department continues to seek the return of goods bought with misappropriated 1MDB funds, many of whom were presented as gifts to celebrities including Leonardo DiCaprio and Mirando Kerr.

Najib’s wife, Rosmah Mansor, is also expected to be charged with up to 20 counts of money laundering.


Back in May, the Monetary Authority of Singapore (MAS) and the Singapore Police force released a set of AML/CTF best practices for financial institutions. Alongside these best practices were notable money laundering typologies and several case studies illustrating common scams. For example, the use of multiple subsidiary businesses to move funds around and between regions, including South-East Asia, South Asia and the Middle East. Another example cites the use of an entity that appears to have government links, where a public official misrepresents to auditors that money siphoned off from the entity were being invested privately in an offshore subsidiary.

Singapore’s Ministry of Law has also proposed to close what it perceives as a regulatory gap around the precious stones and metals sector. If enacted, new AML/CTF rules will require dealers of precious stones and metals to be registered and to maintain AML risk management procedures.

For further information about our AML courses for Singapore, Hong Kong and Malaysia, please contact irene.chua@grcsolutions.com.sg

Sources: Najib lead defence lawyer expected to be charged, Ex-PM’s wife Rosmah likely to be charged, HKMA fines Shanghai commercial bank for anti-money laundering, Fraudsters use thousands of Hong Kong Bank accounts, New guidelines to fight money laundering terror financing, Singapore’s precious stones and metals industry to face tighter scrutiny on money.

Former Vice President of CIMB Bank penalised for Insider Trading

The Monetary Authority of Singapore (MAS) issued a 5-year prohibition order against Mr Alan Tay Yeow Kee, former Vice President of CIMB Bank, a leading ASEAN universal bank headquartered in Kuala Lumpur. The order prohibits Mr Tay from taking part in managing or becoming a substantial shareholder of any capital market services company under the Securities and Futures Act (SFA) in Singapore.


In 2011, Mr Tay used an agent to purchase shares in two Singapore Exchange listed companies. He did so while in possession of non-public and price sensitive information regarding takeover offers received by the companies. He obtained the privileged takeover information through his position in CIMB Bank. The share price of those companies rose when the companies made public announcements and Mr Tay made a profit of SG$30,000.

In May 2017, Mr Tay was convicted for insider trading and was fined $180,000.

What is insider trading?

Trading refers to applying for, buying, or selling a company’s securities including that procured by another person on the insider’s behalf. Insider trading means trading in financial products while in possession of price-sensitive and non-public information (“inside information”).

Insider trading is a form of fraud and is an offence under the SFA. The trader can be found guilty of the offence if a reasonable person would have recognised the information as non-public and price sensitive – the trader cannot claim to have been unaware that they held inside information.

Why is insider trading prohibited?

  • Fairness – Insiders take advantage of market-sensitive information that others don’t yet have. Market participants should have equal access to information from an issuer of securities.
  • Safeguarding trust – Insiders often occupy a position of trust in relation to the company whose shares they are trading in. They should not be allowed to make a personal profit from that.
  • Economic efficiency – Insider trading damages confidence in securities markets which in turn harms the community. People without inside information won’t want to trade in a market with people who have inside information. This will cause liquidity to decrease, reducing the efficiency of the economy overall.

The takeaway

Insider trading can lead to hefty penalties for individuals and companies. It is critical that businesses train their employees to recognise non-public and price sensitive information, to prevent both deliberate and inadvertent insider training.

GRC Solutions offers a wide-ranging library of Salt Compliance e-learning courses, including Insider Trading, Fraud Awareness and Whistleblowing. Contact us today for more information.

Source: MAS, SFA

Prime Minister one of 1.5 million victims in Singapore health database breach

database breachApproximately 1.5 million patients who visited Singaporean health clinics between 1 May 2015 and 4 July 2018 have had their personal information stolen from a government database.

