Transcript | Risky Women - Compliance Transformation: Donna Timlen

This is Risky Women Radio – a show to connect, celebrate and champion women in risk, regulation, and compliance. Sharing insight and perspectives from the most influential members of our global Risky women network on the latest developments, we need to think about, the challenges we should all talk more about and the innovation we are most excited about governance, risk, and compliance. Bringing together the hundreds of senior women professionals already connected with a new emerging group of leading women and men. I’m Kimberley Cole, your chief risky woman.

Welcome back to our transformation series on Risky Women Radio, where we will be talking about innovation and transformation and taking a look ahead at the views from some amazing risky women on what’s next in the world of risk management. I’m Lucy Pearman, Global Head of Risk and Controls Transformation at Protiviti. And I have the pleasure of introducing today’s risky woman, Donna Timlen. Donna has been Chief Compliance Officer, based out of Baltimore, of OneMain Financial, America’s largest installment lender, since November 2015 and reports to the OneMain General Counsel. Donna has served as CCO of OneMain Financial and its predecessor company (both units of Citi) since 2010. As CCO, Donna is responsible to drive the strategic direction of the company compliance program; ensure the Board, Management and all employees understand and adhere to regulatory and other risk management requirements and provide a governance/oversight structure that includes assessment, escalation and reporting. Prior to her role as CCO, she was the Compliance Director of Business Operations Compliance Support Team for CitiFinancial (2007 – 2010). In this capacity, she had primary oversight responsibility to ensure business operations complied with compliance and company policies and programs. In addition, her team managed Compliance reporting and escalation programs. Donna began her career with Citi in the Corporate Audit team as Staff Auditor and ultimately became Program Director of the Baltimore-based team. In 2001, she transitioned to CitiFinancial business operations, holding multiple positions managing business administrative support functions (e.g., Accounts Payables, Purchasing); created a business governance structure for records management, information security and continuity of business.

Welcome, Donna.

Hi, Lucy.

I know I gave a brief bio, but Donna, in your own words, can you tell us your story?

I’d be happy to. And thank you, Lucy for having me. So you know, if I look at my journey, let’s call it 30 years. So the first decade of my career I spent in audit. And I certainly when I started my career didn’t aspire to or know that being the chief compliance officer was going to be on the horizon. But I started in audit. So ending in compliance is probably a full circle. My second decade, I spent in operations in the business. And as you mentioned, I did many glamorous things like purchasing back in the early 2000s, when it wasn’t as fun as it is now and accounts payable and information security, which also wasn’t as glamorous as it is now. But it was a way of introducing into the world of controls and business but having operations background. So when I moved into compliance in 2007, and ultimately a Chief Compliance Officer role in 2010, I’ve been able to spend the last over a decade in compliance space, which I love. So the journey has been kind of full circle, I’m very comfortable in the compliance space. But honestly, I think that time that I got to spend doing a bunch of different roles and operations, was really informative and how I think about compliance today, because it brings a different perspective, to have some operations background as you’re trying to manage compliance risk.

Very good. And so far, Donna, what’s the biggest risk you’ve taken your career?

You know, I thought about that. And I’m thinking that this example is an interesting one to me. And I remember being frightened to death, which was in that span when I was in operations, I had over 250 people in my organization. And I took a role in the same company, as an individual contributor, and to start building out new teams. And to go from having a group of people that did all the heavy lifting and all the hard work to go into a role where I felt completely vulnerable and unprotected at any given time, was actually a huge risk on my part and it was also a mental shift from having people, being perceived as making you the the stronger leader to taking this role, which ended up being fantastic, but absolutely terrifying at the time I made that choice.

Great. And what advice would you give to your younger self? If you were starting your career journey all over again, Donna?

If I was starting again, I think I would remind myself to be self aware. And listen, I was fortunate to have very good bosses. And I think you, when you’re motivated and excited, and you’re trying to grow that career ladder, you also have to have a little introspection, and understand how you’re being perceived. And I’m not suggesting don’t be yourself, but I do think some self awareness in how people might perceive your behavior is really important, because then you can grow, adapt, and learn from that. And ultimately, you’re going to proceed better, if you understand how people are reacting to you. And I think my younger self could have used a little more advice in that earlier in my career in that space.

Yeah, that’s definitely something that resonates with me Donna. My younger self was very ambitious! What excites you most about the industry?

