www.toriglobal.com/insights/perspectivesCopyright TORI Global. All rights reserved. TORI Global, 62–24 Cornhill, London EC3V 3NH

Issue 8 | Autumn/Fall 2017

Following that, we hear some more from our new Head of Regulatory Compliance, Paul Jennings, although this time we get to know him with our 7 Things interview. These are always really fun to do and I love finding out things about people that you wouldn’t expect.

The final article in this issue comes from Chris Renardson. He provides a practical and applicatory piece on MiFID II. With over 25 years banking and consulting experience he is currently leading MiFID II projects in key clients.

Last but not least we fill you in on our latest fundraising initiative for CLIC Sargent. You won’t believe what we’re doing!

Whether you’re reading this on the tube or in the office, we hope you enjoy a little perspective…

Best Wishes

Katie LawtonEditor

Welcome back! This is Perspectives, our regular publication aimed at giving you a fresh view of enterprise.

INTRODUCTIONWelcome to the eighth issue of TORI Global’s ‘Perspectives’ magazine. Every quarter we cover issues and trends in the business world with insights and interviews from leading professionals in their industry. This time we’re focusing on Regulation.

We begin with an article from TORI’s new Head of Regulatory Compliance, Paul Jennings. He takes us through the current regulatory landscape covering GDPR, MiFID II, SMR and IDD. Paul has worked on the side of the regulator and now uses that experience to advise the regulated.

Next, we have an interview with the interim Head of Risk, Control & Audit at Prudential Global Data Services, Paul Greetham. We get his thoughts on the rise of RegTech and whether incumbents or challengers have the advantage when it comes to GDPR.

Thirdly, Dax Philbert, Head of Risk & Control for the Americas, writes about the recent Equifax data breach and the implications on the industry as a whole.

Issue 8 | Autumn / Fall 2017

I would love to hear your thoughts so please contact me with any feedback: katie.lawton@toriglobal.com

3

ContentsIntroduction 3Introduction from Editor, Katie Lawton

Regulatory Compliance: 4 State of the Nation Head of Regulatory Compliance, Paul Jennings, explores the current regulatory landscape

C-Suite Chit-Chat 8An interview with interim Head of Risk, Control & Audit at Prudential Global Data Services

Credit Rating Agencies and Digital 10 Regulation: Lack of Consumer ProtectionHead of Risk & Control (Americas), Dax Philbert, comments on the recent Equifax data breach

7 Things 14We get to know TORI’s new Head of Regulatory Compliance, Paul Jennings

MiFID II: Better Late Than Never 16Consultant, Chris Renardson, provides a pertinent reality check

Santa Skydive: 20 Jingle All the Way Down Our scariest fundraising event for CLIC Sargent yet!

TORI News 22

toriglobal.comFor more information about the content of this publication please contact us at:

info@toriglobal.com

TORI Perspectives is copyright of TORI Global and all rights are reserved. The contents of this publication may not be reproduced without prior permission. The opinions expressed by C-Suite Chit-Chat interviewees are their own.

With over 15 years’ experience in the industry, Paul heads up Regulatory Compliance for TORI Global. He has worked for the Financial Services Authority, two of the “big four” consultancy firms, and has held a number of senior positions at Société Générale.

REGULATORY COMPLIANCE: State of the Nation

By Paul Jennings

Monday morning, the Board meeting - Chairman: “Are we going to get across the line with all the regulatory requirements this year?

What about MiFID II and the data protection requirements? The Board pack says that they are on track?”. The Chief Operations Officer shuffles in her chair, “we will definitely have all the MiFID requirements in place and we have some time before we need to implement the data protection requirements”. The Head of Audit chips in, “Both will be in the audit plan next year”. The CEO asks, “when are the regulators next in?”.

The regulatory landscape continues to change at an alarming rate. Several deadlines are looming over the industry: Markets in Financial Instruments Directive (MiFID)

II – 3rd January 2018, General Data Protection Regulation (GDPR) – 25th May 2018, the extension of the Senior Managers and Certification Regime (SMR) and the Insurance Distribution Directive (IDD) – 23rd February 2018. Senior Management face a range of challenges to ensure that they remain compliant and deliver fair outcomes to their customers against a backdrop of digitalisation and the need for a competitive edge.

