Global CO: Compliance & Risk Officers Don’t Need to Throw Themselves on the Bomb

Regulations that seem ever-changing. Constant, disruptive technological advances. Combatting the perception that you’re a wet blanket. Compliance and risk professionals deal with a lot, and their jobs can feel isolating.

But for Victoria White, the new global compliance officer at Dentons, that doesn’t mean risk and compliance professionals need to be heroes. A well-functioning organization, White says, is one in which everyone assumes responsibility for managing risk and ensuring regulatory compliance.

“People have a great tendency to want to throw their body over the bomb,” White said, “and I love this imagery that a GC once gave me: You wanna go in, protect everybody else — throw yourself over the bomb. You’ve blown yourself up in the process, everybody else can sit back and let you do that.”

A better way forward, White says, is for the entire organization to adopt a risk management culture.

“Maintain the right mindset: This belongs to everybody, it’s not just my own personal responsibility.”

Governance

What ‘Succession’ Gets Right (and Wrong) About Business Continuity Planning [Spoilers]

by Jennifer L. Gaskin

May 10, 2023

It’s in the very title of the show, so it should come as no surprise that HBO’s hit series “Succession” is about, well, a succession. Like other pop-culture depictions of transfers of power, the show is imminently watchable, but does it stand up to real corporate scrutiny?

Read moreDetails

After a two-year stint as Dentons general counsel for the UK, Ireland and the Middle East, in June the London native was elevated to global compliance officer for the law firm, one of the world’s largest. Her return to Dentons a few years ago was a homecoming of sorts for White, who started out as a trainee solicitor at the London-based firm that today boasts thousands of attorneys across 78 countries.

White eventually transitioned out of law firms, first serving as UK head of legal at Starbucks in London and then spending just over four years as general counsel for Europe, the Middle East and Africa at Kraft Heinz.

Whether in a legal or corporate environment, the pace of regulatory change tends to be a source of anxiety for compliance and risk professionals. (Our 2022 survey said 69% of compliance officers were stressed out about regulatory change.) 

Still, compliance and risk managers who have only one country to be concerned about should count themselves lucky, White warns.

“Everybody has their challenges, and I think the speed and pace of new regulation coming in across all industries, actually, makes it challenging to work in compliance. But when you’ve got a global rung, you need to multiply it across every country. So it’s tough enough if you’ve been looking after one country, but in global terms, it’s a huge undertaking.”

Whatever the regulatory focus, U.S. and global agencies have made it clear that a robust compliance function is a critical pathway to avoiding harsh penalties after investigations. 

This trend largely tracks with one White has noticed over her compliance career: Not only are companies friendlier to the compliance function, but increasingly, leadership is taking note of the positive effect on the bottom line, White says.

“[Risk and compliance has gone from] being a control function that stops you doing things to being a really native function that enables you to grow the top line of your business.”

Another positive change White has seen: The rise of ESG and the necessary consolidation of multiple areas — DEI, ESG, data privacy and more — into the compliance function.

“[Y]ou know, in ESG, people forget the ‘G’ stands for ‘governance.’ And good governance is actually managing your risk and compliance,” White said. “And if you look at the definition of trust, it’s about managing your risk to achieve key strategic objectives of your business.”

Of course, while they might have fun new acronyms like DEI and ESG to manage, one key function of a compliance officer has remained largely unchanged: training team members on regulations and policies: “[W]hen you have trainings — people are giving their time, they’re very valuable — and you need to make them entertaining and engaging.”

To that end, White recommends compliance officers reach outside the organization when appropriate to showcase the expertise of others, such as when she invited Keith Packer, the disgraced (and briefly imprisoned) former British Airways executive, to speak to her team at Kraft Heinz about his experiences.

“That was incredibly well-received because it wasn’t me up there telling people about these things,” White said. “It was him saying, ‘You don’t want to be that guy in the orange jumpsuit.’” 

(Q&A edited for length and clarity)

What are some of the most rewarding things you’ve done in your career? 

A big piece is around communications, because to be an effective risk and compliance department, you’ve got to have policies. First and foremost, code of conduct. Your code of conduct is the bedrock of your risk and compliance program. And then you’ll have lots of different policies about lots of different things. But the key thing is if they sit in a drawer or — metaphorically — a portal getting dusty and nobody ever reads them or understands them, then you’ve not done the job properly. So it’s about taking all of those things, distilling it, simplifying it and then getting the message out to the people. 

And I always say, whilst you might not know the details of policy, you should have some good guide posts in your mind as a businessperson as you’re out there doing your job. You need to know what’s relevant to you, you need to have been trained on it, and you need to know who to ask, most important. Because you can’t be expected to know everything. So [a compliance officer needs] to be visible within your business as a risk and compliance professional, and you’ve got to be seen as approachable. 

What are some techniques you’ve used in your career that might be a little bit novel? 

I’m not sure how novel it is, but I would make sure that each of the lawyers or risk professionals that work for me is sat at the right level. Perhaps they’re sat on the leadership team for their country or their region. So they have visibility of what’s going on across the business and an opportunity to participate, as a businessperson, within those leadership meetings and also bring a risk lens to what’s being discussed. 

Compliance has long been known as the Department of No. What can compliance teams and organizations do to break that perception down?

It’s all about building trust. 

That’s what everyone’s clients expect, whatever your product, whatever your industry. So actually, [companies are] recognizing that they’re not getting to sell a product or manufacture a product or do whatever it is they do without complying with people’s expectations. 

One of the most powerful things I’ve heard people do is say, “How many widgets do we need to sell to get to afford to do this” and they’re like, “Well, how many widgets are you not going to sell if you don’t do this?” 

Risk and compliance are notoriously stressful jobs. What are some things that companies can do to keep people from burning out?

I don’t think it’s just a risk for compliance professionals; I think it’s a much broader issue. I think tone at the top is super important. Tone at the top in terms of both a risk culture and encouraging everybody across the business to own risk. It’s about modeling and tone from the top. It’s about partners and [managers] not sending emails at four o’clock in the morning, at midnight, and expecting people to respond with something. 

It’s also incredibly difficult in the service industry when you’ve got clients and customers who want instantaneous responses. Sometimes they need it, and sometimes they don’t. So it’s about encouraging people to communicate and set their boundaries and expectations and really helping people do that with support from the top and programs to help people. 

What corporate or regulatory trends should people be aware of?  

I think good governance is becoming increasingly important, and people want to understand what your governance structure looks like, how things are done, are the right decisions being made by the right people in the right way?

I, together with a lot of other law firm GCs, were talking about AI and ChatGPT together and the problems of generative AI and what that means for our legal services industry and what that means in terms of client expectations. That is going to be a huge growth area. And, necessarily, you’ve got to have guardrails in place. I wouldn’t want it delivering legal advice to people, but it could be very useful helping the marketing professional think of ideas for a presentation to a client. 

If you’re in that risk and compliance space, cybersecurity is just exponentially becoming more important to businesses. And also that horizon-scanning piece of saying, “What are the new technologies, what are the new areas, question marks, weaknesses,” that is not going to go away. That’s just going to get bigger and bigger and tougher and tougher.