Mitigating risk — by “doing the right thing”

Being “ethical” is not just about conforming to any applicable rules and regulations. It’s about doing the right thing, simply because it’s the right thing to do. And if you don’t, it’s likely to cost you in the long run.

This is a key takeaway from the keynote by Shefali Roy, a veteran investor and economist, at Dun & Bradstreet’s Power of Data event.

“It’s always hilarious to me when compliance is part of a conversation about businesses and returns, because I think most businesses are always so wary of compliance and ethics,” Roy notes. However, she is quick to stress that this is no laughing matter. “79 percent of people say that they are very concerned about how companies use their data. But also, 45 percent of those said that the government should regulate how data should be used. So now we as consumers are pushing it back to the governments, pushing it back to say: regulate!”

However, this doesn’t absolve private entities of responsibility. Roy uses a staggering statistic to illustrate the value, and potential cost, of ethics — or lack thereof. Namely, the fact that an average financial services employee has access to 11,000,000 records. “This statistic really shook me up. One financial services employee — one! — has access to 11 million records. That’s really crazy. If 11 million records can be accessed by one person, you need to have very, very good controls.”

But more than that, it highlights the subject of personal ethics. “What is the ethic of that one person? And here’s the thing, I’ve been in compliance for 20 years, I’ve worked at Apple, at Goldman Sachs, at Stripe — and I can tell you this: no policy, and no process, and no online training, is going to make someone who is unethical ethical.”

In other words: if someone offers a financial services employee 5 million dollars in exchange for access to personal records, and the employee in question happens to be inherently unethical, the ethics of their employer is not going to dissuade them from accepting the offer. As Shefali Roy puts it: “You cannot unthief a thief.”

What the employer can do is strive to nip the problem in the bud. “This goes back to: who are you hiring, what kind of people are you hiring in your businesses? And what types of checks and balances do you have in place to make sure these sorts of things don’t happen?”

Preventing data breaches that expose the personal information of customers is an urgent, and complicated, issue. These breaches are hugely damaging, as they undermine trust in companies’ ability to safeguard personal data required to uphold AML and KYC protocols. In order to acquire this data, organizations must show that they are able to handle it in a reliable way.

About Shefali Roy

Shefali Roy is an Angel investor and invests globally in startups at the pre seed, seed and A rounds in companies building products in Fintech, the Creator Economy, FemTech, and the Future of Work.

She was the Chief Operating Officer and Chief Compliance Officer of TrueLayer till September 2020, and was an early employee at Stripe where she was their Chief Compliance Officer and MLRO for Europe, and responsible for the licensing, regulatory oversight including risk, and compliance of Stripe’s operations in Europe. Prior to Stripe, she led compliance, business conduct and risk across Europe, the Middle East, India and Africa for Apple, was the Chief Compliance & Ethics Officer for Christie’s worldwide, and was responsible for private wealth compliance for Goldman Sachs across Europe and the Middle East. (Source:

A dive into the power of data across Europe

New Report is out

The Future of Data 

Read the report here