The Institute of Enterprise Risk Practitioners (IERP®) is the world’s first and leading certification institute for Enterprise Risk Management (ERM).

Image Alt

IERP® International Institute of Enterprise Risk Practitioners

  /  Interview With Practitioners   /  Interview with Dunstan Maurice, Group CRO, GHL Systems Bhd

Interview with Dunstan Maurice, Group CRO, GHL Systems Bhd

It may be argued that Dunstan Maurice was already well into Enterprise Risk Management even before he accepted an IERP invitation to speak at one of its conferences. A seemingly natural aptitude for ERM made him the ideal person to develop and spearhead the risk management function for GHL Systems Berhad – no small task, considering that GHL, a payment service provider, has offices in Australia, Cambodia, Indonesia, Malaysia, Philippines and Thailand, and processes over RM1.5 billion in payment transaction value every month.

As its Group Chief Risk Officer, all GHL’s value-added services, payment network solutions, consumer loyalty products, prepaid solutions, Internet payment processing and purpose-built backend merchant applications come under his purview. GHL’s core operations is its third-party acquiring business, also known as transaction payment acquisition (TPA). GHL facilitates merchants’ acceptance of e-payments and transactions via its terminals through its partnerships with global schemes, card payment acquirers, e-wallet issuers, telcos and billers.

The firm has worked with some high-profile clients like CIMB Bank, MyDebit, Global Payments Inc and Bangkok Bank for card payment services, as well as next-generation payment services such as Touch ‘n Go, Alipay, Beep and WeChat Pay. For CIMB Bank, the firm acts as a Third-Party Acquisition (TPA) which enables merchants to accept payments from various international card associations.

For Amanah Ikhtiar Malaysia (AIM), the firm established cashless collection electronic payment infrastructure to enable AIM’s clients to make regular loan repayments through 5,000 service centres and terminals nationwide. For budget airline Firefly, GHL integrated the airline’s booking system with a range of banks, allowing it substantial savings in time and costs.

There were no ERM systems in place when he took up the position, he says, but “We did have an operations risk process which used a “check list” method.” Then came the IERP invitation, and things started to fall into place. But even with the availability of the expertise to establish the necessary processes, it has taken three years to establish a framework that really works for his organisation.

“The process involved getting the buy-in from senior management and the Board, before getting the other employees, like the Heads of Department, to understand ERM,” he said, adding that he introduced the Operational Risk model as it was the most appropriate for GHL’s business model, which was operations- and sales-centric. “I also had a supportive Group CEO who was receptive to the implementation, and an experienced Board Chairman who understood the importance of implementing the framework.” His Malaysian team also underwent a Strategic Risk programme with IERP, which produced greatly encouraging results. “Their level of understanding improved tremendously,” he said. “The team developed its Risk Registers, which were later applied to GHL’s operations in other countries.”

Taking this approach, he found, was key to successfully developing an appropriate organisational risk culture for GHL’s employees which number more than 1,000. Despite the extensive responsibility for risk across the organisation, Maurice operates a small unit – just three people, including himself. But the work is detailed and ongoing. “A typical day starts with the review of the follow-up items from the RCSA and ITSA,” he said. “There may also be multiple engagements with business units to discuss their respective risks and mitigative measures. Then there’s reviewing of new business risks for the group as a whole.”

Despite his previous work experience with risk, and his focus on ERM now, he finds that challenges still abound. “Previously, my role was one of managing merchant performance risk,” he explained. “The challenges now are different because ERM is holistic.” But there are other considerations as well. Even with a framework firmly in place, he frankly admits that alignment of risk management where all units in the organisation are concerned is still a work in progress. His responses show that he recognises that there are definitely more challenges ahead.

 

What were your initial reservations about ERM?

Getting the buy-in from the Board and senior management.

 

What have been your greatest challenges with regards to ERM in your present position?

Firstly, embracing ERM as a strategic tool rather than a fault-finding tool, and secondly automation.