MIFID IIThe immediate concern is MiFID II and many large-scale programmes have been implemented – resulting in data integrity, reporting and compliance resource challenges. The Financial Conduct Authority (FCA) has announced that given the size and complexity of the task they will not take enforcement

action against firms that are not fully compliant by the regulatory deadline. However, firms will need to be able to demonstrate that they have made sufficient progress and that there is an action plan in place to ensure full implementation.

Does this mean an FCA MiFID II thematic review where the regulator ascertains best practice? In any event, compliance and audit functions will have a considerable task to assess the adequacy of implementation and on-going compliance. MiFID requires an annual assessment of compliance and the key question is how comfortable will Senior Management be that all the requirements are met? Will a MiFID compliance dashboard be part of future Board packs?

Issue 8 | Autumn / Fall 2017

4 5

IDDIDD introduces two general principles: firstly, that insurance distributors must “always act honestly, fairly and professionally in accordance with the best interests of customers” and secondly, that all information must be “fair, clear and not misleading”. These two principles are almost the same as the FCA’s existing Principles for Business and firms are used to the concept of Treating Customers Fairly (TCF) and ensuring that their promotional material meets the clear, fair and not misleading standard. For years, senior executives have reviewed “RAG” statuses on TCF dashboards though some have transformed into conduct risk dashboards. However, the IDD raises several challenges which will require a review of the sales process and in some cases the business model:

How the firm is going to demonstrate that it meets the “customer best interest rule”. Firms will need to consider how this is embedded in processes and management information;

The basis of advice – “a fair and personal analysis” of the market or a more restricted approach;

Product approval process assessing the risks for the target market - many product approval processes are slow, cumbersome and lack clear guidelines as to how to assess the target market;

There are also detailed requirements about the information that insurance distributors must disclose to customers before the conclusion of an insurance contract, including, but not limited to, identity, address and registration detail. The requirements are different depending on whether the business is an insurer, intermediary or ancillary insurance intermediary. The challenge will be assessing the customer journey and how information is disclosed;

How fees are going to be disclosed before the conclusion of the contract, the basis of the remuneration – that is, whether it is in the form of a fee paid by the customer, a commission included in the insurance premium, an economic benefit of any kind offered or given in connection with the insurance contract, or a combination of these. Where the fee is payable directly by the customer, intermediaries must disclose the amount of the fee or, where this is not possible, the method for calculating it;

How staff are rewarded and staff training. Professional knowledge and competence requirements need to be appropriate to product complexity and nature of activities conducted (including minimum 15 hours Continuous Professional Development). This will require HR departments to review existing training programmes and how completion of training is logged.

Implementing the IDD will require a gap analysis to assess existing business models and controls; mapping the customer journey, a robust training plan and a software solution that provides a platform for control execution.

GDPRWe have seen a mixture of progress in the industry regarding GDPR. Some firms already have advanced programmes while others have made no progress and are still in the stage of either looking for a project manager or assessing the amount of work that may be required. In practice, key stakeholders in the project will be those responsible for:

Compliance guidance;

Information management and governance;

Security (and ICT as security needs to be guaranteed everywhere);

Human resources;

Legal;

Marketing (management of online presences and advertising);

Customer service and contact centres.

Fundamental project stages will be an audit/gap analysis to map the risks and prioritise them; key is simply not just to assess the risks from the viewpoint of the organisation but also from the point of view of the individual’s rights and privacy. The project will need to assess all frameworks’

organisational aspects, strategies and security/data/incident/reporting management practices. One aspect that is often not given sufficient priority is training: it is not simply sufficient to review and adjust current practices, processes, systems and frameworks to it is also making clear what the correct organisational culture is towards personal data, protection and skillsets. There is often a world of difference between documented policies and real-life practice. This requires an assessment of work in practice, regardless of any documents and policies.

The project team will need to make sure that they have access to all data and documents which contain information and incidents.

SMRThe extension of the Senior Managers Regime means that a range of new firms will need to revise their governance arrangements including:

Insurers and reinsurers;

Insurance special purpose vehicles (ISPVs);

The Society of Lloyd’s;

Managing agents;

UK branches of third-country firms and European Economic Area (EEA) firms;

All firms that the FCA solely regulates - which covers very small firms and those with limited permissions (including sole traders and consumer credit firms) to some of the largest global firms.

