1. Tell us about your role. What are some of the key responsibilities you take on daily?

I’ve been with Cromwell for 18 months – and stepped into a newly created role as Cromwell’s first Australian designated head of risk. I’m responsible for our enterprise-wide risk management and compliance functions, especially relating to our AFSL obligations. Essentially, this links to ensuring our investors have the right level of protection; ensuring that all our regulatory risks are managed; and that we’re compliant where we need to be.

It’s a broad remit – because risk is present in everything that a company or individual does. You can’t silo off risk to one side because, at the end of the day, we all manage risk – from choosing to cross a road; or whether we holiday overseas; or whether we choose to invest in certain products or with certain companies. When you strip it all down, managing risk is about making good decisions, and part of my role is to assist people to do that. Our frameworks and policies are designed to support informed decisions, so that the right information is included; the right people are part of the process; and that we do things in a timely way. Similarly, being able to see the impact of that decision is important, as is being able to quickly change tact, if needed.

I really enjoy my role, because it draws together a number of functional threads. This allows us to think about risk and compliance as more than just a ‘tick a box’ exercise. Embodying good risk management leads to better decision making; it includes always being ethical and focused on the right considerations, including ESG and risk factors in our actions. Above all, we want to make sure that our investors’ interests are protected – and that our products and services reflect that priority.

2. How do you make sure that risk management at Cromwell is a day-to-day process?

It’s a mix of a ‘top-down’ and ‘bottom-up’ approaches. It starts with our Boards thinking deeply and often about the key risks that lead us to unexpected outcomes, and how much and what type of risk they decide we should take, in executing the business strategy. On the other side, we also engage with our people and include a bottom-up aspect. Everyone in the business manages risk in their individual roles, so it’s important that we consider risks at every level.

Ultimately, making risk management come alive day-to-day requires exploring the psychology of risk – it’s a fascinating topic. Managing risk largely involves humans, who all think, behave, and react differently. Trying to understand the risks that you may not see, because you have a particular bias or different set of experiences, very much requires a psychological approach.
We invest in property – bricks and mortar – but it’s ultimately our people that make us strong, and it’s up to us to make sure they are supported in doing their best work because we all want great outcomes for our investors.

3. Looking back, how did your career in risk and compliance begin?

I took a job as the first in-house lawyer with a small financial institution in Brisbane many years ago.

I’m fortunate that my role there expanded rapidly. In addition to the legal and regulatory function, I was managing multi-disciplinary teams, including securities and mortgage production; adding company secretarial and governance functions; and our financial planning business was restructured and expanded, requiring a wider remit. At the time, the regulator, APRA, was implementing changes to ensure financial institutions prioritised risk management and required licensees to have a dedicated risk management function with direct reporting lines to boards.

Before that, I was an ‘escapee’ from about 15 years of private law practice. For me, it was often frustrating to provide legal advice in a private firm environment – as it can be difficult to get under the hood of a business; you may not understand why decisions are being made. Sometimes it feels like you’re looking in through the window, rather than being in the action. I’m an extrovert, so I enjoy engaging with people and I was always drawn as a lawyer to explore the context and inner workings of clients’ businesses to make sure any advice is practical well as being legally correct.

I enjoy being part of a business; being not only an advisor but also understanding and creating strategy and implementing it. Of course, being a lawyer, regulatory stuff is interesting for me, so that’s set me up well for my current role. I do genuinely love the work that I do.

4. There have been some very public privacy/data breaches in some very large organisations recently, how does Cromwell manage risk and protect our investors? How do we minimise the chance of these kinds of hacks happening to us?

It’s about making sure that we have the fundamentals right first, which includes having strong processes and mechanisms to make our systems sound. At Cromwell, we have a three ‘lines of accountability’ approach to ensure that everyone in the business manages risk, knows their role, and that there is checking and testing to give assurance, as well as to help us continually improve.

The first line of accountability are our teams performing their roles – from creating products and providing services, dealing with investors, managing IT or accounting functions – and managing the risks relating to their role. As a risk and compliance team, or in ‘line 2’ we provide expertise, support and consider how our people can have the right boundaries and steps in place to comply with laws and manage risks.

We also make sure the right framework is in place to enable the Board and management to oversee performance and know when there are concerns. To help us monitor risk levels, our team also performs independent tests and investigations and assist managing issues.

