Women in Compliance: An Interview With A Panel Of Global Experts 

In my network, I currently work with many women in the compliance field. However, at events on compliance topics where the most diverse types of companies and organisations are represented, I observe that the proportion of men there is usually many times greater than the proportion of women. What’s more, as a woman with a migrant background, I keep noticing that there are still very few compliance officers with a migrant background at management level.

During my career, I have repeatedly noticed how differently men and woman in leadership positions deal with the issue of compliance. While the majority of men are of the opinion that they know exactly what compliance is and, let me paraphrase in a friendly way, they sometimes interpret the rules generously for themselves without consultation while occasionally bringing their position of power into play. Women often act differently. In my perception, they are also more often inclined to ask themselves critical questions beyond their own power interests and to try to look at things objectively from several sides.

I consider it very important to have a network – be it to exchange content or also to encourage each other to take a complicated path. Most of the experiences we women in leadership positions have are similar, and it is good to have a network to simply exchange ideas.

Actually, analysing processes from a compliance perspective is what I enjoy the most. I find nothing worse than complicated processes that also involve a lot of paperwork. In most cases, they are error-prone, cause frustration and are time-consuming. Disentangling this and working out a legally compliant process that at the same time takes into account the needs of the company or organisation remains an exciting field of activity. I still very much enjoy advising and supporting the relevant areas.

I was initially working in the legal department when our general counsel came to me and asked me, based on my already acquired knowledge and experience, whether I would be interested in applying for the newly created and advertised position of compliance officer (due to an ongoing IPO, it had become necessary to set up a compliance management system including a compliance officer). I asked for time to think it over, looked at the job advertisement and googled what compliance actually was. In fact, it wasn’t entirely clear to my boss either, only that we absolutely needed such a position. I was ready for new tasks and applied. Looking back, I can say it was my best decision. Besides looking at internal and external rules and regulations, processes and procedures play a big role, as do their implementation. Looking at the whole package, including risk management, is very exciting and challenging at the same time. Not every area has welcomed the introduction of a compliance officer. It requires patience, open communication and perseverance to master the daily tasks and challenges. It also involves dealing with resistance, because at the end of the day, compliance is just another cog towards achieving the company’s goals. And that is how I see it to this day – compliance is everyone’s job.

Maintain your curiosity and start by developing an understanding of the respective operational business. It is important that you get your own impression. Also try to build trust with the managers and especially with the employees. After all, the employees are the ones who can tell you exactly whether a process is running and where there are risks in the operational business. This can be achieved through open communication and transparency where possible.

Have the courage to say that you don’t know something, because it is important to understand facts and explain your own work. Also have the courage to question your own CMS processes as a compliance officer, should you feel that “it doesn’t fit”. And last but not least, don’t be intimidated by power struggles and “alleged” pressure for things to pay off: it’s not easy but it’s also very important.

I welcome this discussion because without it, nothing would have happened regarding the topic of women’s leadership and compliance is affected by this. What if women are reduced to the fact that they act differently from their male colleagues and are considered suspect? Likewise, (potential) mothers can be seen as a factor of insecurity for the company and are not given the opportunity to work as managers. As a result, rules need to be created. I remind you that it was only through the “Law on Equal Rights for Men and Woman in the Field of Civil Law” from 1958 that women in Germany were able to work without the permission of their husbands. The draft law, which was intended to finally implement the equal rights of men and women enshrined in basic law since 1949, dates back to 1952. Only after long negotiation processes and against much opposition did the law pass in 1958. It took two rulings by the Federal Constitutional Court in 1959 before equality was actually recognised as a constitutional right. Fortunately, a lot has happened since then, but the fact that we are talking about women’s leadership and the introduction of a women’s quota shows that we have not yet reached our goal. In any case, I am happy if I can contribute to making women in leadership positions more and more self-evident.

I am a lawyer, I started my professional career in one of the famous “big four”, particularly in fiscal legal litigation, nevertheless I thought that something was missing in my life and I decided to look for something that challenged me, something daring. I found this path in the “financial system” more than 17 years ago, where I discovered my real learning, not only in compliance, AML, frauds, etc. but also it took me to develop leadership, a strategic mind, negotiations…among others.

After my financial story, I changed towards other alternatives also challenging in the pharmaceutical industry and communications.

