For this installment of our CCO Spotlight series ComplySci’s CEO, Amy Kadomatsu, interviewed Kelly Pettit, CCO of General Atlantic. Founded in 1980, General Atlantic is a leading global growth equity investor that identifies disruptive businesses with transformative potential and helps them scale globally. The firm invests in five global sectors – Consumer, Financial Services, Healthcare, Life Sciences and Technology – and currently has more than $53B in assets under management.
Can you tell us a bit about General Atlantic?
Kelly: General Atlantic is a pioneer of global growth equity investing. Over our more than 40-year history, we have focused on investing in and building leading growth companies, partnering with entrepreneurs who are driving technological innovation. As a growth investor, we sit between venture capital investing and buyouts, backing companies with proven business models and strong revenue growth and accelerating this growth with our capital, talent, global networks and intelligence.
We are unique in that our capital structure allows us to maintain a constant focus on making the best long-term decisions for our portfolio companies by nurturing topline growth, not cutting costs or financial engineering. We set priorities in partnership with our portfolio company management teams to support them in expanding their vision and reach.
Can you talk about your compliance organization?
Kelly: Our Legal and Compliance department includes 14 professionals, a number of whom are dedicated to compliance.
Most of our department sits in New York, where General Atlantic is headquartered, but we leverage the global legal team, from California to Amsterdam to Hong Kong.
In addition to the Legal and Compliance department, we work cross-functionally with multiple departments within the organization. This means deputizing colleagues in other groups who sit in other departments or offices and who can be our eyes and ears. We also utilize local compliance consultants to help with local law compliance.
Can you talk about your career trajectory and how you came into compliance?
Kelly: I worked at a small law firm after law school and advised smaller hedge funds doing fund formation work. These funds often didn’t have a legal or a compliance department, so they relied on outside counsel. I was drafting codes of conduct for clients and talking to them about how to put a program in place.
General Atlantic reached out in 2010, and I’ve been here for over ten years now. When I started, we had a very small but growing team and I was tasked to oversee compliance, among other areas.
“The most important part of my job is thoroughly understanding the business, where it has been, and how it wants to evolve.”
What advice would you give to people considering a career in compliance?
Kelly: First, get to know your company: its mandate, purpose and people. Once you understand the business, you can then appreciate the risks that are relevant and applicable to your firm. Second, it’s important to understand the purpose of the law and the regulation you’re trying to enforce.
Once you understand the firm and the law, you can implement a program that effectively manages compliance risk. You can spot risks that need better disclosure, or policy gaps that need to be plugged. You are also better able to communicate those risks to senior management, in a way that makes it relevant to them and easier to understand.
People often view compliance as the police department, but we’re really the first line of defense. Our job is to know what is happening on the inside and outside, and help protect investors, the firm and its employees as the company grows and pursues its long-term goals.
Often, the advice given by outside counsel can be black and white, whereas the conversation with compliance is much more nuanced. Our role is ultimately about assessing risk and determining whether the action is going to have a negative impact on the business – from a regulatory a step or reputational perspective. It is a fine balance.
In terms of your compliance program, are there any high priority initiatives for you at the moment?
Kelly: Last year we overhauled our business continuity program. The SEC put out the warning early in the year to ensure companies had dusted off their program since 9-11. We checked in on ours and decided it was time for an update.
This year, we are working closely with our Human Capital team to help define what returning to work looks like. How do privacy regulations, employment laws and health and safety interests impact the return? How do we protect personal health information? Can we require employees to get vaccinated?
Can you talk about how the role of the CCO has changed? How do you stay focused and make sure that you are adapting?
Kelly: We leverage and collaborate with other groups and departments more than we had previously. In 2014, we had an organizational focus on fees and expenses. In light of that, we worked closely with finance and accounting to overhaul our expense policies and re-evaluate testing and monitoring.
A few years later, cybersecurity came into view and we worked closely with IT, strongly advocating for a dedicated CISO. We then worked with the new CISO and his team to develop clear policies and governance around cybersecurity.
In 2018, GDPR prompted us to focus on privacy. We partnered with HR and IT to establish a new framework around personally identifiable information.
In each of these instances, we knew we couldn’t do it alone and were aware that working alongside another group would enable us to more effectively execute against key objectives. Collectively, we established programs that included a governance framework, policies and procedures, ongoing testing and monitoring, and periodic assessment of risk. When undertaking a project that will require organizational change and a potential shift in mindset, it is a lot of work up front, but you hope that over time, the policies and frameworks will become easier and more natural for the business to manage.
Ultimately, everyone plays a role.
“We’re trying to help people stay compliant with the rules and regulations that guide our firm and our industry. You can only do that if you understand the laws and can explain them clearly and in a way that is relevant for the firm. Know the rule, understand how it’s applicable to the business, and explain it in a way that makes employees feel comfortable coming to you if they have a question or issue in the future.”
Can you talk about the recent ambiguity about what should and should not be monitored in light of recent events concerning bad actors? How do we strike a balance between the personal and professional in compliance?
Kelly: There are two areas for which I wish we had more guidance: social media and third-party messaging apps. The SEC’s new advertising rule gives more guidance on how to approach social media, but it leaves a lot of room for interpretation, which I typically commend. But with respect to social media, we’re trying to guide a generation of employees who invented these platforms, then disrupted media, advertising and retail with them. Now, this group wants to leverage what they’ve built to market and enhance their personal brand and that of the firm. We want them to be empowered to do so, but this blurs the line between personal and business.
Third-party messaging apps are also challenging because many parts of the world do not use email as the primary means of communicating. Business is done through apps that are technically impossible or difficult to monitor. To manage that, we developed an acceptable-use policy and we have to continuously train, monitor, test, remind and train. We are not blind to the fact that it might happen, but we try to minimize business usage and ensure we still retain the records that we are required to retain.
You can’t change cultural norms – whether it is social media or messaging. And that has been the challenge, especially when we are always two steps behind the technology. But we’re trying to adapt.
If you were to describe your superpower what would it be?
Kelly: I wear a lot of different hats and work across many groups. I think I’m good at pivoting very quickly between tasks, prioritizing and execution.
Last but not least, what is your guilty pleasure?
Kelly: I’m a big fan of working out. My diet is terrible, but I’m religious about breaking a sweat.
Editorial Note: At ComplySci, we understand the tremendous value compliance professionals can gain from networking and learning directly from their peers. For the CCO Spotlight blog series, we are sitting down for candid conversations with Chief Compliance Officers from some of the firms we work with. This blog series will share those CCOs’ thoughts, ideas, and best practices for compliance programs with our readers. The views expressed in this blog post are the CCO’s own views and do not necessary reflect the views of their firms.