This is a transcript of our interview with Ketan Dholakia, a Managing partner at Maclear.
You can watch the original video interview here
Boris: Hello ladies and gentlemen, and welcome to our interview with Ketan Dholakia. Ketan is a managing partner at Maclear and he’s enabling companies to tackle the challenge of regulatory compliance and risk management.
Maclear is a consulting and software company in the Governance, Risk and Compliance space with more than 85.000 users. So Kethan, thank you for coming to our interview. Could you tell me a short story about Maclear?
Ketan: Sure, thank you Boris for having me on. I think the biggest question when people find out about Maclear being a software company and a consulting company is: how do we come up with the name “Maclear”. And I think the biggest problem is that people cannot seem to correlate the two, so what is Maclear? So let me tell you a little story about Maclear. My partner and I both grew up in Africa, in a country called Malawi. There used to be a resort there, called Cape Maclear, that we used to go to as kids and we had so much fun over there that when we decided to start our company we called it Maclear because we wanted to continue having all the fun that we did as kids, so that’s the name of the company. People always ask us: “how did you come up with that name?”
Boris: I thought it was some Scottish name.
Ketan: That is right, he was a Scottish explorer who had come down there and named it Cape Maclear and it was a resort that we went to, so it was a lot of fun.
Boris: Alright, so you took your name from your childhood into your adulthood. This is the best from the two worlds. How can you explain what Maclear offers for the industry. How does it differ from other risk software providers and what are the examples of your customers’ user cases?
Ketan: So, Maclear was born out of end-user frustration, all of our customers facing teams have been consultants. We’ve grown up in the GRC world, we’ve been consultants, we know exactly what end-users face as far as challenges go, so we looked at it from that perspective first: What would be beneficial to the end-user? How do we create it?
So we created one of the best UI’s from any GRC product out there, you can see Gartner mentioning it, the GRC guys are mentioning it.
So it’s a very clean user interface of how to use it and makes it more user friendly so people start using it.
The second thing is we approached it from a consultative view. This wasn’t some compliance piece of somebody from C-suite making decisions. This was actually built from a consultative viewpoint. And we had a lot of functionality built into it, lot of automation. So you can do a lot of things without having to do the mundane things that GRC software normally requires. And based on those, we have taken one other step of security, so take for example third-party risk management or vendor management that some people like to call it. We provide all of our clients with a completely isolated environment so that when the vendor comes in to answer questions that are coming in are in a completely isolated environment which is completely unique to us and no other provider provides it.
And we take care of security from that perspective. And speaking of, you asked me the question “why are customers liking us” and “what is an example of use case”. A lot of our customers that use third party risk, for example, they save close to 40% of time. Primarily because the software is designed where the automation takes account, the questionnaires that isolated it for one thing, but the risk scoring behind it that is automatic.
The attachments and the comments that are required on an answer, so you can never send in a questionnaire that is half complete or incomplete in some aspects. If you can only send in a questionnaire that incompletely filled out with the appropriate attachment and some comments and stuff. So that when the reviewer gets it from the client’s sight, it is comprehensive, it has all the pieces of information in there so that it makes it much easier for them and it saves them a lot of time.
Boris: Alright, so we are currently in the midst of a major crisis. The most disruptive period for our society in a piece-time history. The impact on the public and the healthcare system has been devastating and our economy is facing the prospect of recession much deeper and more painful than the crash of 2008. What do you see as the biggest challenge for risk managers during this time?
Ketan: So, the Covid-19 pandemic is highlighted for many businesses how awfully inadequate their business continuity documentation was. While the focus today is on that, but as life takes over and things start to get to normal, businesses are going to start to put that back on the backburner. Not many people like to do documentation, they don’t like to document their procedures and their procedures correctly.
So the biggest challenge risk managers are going to face right now is going to be keeping this on top mind for the businesses, they have to make sure that this is documented, that the documentation is kept up to date.
So that they can conduct their risk assessments properly based on those documentations and the processes in how certain things function. Which of course also serves the business continuity and then from the third party risk management they can also make sure that the right vendor is approached for doing the right and making sure that the business follows the right processes.