There are three key parts to the Senior Managers and Certification Regime: The Senior Managers Regime, the Certification Regime and conduct rules. Every Senior Manager will need to have a ‘statement of responsibilities’ that clearly says what they are responsible and accountable for, and key conduct and/or prudential risks. At least once a year firms need to certify that Senior Managers are suitable to do their job. For many firms, this will mean reviewing the business strategy and risk appetite, mapping responsibilities and allocating defined roles. Some executives may be reluctant to take on SMR responsibility and firms may need to look at readjusting roles. HR will play a key role and firms will require a comprehensive training programme.

Boards face considerable challenge in 2018. Not only in ensuring that key projects are delivered, but that the management information is sufficiently robust to ensure that they can provide appropriate evidence that their firms are meeting not only the detailed regulatory rules but are delivering fair outcomes to customers.

Issue 8 | Autumn / Fall 2017

6 7

8

1. Hi Paul, thank you for talking to us today. This issue of Perspectives focuses on Regulation, an area that is front of mind right now what with MiFID II and GDPR to name a few. Is it just bad timing or are we going to see the frequency of major regulations increase?

There is definitely a coming together of events, however, we need to remember MiFID II was originally scheduled to land in January 2017, this original date was always seen as being aggressive and was delayed by 12 months. This provided the opportunity for the enhancement of IT systems to provide the additional reporting requirements and for firms to develop their internal controls, oversight and monitoring framework. As a result, two significant regulatory changes are landing at similar times.

Regulations will continue to adapt to the environment within which we operate. They focus on ensuring the financial sectors operate in a fair, transparent and effective market, and take responsibility for ensuring safe keeping of assets and client security.

2. Do FinTech and challenger banks have an advantage or disadvantage against incumbents when it comes to regulations like GDPR?

There is a definite advantage in terms of no legacy data or multiple IT systems to update. However, they all face the same problems in ensuring they understand the data being held, its storage, location and employee awareness.

GDPR, as an example, will be a challenge for all firms, and more of a challenge for those with large data archives holding

unstructured personnel data. From my experience, new entrants have the potential for adapting quicker to change from a technology perspective. Existing firms are potentially in a stronger position with respect to regulatory experience within their teams and more mature processes and controls.

3. With the focus on, and budget set aside for, regulation, does this stifle innovation?

Ensuring the firm operates within the regulatory framework is the cost of being in the business. Granted the costs are not small, however, the change in regulations provides opportunities to be innovative.

Paul is currently interim Head of Risk, Control & Audit at Prudential Global Data Services. He is an experienced UK Executive operating within the Stockbroking, Wealth Management and Pension sectors for the past 29 years. Culminating in the CEO for a top 5 Execution Only Broker, he developed the stakeholder skills required to work within a heavily UK regulated business and with overseas shareholders.

C-Suite Chit-Chat with Paul Greetham

9

Issue 8 | Autumn / Fall 2017

4. Regulation in the Financial Services all seems a bit gloom and doom but could RegTech make it easier for both the regulated and the regulators equally?

RegTech should be bringing the innovation into applying regulatory changes. The development of new technologies to aid the detection and prevention of money laundering can lead to simpler client take-on processes, thereby improving customer experience whilst assisting firms in meeting their regulatory obligations.

RegTech provides Senior Executives with an opportunity to introduce new capabilities that are designed to leverage existing systems and data to produce regulatory data and reporting in a cost-effective, flexible and timely manner without taking the risk of replacing or updating legacy systems. It has

the potential for enabling firms to meet the regulator’s needs. On the other hand – it provides the regulators with a view of what could be achieved!

5. What will help organisations be successful in the eyes of the regulators?

Good corporate governance. An effective governance and reporting structure is essential to demonstrate that the Executive teams have an understanding of their operational environment. It supports the decision-making process of the Management and Executives.

In all cases, the governance structure has to be appropriate for the size and complexity of the organisation. It is never one size fits all. The principles remain the same and the embedding within the organisation needs to be clearly articulated, with Executives and Management demonstrating by example.

However regardless of the technology or level of documentation, people remain the critical component and all staff play an important part in ensuring corporate governance is being followed and the integrity of the firm is being maintained.

Engagement with the oversight functions needs to be encouraged, with the risk SME providing guidance and support. Risk management is however, the responsibility of all staff, not only those with oversight or management duties. The challenge faced is how this can be brought to life, and how it is to be applied to the role the team member is undertaking.