A malware-infected computer owned by Singapore Health Services (SingHealth), one of the country’s largest government healthcare groups, gave hackers access to 1.5 million patients’ names and addresses. The hackers were also able to access details of medicines dispensed to about 150,000 patients.

Prime Minister Lee Hsien Loong’s personal information and outpatient dispensed medicines were “specifically and repeatedly targeted”, according to officials.

Cybersecurity a government priority

The last year has seen a number of government cybersecurity incidents, including the theft of  850 national servicemen and employees’ personal details from the Ministry of Defence and research articles and government data from several Singaporean universities.

The Singaporean government has confirmed that cybersecurity is a top priority and that it intends to establish a Committee of Inquiry to strengthen government systems against hacking and other cyber security attacks. As an interim measure, SingHealth has removed internet access on all 28,000 of its business computers.

Gaps in the current data protection regime

Singapore’s data protection regime, including the Personal Data Protection Act (PDPA), gives individuals rights as to how their personal information is collected, used and disclosed by private sector organisations. It also imposes on those organisations an obligation to ensure that information is kept secure from unauthorised access and modification. However, there are no equivalent obligations on government agencies.

Under the Cybersecurity Act, which was officially passed in February, organisations who own critical information infrastructure in key sectors, including healthcare, must notify the cybersecurity regulator of “prescribed cybersecurity incidents”. However, as the law has not yet come into effect, individuals affected by the SingHealth breach are currently without recourse.

Are you across your privacy and data protection obligations?

GRC Solutions offers off-the-shelf and bespoke compliance training on Data Protection under Singaporean law and in other jurisdictions. Contact us today for more information.

Sources: ABC News, BBC, Channel News Asia.

Unregulated online platforms wreaking trouble

online platforms In 2017 consumers lost S$7.8 million from trading on unregulated platforms.

The Commercial Affairs Department (CAD) of Singapore reported a 400% jump in the number of fraud cases from 2016.

How do these platforms get customers?

These online platforms allow consumers to trade a wide range of products from foreign exchange to commodities and binary options.

The CAD has advised against using such platforms as the credibility of these operations cannot be verified and are mostly located outside of Singapore. It is harder to take action against foreign-owned entities.

They reach out to potential consumers through unsolicited phone calls, messages and online advertisements. To increase customer base, existing consumers are offered commission for introducing new customers to trade on the platforms.

More advanced entities conduct seminars to promote their platforms.

Safeguard yourself

Lee Boon Ngiap, the assistant managing director of Monetary Authority of Singapore (MAS) suggests that “before committing to any investment, consumers should always ‘ASK, CHECK, CONFIRM’ to avoid any potential scams.”

You should always:

  •  Ask questions to understand the investments presented to you.
  • Check the company details and members to ensure it is a legitimate company.
  • Confirm the company details against resources such as the Financial Institutions Directory available on the MAS website.
  • Always beware of investment opportunities that promise high returns for little or no risks.

There are legal, MAS-regulated platforms that allow for the trading of shares, debentures and exchange-traded funds. Regulated platforms are subject to laws that ensure fair-dealing and protects investors’ monies.

Talk to GRC Solutions today to find out more about our Fraud Awareness courses.

Source: The Business Times, The Straits Times

MAS partners with the Singapore Police Force in fight against money laundering

The Anti-Money Laundering and Countering the Financing of Terrorism Industry Partnership (ACIP) is a joint undertaking by the Money Authority of Singapore (MAS) and the Commercial Affairs Department (CAD) of the Singapore Police Force.

This partnership brings together participants from the finance industry and law enforcement agencies to combat money laundering and terrorism financing risks in Singapore.

It is believed that this bold step will enhance the mitigation of risks and Singapore’s position as a global financial hub.

Singapore faces high risks due to its open economy and high levels of complex cross-border transactions.

How will ACIP function?

The ACIP will comprise of a Steering Group and a Working Group.

The Steering Group is to be led by MAS, CAS and eight banks in Singapore while the Working Group will be made up of relevant members and industries within the financial sector.

