We are pleased to share a recent interview between Hanzo’s Sean Freidlin and compliance expert Elizabeth O’Keefe. Sean and Elizabeth cover a lot of ground, including the traits that make a strong compliance officer and digging deeper to carry compliance forward.
Sean Freidlin: Hello, everyone. My name is Sean Freidlin. I am a Compliance Marketing Manager at Hanzo. And today I am joined by Elizabeth O’Keefe, a compliance manager at KAYAK and OpenTable. Elizabeth, for our readers who may not know you already, let’s set the table a bit. How long have you been working in compliance, and why did you get started in the field?
Elizabeth O’Keefe: I’ve been working in compliance for about 10 years now. I started my professional career working in U.S. immigration law, first as a contractor for the Department of State, as a congressional liaison, and then eventually as a paralegal at a couple of specialty immigration law firms in Phoenix, Arizona and Washington, D.C. In 2000, I stepped on the corporate track after Microsoft found me on a career website; they recruited me out to Redmond, Washington, which is just outside Seattle, to work for their in-house team as a business immigration paralegal.
At some point, I started to get a little restless with that. I started feeling like I needed to get outside that pigeonhole and stretch my proverbial wings, if you will, so I began looking around for opportunities to expand my horizons and to continue to build on that skill set that I had developed working as a paralegal in-house. I ended up talking extensively with my manager and our director at the time about what I wanted to do and the opportunities that I had seen within the global migration team at Microsoft. Eventually, we decided together to create an immigration compliance program manager role, where essentially I was responsible for managing and maintaining the I-9 compliance program at Microsoft, as well as managing some of the other compliance obligations that were placed on the company by the Department of Labor and the Department of Justice.
After a couple of years in that position, I started looking around the company for further opportunities for growth. I found a program management job that had just come open with the office of legal compliance at Microsoft, so I side-stepped into that role. It was a lateral move and I had the fortuitous pleasure of working with Odell Guyton and several other career compliance professionals; Hui Chen was also a member of that team at the time.
Most of the people on the team were attorneys or program managers or paralegals like myself. I had an aptitude for operations, and my focus while working with the office of legal compliance was on systems development and reporting within the compliance space. That allowed me to see other parts of the compliance process outside of the strictly programmatic or legal function.
I worked across the investigations, training, policy and programs teams and really developed my skills and leveraged that exposure to all those different areas of compliance in my future. In 2014, I left Microsoft and found myself coming back to the east coast, as my mother’s health was failing at the time. I detoured back into immigration for a short time after I moved to New York City, but then I found myself wanting to return to that sweet spot of compliance program management. I eventually landed back on the vendor side working for SAI Global. One of the things they specialize in is online compliance training. That was an interesting experience! It was a good experience, too, in that it taught me a lot of things. But at the end of 2018, through a series of fortuitous events – which is really just too long of a story to tell here – I joined KAYAK and OpenTable as the compliance manager for the company. OpenTable is an affiliate of KAYAK, and KAYAK is owned by a company called Booking Holdings; they own several other online travel companies, including Booking.com, Priceline and Agoda.
SF: I think a lot of people can relate to that feeling of restlessness or trying to do more in your role, and I think a lot of people are probably pretty familiar with KAYAK and OpenTable and their services. I certainly am. And in the spirit of transparency, Elizabeth, you and I crossed paths and worked at SAI Global at the same time, which is how we connected and how we happen to be recording this podcast today. We’re also at the end of Compliance Week, which just wrapped up in Washington, D.C., where I heard Hui Chen put on quite the show as a keynote speaker and really made some waves, so it’s pretty cool that you shared some time with her at Microsoft.
As you recently joined KAYAK as a compliance manager, I’d love to hear a little bit more about some of your responsibilities in that role and what an average day looks like, both as a compliance manager and at KAYAK in that field.
EO: Sure! One of the things that I really appreciate about this position is that no day looks like any other. I can come in and, you know, maybe, like today, I’m working on a training for third-party risk management, on developing and coming up with a deployment plan for that training. Tomorrow, I might be working on a communication or some sort of messaging that we want to push out to our employees. I also handle a great deal of the overall program administration. I work with our Chief Compliance Officer, and we’re really building up the program, further amplifying that compliance message and looking for opportunities to really impact our culture and give our employees those tools to make really good ethical decisions in their day-to-day work.