It’s an interesting question, Lucy, because people don’t always equate compliance and risk with fun and excitement. But it can be, especially as we think about transformation. Our industry in the lending business in the financial services business, is interesting. If you read the headlines, whether you know it’s old school, in a newspaper or on your phone, it’ always something going on in the financial services industry, it’s become very innovative, to stay relevant and compliance has to actually do that too. Because if we don’t get innovative and stay relevant, we’re gonna put the company at risk, or potentially our customers and our stakeholders. So I find it to actually be very dynamic. And I enjoy that a lot. It’s not the same every day, which I think people think it is. But it really isn’t.

Yeah, I would agree with that. And in my experience, I think the culture in compliance embraces change a lot more than other parts of the organization. So you can do some quite exciting things.

This episode is brought to you by Protiviti. Protiviti is a global consulting firm with deep expertise in transformation, risk management and compliance. Partner with Protiviti and face the future with confidence.

So before we dive into our main topic, can you give us a bit more background on your experience with compliance transformation and the work that you’re doing at OneMain Financial?

OneMain Financial was the coming together of two legacy companies about six years ago. And that just demanded transformation and innovation because we had to bring together two very different organizations in policies in practices in products in systems in our backgrounds and what we were used to even how the compliance organizations were structured, and how we thought about things. And what we needed to do was, we needed to be nimble. And we needed to have a plan. And two things we tried very hard to make sure we did one, we tried to build controls in. So we really wanted to build an organization that focused on prevention. And that is not a new idea. But it’s a hard idea to actually execute against, because people want to move fast and furious. And nobody wants to slow down to make it you know, cumbersome, but building in controls and automating controls versus bolting them on later, was very important to how we approached it. And then on the detection side, we really focused on what’s our most efficient way of doing detection. And we can talk you know some more about that this is my favorite area, we’re using data and analytics. And we tried to take things to a much more modern approach than traditional testing. And you know, we all like to trust but verify in compliance. But how we chose to verify and understand how well the organization is doing to our commitments, was something that we spent a lot of time and energy in building out for our organization.

And what are the first steps that you think organizations need to take to innovate and transform?

I mentioned earlier that I had a little bit of operations background. And for me, the transformation was a bit of a mindset shift for everybody, people on my own team and my partners, because one, we had to show the value proposition of what compliance could bring to the table besides just Oh, they’re here to keep us safe. We needed them to understand that we could provide a tangible value for all our internal stakeholders, them included, and our team had to have a mindset of thinking things a little bit more operationally. What’s the best and easiest way? How do we show an organization not the likelihood or the possibility of a problem? But how big was the problem? How serious is it? Do you want to really talk to your partners that you saw one thing happen out of 30? Or do you want to say you had 10, or 1000, out of an entire portfolio of business, which is really where we brought our program was doing everything we possibly could using data, and analytics at a company level, you can’t do that everywhere. But wherever we could, we have done that. And the business loves that, because it’s very tangible to them. And they can act on that. And frankly, it supports our case to build controls in. Because if a process is manual, and complex, it’s hard to execute against it consistently. And if we can show an error rate, our partners are on it. They’re like, Okay, we need to not have this be manual, let’s fix this. So it definitely drives to root cause and solution as well. I think that’s really important part of it, and you have to have a strategy. You know, the company has a strategy, compliance should have a strategy. So you have a mindset, you have a buy in, but you have to have an actual strategy, we set a three year strategy, this is our third year in. It took us a little time to put our strategy together to understand that. But once you had a strategy, it was translatable, and everybody was working towards it, just like in any company. That’s what happens if you have a team set of goals, and a brand, we attached a brand, to be partners to be knowledgeable, to be collaborative to be solutions oriented. When we attached a brand to that everybody understood that we weren’t there to only find the problem, but understand the why and be part of the solution. And that that was incredibly helpful for us in figuring out how to drive the changes that we wanted.

That’s great. And you’ve mentioned, like the process complexity, and some of the manual nature of some of those processes that are run typically in organizations, particularly at the cost of the entire organization. What are the other biggest challenges that you think companies face when they’re trying to undergo the level of transformation you’ve driven at OneMain and and in such a highly regulated environment?