Thank you for talking to Perspectives, Paul!

The breach and consumer impactRecently, we have seen evidence of weaknesses with the Equifax security data breach and the hacking of the Securities and Exchange Commission. While both data breaches are troubling, the Equifax breach exposed 145 million individuals and corporations with no viable recourse. Equifax is a credit rating agency with mass accumulation of individual and corporate metadata ranging from date of birth, social security numbers, addresses, and employment information - key information that in a malicious person’s hands can greatly affect the lives of the victim.

This information is stored and used for credit approvals and screening for prospective jobs, creating significant impact. Agencies like Equifax have great power over an individual’s life with a simple credit score, but if the information that comprises the formation of that score is compromised, it affects the very DNA of the credit profile. Potentially flawed data elements can preclude an individual from purchasing a home, a car, applying for loans and successfully attaining a job. What is the impact if your information was hacked, and your data was breached?

Weak regulations and internal controlsWhat is apparent from the Equifax data breach is the lack of enhanced regulations to govern credit rating agencies. Equifax clearly failed and the company’s failings of its risk, controls, processes and corporate compliance oversight framework was very evident in its handling and communication of this violation. Consumer protection inherently failed as there was a direct privacy impact to approximately 145 million individuals and companies from the data breach.

Credit Rating Agencies and

Digital Regulation: Lack of Consumer Protection

Financial markets are on an upward trajectory as we move towards the closure of the fourth semester of 2017. This

bodes well for retirees, pension plans and for the average individual playing the stock market to secure financial

stability, including significant corporate earnings demonstrating the success of a revived

economy. All sounds great, right? But all those successes can be overshadowed

when companies become complacent about regulatory

oversight, lack sound risk management, internal

controls and digital c o m p l i a n c e

practices.

Dax is responsible for the Risk & Control practice in the Americas for TORI Global. He is a senior enterprise-wide governance, risk and compliance professional with extensive

Programme Management, Change and Business Consulting experience. Dax also has significant

experience in aligning technical and regulatory strategies to organisational requirements. With

over 20 years experience in the Financial Services space, his experience extends to implementation

of legislative compliance management, internal controls, risk, AML, Volcker

Rule, Dodd-Frank, FATCA and trading risk to enterprise-wide

firms.

By Dax Philbert

Issue 8 | Autumn / Fall 2017

10 11

Federal and state privacy, data breach, and

consumer data protection legislation needs to be aligned

with strict enforcement. How quickly can regulations keep up

with digital data change? It is almost impossible that legislative changes

can be enacted inline with technological development, data gathering practices and

sharing of consumer data.

Equifax’s inability to provide more robust measures led to limited measures that have been applied by the company such as free credit tracking for a year. Essentially, the onus of personal data management tracking is left to the individual, with some who may not have the skillset to

track breaches to their key personal information.

How can consumer protection be managed?Through core data management and privacy protection standards and practices, consumers can be protected at a minimum. Legislation and the applicability of the regulatory elements can be supervised by regulatory bodies, limiting the types of information companies can gather and retain of an individual. In addition, limiting the time that these records can be retained, increasing standards for data encryption, defining

tougher penalties for data breaches and lack of demonstrated and effective internal controls and

risk oversight. It is reported that the firm spent over $1 million on lobbying against tighter

data protection legislation.

The European Union (EU) is in the process of implementing General

Data Protection Regulation (GDPR), which will set a

standard for the EU’s data collection framework,

provide enhanced

protection for the consumer and businesses, and place more accountability and liability on data management agencies who gather, evaluate and disseminate consumer data.

The services of Equifax, TransUnion and Experian are directly related to banking data accumulation and analysis, supplying financial institutions with consumer data. Should credit rating agencies fall under banking regulations, thus making them more accountable?

PreparednessThe key to preparedness is having in place:

Risk and control practitioners;

Investments in the right technology that are detective vs reactive;

An effective risk and control framework;

An effective digital data management risk framework;

A sound legal and compliance framework;

Well written data management and retention operating policies and procedures that can be practically applied;

Frequent testing of operational controls, risks and threat scenarios;

Efficient data management detection exception reporting;

Mitigation resolution options to remediate potential non-compliance from data infractions;

Training of both senior management and business as usual (BAU) staff;

Adhering to a culture of regulatory awareness practices.

