Latest Products

From the Archives: A more diverse GRC

Friday 20 November 2020

Originally published in the December 2017 Edition

 An interview with Michelle El Khoury Michelle El Khoury, Group Insurance

Michelle El Khoury, Group Insurance Governance Manager for AIA, was presented with the David Squires Memorial Student of the Year Award. GRC Professional caught up with El Khoury following the conference to speak about the ever-growing pool of knowledge in the risk management space and the hope for greater gender diversity in senior risk and compliance positions.

David Squires was one of the early founders of the GRC Institute. At the Gala Dinner on the first evening of the 21st Annual GRC Institute Conference, Naomi Burley, Managing Director of the GRCI, described Squires as an immensely passionate man dedicated to promoting the value of compliance and of professionalising individuals to carry out that mission on behalf of their organisation. “He was a huge driver behind our regulatory relationships and the development of accreditation frameworks,” Burley said. On receiving her award, El Khoury said that when she started at AIA, she never imagined she would be where she has found herself now. “I have paved the pathway for a career I truly love and am passionate about,” El Khoury said.

Tell me a little about your career path
I was going to say I was relatively new to financial services but perhaps that is not quite true. My background has always been in operations, customer service and people leadership, working at various Telcos and different service providers. Six years ago, I joined AIA and that was my first official introduction into financial services and the insurance world. It is fair to say I came into it knowing absolutely nothing, and I continue to learn something new every day. I started at AIA in a Policy Service Team Leader- Role and quickly joined another team being formed at the time. This took me outside of my previous experience, stepping away from people management and joining our Transformation Team. This new role gave me an introduction into compliance & risk management and enabled me to support the business by managing their various risk and compliance activities. Since this time, the role has grown rapidly into the one I hold today.

So it sounds like your path has been combination of accident and deliberation.

I never really anticipated a role like this. When I started, I had a basic understanding of what risk and compliance was but didn’t really know what kind of roles were available or what those roles did. I think through the initial career change I’ve had those insights and opportunities and then it became more deliberate after that. My role as Group Insurance Governance Manager is to lead, own and be accountable for all Group Insurance matters relating to Risk, Compliance and Governance, including customer complaints and Trustee administrator reviews, which keeps very busy! Embedded in the first line, I work very closely with the second line to ensure my team and stakeholders are well placed in the management of these activities. Further I work closely alongside an internal network of embedded (within the business) risk champions, who, like me help to safeguard the business.

It sounds like this is an ever-developing process for you

I think there is always a new challenge, particularly when people are involved. When you have people and manual processes there is always an opportunity for things to go wrong. Human behaviour can be tough to change and is challenging to keep on top of. I think it’s easy for risk and compliance professionals to get caught up in the ‘doing’, and that’s not really the crux of the role; it really should be about that oversight that support, that guidance that encourages the first line to take ownership and be accountable.

During your acceptance speech, you said you look forward to the risk landscape changing, which is interesting as recently, someone said changing landscapes were a source of great stress due to that evergrowing to-do list.

The last 18 months have been a challenging time for the sector. There has been a lot scrutiny in the news and in the media about financial services, perhaps rightly so. This spotlight and lens will likely continue to change the landscape. The industry has made some significant progress around member protection, the development of the FSC Life Code for example. I’m looking forward to seeing further progress. I think the perception and recognised value that risk and compliance teams offer is changing. These are becoming less frequently seen as policing roles but rather an important support role for teams to utilise. Risk and compliance professionals play a critical role—sometimes even more critical than revenue generating roles.

What has been the greatest challenge in your role?

Influencing people, getting them to buy-in to what I need them to do and understanding why. Compliance and risk management can’t be about telling them—it’s about helping them to understand that we have to do certain things, and the processes and checks are important because these days, it is simply a way of doing business. The real challenge comes in trying to manage that mindset, especially when you have big organisations, with people who come and go, including the people leaders.
What has been your proudest moment?
Winning the award, of course! Look, there are too many to name, but I have had some wonderful opportunities at AIA. I’ve been fortunate to have a secondment in Malaysia for a few months to support our shared services team, and I’ve received a number of nominations for various different things. It’s slightly cliché, but I think the proudest moment of all is becoming a mother. Being a parent really puts things into perspective for you! Certainly, it has allowed me to be more relaxed or more inclined to take risks that perhaps I wouldn’t have taken prior to becoming a parent.

The thing that stuck out in your acceptance speech is when you said, “I hope, like many young women in the industry, that we can help lead the way for the next generation.” I think that this stuck out because Penni James from Compliance and Risk Executive Woman (CREW) was also there, and her group plays a critical role in creating that space for networking and the free sharing of ideas. So what is your hope for the future for risk management and GRC?

Actually, I just reached out to Penni to join her CREW team, but really, it comes down to diversity— risk and compliance really does have some great gender diversity, but as you start to look more at senior roles, it seems more often than not there are less and less females leading teams. While compliance is an area heavily dotted with female representation, it seems to drop off the higher up the ladder you climb. I am keen to see more people like Penni James— that is, more women leading enterprise risk teams and being senior risk professionals. Growing the gender balance in those senior roles, certainly for women who hope to be in senior positions one day, is always a strong step towards encouraging empowerment.

What has being awarded the David Squire Memorial Student of the Year Award meant to you?

Completely unexpected, but the recognition is awesome! I did this course shortly after coming back from maternity leave, and I was doubting myself a bit after being away for almost 10 months and thinking, “Is this really right for me?” And, “Do I really understand risk and compliance?” As an area, it’s not quite text-book in a lot of ways. It’s open to interpretation in some respect, so the recognition really gives me that stamp of approval. More importantly, I feel encouraged to keep striving for more. I am not satisfied with just where I am now. So the award recognises that I do have a knack for these things and, hopefully, a skillset that will allow to me to grow into other roles.

What advice would you give to emerging GRC professionals?

Don’t be afraid to ask questions when something doesn’t feel quite right. Constructive challenge is, I think, an important factor in these types of roles. However, this needs to be underpinned by trust and good relationships with your internal stakeholders; otherwise, you start to fall into that kind of policing territory. I think being able to build good relationships provides a sound foundation from which pose those constructive challenges and questions. Don’t be afraid to be an advocate for the customer, and whoever the consumer may be