Of course, this road has not been solitary. I have had the ability to find wonderful people, extremely professional. I have learned from the best people in these fields!

I remember that several times my working team and I sat down to discuss and find out what this “strange creepy subject” of compliance was all about… and how significant and important this matter would be in the near future… After some years, the future became the present and I understood that those long hours of study, practice, frustrations and also fun, why not!, have been fruitful… and without any notice I became an expert in something!!, in compliance, in AML, etc. I also became a real leader of incredible people, found friends to share joy and success with, and of course winning battle after battle.

And this is how, after a while and after several invitations, I moved to a different continent. Working in Europe with new and different methodologies, experiences that represent new victories. And this experience brought me a new universe of compliance themes, new contacts, friends and new markets, and on the top of this, new visions in the ways of seeing compliance.

Where am I going to stop? I really do not know… I am behind that philosophy and way of life.

Of course, there is a huge and completely different vision. On one hand, you are the face of the company, the importance is not only implementing and writing policies, but the main interest is centered in all employees (beginning from the top management) to understand and adopt the “compliance culture” and not only to be trained. It is to convey the importance of, for example, safeguarding the company’s reputation and protect it.

From the consultant point of view, this attitude is wider as a real sense of need must exist to understand what the company is looking for and offer them what they are expecting, starting from their priorities.

As a consultant, the clients are businesses of a variety of industries and sectors or areas – that is why it is fundamental to be avant-garde towards international regulations and tendencies.

In my personal experience, of course changes have occurred. Actually the compliance team is easier to be perceived and accepted as part of the business (sales, finance, human resources, etc.). Even then, in many companies the compliance area is part of the strategic team.

On the other hand, when I was the leader of the compliance team in a pharmaceutical company, I even achieved the goal to involve top management in the compliance strategy and they also headed different activities that were formerly only the responsibilities of the compliance officer.

I can truly say that this has changed significantly but nevertheless, there is still a long way to go. For example, it is not common for the compliance area to have a special budget for the different activities that go beyond training and even more for the review of gap assessments and opportunities by external firms.

Without any doubt, as women we have conquered each time more roles, we are meant to be leaders and to solve.

I have had the fortune to meet women that are excellent leaders with very important positions at international level and I have learned a lot from them. Women are extremely good performers, nevertheless as a gender, we have to perfect some details that can put us in “the eye of the tiger”.

Experience. Compliance is continuously changing, new tendencies, new challenges to reach. The purpose of mentoring is to transmit this experience, not only technically but also in an empathic way, woman to woman, talking about challenges, how to face different situations, analyzing mistakes, results and different solutions.

Of course, there is an impact in everyday life as each situation has to be focused on different ways, alternatives, points of views and approaches.

A very personal relationship is built, very intimate, transparent and very important and objective.

Until now, results have had visible spots and with my guidance these women have been successful, they have conquered professional steps that they never imagined. Others are studying deeply in compliance themes and many of them also have had a very positive impact in personal and familiar ways.

My path was not too complicated as I had degree combinations that pointed out that I would do well as a compliance expert. I started my career over fourteen years ago as a security officer in law enforcement. I eventually moved to corporate security management, where I started as a security operations professional. Security operations are considered the fundamentals of general security practice and an exciting career path. I was promoted to the Country Senior Risk & Resilience Manager one year after in an exceptionally tight and competitive process. I am grateful for the opportunity because I am an ambitious person who wants to know a couple of things about everything. I was excited but not confident because I knew that Enterprise Risk Management is not the same as Enterprise security risk management. While the former is broader and more encompassing, the latter focuses on security management and nothing more. I had the advantage of having degrees in Law and Economics. The business thought that all that I would require to excel in my role was to develop a straightforward induction program that was the right fit for me alongside other pieces of training. That was with the hope of ensuring that I can build confidence on the job, which is a unique tool for working independently. So, I managed entry-level roles in that path and then moved quickly to high-level functions because the company gave me the necessary support. That was the best option for the company, considering that risk experts are scarce in Africa and globally. The business opted to develop its talent, and my background in Economics, Law and security operations made it easy to adapt instantly.

