Adriana Minovic is the Head of Data Protection and DPO of the Ergomed Group, a provider of clinical research, pharmaco-vigilance, and other services in the Life Sciences industry, with headquarters in Guilford, U.K. Prior to joining Ergomed, Adriana was Head of Conent Security and DPO for the United Group, and before that as a lawyer specializing in regulatory/compliance matters at Air Serbia. Earlier still, she was an adviser for the European Integration Office of the Government of the Republic of Serbia and a legal adviser in Serbia’s Ministry of Trade, Tourism and Telecommunications.
CEELM: How would you define the role of Compliance Officer?
ADRIANA: While a Compliance Officer naturally deals with legal matters, he/she is much more involved in the regulatory/compliance aspects that impact the core business operations of a company. I would say the importance of the Compliance Officer role is increasing within companies, especially in regulatory areas such as GDPR, competition, IP, and cybersecurity – areas that were, in the past, in the shadows when compared to general legal matters. This is reflected in the growing trend of making the Chief Compliance officer role separate and equal to the General Counsel these days.
The in-house legal world is developing such that regulatory and compliance are increasingly part of the corporate and business strategy and are closely attached to business operations. Especially with the GDPR, you cannot do anything if you are not in very close communication with the business and business strategy.
Increasingly we see a set-up where compliance is involved in shaping strategy – which is then implemented by the legal and operations departments. Compliance tends to be closer to the board now, and topics from this area are among the mostly discussed legal matters in many board sessions. Of course, legal still plays a great part in these topics, especially on significant deals and corporate matters, but the fact is that compliance and regulatory are two functions which actively shape policy at the highest level on a consistent basis.
There is a note to be made here though. When I am talking of this trend I am referring to large and international companies, which operate in different markets and need to harmonize their approach in different jurisdictions. In small companies, it is less the case, since they won’t have to deal with many of the same compliance issues – though the GDPR is unfortunately impacting all equally.
CEELM: It’s interesting that you are describing a trend of having compliance move higher up within the organization than the legal department, since in many instances compliance was, and still is, a function that falls within the area of responsibility of the Head of Legal.
ADRIANA: Yes, traditionally compliance fell under legal. I am not saying that this approach is not feasible, but then you need to have GCs with broad knowledge about different areas of law and issues that intersect various industries, who can handle both legal and compliance and regulatory thoroughly, which is quite a tall order. Having to deal with IT law, compliance, competition, etc. Also, the compliance/regulatory role must have much more detailed knowledge about business processes and industry information than traditional legal roles. All this combined makes for a quite challenging job description. That’s why I see these two departments becoming separate more and more often.
CEELM: When did this trend start? How were things different, say, ten years ago?
ADRIANA: Back then compliance was not that big of an issue. Some might argue that in some countries the compliance culture still is underdeveloped. In Serbia, and in the Balkan region as a whole, I think it still is the case that usually people have the impression that compliance is price-optional – good to have but costly and not mandatory. I am seeing a heavy shift though. Anticorruption, Competition, IP, and Data Protection are are becoming real priorities for organizations – especially innovative companies that are working in the IT industry or which use advanced technological solutions in their business (as is the case in the Life Science industry).
CEELM: Is it purely legislative developments that are driving this change, or are there other factors?
ADRIANA: Of course the primary driver is legislation. It usually is the element from which everything starts, as people truly start worrying about these things when they get scared by penalties. What is recognized in companies with a strong compliance culture is the cost of not being compliant.
But it’s more than that. It comes down to how best to set up the way in which your company operates – the functional environment of business processes within the company. Lately there are much more situations in which I see the compliance person also acting as the Chief Strategy Officer. It makes sense in a world where much of our operations are dictated by the regulatory set-up and I think that a significant driver is exactly that: the goal of setting up your business operations right from the very design stage, rather than slapping a compliance procedure at the end of an already-existing process.
CEELM: How should Compliance Officers aim to develop themselves to excel at their jobs?
ADRIANA: The most important thing to do is to understand the industry – not just your company, but the industry as a whole. You should be following industry trends to get a sense of what the future holds, especially in heavily-regulated industries. That is the most critical element, if you want to be able to have a really broad perspective on things to facilitate your risk assessments about the future endeavors of your company.
CEELM: How do you achieve this in-depth understanding of your organization specifically?
ADRIANA: If we are talking about compliance/regulatory roles in the Legal department, it’s a matter of designing the legal team based on a business partner model. Your team members should be as close to the ground as possible to stay in the loop. In my case, I aim to be involved in every business plan and commercial strategy discussion. That way, from the very beginning, when a new business strategy is being developed I am brought on as early as possible to understand the desired set-up and offer input on how we can design the new strategy to be fully compliant.
Even if we look at the GDPR, I believe one of the least recognized yet most important elements is that of “privacy by design.” The goal is to have the principles of data protection assimilated in all aspects of our operations from the very beginning, when the projects are started. With this approach, you ensure that you are taking compliance into account at each stage of the development of your processes.
CEELM: What advice would you give to other compliance officers reading this?
ADRIANA: Both are aspects I touched upon already. First, make sure you focus on your business. I would say that, if you really want to be a great Chief Compliance Officer, you need to understand your business inside and out. It is not enough to have gone through a thorough legal training – although that’s of course a prerequisite. This role is very people-oriented, and you will find you have a hard time getting anyone to buy into what you are promoting if your colleagues recognize at any point that you do not fully understand the business and their work. You’ll simply lose that critical respect you need to push your ideas through.
Second, be proactive. Approach the rest of the business and explain your role over and over again. Everyone will be better off if a compliance expert cooperates with the rest of the functions on any project from the very beginning. The traditional model is that business people create something new, then they send it to legal, which, in turn, makes several comments. At this point, everyone feels frustrated because “legal is slowing down the closing of the deal.” Avoid that stress, both for you and your colleagues, by making sure you do everything you can to be a reliable partner and design it all right from the very beginning.
This Article was originally published in Issue 6.3 of the CEE Legal Matters Magazine. If you would like to receive a hard copy of the magazine, you can subscribe here.