I work in a very collaborative fashion and enjoy partnering not only with my immediate team, but also with my co-workers across the company. I’m particularly looking for opportunities to partner with our C-suite: to have those discussions with them about what’s working, what we could do better and where we need to focus our attention. And I also spend a lot of time talking to people and interacting with our employees.
In particular, we have a network of ethics ambassadors across the company who are there as on-the-ground resources in our different local offices. They’re the resources for employees to take their questions to, to get referrals to information, to report a concern and that sort of thing. I spend a lot of time interacting with our ethics ambassadors to help them help our employees, really looking for opportunities to leverage those resources to further amplify this message of compliance and ethics that we want to spread throughout the company.
I think I could safely say I’m pretty much a generalist at this point, but there are certain things about my job that I certainly spend more time on than others, depending on what’s going on. I wouldn’t say that this work is cyclical or seasonal in any way, but it sort of comes in waves; you just ride that wave as long as it’s there and then you jump onto the next wave. It’s very satisfying work and very rewarding work, but it’s not for the faint of heart.
SF: I think a lot of compliance officers strive to have those collaborative relationships and really build connections with people within the company – whether they’re in the C-suite or on the ground – to establish ethical ambassadors and create those relationships. Would you say that the ability that you have within the company today is kind of an outcome of the culture that’s been established over the years to have that relationship with compliance? Or are there specific things that you or your team have done to really build that collaboration and culture of working hand-in-hand with compliance, instead of treating it as this kind of siloed function that people are afraid of?
EO: I think it’s a little bit of both. I think that, as compliance professionals, we can’t really work in a vacuum. I mean, it does require a certain amount of collaboration and partnership across the company. And while there are situations where companies are forced to be reactive, a compliance team that’s very proactive and nurturing and supportive has the ability to reach back out to the business and say, you know, “help us work with you, help us build in these processes so that we are not inadvertently creating logjams for you or creating problems for you.”
I think that is imperative, and I don’t think you can get away from that. I do know that at KAYAK and OpenTable, we are very fortunate in that there is this understanding that this is something that is not only a requirement or a necessity, it’s something that is a good thing to do. There’s a general agreement across the board that in order to be a good corporate citizen, to be a strong player in the global marketplace, that this is something that we want to do, not just something we need to do. And I think that we can count ourselves very fortunate for that, because I have heard stories of other companies out there that may not have that level of support from their senior leadership.
SF: Well, one of the reasons I wanted to talk to you today was because your background and experiences are really unique, in the sense that you’ve worked both in-house on compliance teams in a few different roles as well as on the vendor side of compliance, helping people in your position at other companies to manage and design their ethics and compliance programs. So, from your perspective, having been on both sides of the coin, what are some of the most significant trends and challenges facing compliance teams today?
EO: I think there seems to be a cultural shift in an awareness of the important role that ethics plays in any sort of corporate culture. And along with that is this need for corporations, particularly companies that are larger and that have a presence in other parts of the world, to be very responsive to what’s happening on the outside. Certainly an example that I can point to there would be the #MeToo movement. There’s been a lot of attention paid to harassment training and messaging around harassment and sexual harassment, as well as really building this shared understanding that if somebody has something to report, they will not be retaliated against. They should feel safe to report and secure in the knowledge that their concern or their observations will be treated fairly.
Along with that is this notion of being a good bystander. So, if you see something, say something, even if you are not directly involved. I think that there is more of an awareness around that and more of a sense of shared responsibility that people do need to speak up more, and I think a lot of that is coming from these sort of external influences, things that are happening out there in the world, in our country and in other countries as well. People are just more aware and they’re shifting their thinking as a result of it, which, while it’s a good thing, can also lead to some challenges. How do you best react to those situations, and how do you best leverage that understanding or that perception or awareness that your employees are coming to you with? How do you leverage that in order to strengthen your program?
It leads to some really interesting discussions, not just amongst our team, but also certainly amongst our larger group of companies. I just came back from a summit of our legal and compliance teams this week where there was a lot of discussion around effective communications, building stronger training programs, and really thinking outside the box about how to reach people, particularly in this shifting sort of a cultural mindset. So, I definitely think that that’s something that people need to keep top of mind, rather than just going through a checklist of requirements that are imposed upon us by the U.S. government or other governments and other regulatory mandates. You can’t just have “check the box” compliance; you really have to be having very active and proactive discussions with people around your company and people in your industry to figure out the best ways to leverage and to further influence people’s perceptions and behaviors when it comes to compliance and ethics.