One of the significant challenges that I encountered at inception was emptiness, as I felt deep down that I had nothing to offer despite my eagerness to bring value to the table. You cannot give what you don’t have, and nothing builds confidence as much as knowledge, as I didn’t know much about Enterprise Risk Management at that time. Another thing was that I was just one year in the company when it felt that I had what it takes to take up that delicate role, so I was not an ‘organizational-level expert.’ In other words, I didn’t know much about the different and fundamental operations of the companies, and that was one item of knowledge that would have made my task a lot easier. Today, I am proud to state that I learned quickly because I took my professional and personal development seriously. The company has shown me that it never regretted taking a chance on me in diverse ways, and I am grateful for that. The key is having a realistic goal and being committed to getting it accomplished. In the first eight months as the senior risk and resilience manager, I got certified as Business Continuity Professional and Risk Management Professional from the Disaster Recovery Institute and RIMS. This feat shows nothing but a commitment to a course I am passionate about. I am enthusiastic about the opportunity and am keen to develop myself, hoping that I will be one of the top players in the risk management industry by 2023. It is doable if we understand the mystery behind deliberately investing in our professional development. I love that taking up this role has expanded my scope in terms of versatility. That is why I am interested in mastering the art and remain very passionate about continuous education. We can never know enough no matter the stage, and the more we know, the better we get. So, for specialized roles such as this one, you must be intentional about learning, understanding, and practicing.

Sure, many companies in Nigeria have intentionally integrated the Diversity, Equity, and Inclusion clause into their People & Culture Policies. Available statistics have shown that teams with the DE&I are doubtlessly more productive. So, it is not just in the ‘compliance’ field. Generally speaking, women get the recognition they deserve through promotions, exceptional placements, and appointments. With compliance specifically, I can confidently tell you that the female folks have dominated that space in Nigeria, and my assertion is based purely on observational studies.

There are a lot of them, but the fact that my team and I are thoughtful at ensuring that risks are not just identified and tracked proactively but that the company is shielded from all forms of reputational damage, health and safety issues, strenuous management efforts, as well as financial losses that would have been the model without a robust Enterprise Risk Framework in place. Again, this will entail an efficient incident response strategy that ensures that incidents are not escalated to crisis through proper management. At the end of the day, it still feels like I am doing the core security management function. Our ultimate objective in the risk & resilience field is to minimize business losses as much as possible by paying attention to opportunities and uncertainties because risks will always be there.

I have one piece of advice for them: they should pay attention to their professional development by prioritizing it highly. The field of ‘compliance’ is very vast and mixed, from risk management to internal control to ethics and then regulations. It is not for complacent people! It is for people committed to lifelong learning coupled with excellent influencing skills.

My arrival in Compliance was a natural evolution of my path. After my law degree and my PhD in criminology, I realised that a forensic career was not my aspiration and for this reason, I became involved in internal audits. This role allowed me to acquire knowledge on the operational management and structure of companies. Entering Compliance was, therefore, the best way to combine my initial passion for law together with company organisation.

Until a few years ago, the concepts of compliance and integrity were associated with a general sense of respect of the law and valued as a necessary cost for businesses. Today it is understood that “being compliant” does not only mean avoiding sanctions. It is now seen as a competitive advantage, since it implies working in an organised way, applying management standards and being appreciated by the market while creating a workplace with a corporate culture capable of attracting talent.

Both the role of women and the role of Compliance have grown significantly in recent times, and they have proven a positive change for companies. The resilience associated with female leadership is what has allowed Compliance to emerge and clear itself from the role of being a mere regulator of the rules and to establish itself as an internal consultant to support company management.

To be honest, it’s not a question I often get because Compliance has always been a field where the role of women is predominant. This is due to the fact that Compliance was born as an unsolicited function in the company – an underdog – in which, as a woman, it was easy to enter due to the lack of male competition. The goal was to overturn commonalities: in this sense, being a woman in Compliance is a double challenge since it involves both the affirmation of the female role and the enhancement of Compliance in the company.

I have always worked in sectors with a strong male component, and I have never had the opportunity to deal with female managers. However, I was lucky in meeting people who were able to evaluate me more for my skills than my gender, thus helping me in my professional growth. Today, I try to support young women who enter Compliance in reaching the necessary level of self-awareness as professionals within the company context and making them aware of the positive change they can bring thanks to their new and modern vision.