While the Steering Group will identify and prioritise the ML/TF risks, the Working Group will contribute information regarding the understanding and mitigation of these risks.

The ACIP is a step taken towards complying with the Financial Action Task Force (FATF) recommendations.

The Steering Group members are appointed on a 2-year basis, after which they will be up for rotation or expansion.

Steps taken towards combating ML/TF

Following their partnership, ACIP has released a recommended set of best practices for financial institutions to combat ML/TF risks.

In addition to the standard best practices for financial institutions, the paper also includes recommendations for professional service providers such as lawyers, accountants and company service providers.

ACIP has also set up a data analytics working group to make use of data analytics to better identify suspicious client profiles, activities or transaction patterns.

David Chew, the director of CAD, believes that this is just the beginning. He said that there are hopes that the partnership will “build on a foundation of trust, as [they] move towards closer cooperation” between industry players.

Talk to GRC Solutions today to find out more about our Anti-Money Laundering courses and how you can help combat money laundering.

Source: MAS, The Straits Times

What do you need to know about the GDPR

You may have noticed a flurry of privacy policy updates in your inbox in the last few weeks. There’s a good reason for that – the GDPR is here and it could apply to you.

What is the GDPR?

The EU’s General Data Protection Regulation (GDPR) commenced on May 25 2018, and its impacts are being felt worldwide. These new rules for data collection and storage apply to all EU based companies and residents as well as any businesses outside the EU that handle the data of EU residents. Basically, this means that if you do business with any EU companies, or market goods or services to EU residents, then the GDPR applies to you.

The GDPR contains 99 articles that define what data can be collected and stored and the conditions of that storage. In addition, there is a requirement of explicit, voluntary consent for data collection and an obligation to allow all individuals access to their data.

The GDPR regulates not just the usual private information – name, email address, street address – but also cookies, IP addresses and location information.

Are you compliant?

The broad application and detail in the GDPR means that you need to adapt your response to your business. Implementation may not be straightforward, and you will need to build your response into everyday work practice.

Under the GDPR you will have to clearly define the data you collect and how you store that information. Moreover, the requirement of explicit, voluntary consent means that you must communicate in plain language, avoiding any jargon or legalese, and the customer must have a genuine opportunity to opt out.

If you share that information with any third parties, you will have to include a Data Process Addendum (DPA) in any agreement. A DPA should define the type of data accessible to the third party and their obligation to comply with your privacy requirements.

GDPR readiness will require, among other actions, a revision of your privacy policy, staff training and a review of many of your customer communication forms – for example, your email opt-in and contact forms.

What is different about the GDPR?

GDPRs hold companies to a higher standard to protect the rights of individuals.

While a lot of privacy regulations focus on a company’s duty to protect its data from hackers, these regulations require the company to demonstrate responsible privacy management. In this context, absence of breach does not ensure compliance.

Compliance with these new regulations will require companies to achieve this higher standard. And with penalties of up to 4% of your worldwide annual revenue or over US$23 million, they need to adapt quickly.

Sources: Regulation (EU) 2016/679; Forbes: The Biggest GDPR Mistake U.S. Companies are Making, Security Intelligence: Getting Ready for GDPR, CSO: GDPR is live!-Now what?, Forbes: Is Your Business GDPR Compliant?

GRC Solutions offers a wide-ranging library of Salt Compliance e-learning courses, including Data Protection. Contact us today for more information.

Starbucks shuts stores for a day for anti-bias training

On 29 May 2018, Starbucks, one of the world’s largest coffeehouse chains, closed its business in the US for the day across 8000 stores to provide its employees with anti-bias and diversity training.


On 12 April 2018, six police officers in Philadelphia took two black men into custody at a Starbucks store after an employee made a complaint. The two men had not purchased anything, were reportedly waiting for another person and had refused to leave the store.

The incident was captured on video and watched by millions online. A public outcry followed. Questions were raised at Starbucks’ culture of racial bias against black men.