I think there’s at least two that come right to mind. And the first is people and talent, right? When you’re going to do this one, you can’t forget about your people, you have people on your team doing roles today. So you want to protect the talent you have. You want to invest in the talent you have, everybody has their diamonds that will rise up and grab on to these challenges. And they do. So I think our big challenge was motivating the talent we had retaining the talent we had, but also recognizing where we could augment and had skill gaps. And what we did is we leveraged, we tried to market ourselves so that our people in our data science team in our technology team came to join our little team to help us. And because they were coming from inside the company, they really brought additional value and skills into the team. So people is a big challenge. I think the other thing is you cannot take your eye off the ball. So just because you’re taking and transforming, everybody wants to pay attention to the bright, shiny object, but you can’t just forget about what you were doing, you can’t stop doing that. So you have a little bit of parallel track a little bit of overlap, that has to happen as you transition. And you have to convince your people that there’s roles for them, you know, and so what we did is we did more without more people. So we got more coverage. But we did repurpose some of the roles in the jobs that we had, so that we could upskill. And that is what we did. But we had to have the people buy in, we had to have the people support. And we couldn’t lose sight of our day jobs, which was we had to provide the coverage as we were transforming. We couldn’t, I wasn’t willing to compromise that and none of my leaders were and we needed to make sure we still were providing results and feedback and and doing our day jobs.

That’s great. And you mentioned the the kind of repurposing the you know, your people upskilling or reskilling or repurposing them to different activities. How did you leverage technology to compliment that kind of people transformation that you drove?

I wish I could say that we’re using amazing things like AI and robotics. We did dip our toe in that area, and we did get some outside help to help us. But ultimately what we ended up with in our organization were leveraging tools that we could get people trained on that word data analytical tools and exposure too. And frankly, within our organization, we had a lot of smart people that were already using the tools. And I happen to have some good people who were self taught and self motivated. But we largely use analytical tools to crawl across data. So to help us actually, getting to data is one thing, but analyzing it, and then somebody has to actually write it. So I wish I could say we’re using bots, we tried, we did try, but we couldn’t get the scale to offset the cost. So if, if someone has figured that out, I would love to learn from that, because I really want to be in that space. But the data and the analytics is very powerful. What we have done though, instead of using the tools ourselves, is work with our partners, so that they use tools to better solve our problems. And we have driven some really cool business changes and driving some changes that eliminate errors, and sometimes the business has needed to invest in better products themselves to provide that. So we’ve been instrumental in that part of it, which is honestly just as satisfying to watch and see.

And how do you work closely with your business? If they’re embedding those preventative controls in those new technologies, that’s going to have an impact on you downstream. What sort of ways do you find to work with them?

We have a lot of forums in which we work with them and our team is, you know, are talking about the innovation in the transformation part, but compliance has a lot of subject matter experts that are partners, and at the table in training and policies and system requirements, that they’re sitting there, they’re trying to operationalize the compliance requirements along with legal, so part of it is a partnership at the table. We’ve also been working a lot with them on root cause. Everybody likes to really, and I’m not talking about root cause, like who’s to blame, something didn’t work. I’m talking about root cause, like, really? Why is that keep happening? Because sometimes you feel like you wake up and it’s Whack a Mole? Like, why do we fix that yesterday? And now it happened again? How did that even happen? So you know, I think, using words like solve the problem for good, we need to understand the root cause. And that really has driven the whole group, there’s a lot of us across our control functions or business partners that are on that same page. I love when our operators say, well, can’t we just make the system stop that from happening? I love that. I wish it could happen faster. Of course, we’re competing for resources in the company, but we’re pretty relationship based. And, you know, honestly, Lucy, that goes a little bit back to branding, if the team is branding themselves as partners and collaborators. And you can get as much done as if you were playing the police officer. And, you know, I feel like we’ve just been very fortunate in our business, that they take this very seriously and are at the table with us.

That’s fantastic. And from a compliance perspective, what are those some of the most disruptive or thought provoking ideas that you’re seeing in the industry or hearing,

One of the things I’ve been trying to do and I met, we’re not maybe as successful yet. But I’m very interested in the role of compliance in the diversity and inclusion space, the Corporate Social Responsibility space in the ESG space, because a lot of what we do, our outcomes support the story of doing good for customers, right? Our customers are hardworking Americans. That’s kind of in our mission statement, and we want to improve the financial well being for them. And our company has taken a lot of positions on, as many companies are, on diversity and inclusion and corporate social responsibility, even with the issuance of a social bond recently, and it’s fun as compliance to think about okay, well, what, how can we lean into that? It’s not space that we’re always operating in, in financial services, because of our regulatory environment and making sure we follow those alphabet regs. And all of that is super important. But I’ve been talking to other CCOs, and companies and learning a little bit more about how we can lean in, and not just say, we’re a good organization, but prove it out. And we’ve been able to work with the leaders in those teams, to try to learn how we can show success metrics in those areas. And frankly, with the way the world is today, I think that’s a great space for us to get into a little bit more. It’s not maybe traditional space, at least not in our industry, but something that I’m personally interested in and many of my team are.

