Michael Gioffre is the Chief Compliance and Ethics Officer, Voya Financial, Inc. He is responsible for the ongoing development, management and delivery of the Company’s compliance and ethics function. He has held this role for more than three years. Michael began his career in AIG’s law department, where he acquired well-rounded insurance and securities law experience. He later joined Aeltus Investment Management, Inc., where he served in a number of law and compliance capacities. Following ING’s acquisition of Aeltus, Michael became the Chief Compliance Officer for ING Investment Management, a role he filled for more than a decade. He received a J.D. from the Delaware Law School, an M.B.A. from the Goizueta Business School, Emory University, and a B.A. from the University of Delaware.
Gioffre was recently interviewed by Ethisphere’s Aarti Maharaj about the evolution of compliance.
Q: Often compliance leaders believe in tapping mentors or “sponsors” to help build a successful career in compliance—what are your thoughts?
Gioffre: I am a big believer that having a mentor is critical to a successful career. I have been fortunate enough to have a number of mentors from the earliest stages of, and throughout, my career. It is important to have people who you respect and trust that can act as a sounding board to test ideas or provide insight when making pivotal career decisions.
When choosing mentors, I have looked to surround myself with a variety of experiences and perspectives. I do this by looking for mentors who are subject matter experts in the regulatory space as well as people with careers outside of legal and compliance fields. This has been very helpful to me because when you talk to other people and you listen to how they approach difficult situations differently, you gain valuable insight through their experiences. In the regulatory space, mentors have also helped me to stay ahead of, and on top of, the legislative and regulatory landscape. I often ask my mentors to meet with me for “challenging sessions” to think through and understand career opportunities or a new law or regulatory requirement and its potential impact on the business.
Given the positive impact that mentors have had on me, it is very important to me to act as a mentor for the next generation of professionals. When I was fresh out of law school, the General Counsel at my first job met with me regularly for what he called “office hours.” He explained that these meetings were meant to develop my knowledge and skills because the most important part of his job was to develop the next generation of leaders—I have never lost sight of that. At Voya, we have a Mentoring Advantage Program that I have participated in. Through the program, I have coached and shared my experiences and knowledge with younger professionals across our organization. I also regularly look for opportunities to provide advice to aspiring leaders and I maintain an open door policy for anyone on my team to discuss career or professional opportunities and challenges. These meetings are invaluable to me and I often learn as much from the younger professionals that I mentor as I hope they do from me.
Q: Over the years, what are the top two changes you have experienced in the compliance industry?
Gioffre: Today, compliance professionals have far greater opportunities to have an impact across their entire organization than when I first entered the profession—and that is a welcomed change that has made the profession both better and more relevant. A little over a decade ago, regulators began to codify the requirements for compliance programs and chief compliance officers within the financial services industry, which drove companies in our industry to think about compliance differently. More recently, other stakeholders have also shown a greater interest in compliance and ethics programs. This has led to compliance professionals taking on more meaningful roles that require being actively engaged in their organization’s business in real time to ensure that it is doing the right things while also maintaining efficiency.
Another shift has resulted from the convergence of data privacy and cybersecurity. This is no surprise given the headline-grabbing cyber breaches that have taken place at some organizations in recent years. The susceptibility to such breaches has been driven largely by the movement of company and customer information being stored in a digital format that can be readily accessed online. A company’s digital information is now one of its greatest assets and being able to manage this information is an emerging and interesting challenge for compliance officers. It is now a necessity for organizations to extend their data security plans beyond a technical nexus to include processes and governance that expand across organizations, with compliance professionals playing a major role.
Q: Looking ahead, what do you see as the next big change in compliance—and what will be the driver for that change?
Gioffre: Looking ahead, it will be increasingly important for compliance officers to ensure that their company has an open and transparent culture that goes beyond typical compliance standards and check-the-box exercises. Stakeholders’ decisions about whether they will do business with certain companies are being increasingly influenced by their view of a company’s business practices. This change makes an effective compliance and ethics program a critical component to a successful business, and also means that compliance officers must have a deep understanding of how ethics and compliance support other parts of the business.