SF: Yeah, I think it’s really interesting the way that communication is changing compliance programs, obviously, you know, with social media, mobile technology, things like that. The way we behave in general now, the way we communicate with each other, is certainly creating a ripple effect that is being felt in organizations and compliance programs. From my perspective, I don’t know if you can agree or disagree with that, but I know from a reporting perspective, in terms of speaking up, there’s certainly been a lot of industry research recently to suggest that reporting volume is reaching all-time highs and growing year over year as people are becoming more comfortable speaking up. I think especially around harassment and #MeToo-related misconduct, there’s been research to suggest that people are not letting that fly or staying quiet about that as much as they have in the past, which is certainly encouraging. Obviously not retaliating against that is essential, but it seems like we’re moving in the right direction and that people are growing more comfortable saying something when they see something.
EO: Exactly. And I think it also ups the ante a little bit. How are we going to scale our response to that increase in awareness and that increase in the overall comfort level of people reporting potentially bad behavior? And that does put a little bit more pressure on compliance teams to figure out how you best address those concerns. I think we need to be very mindful as the workforce gets younger and younger, and I’m not just talking about millennial workers, because those workers are pushing 40 now. You now have this influx of Generation Z employees who are starting to come into the workplace, and their perception, the way that they learn, the way that they react to the world, is very different even from millennials and certainly different from older workers such as myself.
I’m Generation X. We did not grow up in a time that was all-digital; we couldn’t really curate our own existence or affect how people perceive us. We couldn’t really write our own narrative. The way that we learn and the way that we’ve been trained are certainly different than the approaches that we need to take with younger workers coming into the workplace right now. We need to think outside the box. We need to look at things like gamification and maybe even going so far as looking at ways we can leverage new technologies such as AI and virtual reality for training and learning opportunities. So, it is a very interesting time right now to be in compliance because, as I said, it’s not enough just to check the box.
You really have to think about and look for ways to go deeper, right? So you know that there seems to be this general perception and understanding that ethics and compliance are very important and people need to speak up, but how do you really go a layer deeper and influence the ways that people make decisions in their day-to-day work?
It’s one thing to say “Yes, I know this is important and I need to do something about it.” But then how do you further thread that through the fabric of your company and really make it part of an ongoing dialogue? That’s something I think a lot about, and it’s something that I’m constantly looking for opportunities to do.
SF: I think that’s a great theme to carry compliance forward: dig deeper, right? There’s really a lot to that, and that could be almost a mantra for the future. Because as much as compliance has made progress, there’s so much untapped opportunity and potential within the field, within the data that’s been collected and within the way we approach solving certain problems.
Before we got on the call, we were talking a little bit about how much some of our neighborhoods have changed when we had recently revisited them and how those changes seemed to happen kind of overnight. But in reality, those changes take a lot of time, and it’s really easy to look at a piece of data or a report or a trend and be like, “wow, things have really changed since last year, and they’re making progress in the right direction.” But, again, in reality, those changes took time, and they took a lot of work that maybe went unnoticed before something positive finally kind of emerged to the surface.
So, from your decade of experience, you’ve had different perspectives and roles that you’ve filled within the compliance world. We’ve talked about the role of technology and how generational shifts in the workplace are kind of affecting the responsibilities and strategies of compliance teams. But if you had to pinpoint maybe one of the biggest changes in compliance that’s occurred since you started working in the field over a decade ago, what would that be from your perspective?
EO: I really feel that it’s how we communicate with people and, more importantly, how we need to communicate with people. I think that it’s one thing for our compliance team to sit together and sort of contemplate what things we need to push out – what kind of messages do we need to share with our employees? But the reality is that people pretty much lose attention and get distracted after about 10 seconds of reading an email. You don’t want to just rely on those traditional methods within the corporate space for communicating with people, because it just doesn’t work these days. There are too many distractions. There are too many things that are pulling at people’s attention, so how do you get in front of them? You do need to be very thoughtful about how you’re communicating with your workforce, but more importantly, you have to be mindful of the fact that communication has to be a two-way street. What are your employees telling you?