Starbucks response

Starbucks CEO Kevin Johnson released a statement on the same day promising to investigate the incident and make necessary changes to prevent it from happening in future.

The company then took the step of providing its 175,000 employees with implicit bias training.

Johnson says that the company is taking a long-term view of its commitment and that training costs would be “an important investment in the tens of millions”.

Implicit/Unconscious Bias

Implicit or unconscious bias means having a preconceived attitude or stereotype against someone which affects our understanding of, and conduct towards, others in an unconscious manner.

A US research association, the Perception Institute, states that studies have found that the incident in discussion is a common example of implicit bias where white people frequently associate criminality with black people without even realizing that they are being biased.

What can businesses learn from it?

This incident has certainly impacted Starbucks with both negative publicity and financial consequences, given the settlement money that the company will be paying the victims of the arrest.

But the incident illustrates just one of several different examples of unconscious bias.

An important step in challenging the influence of unconscious biases within any business is to train employees on biases in general, and to promote a general culture of awareness.

Talk to GRC Solutions today for more tips, including Unconscious Bias and Diversity & Equality courses that we can customise for your industry and jurisdiction.

Source: Starbucks, Perception Institute

Compliance training myths

Up-to-date and regular training forms an important part of businesses’ compliance programs.

Compliance training is crucial to ensure your business and employees operate within the law. It can even yield economic benefits, saving organisations from breach-related fines, reputational damage and loss of revenue.

Compliance training can have a reputation for being boring, overly technical and unengaging. But this needn’t be the case.

Let’s dispel some common compliance training myths.

Training is unnecessary

Training ensures that your business can operate safely and efficiently. It is vital that all your employees and contractors understand what relevant laws and regulations apply, and how to follow them.

Training is boring

Compliance training can – and should – be engaging. It should keep learners invested in the content.

Content-wise, training should draw on relevant examples and case studies that apply to your industry and the role in job which the learner works. These asides help to place the key concepts in context, and make those concepts topical and fresh for learners.

Design-wise, there are many ways to develop online training. It’s important to keep in mind that online training, or e-learning, is more than just publishing a manual, policy or essay on the internet, with lots of text on a page. It should guide learners towards the key concepts, using visual cues to help place those concepts into context.

The visuals in compliance training shouldn’t distract from the text but rather bring it to life. Ideally, they should help learners understand what compliance breaches are and what the practical actions necessary to prevent or handle them look like.

One size fits all

Compliance training can be designed with your industry in mind. Your compliance trainer can design a course that covers all the relevant rules and regulations that apply to you and your business, leaving out any irrelevant information.

Training is often irrelevant

Training should be relevant to the learners and the organisations they work in. The easiest way to disengage learners from training is to provide them with content that doesn’t relate to them.

The same training content won’t necessarily apply to everybody.

This is where course customisation, or tailoring, comes in. Not only can your course be customised to specific industries, it can be customised to specific categories of employees.

This means that learners can focus on those aspects that are relevant to their work. And that means they are more likely to be engaged by the training.

 There is only one way to view online training

More and more training these days is mobile responsive, it can now be delivered on a range of devices including computer, tablet or phone, meaning more flexible access to training.

GRC Solutions offers a wide-ranging library of Salt Compliance e-learning courses, including Fraud Awareness, Unconscious Bias, and Cyber Security. Contact us today for more information.

Source: PowerDMS

Chinese bank fined millions. Is this just the beginning?

The 5 million dollar fine


On May 16, the Industrial and Commercial Bank of China Financial Services (ICBC), the world’s largest lender by assets, agreed to pay the Financial Industry Regulatory Authority US$5.3 million in fines.

The fine was a result of ICBC’s inadequate anti-money laundering (AML) systems which failed to monitor and detect suspicious transactions.

This comes as a hit to ICBC which was also recently fined by the US Securities and Exchange Commission (SEC) for its failure to file suspicious transaction reports.


Consequences of the probe


While ICBC has not admitted to any of the charges, the string of regulatory probes by US regulators is likely to slow the Chinese bank’s growth in the international market and could cut into their profitability.

