Matt, thanks so much for joining us today.  

Thank you for having me.

Your career path has taken quite the journey - from law enforcement to insurance, real estate, and now fintech sectors. What initially drew you into the compliance space? As you reflect on key highlights and defining moments along the way, were there one or two experiences that really shaped your approach and perspective in your current head of compliance role?

I spent six years in law enforcement before transitioning to the insurance sector, working as a fraud investigator handling claims validity for a vehicle insurance provider. It was a fixed-term position, but during that time, I was approached by the Michael Graham estate agency group dealing with high-end properties in the Midlands area.

I joined them as the compliance officer, tasked with modernizing their rather outdated practices. This coincided with changing anti-money laundering (AML) legislation and new ID&V requirements coming into effect, so getting prepared for that was my initial focus. They also had a financial services arm handling mortgages and lending, which I managed compliance for as well. Over time, I was promoted to oversee the strategic compliance alignment as well as operations management for the entire business. I built solid foundations and processes to enable monitoring and oversight before departing in 2018/2019.

My next role was at a proptech startup creating an innovative shared ownership model for purchasing property. I was their first dedicated compliance hire, responsible for building out all the processes and oversight essentially from scratch, under the CFO's umbrella. It was an incredible opportunity to be part of rapidly iterating a new business model and product that hadn't really been done before at that stage. That role really exposed me to the fast-paced nature and some of the chaos intrinsic to the startup world, compared to more conventional corporate environments.

I was there for about a year before some funding issues arose. It ended up being an interesting mix of a true startup combined with semi-corporate oversight since they were venture-backed by Volkswagen. Despite those complexities, I established the initial compliance team and laid the groundwork for their processes during my tenure.

That overall experience ultimately led me to my current position at Hometree, where I oversee compliance across their multiple business lines simultaneously.

With such diverse compliance experience across industries, I'm curious - what does a typical day look like for you now as the head of compliance?

It's an incredibly varied role, really stemming from the startup nature of the business itself. A significant portion of my time is spent creating and iterating on the compliance processes themselves, fleshing out that governance framework. I regularly liaise with external parties that provide advisory support services to us. We also have an appointed representative that provides the licensing and permissions for our insurance business line, so I manage that relationship as well.

A key part of my responsibilities is developing a comprehensive strategic compliance package that can evolve and scale appropriately as we grow. That includes nurturing relationships with key third parties. However, a major internal focus is fostering a true culture of compliance mentality throughout the entire organization.

I dedicate a considerable amount of effort to supporting teams across all levels - even relatively junior employees will come to me with specific customer situations asking "Where do we stand if this happens?" and seeking that guidance. Things are quite dynamic; you can meticulously plan your week on Monday, but inevitably three or four new priority projects get spun up before it's over.

One area consuming a ton of my bandwidth currently is the FCA's new consumer duty regulations that just rolled out. Ensuring our product team and others are fully equipped to address and properly implement those new requirements has been crucial.

With compliance being such an ever-evolving domain - from changing regulatory mandates to disruptive new technologies - how do you stay ahead of the curve? What strategies and resources do you rely on to continually update your knowledge and skills across both fronts amidst all the industry shifts?

I'm quite fortunate to have maintained a strong professional network from previous roles, including relationships with numerous regulatory solicitors. They're great about letting me join in on internal training sessions with their teams, facilitating valuable knowledge sharing.

On the technology side, it's a saturated landscape with seemingly every vendor claiming their solution can solve all your compliance needs. If I check my LinkedIn inbox, I probably have at least 3-4 unread messages at any given time from tech companies making those promises. It's about cutting through the noise to implement tools and systems suited to each specific business' needs. There's no one-size-fits-all, because what works wonderfully for one company may utterly fail to move the needle at another.

I think horizon scanning and keeping a pulse on emerging trends and developments is just critical. The AI advancements we're seeing currently are really fascinating in that while AI won't magically solve everything, it does open possibilities for leveraging technology to handle more basic compliance tasks and workloads. You must remain constantly vigilant.

Additionally, I try to look beyond my own niche domain. Even if solutions being pioneered in other areas like consumer credit risk or insurance compliance don't directly apply, they could set you along the path toward identifying the right tool or approach for your own objectives. There's a lot of cross-pollination of ideas that can spark innovation.

Proper utilization of any technology is also highly dependent on adequate training and change management. You can implement the most brilliant tool, but if people aren't fully bought in and upskilled on how to properly leverage it, you'll just have an expensive box sitting there collecting dust.

How do you position and frame the compliance function itself? As more of an enforcer playing defence, or as a strategic advisor enabling the business? Walk me through your approach for engaging teams like product and engineering to embed compliance more holistically throughout the lifecycle.

I think as the leader of the compliance operation, the core responsibility is truly to lead - you can't just be a sounding board there to react to others' decisions and plans. The way I frame it, there are two key streams of compliance:

The first is compliance as an oversight mechanism. These are effectively the guardrails and red lines that cannot be crossed because doing so would constitute a regulatory breach. You must be prepared to push back and steer the business away from those prohibited areas.

However, the other critical stream is positioning compliance as more of an advisory service deeply embedded throughout the organization. My role isn't just creating that oversight function, but proactively integrating myself cross-functionally, whether that's becoming part of the product team itself or the HR team or the sales/marketing squad.