Risky Women is a global network that connects and celebrates women in governance, risk and compliance in multiple ways. We host events, have a podcast – Risky Women Radio and highlight talent in the industry with our Women to Watch series.

The role of the compliance professional is expanding and changing given the challenges being faced from massive supply chain issues, to cyber crime and increased financial crime. Finding, retaining and growing talent remains a top priority in order for teams, not just women in risk, to manage.

We don’t really have any data on those differences and have not been made aware of any real differences. We see women adding value to the profession across the globe.

Listen to Risky Women Radio and hear all the amazing women and their hints and tips and ideas for you. It‘s a great source of mentorship!

Innovation, creativity and being kept on your toes. Being a relatively new profession that isn’t as heavily regulated as many others, we have a unique freedom to advance our Compliance program in the knowledge that best practice standards are continually evolving and there are many discoveries to be made to enhance our Compliance function and program. Examples of this are increased scoping of ESG, incorporating behavioral science and finding quality ways to identify data that can be used for analytics findings that can improve our processes and culture. I also love how investigations mean that your days are never the same, we get constantly challenged with new scenarios to work with, understand and remediate.

I do not share the view that Compliance is male-dominated. There is a huge number of women in the field, including at the Chief Compliance Officer level and many exceptional female mentors exist and have been practicing for decades. I am also not sure I’d describe my network as women led – though my podcast focuses on the advancement and empowerment of women, I look for diversity in my network and that includes not discounting the value many of my male peers provide to make me a better Compliance professional and person.

The evolution of Compliance from regulatory/legal Compliance to reputational risk, ethics and integrity scope is a wonderful opportunity for Compliance Officers and the organizations we work for. However, we also cannot be the moral arbiters of the company. Additionally, making the decision as to whether or not to include new subject matters, place them with other departments or dedicated functions (e.g. ESG, data privacy, data security, trade sanctions) is different for each company and its circumstances. To me, it feels like there is more subjectivity now. I don’t think that is necessarily a bad thing, as long as there are well documented and well thought out reasons for whatever decision- making you come to.

It’s not enough to just pilot new policies or initiatives, you have to involve business stakeholders right at the conceptual stages of workstreams, seek their input and incorporate their feedback. We ask the business to involve us early and often – we’d do well to abide by our own expectations.

Compliance is a calling for me. Outside of work hours I spend a lot of time thinking about ways to contribute to the profession and community. I truly enjoy being a member of a profession that really cares about and looks after each other. Some of the kindest, most brilliant people I know work in Compliance and have genuinely become friends as well as colleagues. My best advice for establishing your community if you haven’t already started networking is to not build a relationship. No matter how good-hearted someone is, people are very busy and so trying to establish a relationship by introducing yourself and asking a favour of someone is putting them in a very difficult position. Introducing yourself and paying someone a compliment about their work that you’ve heard about, a well written article they’ve authored or praising their presentation skills after a conference is likely a better opener.

I was a partner at an international law firm and had many years of practice supporting clients in mergers and acquisitions. As a lawyer, I always had a strong connection to compliance and it became a focus topic when I moved to Sika eight years ago to build up the compliance organisation. Building up the compliance function was very exciting and attractive.

Despite an increasing level of regulation and authority enforcement, there is a very much culture-based approach rather than a legalistic one. This approach has proven to be more effective and because it has a strong connection to the people in the company. Compliance is more about being preventive rather than controlling people. It became more and more a top priority with a key focus from top management and the board, protecting not only the reputation and the business but also the employees from negative consequences.

As a compliance consultant you give advice, but you are not connected to the implications and the people involved. On the other hand, being part of the company team, you need to have a holistic approach to compliance and develop a deep understanding of the correlations and impact of your decisions and advice on the business. Moreover, you develop a stronger connection to people and can inspire others to become ethical ambassadors.

It is important to have the capacity to balance between the risks and business opportunities but never compromise on integrity. Further, to build trust within the organization and business partners and fostering a “speak up” culture, to enhance transparency and equip our people with the right principles to take the right decisions.

Be passionate about the topic and believe that integrity is a core value in business. You need to love connecting with people but also need an analytical mindset. You need a strong character to stand up for what you believe is right, but also an open mindset to listen and learn from others. Continue to build up your competences, trust in yourself and find a mentor or role model you can turn to.