Prior to the US authorities’ probe, the China Banking Regulatory Commission (CBRC) has slapped its banks with over 3,000 penalties for bad practices.

CBRC chairman, Guo Shuqing, is on a mission to root out malpractice and is “targeting internal controls and interbank activities”. The added costs of stringent risk management and compliance are bound to create a larger impact than fines.

Despite the crackdown on its domestic banks, oversight of its overseas branches has been more relaxed until now.


Preventative measures

The US Federal Reserve has ordered ICBC and three other China-owned banks to overhaul their AML policies.

Financial institutions are at the forefront of combatting financial crime and it is essential that employees are trained in identifying and handling money laundering. Non-compliance with AML regulations may result in unnecessary costs and problems for banks.


Talk to GRC Solutions today to find out more about our Anti-Money Laundering courses and how you can remain compliant with up-to-date AML regulations.

Source: Bloomberg, Reuters, Financial Times

Cultural Diversity: What does this mean in the workplace?

The United Nations’ World Day for Cultural Diversity (21 May) provides an opportunity to highlight the concrete benefits of uniting people of different cultures.

Globally, cultural unity creates sustainable development and reduces poverty, enhancing both economic and social growth.

The UN General Assembly emphasises the four goals of the UNESCO Convention on the protection and advocacy of cultural diversity on this celebrated day.

The goals include the promotion of human rights; the integration of culture in sustainable development frameworks; achieving a balanced flow of cultural goods; and increased mobility of artists and cultural professionals.


Cultural tolerance & tackling workplace discrimination

Singapore is a cultural hotpot with a unique local composition consisting mainly of Chinese, Malays, Indians and Eurasians. With its rapidly developing economy and target to be a global economic hub of sorts, working in Singapore is an enriching experience with an ever-increasing mix of people and backgrounds.

It is of increased importance that corporations in Singapore encourage the understanding of different cultures and are aware of the possible presence of “cultural minefields” within the organisation.

Although Singapore does not have anti-discrimination laws, it sees greater success in implementing an educational and progressive approach to tackle the issue.

The Tripartite Alliance for Fair & Progressive Employment Practices (TAFEP) governs employment practices and workplace discrimination allegations. The TAFEP Guidelines promote the recruitment of employees based on their merit, non-discriminatory provision of training opportunities for employees and fair treatment and rewards.

It sets out specific criteria to be met to achieve these standards and the role of employers and employees in achieving cultural harmony in organisations.

Non-compliance with its guidelines may result in rectification or even, administrative actions such as the curtailment of work pass privileges.


Tips for an inclusive workplace

Working in a cosmopolitan city may be unfamiliar to some and an orientation to the company, the country and their cultures will help to get the employee up to speed. Introducing the new employee to an existing employee will provide the new employee with some familiarity to the new environment.

Another area in which employers can take greater action is in performance management. TAFEP suggests implementing easy methods such as including measurable standards for evaluating job performance and ensuring that the promotion process is clearly linked to job requirements.

Promoting workplace harmony attracts talent, improves employee happiness and benefits engagement.


Talk to GRC Solutions today for more tips, including our Diversity & Equality courses that we can customise for your industry and jurisdiction.


Source: UN, Singapore Business Review, TAFEP

Lessons from Mahathir and the winning of the Malaysian elections

Malaysia is in a state of shock after the first-ever election win of an opposition party, as Pakatan Harapan put an end to Barisan National’s 61-year reign as the ruling governing party.

Leading the opposition to victory was an old hand – Dr Mahathir was previously Malaysia’s prime minister from 1981 to 2003.

Dr Mahathir defected from the ruling party to the opposition to take down his protégé, Prime Minister Najib Razak.

At the core of the election was the issue of corruption. Outgoing Prime Minister Razak is alleged to have carried out corruption on a massive scale.