For instance, when product is gearing up to build out a new feature or offering, there's an established culture and understanding that one of the very first steps is to consult compliance. To have an open dialogue about the hypothetical - "Here's what we're considering, let me walk you through it. What are the things we can do? What are the no-go areas we should avoid? And why?"

Once you're able to build that trust, even with teams that have historically been sceptical of compliance being this blocker or preventative measure, it gets easier. If you can implement that "yes, if..." mentality rather than it always being a blanket "no because..." people are much more willing to embrace the collaboration. It prevents scenarios where the house of cards gets built practically to completion before compliance gets looped in as an afterthought. Then you're in the real tough spot of "Uh oh, we have to start undoing all of this work because of factors that were overlooked."

Yeah, that collaboration is key. I did want to follow up on the point you made about AI and new regulations like consumer duty. Can you give any examples of how you've worked to marry new compliance requirements with innovative technologies while still enhancing the end customer experience?

Funding and capital allocations are always a tricky aspect to navigate in the fintech world. Certainly, I could go out and purchase suites of dedicated compliance software that may make my life operationally easier on one hand. However, that investment thesis often ends up stacking up poorly against other priorities competing for budget, like ones the commercial teams have identified as clear revenue-generating opportunities.

So compliance unfortunately tends to get deprioritized in those crunch time scenarios. Instead of procuring best-in-class tools, you end up having to be scrappy and make do with low-cost options like using Excel, Google Sheets, and manual processes. It's not as efficient, but at least has a relatively low operational expenditure footprint.

Where I think AI capabilities could come in handy, especially for something as data intensive as addressing consumer duty compliance, is having systematic processes dynamically analysing and reporting on our own internal data streams. Rather than having analyst teams spending weeks manually compiling all the underlying information into reports and presentations, you could have AI models detecting relevant datapoints across all your inputs, then surfacing all the critical insights upfront in an intuitive dashboard.

That's essentially the direction I've been exploring - how can we leverage AI and automation to streamline the reporting and analysis without stripping out the human judgement aspect? If we can create continuously updated reporting that automatically pulls data from each source system across the organization and acts as a centralized hub, it could free up team capacities significantly. It's tricky because even a 20-page consumer duty report may not get properly prioritized when the commercial squads are hyper-focused on just shipping product and revenue goals instead.

It's really insightful to hear how your compliance approach had to differ depending on the specific companies and industries you've been a part of. Could you expand on how you adapted your strategies for firms like Wayhome and Michael Graham compared to some others?

Yeah, that's an interesting point to dig into. Even though Wayhome and Michael Graham were both operating in the broader property sector, the compliance considerations and requirements were quite far apart from one another.

With Wayhome, the shared ownership model they were pioneering was fundamentally an alternative approach to typical mortgage financing. Even though it didn't neatly fall under an existing regulated product category that the FCA handbooks covered, we essentially had to treat it with the same due diligence and broad interpretation as if it were a regulated mortgage product itself since it enabled that property ownership transaction.

We had to take an expansive mindset in structuring the compliance framework. Then you layered on the added complexities of it being a venture capital-backed firm, which meant strict adherence to various funding agreements, obligations, and approval processes from those investors.

On the flip side, within the Michael Graham estate agency environment, the regulatory landscape was much more static and clearly defined. The core relevant laws we had to comply with, whether anti-money laundering protocols or ID/KYC verification checks, were largely long-standing requirements that had simply evolved gradually over time as incremental updates were issued.

With an established firm that had been around for decades, it was more of a straightforward case of "We must implement these foundational practices because these are what the laws and codes explicitly state." There tended to be less organizational resistance to adopting changes provided they represented relatively low-cost adjustments.

Whereas in that VC-backed startup context, you were constantly having to build pragmatic business cases and prioritize based on calculated risk appetites. Rather than immediately pursuing an "implement all of the things!" approach to risk mitigation, it was about taking a step back to identify the three most critical areas out of ten potential issues, for instance. Then focus on developing thorough oversight and controls around those highest priorities first, given how limited resources would be in a rapid growth environment.

It's the difference between dealing with an entity trying to disrupt an industry in an uncharted manner, versus one that simply needed to keep current with evolutionary updates to governing mandates that had been in place for many years prior.

For someone just embarking on a compliance career today, what wisdom or guidance would you pass along that you found particularly valuable over the course of your own journey?

I think the biggest piece of advice I would give is never underestimate the importance of the commercial aspects of the business. To be an effective compliance officer or manager, you need to deeply understand the business aspects first. Learn those skills before layering the compliance side on top. If you go in blindly enforcing compliance as the be-all and end-all, ready to stop the business in its tracks, you'll only foster resentment and avoidance of the compliance team.

Instead, find commercially viable practices that enable compliant operations suited to the company's current size and stage. You must be versatile - able to provide formal compliance guidance but realistic about what's achievable given the business' situation and priorities. If it's a ten-person startup pursuing aggressive growth in a regulated sector, you must be pragmatic about your accomplishments.

Essentially, don't undervalue the commercial acumen that strengthens compliance roles. And network extensively within the compliance community. You'll inevitably face scenarios you haven't encountered before. Having a sounding board of others who can share their approaches is invaluable in a field that's never stagnant.

Those are fantastic insights overall. I appreciate you taking the time to share your experiences. The thoughtful balance you articulated between business pragmatism and regulatory rigor is really refreshing.

Thank you, it's certainly been my pleasure.

‍