And it’s not just about hearing them; it’s really about listening to them and comprehending what it is that they’re telling you. I oftentimes will intentionally engage people at lunch or at a company event in conversations about how they are perceiving the compliance program. Hey, how did you like that training we just rolled out? Or what did you think of that info screen? We have info screens around the company that are sort of these electronic billboards, if you will, that flash up different messages throughout the day.
SF: Oh, I love that. Like you see in the elevators of newer buildings?
EO: Yeah, exactly. There are these big flat-screen TVs in most of our offices and we utilize those quite a bit for our compliance messaging. So, I’ll point to the screen and say “Hey, what do you think of that? What works for you there?” And surprisingly, you know, even though they’re in a situation that isn’t quite work and is a more social situation, they’re very open and very candid with their feedback. I’ve had people tell me, “Well, I just really didn’t like that training,” or “I didn’t really get that email, I thought there were too many words and I was a little confused” — you know, just really having those discussions with people, listening to what they’re telling you and hearing about their concerns.
Why don’t they want to report things to the helpline? “Well, I’m a little nervous; I don’t know about this retaliation policy.” Just reassuring them and taking the opportunity to talk to them one on one: I think that’s really important. Thinking back on my experience working in a much larger company, I think that was the piece that was often missing.
I think that people just don’t stop to listen to the words and communication that are coming back to them, and that’s just as important as what you’re pushing out, particularly now with all these distractions.
In a culture where a tweet can set off a firestorm, how do you really take advantage of those different platforms and different opportunities to reach your audience?
I think that is really key, and that’s probably been the biggest shift over time. The regulatory requirements, the mandatory things that we have to do, those are always going to be there. It’s really figuring out how we’re going to execute on those in such a way that we can really start to have an impact on people.
SF: I love that. I think that, from a compliance perspective, a lot of people want to improve their program, to measure and benchmark, but they go about that with a companywide survey or an end-of-course training survey. There are a lot of technical big data approaches to try to collect that information, and that’s important. It’s important to do that and to collect that data. But I love how you almost take this approach of humanizing compliance a little bit. Right? Even if it’s not a huge dataset, it’s important to have those conversations, to put a face with the name, and to hear from people directly in a less formal setting where they might be more honest with you.
Even when you’re filling out a survey, you have this kind of natural reaction to respond the way that you think they want you to respond, as opposed to just naturally having a conversation and saying something that might truly reflect how you feel about it. So while that might not be a huge source of data that you could put into a spreadsheet and use to make your next decision, I think in a way it’s equally valuable to have those direct human interactions and really get feedback from the field in an unexpected way.
EO: Yeah, it’s very important not to underestimate the weight of anecdotal data that you can collect. The numbers, the surveys, the feedback we get: those are all pretty cut and dry. And yeah, they definitely are useful and necessary. Those are the things that we can point to and say, this is the data, the hard data that we’ve collected. But then hearing the concerns face to face is a huge component of humanizing compliance. I believe in storytelling, and I believe in putting a person’s face up there with that story.
So, let me give you an example. With the current campaign that we’re running right now, one of the things that I wanted to be very mindful of is that we should be pushing something out that was engaging and thoughtful, but also really grabbed people’s attention. And we thought about different things: maybe we create avatars of our C-suite and use those, or maybe we put people’s pictures up there. Well, at KAYAK and OpenTable, there’s been this tradition of using black-and-white photos of people, which are the same photos that we use in our directory. So, in our compliance program, in this campaign, if we use pictures, let’s use color pictures, because that’s different. It’s somebody that they recognize as a senior leader, but because it’s in color, the format is brighter than most of our messaging. It’s not the typical color scheme, and it just has a quick blurb on the side with a message that packs a powerful punch. In this case, it’s about bystander accountability. And I really feel that the end result of that campaign was an image that was very eye catching and different, with powerful messaging.
SF: That’s really an interesting approach. I think a lot of compliance teams today, from what I’ve read and from what I’ve understood, are trying to brand their programs to align with their corporate branding so that it seems more formal and official. That’s important because it kind of connects the dots between everything else you see in your company. But I love how you almost “broke brand” a little bit to make it stand out from how everything else looks as a way to catch people’s attention.
