Four senior compliance practitioners offer a glimpse at the technology journey of their companies, from receiving resource support to new tech implementation and ongoing due diligence. Today’s question:

Q: Describe due diligence at your firm during Year 1 of implementing new tech

Meet the CCOs

Emma Bredin


Chief Compliance and Ethics Officer

BNY Mellon

Years in compliance: 18



Ilona Niemi


Chief Compliance Officer

The Co-operators Group Limited

Years in compliance: 10



Shelley Schachter-Cahm


Chief Compliance Officer

Years in compliance: 10



Eric Wilson


Director of Compliance

Helmerich & Payne

Years in compliance: 11



DISCLAIMER: The views reflected by the practitioners quoted are theirs alone and do not represent the views of their companies.

EMMA BREDIN: The first year is critical in assessing the success of implementing a new technology. While a great deal of due diligence is carried out pre-production, it is imperative with any new technology that we continue close monitoring and regular testing, especially in those first 12 months as the system is being embedded in [business as usual]. This is an iterative process which must be aligned to the risk of the new technology and its scope across the business.

Also, when working with a vendor, effective partnership is crucial in the implementation phase when working in an agile environment to customize or configure a product to meet our needs. Once a steady environment has been established, we also have quarterly check-ins to understand the strategic roadmap and benefits of future deliverables in a core product. This is an agile approach to ongoing due diligence.


ILONA NIEMI: Given the evolving regulatory expectations globally, as well as business imperatives such as safeguarding client data, the criticality of auditing compliance technology vendors is ever-increasing. I believe an ongoing due diligence process is where the onus for managing risks and opportunities lies.

We use an annual review process to validate the previous risk assessment outcome for the vendor. Further, we rely on risk- and resource-based quality assurance processes delivered by all three lines of defense to gain insights into third parties and demonstrate our oversight.


SHELLEY SCHACHTER-CAHM: Sitting at the intersection of technology and finance has kept crypto in the regulatory crosshairs. As such, due diligence is an ongoing process. By conducting regular reviews of product effectiveness and remaining current within a fast-paced environment, we aim to streamline integration without breaking our white-glove reputation.

Remaining competitive in the ecosystem is essential. After evaluating a potential partner, we’ll work to implement a phased release within 3-6 months, with 6-12 weeks being optimal. If we interpreted trends correctly, our launch should anticipate projected user demands. From here, we fine-tune the product while keeping our ears to the ground.


ERIC WILSON: Continuous tracking of key milestone dates is critical to ensure our checks are checked and our balances are balanced. Additionally, we are committed to creating training documents to train users and, most importantly, implementing the technology according to our risk mitigation and control plan.