I think it’s important to understand that ‘tone at the top’ doesn’t always refer to the C-suite. Culture is heavily influenced by your manager and peers with whom you interact daily. Great company culture is dependent on a workforce that feels that they belong and their opinions matter. This creates an environment where people feel supported and safe with reporting suspected wrongdoing and speak up and contribute to an ethical workplace that values the diversity of thought.

Soft skills are critical in ethics & compliance work. There is so much that is left unsaid by individuals who don’t feel safe or comfortable discussing suspected issues of non-compliance or unethical behavior. To be seen as a trusted advisor and resource, Compliance Officers need to wear so many different hats – coach, thought leader, influencer, therapist, and networker. They can give the human touch to compliance by how they communicate their program, including conducting town halls, inclusive policies & procedures, quick starts & visual aids, gamification, podcasts, regional/office spotlights, etc. The more that the Compliance team interacts with all levels of the workforce, the more likely people are to reach out because they feel an affinity to them.

Taking a legal approach focuses on mitigating risk rather than a more human, conversation approach focused on helping the employee understand the risks involved in their job. Many companies hire law firms to write policies. These policies end up being very dense, prescriptive, and written in legalese, making it hard for the majority of the workforce to understand what they need to do. Policies should be simple, to the point, and take into account the culture of your workforce. Include visuals, infographics, and FAQs to help employees understand the risks for their particular role. This will prompt more questions and discussion.

A compliance consultant is a valuable resource for in-house Compliance Officers. They can leverage their own in-house experience and knowledge from working with clients in various industries to advise and provide objective guidance on managing workplace issues effectively. This guidance draws on developing a “best in class” directory of practices from past and current clients that can be passed on to assist the in-house Compliance Officer with enhancing their program and helping the senior leaders understand that the department creates a competitive advantage for the company.

People and society inspire me to do better each day. Ethics & Compliance increases people’s quality of life. I love to have those conversations and work hand in hand with open-minded executives, passionate allies, and courageous changemakers committed to transforming their organization into a more ethical and diverse workplace culture. This creates an environment where employees feel like they belong & are valued, and the company cares about the society in which they operate.

We must not confuse compliance culture with people culture. A company’s compliance culture depends on the enforcement of laws impacting the company and not on people culture. We therefore see differences in the way compliance is handled in different countries contingent on their respective law enforcement. There are also companies operating in group structures where compliance is centralized. Such companies may be in a country with little law enforcement but they have to develop a stringent compliance culture to meet their group standards. I therefore believe we must look at compliance at corporate level instead of country-wide.

A “tone from the top” culture is important in compliance to maintain standard values and practices across organisations. It is good to mention that a good company culture does not imply operational efficiency. I also favour “tone from the top” culture in compliance but we must ensure it is accompanied by actions and internal controls in order to promote efficiency and thus may be called a “good” company culture.

Compliance professionals, including me, have a significant impact in our respective industries because we play a key role towards achieving the objectives of the industry regulators. We are the ones working “on the ground” to ensure proper implementation of the rules and regulations set by the regulators, which is utmost important to safeguarding our organizations and consequently our countries against reputational risks.

To be a successful compliance professional, it requires diversified skills, ongoing learning and commitment, amongst others. These are not easily achievable by women in general for various known reasons. As a result, compared to men, we may see fewer women who climb the career ladder towards leadership positions in compliance. Hence, in today’s professional world where people are trying to fill the gender gap, women as compliance leaders stand out.

Compliance is all to do with rules and regulations and the latter are always evolving, making compliance a challenging task. There is always something new to learn, analyze and implement, which forms part of my areas of expertise. So, compliance is a field I personally like, I have proved to be good at it and knowing that my work has an impact on an organization and the industry definitely motivates me to do better. Moreover, the recognitions I get from the industry is certainly great source of motivation.

In general, the subject of the “human touch” should not be attached to the human race. A manager, a collaborator or an individual should innately consider others and offer a “human touch”. This implies a broadening of horizons.

However, in our society where leadership has long been dominated by men and where strong and powerful women have often been equated with men, the “human touch” they naturally offer could make all the difference in their career.