EO: We did, but it still complements the corporate branding and it is still within guidelines, but it is not like every other message that we put out there. And that’s, I think, the important thing: it’s different enough that it forces people to stop. You know, they’ll see it on an info screen out of the corner of their eye and be like, oh, wait, that’s different. And then they’ll stop and actually look at it and read the message and then they’ll go about their day. But at least we’ve grabbed their attention. We’ve hopefully given them something to think about.
SF: So, Elizabeth, unlike many members of the compliance community, you didn’t go to law school and get a legal degree before moving into the field. I think a lot of the compliance industry today, or historically, has been lawyers or general counsel that found themselves moving into compliance within a corporation because of a need to build up that program. But compliance is certainly a young and burgeoning industry, and for people who are looking for a rewarding, challenging job where they can make a difference, it certainly fits those criteria. What advice or suggestions would you give to professionals who may want to pursue or pivot to a career in compliance but who don’t have that traditional legal background? Are there any specific skills that you think are universally needed for a career in compliance?
EO: Sure. First and foremost, I think patience and tenacity are two of those, as well as very strong diplomatic skills. Those are sort of soft skills, but project management is a big component of it. Certainly, negotiation, and the ability to communicate clearly and effectively, being able to bring new ideas to the table. Knowing how to interact with people across disciplines and across levels of seniority, that’s very important. Being able to navigate amongst your entry-level and intern population and your new college hire population, but also feeling comfortable around senior leadership, that’s definitely imperative.
I think non-attorney professionals who maybe work in the legal profession, either as paralegals or in the operations space, and people working in HR are well-suited for this role. If you are interested in training, certainly you can come up through the learning and development path. I’ve even seen teachers and librarians who have successfully navigated into compliance roles, particularly when their focus is on training. I really don’t think that a law degree is necessary. I just think that you have to be someone who is organized, analytical and has the ability to navigate amongst the various levels of seniority within your organization. Also, you have to be somebody who is sensitive to sort of cultural differences. I think that’s very important, particularly when you’re working in a multinational company, because there are differences in perception and approach, and certainly legal differences around the world, and you have to be able to navigate through those successfully. And not being shy, being able to speak up and to make your opinion known, and not let the fact that you don’t have a law degree hold you back.
SF: I think a lot of people listening (or reading) may not work in compliance, but may possess a lot of those skills and traits. It’s very interesting to think about embarking upon a new challenge or journey in your career that may be different from what you’re used to, but how a lot of those skills that you’ve built up can really translate very well to another career or another job or function within a company. I certainly know a few people that kind of match what you’ve described but who don’t work in compliance today. So it’s really interesting in that context of what a good compliance officer could look like.
EO: Yeah. I think you need to just have the ability to see things from the top level, as well as get down in the weeds and do what you need to do and not be afraid to get your hands dirty. I think that’s key as well.
SF: Well, Elizabeth, thank you so much for taking the time to chat today. I think this was really educational and it will probably help a lot of people expand what they think of when they think of compliance and how they address common challenges in the field. I really enjoyed spending half an hour chatting.
EO: Thank you, Sean, and thank you for giving me this opportunity. I really appreciated having the chance to speak about what’s on my mind and talk about these issues, because this is an area that I am very passionate about. Certainly, people are welcome to connect with me on LinkedIn, and of course they can visit KAYAK.com for all their travel needs as well as OpenTable for their dinner reservations!
SF: I made a dinner reservation on OpenTable for tonight! Mission accomplished.
EO: It’s funny, because I’ve been a longtime customer of KAYAK and a more recent customer of OpenTable, and I had no idea exactly how things worked at KAYAK. For me, it was a website that I went to whenever I needed to take a trip. But I’ve got to say, it’s been really fascinating since I started working for the company to see the inner workings of both KAYAK and OpenTable. It’s a really great company. They put a lot of focus on their culture and how they work with respect to ethics and compliance, and it’s definitely an environment that I, for one, really appreciate.
SF: Well, your passion for the company and the compliance field is certainly infectious. And I, again, really appreciate you taking the time. Thank you so much.
EO: Thank you.
Listen to Sean Freidlin Interviews Elizabeth O’Keefe from FCPA Compliance Report here.