In his election campaign, Mahathir had promised to reinvestigate the embezzlement and money laundering scandal concerning Malaysian strategic development company 1Malaysia Development Berhad (1MDB).

Billions of dollars were being siphoned from a 1MDB account, which was created to fund infrastructure projects.

The newly appointed Finance Minister of Malaysia, Lim Guan Eng looks to resume investigations at the earliest opportunity to “restore investor confidence in Malaysia”.

The reopening of the 1MDB case would require involvement and cooperation of a lot of people from America, Singapore and Switzerland. Allegations about the proceeds of crime even travelled all the way to Hollywood, where they were linked to the film Wolf of Wall Street and film star Leonard DiCaprio’s environmental foundation.

The government’s failure to handle the 1MDB scandal is perceived to have tarnished the country’s image and attributed significantly to Barisan National’s shock loss.


Lessons for the world

The whole world is now monitoring the remarkable political situation in Malaysia and the scandal that has now engulfed the long-running ruling party. But it also draws attention to how other countries are handling anti-corruption regulation and enforcement.

For instance, in Singapore, local experts are also calling for stronger penalties to enforce against corruption. Professor Walter Woon has said that existing penalties are “far too low to deal with major corporate corruption”.

Professor Woon recommends implementing a regime that instates a legal duty on firms to institute policies to prevent bribery, such as those already in place for money laundering.

Australia is currently reviewing its anti-bribery legislation, with new reforms likely to take effect in either late 2018 or early 2019.

Talk to GRC Solutions today about our Salt Compliance online training courses, including our Anti-Bribery and Corruption and Anti-Money Laundering courses.

Source: The Straits Times

Innovation and Regulation – the legal and economic benefits of RegTech

The RegTech Association held its first industry event – #ACCELERATERegTech2018 – on 3 and 4 May 2018 at the Amora Hotel in Sydney. The event saw regulators, regulated entities, technology firms, allied associations, professional services, members of financial services and RegTechs come together to shed light on RegTech capabilities.

What is RegTech? 

Regulatory Technology, aka, RegTech, is an efficient way of using technology to ensure compliance with regulations. The uses for technology in the regulatory space are wide-ranging, from helping to train employees to providing disclosures to customers and shareholders.

AUSTRAC Director Tony Prior notes that since most regulations are aimed at combatting financial crimes, regulatory compliance is in fact in the national interest.

What are the challenges in compliance?

Summarising some key insights from the event’s various panel discussions and talks, some challenges for all players in the compliance sphere include the following:

  • Businesses are looking at the best ways to use these new technologies to improve customers’ and shareholders’ experience
  • Imbalance between regulatory innovation and innovation for customer experience
  • Innovative technologies – eg data sharing, particularly for open banking which is aimed to be implemented in mid-2019
  • Move towards proactive compliance procedures, including independent reviews, and away from the perception that compliance is a tick box exercise
  • Increasing regulatory penalties
  • Increasing regulation throughout the world in combatting financial crimes

How can businesses achieve compliance?

AISC Commissioner, John Price, gave the keynote address advising participants to achieve a balance between innovation and responsibility. This need was acknowledged by key presenters. For instance, Kate Cooper, Head of Innovation at Westpac highlighted the need for integrating compliance with customer experience. Other takeaways include the following:

  • Businesses should go beyond the check box exercise and focus on the social importance of fighting financial crime
  • Data sharing will be a useful tool, but businesses should ensure a balance between data innovation and privacy
  • RegTech provides a potential solution to overcome the complexity and volume of regulatory compliance
  • RegTech can also be a useful tool at the regulator’s end and the industry should continue the collaborative effect in combating financial crime
  • Compliance should be achieved not just by design but be implemented, monitored and reviewed

Keppel Corp bribery scandal: Setting the tone for better standards of compliance

Keppel Corp, Singapore’s oil rig builder, is embroiled in one of the biggest international corruption scandals Singapore has seen in recent times.

Investigations revealed Keppel Offshore & Marine’s (KOM) involvement in a scheme that ran from 2001 to 2014 which paid US$55 million in bribes to win contracts with Brazilian company Petrobas.