An extra layer is the third line. This involves Cromwell obtaining independent and objective assurance, mainly via external professionals such as auditors, consultants, or certifiers. As well as meeting regulatory audit requirements, we consider particular areas of risk – cybersecurity is a good example – that are so important that we obtain extra assurance from experts to do a review or deep dive to identify if and where we should make changes; to benchmark ourselves and continually improve. So, our three lines approach defines accountability and includes focus on aspiring to always enhance our business.

5. What are some changes or shifting attitudes/trends that you currently see playing out in the governance, risk, and compliance sector?

Change, and the speed at which it occurs are the standout factors.

We know that change is constant – there will be property cycles, interest rate rises, pandemics and other headwinds – but being able to trust in your people; give them the tools to perform their roles well; and have the right framework in place to navigate unpredictability all helps in responding confidently. By definition, managing risk is responding well to impacts – both positive and negative – on the achievement of goals, so uncertainty is inherent in that. You must be comfortable with navigating uncertainty, which can be difficult, and be prepared to adapt to suit.

6. How is Cromwell responding to the growing importance of ESG for both investors and tenants? Is it a case that ESG is now as important as all other business considerations, do you think – and how do you see businesses adapting to this changing stakeholder sentiment?

Cromwell has always prioritised ESG factors as part of its business and Cromwell’s previous work in sustainability was one of the reasons I was attracted to this role.

Including ESG factors in decision-making and business processes is part of managing risk well. It’s not really that ESG of itself is as important as all other business considerations, because ESG issues, being so wide and varied, are part of all of our decisions and activities.

It’s been exciting to be closely involved in reviewing Cromwell’s forward ESG pathway including refreshing our ESG Strategy. I’ve been so impressed that everyone at Cromwell – from the Board to our people – are actively engaged, enthusiastic, and committed to playing our part in responding to critical issues, including climate change and decarbonisation. I am proud that this enthusiasm has been matched with authenticity, so that a thoughtful and pragmatic approach is taken when setting our goals. We’re about to release our ESG Strategy shortly.

While there’s a growing importance placed on ESG by investors, it’s also important for our people, just as it is important for our communities and society generally. Our response to the growing awareness of environmentally conscious investors must focus not only on reducing harm but equally, on contributing positively to the broader societal response to these urgent issues.

7. Where would you like to see Cromwell’s ESG strategy in five years’ time?

I’d like to see that we don’t talk about ‘ESG strategy’ at all, we just talk about strategy – because it’s integrated in every part of the business, and the outcomes we seek financially, from risk management and from environmental, social and governance related goals become more ambitious over time, are consistently achieved.

8. What’s the benefit of taking an ESG-centred approach to our investors?

The community, and the world more broadly, expects more to be done in the ESG space – so, we must constantly strive to do good and be better. From an investor perspective, financial returns are of course an imperative. Ensuring that our investment approach includes ESG issues is also part of managing physical risks to assets, such as potential climate and weather impacts. The steps we take to future-proof our buildings may also result in reduced operational costs from infrastructure that is aligned positively with environmentally positive initiatives, e.g., using solar power and implementing energy efficiency upgrades. Because ESG factors will also shape and influence the value of real estate in the future, considering ESG may become increasingly important as a potential value driver in future investment decisions and impact return outcomes.

9. What do you enjoy most about your role?

The variety of work resulting from my role is hugely stimulating but most importantly, being able to link together various issues and make them simpler and more understandable is rewarding. Undoubtedly though, it’s the people at Cromwell that make my role enjoyable. The talent and experience within the Cromwell team is incredible, but it’s a bonus that they are genuinely great humans and colleagues as well.

10. What do you do to relax? / How do you spend your time outside work?

Home’s really important to me and, like many people, COVID-19 reminded me of the importance of family and trying to get the balance between work and play right. My husband and I enjoy escaping to our pad at Kings Beach when we can, with our daughter and dachshunds, Frank and Connie, in tow. We’re also currently making up for lost overseas travel time, with a couple of quick trips this year. I’m addicted to true crime podcasts, good books and, so far, I’m yet to meet a champagne I don’t like.

Between all of that, I do try to contribute to the greater good. I’m a director on several not-for-profit boards, including YMCA Brisbane. I am also on the board of Mercy Partners, who is the overall governance body for some hospitals, schools, and community service businesses. The work that these incredible companies do is something I’m very proud to play a small part in. Importantly, these opportunities give me opportunity to continue to learn and expand my own skills which, hopefully, makes me a better Cromwell team member.