Essentially, simplified and targeted internal controls and risk measures are fundamental to regulatory preparedness.

Issue 8 | Autumn / Fall 2017

12 13

7 T

hing

swith Paul Jennings

What was your first job?Outdoor clerk for a firm of solicitors

What accomplishment are you most proud of?Passing the Bar Exam Systems

What fact about you might surprise your colleagues? I lived in Pakistan for a number of years

What is your favourite film? The Ninth Gate

If you were Dean for a day, what would you change? Lectures would start at 10:00 AM

What is the most valuable lesson you have learnt in business? It is all about relationships

You discuss MiFID II, GDPR, IDD and SMR earlier in this issue of Perspectives, do you think that the UK regulatory landscape will change much post-Brexit? No, I think the UK regulators will continue to apply a high standard, what is key for firms is having a robust post-Brexit strategy

We got to know our new Head of Regulatory Compliance, Paul Jennings, with 7 questions. Paul has worked for the Financial Services Authority, two of the “big four” consultancy firms, and has held a number of senior positions at Société Générale. He specialises in regulatory change, governance (including SMR), conduct risk, financial promotions, AML/Financial Crime and Treating Customers Fairly. Paul has significant experience leading audit, implementation projects (including European Directives), reviewing audit and control functions, improving sales processes, conducting back book reviews, performing monitoring and suitability assessments, delivering robust governance arrangements and establishing effective processes and controls.

14 15

Issue 8 | Autumn / Fall 2017

It’s difficult to argue against the intent of MiFIR and its embodiment within the MiFID II regulatory texts. At its heart, MiFID II requires a more open and timely provision of data across all asset classes – covering research, securities pricing, transactions and execution quality. The direction of travel this new regime dictates is very clear – it’s all about transparency, best execution and ultimately investor protection derived through a level playing field. Without the Financial Crisis, such well-intentioned market disruption would have been forgotten long ago. But here we are with less than 50 working days to go before the regulation comes into force on 3rd January 2018.

While in no way ideal, a recognition that some processes, systems and data are not going to be compliant, together with a clear plan as to how gaps will be fixed strategically, Day 2, is a far better strategy if supported by early communication to the relevant National Competent Authority. This communication must include robust, locked-down plans to provide assurance and clarity as to how risks will be managed in the short term (workarounds, control frameworks, client communication for example), together with implementation plans for strategic solutions to ensure compliance in the medium term. For short term, read a maximum of six months – any longer and there’s a danger that the tactical fix becomes business as usual. In terms of prioritisation, Transaction Reporting and Post Trade Transparency Reporting probably sit at the top of the list of obligations where every effort should be made to ensure compliance for January 3rd. Depending on business profile, Commodities Position Limits Reporting, Confirmations plus Voice data and Record Keeping would make up the top 5.

MiFID II Better Late Than Never

Chris has over 25 years’ experience in wholesale, retail and investment banking operations and has worked for both US and European houses at COO level. Key areas of expertise include: current state analysis and operating model design; process re-engineering; implementation of managed services; execution of sourcing strategies; and regulatory impact assessment.

Issue 8 | Autumn / Fall 2017

16 17

By Chris Renardson

You could argue that adopting this approach is to simply kick the can down the road but pragmatism should and needs to rule the day - better to manage a controlled failure. There should also be a recognition that other firms, vendors and market infrastructure providers don’t have all the answers right now, in part because regulators themselves have struggled to provide a definitive steer in a number of key areas – not surprising given the 1.5 million paragraphs that make up the MiFID II rule book. Consequently, there will no doubt be a ‘bedding-in’ period as we move through the first half of next year as market participants get to grips with how the regime works in practice. The key, as mentioned earlier, is to have clear line of sight of the known knowns and the known unknowns with an agreed roadmap and detailed plans to achieve.

Finally, as you work through the strategic solutions for Day 1 and beyond, keep at the forefront of your mind, the need for auditability and traceability. Given the pressing timelines, it’s easy to forget the need for comprehensive

16 17

end touch points have been captured, for example.

drive further client ‘stickiness’ – assisted reporting for pre-trade and transaction reporting for example, the opportunity to lead with a message of transparency, control, investor protection and best execution will benefit those that have taken a proactive approach to embed MiFID II as part of a wider drive to deliver operations excellence and client advocacy. Key elements to work to as part of successful delivery include:

documentation to provide clear lineage from the regulatory technical specifications through business requirement definitions, functional designs, test scripts and test outcomes. This risk is heightened where the approach is one of Agile DevOps when iterative design can result in gaps appearing between what’s delivered and the underlying business/technical specifications.