In Compliance, this “human touch” is all the easier to offer on the part of women because they have intrinsic capacities for apprehension, consideration, management, organisation and, surely, thanks to the weight of history.

In general, companies failing to understand does not constitute part of my work – it focuses on the overall interest in compliance! Companies subject to or impacted by the Sapin 2 law only consider the legislation a form of restraint.

Do they find it difficult to understand why habits need to be changed? Why would legislating be the only solution? Why spend “at a loss” to respond to a law?

After 5 years the Sapin 2 law, the observation is that not all the companies subject to it are compliant and that the organisations not impacted by it are subject to due diligence by their third parties, pushing them in fact to engage in forced compliance.

Indeed, there is a difference between working as a compliance consultant and being a compliance officer in a company.

My experience reveals that in business, the compliance officer too often depends on the strategy of the company, its governance and management. There are too many obstacles linked to different criteria such as economics or power. It is not always easy to be heard in a company.

As a consultant, I work with companies that have a proactive approach, ready to commit and launch a compliance dynamic.

I know it, I listen to, I transfer my knowledge thanks to my passion and the client company knows how to thank me.

Of course, this question has been asked many times. My answer is always the same: why ask this question?

I have always lived the notion of difference in outlook because of my origins, my outspokenness, my character.

Yes, I am a woman, I am different but I have skills, qualities, values, know-how… which should systematically take precedence over gender.

Being a woman in compliance is no more difficult (or no less difficult) than being a female manager or leader in business relationships.

This is a problem for others, no more for me!

Being a compliance professional is obvious to me. It is not just a question of selling services but of ensuring with satisfaction that the customer will be fully protected by my compliance work.

Doing compliance is the best vector for me to apply my values such as:

• the transfer of skills through missions and mentoring
• human relations thanks to my role as a lecturer and certified trainer or business relations without hierarchy with my clients
• my deep intrinsic respect for justice and rules…

And finally, to honestly receive thanks from my clients.

I rather see the problem being that we regard compliance as a purely “legal” issue, and it is, but there is more to it. We have to and want to inspire and win people with compliance – they should understand why we should behave in certain situations so it is also very much about communication. And that brings us back to one of the strengths of women: with empathy, sensitivity, discipline and a fair amount of decent role models, I think women are the perfect fit for this area. And there, exactly where these qualities and skills play a major role, I am seeing many women working in compliance. That is gratifying!

To inspire people. To make them rethink, to take them on a journey, to see an “aha” effect in them and to ignite a passion that should be a matter of course in our actions. In many of my trainings, I work with the participants to see these successes at the end of a seminar. That’s fun and it’s what makes it new again and again. If you like compliance, you have to like people!

Stay yourself, completely! Do not imitate anyone, bring warmth of heart for the subject in addition to a high level of professionalism and win people over. Ultimately, it doesn’t matter if you are a bus driver, teacher or compliance specialist. If you are passionate about your profession or vocation, you will convince others and make your job unique. This way, you won’t get bored and you won’t bore anyone.

That you need staying power for everything. I’ve been self-employed all my professional life and there are – like everywhere – good times and not so good times. For me, my freedom to make my own decisions has always been my top priority. It has not always been easy, but it has always been the right thing to do. Today, after nearly 30 years, I can say that I enjoy this freedom very much. I can say NO when I mean NO and have endless fun not having to bend.

I believe that there are two magic words for compliance: participation and identification. If I am part of a system, I am considered important and I am seen. And I will not break what I love.

If companies manage to leave room for discussion and listen, especially when it comes to compliance regulations, then you can find very creative solutions for your own company on how to design and equip an individual and appropriate compliance management system. This is often a bit further away from the mainstream but it feels better and has the chance to take the addressees along on this exciting journey.

And yes, rules also need to be understood (not just heard). I like to try to do that with the companies I advise with dilemma trainings or with case analyses because it is not just fun to think and shape – it also influences people’s actions. So join in (participation) and deal with it in a positive way (identification). And that’s it! Well, almost.

In the pharmaceutical industry in particular, there is a large proportion of female professionals in the compliance field, right up to the very top. And in my professional network, there are also quite a few female compliance specialists from other sectors. Instead of a strong peer network led by women, I personally consider it more valuable and important that a professional network exists in which a specialist exchange can take place, but with a balanced proportion of female and male experts. In addition, I would generally like to see the developments of recent years continue and for women to both encourage and challenge each other, discarding their differences. Nothing should be taken away and they should win as a collective.