The bribes resulted in more than US$1 billion in contracts for KOM.

The Singapore government is the biggest shareholder of the company with Temasek Holdings owning about 20 percent of Keppel Corp’s shares.

Although duly denied by Keppel Corp, an agent of Keppel Offshore, Zwi Skornicki, alleged that he was authorised by senior executives to pay bribes on behalf of the company.

As part of a global resolution with authorities in Singapore, Brazil and the United States, KOM has agreed to pay US$422 million in fines.

Member of Parliament (MP) Sylvia Lim questioned this measure for its “implications on local law enforcement and prosecutorial decisions”.

Worker’s Party MP Pritam Singh is also curious about the measures taken by the Ministry and Temasek Holdings to ensure that government-linked companies (GLCs) refrain from corrupt practices.

Immediate measures adopted by KOM including financial sanctions, resignations, demotions and written warnings and an agreement to improve compliance and controls within the company awarded the company with a discount to its applicable fine.

Call for increased responsibility within government-linked companies

The incident has led to the tainting of Singapore’s pristine, corruption-free reputation.

Corporate governance experts that suggest that Keppel is likely to be held to higher standards due to it being a GLC.

Accounting Professor of the National University of Singapore, Mak Yuen Teen, highlighted that “as the controlling shareholder, Temasek has a stewardship role over the GLCs and need to hold the boards and management accountable”.

The other GLC companies involved are Keppel, Sembcorp and ST Engineering.

CIMB economist Song Seng Wun attributes the increased susceptibility to corruption in these industries to the “large sums of money moving around” in the offshore and marine, mining and construction sectors.

He adds that similar future incidents will be handled with graver consequences.

It is essential that GLCs, especially, set a strong standard of compliance and corporate governance in Singapore.

Talk to GRC Solutions today about our Salt Compliance online training courses, including our Anti-Bribery and Corruption courses.

Source: Reuters, Today, The Straits Times

Business Development Manager

Business Development Manager

Company & Culture

GRC Solutions is a recognised leader in the financial services compliance training market. We offer legal compliance, risk management, and ethics training through off-the-shelf and custom e-learning courses, as well as facilitated workshops. Our business is known internationally for its innovative e-learning technology, outstanding customer service and smart, tailored solutions to satisfy our clients’ compliance training needs.

We pride ourselves in cultivating a workplace environment that enables employees to achieve their best while being recognised and rewarded for their efforts. Professional development is fostered in a dynamic, collaborative culture that is high on trust and low on politics.

Our people work with integrity, producing the best outcomes for our clients in the most efficient manner possible. We promote the same values internally that we promote externally: we have an approachable, can-do attitude to work and a relationship-driven approach to business. A strong work ethic is essential, as we are actively looking to build our brand and presence across Singapore, as well as the wider Asia region.


Purpose of the position:

To support the continued growth and expansion of GRC Solutions through the acquisition of new clients, development of brand and reputation across the industry, and increasing revenue throughout the region.



  • Achieve new business targets and secure high-quality sales with prospective and existing clients in the target territory & key industry sectors
  • Maximise opportunities using existing client base and develop strategy to target new clients
  • Generate new leads, through industry events and own network
  • Identify marketing initiatives to generate quality prospects
  • Report to and work closely with management to maximise revenue with existing and potential new customers
  • Prospecting and developing the regional market
  • Creating proposals or completing professional tender response documents
  • Developing and maintaining an understanding of the company’s range of services and solutions, areas of expertise and business objectives
  • Keep clients fully aware of new solutions and products being designed/developed by GRC Solutions
  • Act professionally, transparently and ethically in all dealings with clients, prospects and colleagues
  • Respond to change positively, identify the need for change to increase efficiencies and help to implement change strategy
  • Development of links with agency bodies and external corporate partners


Personal Attributes: 