Yeah, and the a general kind of trend by thing we’re seeing towards alternative lending.

Yeah, yeah.

All types of different social groups.

Agree, agree.

It’s so fascinating to see how compliance can play much more of a role in that without it becoming a compliance or regulatory…

That’s right.

and more implicit.

Connecting, celebrating and championing women in risk regulation and compliance, Risky Women Radio takes an intimate look at the rants and revelations of the top women shaping the debate and the industry.

So part three is our rants and revelations, Donna. We’ll start on the positive with your revelation, what was your lightbulb moment, something that shaped the choices that you’ve made in your career?

So early in my career in that first 10 years, I had a boss in my younger younger days, who gave me some very direct feedback, but in a very not nice way. And I remember being startled and shocked. And I had to step back and say, Okay, what am I going to learn from this, and you know, what I learned, to this day, I learned, I will never deliver a message that way, I will never provide feedback in that manner. In that scenario, I learned what not to do. And frankly, it has served me very well with my teams over time, because it was a great example. It felt terrible. But it was a lesson learned of how you treat people, those that you work with and that work for you. So I learned what not to do, and served me very well.

And what’s your rant, what’s the one thing that you would really want to change?

It’s somewhat similar, it ties in my rant because I want people to be able to demonstrate their strength, but do so kindly. You can be confident. But you can also be kind, you can be direct, but you can be kind. And so often, I feel like people forget that. And you really can move things forward by being a kind person. It’s okay. It doesn’t mean you’re not strong. It doesn’t mean you’re not intelligent. It doesn’t mean your message isn’t heard, all of that can be done in a kind way. It doesn’t have to be done in a negative manner. So I feel strongly about that. I wish we could do more of that.

Yes. And ambition isn’t a negative word. It should be really revered and it’s a positive thing.

Risky Women is a vibrant network at the center of a global community in a rapidly growing, evolving and influential industry. Given the continued pace of change, our rapid fire round revisits the most pressing topics to share ideas and offer listeners new perspectives.

So the rapid fire round, new for this season. So in one word, what do you see as the top priority for the year ahead?

Being nimble.

And you in one word?

Authentic.

What did you want to be when you grew up?

A doctor.

And whom do you most admire?

Historical women, I could rattle off a ton of them. Harriet Tubman, Amelia Earhart, Florence Nightingale, Susan B. Anthony, I love all the historical women. I love current women too. But I love reading about those trailblazers.

And what podcast or book would you recommend to any up and coming risk and compliance and or transformation leader?

I think we’re picking up a theme, I read this book was called Rehumanizing Leadership: Putting Purpose Back into Business. I think regardless of what you’re doing, it is a really good reminder as a leader about rehumanizing leadership, I found it to be a very easy, very easy read, not dry, very nice read.

And what advice would you give to women pursuing careers in financial services, and in innovation and transformation?

You know, I have two daughters. And so we talked about this. And, you know, I think being tenacious is important, but also learning to advocate the right way for yourself. I don’t know that women do a great job in various points in their careers in figuring out the right way to advocate for themselves without, there’s wrong ways. So definitely, but I don’t think women do it well, and I don’t think they do it often. And I find if people can find mentors to help guide them on how to do that well, I think that is important. And the mentor, by the way can be male or female or whomever is an important person that you can learn from, because I think you can’t always rely on everyone to advocate on your behalf. And it’s okay to have someone help you figure out how to do that.

Excellent. And well that brings this episode of Risky Women Radio to an end. I’m very excited to continue on our transformation series journey over the remaining months of this year and well into next year. Thank you so much, Donna for joining us today and for your thoughts and valuable insights.

Thank you so much for having me Lucy.

Thank you for listening to this exciting episode of Risky Women Radio, to connect, champion and celebrate women in risk, regulation and compliance. I’m Kimberley Cole, based in Hong Kong. For more information on the Risky Women global network, head to our website, and the episode notes and please be part of the ongoing conversation by subscribing to this podcast, connecting with us @RiskyWomen on Twitter, or even reaching out to me directly by email.