Key considerations to ensure successDo not respond to MiFID II as a check-box exercise to demonstrate compliance to the regulator. Over and above those obvious aspects that provide the opportunity to

1.

2.

3.

4.

5.

“Big Picture”: reference back to holistic

assessment of the activity of the firm to identify where the main impacts are. It’s essential to understand booking entity models and all trade lifecycle events to ensure all end-to-

Proactive approach to suppliers: continue

to work with key suppliers to understand their plans, interact to influence them.

Proactive approach to regulators: maintain

regular and transparent dialogue. Seek their guidance and, as set out earlier, raise issues of non-compliance now, not later, together with detailed contingency arrangements and plans where applicable.

18 19

Alignment with other programmes:

leverage existing or planned initiatives that align with MiFID requirements (e.g. AML & KYC, reference data initiatives,

workflow implementation and, potential synergies with Reg NMS). Aim to minimise the need for duplicate “regret spend” and maximise the effective use of scarce resource.

Auditability and traceability: ensure

QA and review of all documentation to guarantee traceability from RTS’s through BRDs, functional specs, test scripts and test outcomes.

Looking beyondAlthough for many firms MiFID feels as if it’s the only game in town as we head towards year-end, there are many other regulatory and business-related initiatives waiting in the wings: GDPR, CRR and

CRD4 to name but a few from a regulatory perspective, and for those of us here in the UK: Brexit and ICB ringfencing are focusing the business agenda. Before you batten down the hatches and prepare for the next firefight, some things to consider that will put you on the front foot:

Change Portfolio Optimisation: top down and bottom up review of the Change book of work to determine prioritisation and optimisation opportunities.

Information Lifecycle Governance: data classification, ownership, records management and data privacy (key elements of KYC/AML, MiFID and GDPR).

Service Operations Architecture: efficiency gains through alignment of functions to services delivered.

Digital: process optimisation and customer experience (BPM, RPA and AI) to deliver common look and feel across end-to-end processes and channel agnostic consistent customer experience.

Issue 8 | Autumn / Fall 2017

We’re always finding new ways to support our charity, CLIC Sargent, and this year we are going above and beyond (literally!). On 9th December 2017, 9 brave TORI-ans will be skydiving in Cambridgeshire, England.... dressed as Santa Claus. The Santa Skydive is a nationwide challenge where hundreds of people will be jumping out of planes at the same time in red suits and a white beard, all in the name of charity. Jump locations span the whole of the UK across England, Scotland, Wales and Northern Ireland.

Katie Lawton, Wiktoria Bartusik, Caz Robbins, Paul Lowrie, Shaun Sloan, Angad Sidhu, Rowan Duke, Dominic Yacoubian and Anvar Turobov are the 9 jumpers who will jingle all the way down from 10,000ft in a freefall tandem skydive. This is a truly thrilling challenge and not for the faint-hearted. Not to mention the freezing temperatures that December can bring! Luckily the Father Christmas costumes will act as a second layer of warmth over the jumpsuits!

TORI Global has been supporting CLIC Sargent for over a year now and we have raised nearly £50,000. We want to double this by September 2018 and fundraising activities like the Santa Skydive will help us get there.

Issue 7 | Summer 2017

20 21

When cancer strikes young lives CLIC Sargent helps families limit the damage it causes beyond their health. Today 11 more children and young people will hear the devastating news they have cancer and we are raising funds so that CLIC Sargent’s specialist care teams can continue to be there to provide help and support.

We have a group target of £4,000 to raise so please visit the team’s Just Giving page at https://www.justgiving.com/teams/toriglobalsantaskydive if you would like to support us.

SANTA SKYDIVE:Jingle All the Way Down

Issue 7 | Summer 2017

22 23

TORI NewsWe are excited to announce the recent opening of our Nordics office, providing consulting and advisory services to the Nordic region’s financial institutions. Our head office is in Stockholm and we also have fully functioning operations in Denmark, Norway and Finland where we are delivering regulatory change, business transformation and digital solutions.

London New York Nordics Singapore Bangalore

toriglobal.com