  • Proven business-to-business sales experience
  • A record of achievement in high-value sales, new business development, account management, solution sales or similar
  • Experience and success in managing high-value and complex relationships with senior management in large corporations
  • Experience dealing with decision makers in the areas of lead generation, sales conversion, account development, enquiry management and lead nurturing
  • Excellent phone, oral & written communication and presentation skills
  • Ability to develop a good rapport with external clients and prospects
  • Ability to influence, persuade and direct individuals to convert to sales
  • Self-motivation and drive, goal-orientated with the ability to work on own initiative while also contributing effectively as part of a team



  • Open-mindedness to new ideas, willingness to share and look for growth opportunities, and appreciation for new ways of doing business. We value individuals who are willing to give and receive constructive feedback, bring their personality to the office, and help us to develop new ideas for the future.



  • A good understanding of governance, risk and compliance issues affecting international businesses



  • Location: CBD
  • Hours: 9am–6pm
  • Days: Monday–Friday
  • Must be resident in Singapore



GRC Solutions is committed to attracting the best candidates. A competitive salary package commensurate with this objective is on offer for the right candidate.

Please apply, including the details below, to: sam.gibbins@grcsolutions.com.sg

  • CV
  • Covering Letter
  • Notice Period
  • Salary expectation

(Only short-listed candidates will be notified)

Standard Chartered fined for S$1.9 billion transfer of assets

Standard Chartered Plc is facing a S$5.2 million dollar fine for breaching multiple Anti-Money Laundering (AML) regulations.

This comes soon after Standard Chartered Plc was investigated for the transfer of over S$1.91 billion worth of assets by Indonesian clients from Guernsey to Singapore.

The transfers were made in late 2015 just before Guernsey adopted the Common Reporting Standard (CRS), a global framework for the exchange of tax and financial data.

The CRS requires countries to automatically share reports and data of people subject to taxes in each member country. Although Singapore is also party to the treaty, Guernsey was quicker to implement the treaty rules.

The Director General of Taxation in Indonesia, Ken Dwijugiasteadi, believes that most of the funds were transferred to make use of Singapore’s tax amnesty programme which launched in July 2016.

Standard Chartered itself reported the suspicious transfer of assets to regulators.

The importance of whistleblowing and compliance

In a statement Money Authority Singapore (MAS) asserted its position of zero tolerance towards money laundering and terrorist financing. It described Standard Chartered’s risk management and controls relating to anti-money laundering/ counter-financing of terrorism (AML/CFT ) as “unsatisfactory”.

MAS did however acknowledge that the bank’s response to bolster its risk management measures had been prompt and substantial.

Earlier last year, MAS took firm action against other banks. Credit Suisse and United Overseas Bank breached MAS’s AML requirements during Malaysia’s 1MDB scandal, with fines totalling S$1.6 million.

National University of Singapore (NUS) academic director, Joehan Suleman, suggested that whistleblowing should become a standard in banks and may reduce the penalty.

This incident serves as a warning to other financial institutions on the importance of strong internal compliance policies.

Talk to GRC Solutions today about our Salt Compliance online training courses, including our Anti-Money Laundering for Financial Services courses.

Source: CNA, Asiaone


OzHarvest CEO CookOff 2018

On March 19th 2018, Managing Director, Julian Fenwick will be swapping the usual high pressure meetings for a high pressure kitchen, to take part in the OzHarvest CookOff. A fantastic cause which highlights the crucial issues of hunger, homelessness and food waste, and puts Julian under pressure in the kitchen!

Julian will be joining 100 companies and some of Australia’s top chefs as they team up to cook and serve delicious meals to over 1,100 vulnerable Aussies and raise much needed funds for Australia’s leading food rescue organisation, OzHarvest.

We would love your support to help reach our fundraising goal of $10,000 which will help OzHarvest deliver over four million meals to Australians in need.
To donate, simply go to our fundraising page and click ‘sponsor me’ or ‘donate’. Whether you donate $5 or $500, every dollar counts and will go a long way to help the most vulnerable people in our community.