Kenric Tom

Kenric’s expertise includes consulting, legal and data privacy project management, AI regulatory compliance, data management and analytics, and technology implementations for some of the world’s largest financial firms, oil and gas companies, pharmaceutical and biotechnology firms, as well as with manufacturing and consumer and retail companies. His diverse experience in technology and compliance solutions also includes implementation and understanding of Foreign Corrupt Practices Act (FCPA), General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), EU AI Act, data privacy, human resources and employment law requirements, and financial transaction needs such as anti-money laundering (AML) regulations and transaction and client screening compliance.

Kenric has built and led projects to meet regulatory requirements and solving complex problems in AI, privacy, legal, and compliance environments. Through this extensive experience, he has developed significant expertise in project management and life-cycle development, regulatory and compliance knowledge, and client engagement and vendor management.

Kenric’s professional experience includes:

• Managed the implementation of AI governance programs for clients to comply with AI regulations and aligning with standards and frameworks including the NIST AI Risk Management Framework and ISO 42001 for AI management systems.
• Managed the GDPR/CCPA and other privacy regulatory readiness implementations for clients in various industries including large multinationals, global technology communications, biotechnology, life sciences and pharmaceutical companies, higher education institutions and manufacturing companies. Developed and formalized privacy activities for compliance such as data inventories and data maps, data protection impact assessments, assessing data protection agreements and remediation plans including preparing systems, policies, and procedures for company operationalization.
• Serve as third party Data Protection Officer (DPO) for some clients as required under regulations such as the GDPR and Canada’s Quebec Law 25.
• Led projects for multiple global financial institutions, implementing a transaction monitoring system solution, sanctions screening watchlist solution, and a client screening service system solution specific to their respective New York operational branches. Critical in leading various stakeholders and work streams of the branch such as operations, compliance, and IT towards building the automated platforms for the New York businesses to meet US specific financial and Bank Secrecy Act (BSA)/AML related regulations. Responsibilities also included migrating data across other country jurisdictions and branches. Identified and resolved all risks, issues, and dependencies to ensure an efficient and successful implementation and participated in key role as part of the global project management office (PMO) by providing client requested reports and metrics to senior management and executives.
• Worked with a global gas and oil company towards enhancing their anti-bribery and anti-corruption compliance program by creating a custom technology platform to track gifts, meals, entertainment, and travel requests to foreign government officials. The platform also addressed approvals related sponsorships, social investments, and facilitation payments to government officials or entities. The platform provided a customized workflow for the client to obtain proper approvals towards adhering to FCPA and other regulatory laws. Implemented this platform globally for the client as well as provided all production support ensuring consistent and on-going usage of the application by the client.
• Worked with multiple international financial institutions and banks to address off-shore customer compliance assessments. The risk review of the client’s customers was required to be conducted on an online platform to comply with off-shore banking activities and regulations. Coordinated the review requirements and developed a technology platform with appropriate risk scoring, workflows, and customized reporting to conduct the assessments. Implemented various instances of the application while ensuring on-going support of platform maintenance and productivity. Different instances of the platform were required based on the multiple countries or jurisdictions involved.
• Conducted scoping sessions for a large financial institution and a large manufacturing organization to assess their compliance needs relating to case management and legal contract management. The scoping sessions resulted in recommended strategy and foundation for the type of custom technology solution needed to address their compliance management needs. The financial institution and manufacturing organization utilized the strategy and technology solutions to build a custom application.