As the host of a recent episode of Risky Women Radio, a podcast series, I had the pleasure to speak with Donna Timlen, Chief Compliance Officer (CCO) of OneMain Financial, based in Baltimore. Ms. Timlen has served as CCO of OneMain Financial and its predecessor company (both units of Citi) since 2010. As CCO, Ms. Timlen is responsible for driving the strategic direction of OneMain Financial’s compliance program as well as ensuring that board members, management and employees alike understand and adhere to regulatory and other risk management requirements. She also provides a governance and oversight structure that includes assessment, escalation and reporting.
I asked her about her career journey, and how it relates to her current role. “The first decade of my career I spent in audit,” she said. “My second decade, I spent in operations — in the business. I’ve been able to spend the last decade-plus in compliance, which I love … but honestly, that time doing a bunch of different roles in operations informed how I think about compliance today, because it brings a different perspective to have an operations background as you’re trying to manage compliance risk.”
We talked about her love for the compliance field. “People don’t always equate compliance and risk with fun and excitement, but it can be fun and exciting, especially as we think about transformation,” Ms. Timlen told me. There is, she added, “always something going on in the financial services industry — it’s become very innovative. To stay relevant, compliance has to do that, too — because if we don’t get innovative and stay relevant, we’re going to put the company at risk, or potentially our customers and our stakeholders.”
I asked about the compliance transformation work she’s leading now. “OneMain Financial resulted from the coming together of two legacy companies about six years ago,” Ms. Timlen explained. The situation called for transformation: creating a single organization from two that were different in their policies, practices, products and systems. “We needed to be nimble, and we needed to have a plan.”
They set out to achieve two principal objectives: First, they built an organization that focused on prevention. “It’s a hard goal to achieve when people want to move fast,” Ms. Timlen said. “Nobody wants to slow down … but building in and automating controls instead of bolting them on later was very important.” Second, the team sought the most efficient approach to detection. “This is my favorite area!” she added. “We’re using data and analytics. We took a more modern approach than traditional testing.”
We discussed the challenges highly regulated companies face when they undertake transformations like the one Ms. Timlen has driven. “The first challenge is people and talent,” she said. “You want to protect the talent you have. You want to invest in the talent you have. Everybody has their diamonds who rise to these challenges. But we were also recognizing where we had skill gaps.” The second challenge? “When you’re transforming, everybody wants to pay attention to the bright, shiny object, but you can’t lose sight of your day jobs; we had to provide the coverage as we were transforming. So, you have a little bit of a parallel track — a little bit of overlap — that has to happen as you transition.”
Ms. Timlen talked about her close relationships with business partners: “We have a lot of forums in which we work with our partners where our team discusses the transformation. … We’ve also been working a lot with the business on root causes. I’m not talking about who’s to blame; I’m talking about root cause, like, ‘Really? Why does that keep happening? Didn’t we fix that yesterday? And now it happened again?’”
When root cause is her subject, Ms. Timlen said, she recognizes the importance of words to a message. “Using expressions like ‘To solve the problem for good, we need to understand the root cause.’” Emphasizing process improvements rather than casting blame, Ms. Timlen added, keeps teams focused on solutions. “And that has driven the whole group. Our control functions and business partners are on that same page.”
That careful choice of language extends to setting the right tone in business relationships over time. Ms. Timlen introduced an intriguing notion about the branding of compliance within organizations, particularly when building controls into processes: “If the team is branding themselves as partners and collaborators, you can get as much done as if you were playing police officer,” she said. “We’ve been very fortunate in our business; they take this very seriously. … Because if a process is manual and complex, it’s hard to execute consistently. If we show an error rate, our partners are on it. So, it drives root cause identification and solution design as well.”
“The company has a strategy, and compliance should have their own strategy,” Ms. Timlen added. “We set a three-year strategy and attached a brand to it. The brand is that we want to be partners, to be knowledgeable, to be collaborative, to be solutions-oriented. That brand helped everybody understand we weren’t there to find problems, but to understand the causes, and partner on solutions. That was incredibly helpful in driving change.”
Risky Women Radio connects, celebrates and champions women in risk, regulation and compliance. The series shares insight and perspectives from members of the global Risky Women network and brings together hundreds of senior women professionals with a new emerging group of leading women and men. Risky Women Radio is available on Apple Podcasts, Google Podcasts, Spotify and RSS feeds. You can listen to the full audio of our conversation here. You can also learn more about Risky Women by visiting their website.