Mitigating risk — by “doing the right thing”

Being “ethical” is not just about conforming to any applicable rules and regulations. It’s about doing the right thing, simply because it’s the right thing to do. And if you don’t, it’s likely to cost you in the long run.

This is a key takeaway from the keynote by Shefali Roy, a veteran investor and economist, at Dun & Bradstreet’s Power of Data event.

“It’s always hilarious to me when compliance is part of a conversation about businesses and returns, because I think most businesses are always so wary of compliance and ethics,” Roy notes. However, she is quick to stress that this is no laughing matter. “79 percent of people say that they are very concerned about how companies use their data. But also, 45 percent of those said that the government should regulate how data should be used. So now we as consumers are pushing it back to the governments, pushing it back to say: regulate!”

However, this doesn’t absolve private entities of responsibility. Roy uses a staggering statistic to illustrate the value, and potential cost, of ethics — or lack thereof. Namely, the fact that an average financial services employee has access to 11,000,000 records. “This statistic really shook me up. One financial services employee — one! — has access to 11 million records. That’s really crazy. If 11 million records can be accessed by one person, you need to have very, very good controls.”

But more than that, it highlights the subject of personal ethics. “What is the ethic of that one person? And here’s the thing, I’ve been in compliance for 20 years, I’ve worked at Apple, at Goldman Sachs, at Stripe — and I can tell you this: no policy, and no process, and no online training, is going to make someone who is unethical ethical.”

In other words: if someone offers a financial services employee 5 million dollars in exchange for access to personal records, and the employee in question happens to be inherently unethical, the ethics of their employer is not going to dissuade them from accepting the offer. As Shefali Roy puts it: “You cannot unthief a thief.”

What the employer can do is strive to nip the problem in the bud. “This goes back to: who are you hiring, what kind of people are you hiring in your businesses? And what types of checks and balances do you have in place to make sure these sorts of things don’t happen?”

Preventing data breaches that expose the personal information of customers is an urgent, and complicated, issue. These breaches are hugely damaging, as they undermine trust in companies’ ability to safeguard personal data required to uphold AML and KYC protocols. In order to acquire this data, organizations must show that they are able to handle it in a reliable way.

“There will always be ethical challenges you face using data for a lot of purposes. Related to AML it is important to emphasize what our purpose really is.

Richard Atleen Go to Market Manager, SME Compliance Nordics at Dun & Bradstreet

That it is a common goal, which everyone has to contribute to — namely, to solve the global problems of money laundering and terror financing,” Richard Atleen, Dun & Bradstreet’s Go to Market Manager, SME Compliance Nordics, says.

Dun & Bradstreet has a broad range of solutions to ensure compliance and due diligence in every scenario where it is necessary — thus minimizing the risk of compliance breaches, or entering into business with unethical actors. “Just in the Nordic market, we have helped hundreds of customers with their first-line automated compliance solutions. We are constantly monitoring over 20 million consumers and 4–5 million companies, related to anti-money laundering and terrorist financing, for our customers.”

When asked whether companies have already grasped the importance of leveraging data to enable a more ethical way of conducting business, Shefali Roy is cautiously optimistic. “Yes, in some respects they have. Ethics is a spectrum. But when you actually put the dollar amount, the cost of non-compliance, then you have a very different conversation, where people say: ’Let’s do it because it’s the right thing to do, and it actually serves both our business and our customers.’ We now have a generation of consumers who actually care very much about the ethics of a business. Who care very much about: who am I doing business with? Are you ethical, are your thinking about climate change, are you thinking about sustainability? Where is your line in terms of doing things not just for the sake of doing things, but because it’s the right thing to do? When your consumer base changes, and they start asking these questions, I think we’d better have answers. And we certainly need to have answers that are much more evolved than what we’ve had in the past.”

In the grand scheme of things, Shefali Roy concludes, “who you are as a human being should determine who your company is. Because, like everybody says: businesses and companies are all about people.”

About Shefali Roy 


Shefali Roy

Shefali Roy is an Angel investor and invests globally in startups at the pre seed, seed and A rounds in companies building products in Fintech, the Creator Economy, FemTech, and the Future of Work.

She was the Chief Operating Officer and Chief Compliance Officer of TrueLayer till September 2020, and was an early employee at Stripe where she was their Chief Compliance Officer and MLRO for Europe, and responsible for the licensing, regulatory oversight including risk, and compliance of Stripe’s operations in Europe. Prior to Stripe, she led compliance, business conduct and risk across Europe, the Middle East, India and Africa for Apple, was the Chief Compliance & Ethics Officer for Christie’s worldwide, and was responsible for private wealth compliance for Goldman Sachs across Europe and the Middle East. (Source:

A dive into the power of data across Europe
New Report is out
The Future of Data 

      Read the report here