Senior Vice President, Business Risk & Control Sr. Officer, IT Infrastructure Risk & Cyber-Security for Wells Fargo, mid-Atlantic region.
AT: You’ve had a fascinating career, so I want to start at the very beginning. For most people in compliance, a U.S. Sentencing Guidelines conversation begins and ends with Chapter 8, the organizational guidelines. You began your career with the U.S. Probation Office in their presentence unit applying the guidelines to criminal cases. Can you tell us about that experience and how it helped shape your later work with compliance programs?
LK: My experience as a probation officer in South Florida in the 1980s and 1990s was amazing, and I still miss it some days, believe it or not. Being involved with federal sentencings gave me incredible insight into the prosecution process and mind-set. I also had the opportunity to work on corporate prosecutions, albeit not of the size and scale we see today. I completed hundreds of presentence investigations, which involved the identification of financial red flags and reviews of operational misconduct. The Guidelines allow for organizations to be placed on probation, which is similar to being under the supervision of a monitor, corporate integrity agreement, or a consent order. Maintaining your independence is integral to serving as a probation officer. Essentially, you are “the eyes and the ears” of the court. My experience in this role taught me skills for interacting with individuals from all walks of life, and coupling that with the emphasis on independence and fairness prepared me well for my current role.
AT: From there you moved into consulting with white collar defendants. When you switched to the defense side, how did it affect your outlook on the Guidelines?
LK: I am a fan of consistency and standardization. So, generally, I support the use of guidance to facilitate adherence to government expectations. The Guidelines address many post-conviction considerations. There is always room for improvement; however, I believe they are helpful with managing expectations and establishing a baseline for compliance.
AT: You then began your career as a compliance professional by joining EY in their litigation advisory services, which provided compliance services to a wide range of industries. You were able to see a lot of different companies and how they managed compliance. Were there common challenges that you saw?
LK: During my time at EY and Holland & Knight, compliance as a profession/discipline was in its infancy. It was a challenge to engage companies, because the concept of compliance was perceived as abstract. It was not uncommon to hear “compliance with what” in C-suite conversations. Risk is inherent in business; successful executives take risks every day, so learning how to talk to CEOs, CFOs, etc. required me to change my approach. I had to present compliance in the context of business drivers and competitive advantage—for example, data privacy as a customer expectation.
AT: What’s the first thing you think a consultant or a new compliance officer brought in to lead a program should do to make sure they have a good feel for what’s going on in the compliance program?