Boris: So if I understood correctly, you offer some broad range of services such as business continuity, third-party risk, general GRC. Can you share with us some examples of what works now that helps your customers to stay on course this Covid crisis?
Ketan: So you know, many businesses have experienced a reduction in force. A lot of people furloughed or have lost their job, whatever it may be, no fault of their own.
This provides challenges for the existing risk teams to ensure that they have enough resources to manage their daily work that is ongoing. Our customers leverage our automation to reduce this impact, but more importantly, we built great partnerships with our customers and they can initiate what we call our Sherpa services. Our Sherpa services are basically doing all the heavy lifting for our clients.
They do all the GRC work, they do all the mundane tasks that are required to function. So that our customers can actually, proactively be more involved with the strategic decision making of GRC. I think that adds a lot of value, but I think it’s because of the partnerships that we built with them that we can offer them these services through our software.
Boris: Okay, so it seems to me that there is a time now when there is going to be an intense focus on every risk managers’ action. So probably this role will be more in the focus now than it was before, during the better times. What tips do you have for risk managers to communicate and perform their work more effectively during this time?
Ketan: So this is a good time for risk managers to build a relationship with the business and with the audit. To really act as the second pillar of GRC. To build a partnership with the businesses, the risk managers can guide the business and inform them of risk issues, stearing with the possible lack of documentation for example. Your documentation is not adequate, we really need you to start focusing on that. And then, actually, be partners with the business and understanding their business strategy, so that they can help them build risk scenarios: what if?
What if something goes wrong? What is the likelihood and impact of those scenarios? So that they can start to form a risk management plan for the business, these scenarios can be created through workshops or through questionnaires, any of those pieces that can actually get to the meat of the strategy that the business is trying to build.
So I think that can definitely help from there, and then the other pieces, the audit side. Working with audit and making sure that the business has adequate time to build the mitigation plans that they require so that they don’t get dinged for audit unnecessarily, so being a liaison between the two, I think, is the perfect thing for them to do at this point of time.
Boris: Makes sense, so now we’re at a point of time where we’re gradually going back to work, could you perhaps share your insights on getting back to work? What is your biggest piece of advice to give any business out there?
Ketan: These are unprecedented times as you mentioned, this is something that has never happened, at least not in my lifetime. So it’s in one of those situations where this is new territory for all of us. And just from, if I’m putting myself as far as a risk manager in an organization goes and I’m in a strategic, a CRO type of role. What I really want to try and do is bring back the business to normal in stages.
The new normal is going to be very different. It’s probably going to be different because people realize that you can work from home and still get a lot of things accomplished.
So you want to be able to bring back things in stages, so start with a mole’s critical function, making sure you have the right resources and the right people, bring back in slow increment. And the reason for this is so that you can concentrate on bringing those critical functions back, you are not bringing everyone back together and you have to prioritize who to take care of.
You actually can be able to focus on some of the more critical functions, get them up in running and then maybe you can add the next layer of functions that are important to the business and keep going until everybody is back to the new normal.
Boris: Okay, so last question from our own perspective. How can Global Risk Community contribute to this process of better understanding of this complex world of risk, from your point of view?
Ketan: So Global Risk Community has a great platform as so many members, and I would love to be able to see if we can take advantage of that opportunity that your present by having lot of open dialogue.
You are there in the Netherlands, I’m in Chicago, the world is small and the risk management people perform functions very similar and I think with the Global Risk Community, the community is very open to communication.
Having webinars, having discussion forums about how to do things, you already do a large number of those things as it is, but I think there is an intense focus now to bring risk management, compliance activities through webinars to having a global out view of everything. The pandemic has taught us that risk management across the globe is exactly the same. We need to be able to have that dialogue: how are you doing things in the Netherlands, how are we doing things in Chicago, how is somebody doing things in India. I think it helps to educate that community and you got a great platform to be able to do that.
Boris: Thank you very much Ketan, for your time and for your interview. I wish your company a great success in growing your business. Perhaps this is the most important time in our living memory so maybe its good timing to restart for all risk management activities all over the world.
Ketan: Absolutely and thank you for having me and stay safe. And no, we’re not out of the woods yet but I’m sure we’re getting there soon.