As a lawyer, I worked mainly in the areas of insolvency law and pharmaceutical law until I started as Head of Legal & Compliance at Sandoz Pharmaceuticals AG in Switzerland. That’s how I first came into contact with compliance without having any specific experience in it – the initial focus was still increasingly on legal issues within the group. However, the topics of legal and compliance are strongly interconnected so I very quickly found my way around the compliance topics as well. Compliance has developed enormously, not only in the last 10 years, but especially in the pharmaceutical industry. On one hand it has developed in terms of content and on the other hand both as a function and in its importance within a company. I have always been fascinated by this development and the fact that compliance goes beyond the legal requirements in many areas while good, pragmatic solutions “beyond just legal” have to be found. In the course of separating the Legal and Compliance functions from each other within the entire Novartis Group along with the opportunity to take on a regional role in Compliance, I then turned my full attention to the field and I would take that step again at any time. I would also like to mention that my career path was possible “despite” a part-time workload. I am grateful that I have had and continue to have very progressive employers who have accommodated my wish to work part-time in order to balance my family and professional activities. They do not judge my part-time workload or consider it less valuable.

Walk the talk! In my view, the message from the top or “the tone from the top”, is indispensable. Just as important, however, is “behaviour from the top” that corresponds to the message. In order to fulfill this leadership and role model function, it is necessary to have sincere leadership behaviour with integrity, which is guided by ethical principles and that displays a zero-tolerance attitude regarding violations and misconduct. A strong “conduct from the top” is quickly reflected throughout an organisation. This includes making it clear that unethical behaviour will not be tolerated in any way. Once these basic pillars are in place, work can be done on other elements such as cooperation, flexible working time models, speak-up culture, work-life balance, etc. However, corporate culture stands and falls with the integrity backbone of top management.

From my point of view, it is helpful to make the topic as simple as possible for employees, using straightforward messages and tools. Compliance is a no-brainer in and of itself. It is about doing the right thing correctly, thinking outside the box and taking different perspectives in order to identify and eliminate or minimise negative impacts of an activity in time. To do this, I think it is a good idea to use story-telling or other techniques to make employees really feel the compliance. As May Angelou said, people forget what you said or did, but not what you made them feel. The sky is the limit when it comes to creativity. Why not use sweets in different colours to explain certain compliance rules or principles? The employees in the office are surely going to be happy about such an addition to their compliance training. Personally, I am a big fan of the musical Ethics & Compliance Playlist by Dr. Bettina Palazzo – it is a very refreshing way to deal with ethical dilemmas.

In my experience, the following three areas present some of the greatest challenges:

Having suitable tools and sufficient human resources available in order to be able to carry out all compliance tasks sufficiently with the necessary care and within a reasonable timeframe to the satisfaction of the company. In my experience, companies often invest too much in new projects or departments without also investing in risk management, for example in compliance. This investment in the compliance function is usually only made downstream and often only when the additional risk management effort can no longer be managed in any other way. In my opinion, such one-dimensional investments are most expensive for a company in the long run than if a holistic investment strategy were to take place from the beginning, taking the so-called supporting functions into account.

Personnel changes, especially in management, always carry the risk of a cultural change which can occur within a relatively short time and cause considerable damage. In this context, it is extremely important for the compliance officer to stay close to the employees, to conduct regular training and awareness campaigns, especially for the management and, if necessary, to seek support from other functions within the company such as quality assurance or internal audit.

In my opinion, a regular and consistent recalibration of the personal moral compass is one of the most underestimated challenges in the compliance area. The so-called operational blindness of a compliance function can have considerable consequences or lead to risks for the company. As a compliance professional, it is important to keep oneself fit regarding risk assessment and risk management while regularly questioning whether the assessments made are sufficiently critical or if a level of operational blindness has crept in. Of course, this has to be distinguished from the experience and expertise gained over the years, which is enormously valuable. In my view, compliance experts are like a good wine: they get better and better over the years. In my view, regular exchange within the compliance community or with Internal Audit, further training, peer/guest monitoring or consciously applying specific decision-making/review processes are helpful in this context.