 

From your perspective, what is the biggest ERM challenge facing your industry?

The introduction of new regulations in the payment space. As a non-financial payment facilitator, we are either missed out or burdened with having to implement regulations that are meant for financial institutions, leading to overkill.

 

What pitfalls should organisations be aware of, when implementing ERM?

Implementing it as a paper exercise just to fulfil the criteria. When implemented effectively, ERM can bring great focus to the organisation, and improve revenue.

 

What kind of ERM training do you recommend for non-executive level staff?

Strategic Risk training is ideal for all employees.

 

In your experience, how long does education, awareness and training have to be implemented before a viable risk culture develops?

About three to five years. It also depends on the receptiveness of the management and staff of the organisation where it is being implemented.

 

In addition to awareness and education, Maurice believes that for ERM to be more comprehensively and quickly adopted, there needs to be some sort of regulation that requires it, and industry players have to come together to encourage it. He acknowledges that budget constraints are always the most difficult to deal with but advises a practical approach when trying to mitigate risk. “Implementation also needs to be followed up with monitoring,” he stressed. Also, industries themselves have to take it up. Firms must want to do it, if it is to be workable and successful. There needs to be internal and external cooperation, and open channels of communication.

“When the ERM framework was developed, the objective was to ensure that there would be no silos,” he explained, referring to the GHL environment. “All similar functions, sectors and departments have been grouped for better alignment. We haven’t reached perfection but compared to where we were three years ago, we’re getting there!”

    Name (required)

    Email Address (required, business email address only)

    Mobile Number (required)

    Company (required)

    Designation (required)

    Preferred Contact Method: (required)

    CallEmail

    What is the biggest challenge in your job/industry

    Which modules are you interested in? (required)

    Managing ESGMechanics of ESGEnterprise Risk Management

    Message

      Name (required)

      Email Address (required, business email address only)

      Mobile Number (required)

      Company (required)

      Designation (required)

      Preferred Contact Method: (required)

      CallEmail

      What is the biggest challenge in your job/industry

      Message

        Name (required)

        Email Address (required, business email address only)

        Mobile Number (required)

        Company (required)

        Designation (required)

        Preferred Contact Method: (required)

        CallEmail

        What is the biggest challenge in your job/industry

        Which modules are you interested in? (required)

        Evaluating Risk and Internal ControlCorporate GovernanceEstablishing a Cybersecurity FrameworkEnterprise Risk Management

        Message

          Name (required)

          Email Address (required, business email address only)

          Mobile Number (required)

          Company (required)

          Designation (required)

          Preferred Contact Method: (required)

          CallEmail

          What is the biggest challenge in your job/industry

          Message

            Name (required)

            Email Address (required, business email address only)

            Mobile Number (required)

            Company (required)

            Designation (required)

            Preferred Contact Method: (required)

            CallEmail

            What is the biggest challenge in your job/industry

            Which modules are you interested in? (required)

            Digital Risk Management and DisruptionMechanics of CyberSecurityEnterprise Risk Management

            Message

              Name (required)

              Email Address (required, business email address only)

              Mobile Number (required)

              Company (required)

              Designation (required)

              Preferred Contact Method: (required)

              CallEmail

              What is the biggest challenge in your job/industry

              Which modules are you interested in? (required)

              Evolution of BCM Standards, Policies and FrameworksBIA & BCMS Frameworks and StrategiesRisk, Sustainability, Metrics and Crafting Effective Business Continuity Plans

              Message

                Name (required)

                Email Address (required, business email address only)

                Mobile Number (required)

                Company (required)

                Designation (required)

                Preferred Contact Method: (required)

                CallEmail

                What is the biggest challenge in your job/industry

                Which modules are you interested in? (required)

                Emergency Preparedness, Response, BC Awareness and trainingBCMS Performance, Metrics and Audits, Disaster Recovery Plans and Lean MethodologiesCrisis Management

                Message

                User registration

                Reset Password