Likewise, moving forward, stakeholders’ expectations for transparency will only continue to grow. As the way we do business is increasingly digitized, companies will need to be transparent about how they will handle new ethical dilemmas and fraud schemes that will inevitably arise. This will make it increasingly important for compliance professionals to continue to develop skills in the areas of data management, privacy and cybersecurity to ensure that their company’s operational processes and controls are sound and continue to meet stakeholders’ expectations. At Voya, there is a lot of collaboration across compliance, IT and with our chief privacy officer to ensure that we are all informed of and communicating about regulatory, technological and firm developments. This collaboration helps us to adapt our policies, procedures and employee trainings to stay ahead of new tools and approaches being developed and utilized to impermissibly gain access to data.
Our increased use of data to share and store information has also created another big change on the horizon related to the way that compliance officers will need to think about how they communicate with employees. Every day, we are doing more on mobile rather than through face-to-face, or even computer-generated, interactions. This means that it is going to be more and more important for compliance officers to find ways to communicate with employees about compliance issues in the same way. Compliance officers need to be able to adapt their approach to keep employees engaged so that employees will remember the information in their company’s compliance policies when they need to apply it.
Q: In your view, what are the characteristics of a successful compliance leader/champion? And what qualities do you look for when hiring compliance practitioners?
Gioffre: A successful compliance leader requires a combination of presence and subject matter expertise. Subject matter expertise is a given necessity, but what makes someone a successful leader in this field is having a presence. You must have the ability to explain legal and regulatory developments as well as your company’s values and policies to employees in a way that makes them comfortable reaching out to you with questions or speaking up when something doesn’t seem right to them. An effective ethics program needs support at all levels of the organization—top, middle and from the ground up—and having that trust and confidence from your employees across the organization is critical. This also means that a successful compliance leader needs to effectively tailor their communications so that legal and regulatory requirements, industry best practices and company values stay top of mind for employees, regardless of their role. At Voya, we regularly communicate with our employees about these issues through a variety of mediums that include videos, intranet articles, interactive quizzes and raffles, and by holding an annual Ethics Awareness Week. We also have a number of ways that employees can speak up when they have a question about something, including an anonymous ethics helpline.
Q: What is your message to those looking to pursue a career in compliance?
Gioffre: Compliance professionals have a unique opportunity to work across and touch their entire organization, making it a career that offers opportunities to have a broad impact and be valued across an organization. New and changing regulations also make compliance a dynamic field to work in—we are constantly involved in the real-life dilemmas our stakeholders routinely confront, which can be challenging but it keeps you on your toes. We understand that the vast majority of our stakeholders are trying to do the right thing every day and it’s our responsibility to provide them with the information and tools they need so that their actions are aligned with company, industry and regulatory requirements. As a result, compliance officers are often provided with opportunities to positively influence stakeholder decisions that can have a profound impact on a company’s success.
Q: What are some challenges that you foresee for compliance officers that you wouldn’t have expected 5 years ago?
Gioffre: Looking ahead, compliance officers are going to continue to face challenges in the areas of data integrity, privacy and cybersecurity. We are moving to a mobile world where individuals have and want access to information immediately. Compliance officers will need to help set the culture and tone within their organizations so that there is an appropriate balance between the speed of delivering data in a responsive manner while assuring that it is not being inappropriately shared.
Internally, this means that compliance officers will continue to play a critical role in ensuring that as organizations continue to aggregate data, there are appropriate policies and protocols in place that align with regulatory requirements and expectations. With respect to customers, compliance officers will need to recognize that while technology brings customers closer to their data, it may make it more difficult to know that the person requesting account information across a wire is the customer, and not a fraudster looking to inappropriately gain access to sensitive data.
As this trend continues, it will be important for compliance officers to explore new ways to engage with stakeholders, including incorporating social media as an opportunistic tool to communicate compliance requirements and challenges. We need to communicate with our stakeholders in ways that they find engaging, and that means communicating with them in the same ways that they prefer to interact in their everyday lives. The inclusion of social media as a tool, not a threat, is going to be pivotal for compliance professionals.