Silvia Madrid: “Sustainability, diversity, and inclusion play a significant role when deciding between different legal options.”

Silvia Madrid, head of legal and compliance for Iberia at UniCredit, discusses the challenges facing in-house legal counsels and compliance programs in the post-pandemic workplace.

Posted Tuesday, April 19th 2022
Silvia Madrid: “Sustainability, diversity, and inclusion play a significant role when deciding between different legal options.”

LL: The pandemic created a multitude of new compliance and regulatory issues. What do lawyers have to do to keep up with a rapidly changing regulatory environment?

 

Silvia Madrid: The challenge for legal counsels to keep up with the continuous legislative changes arises not only from the pandemic, but also from the increasing regulatory pace of the different sectors, and in particular, the regulated sectors, such as finance, insurance, and pharma. Lawyers must undertake a significant effort to keep up with such a rapidly changing regulatory environment in order to make changes to the local business model. In my view, the main source of information is the Spanish Official Gazette (BOE), which must be read on a daily basis. It publishes the laws enacted by the parliament and the autonomous communities. To monitor upstream regulations, it is also useful to check Congress’ website and go over the legislative initiatives which are pending before Congress. We also obtain very insightful information from the newsletters received from external counsels on topics related to our practice, and on topics of general interest. These newsletters summarize new applicable regulations, and they are extremely useful to understanding the main takeaways.

Being active in legal and compliance forums is another significant source to discuss and learn about regulatory developments. Linkedin is also a good source of information about regulatory developments and discussion forums.

Of course, in the digitalization era there are also tools which assist with finding regulations which are applicable to the relevant sector. For instance, at UniCredit we are in the process of implementing an upstream regulatory tool in all jurisdictions which will facilitate the reception and monitoring of all new applicable regulations and mitigate compliance risks.   

 

What do you think will be the biggest challenges for legal and compliance departments in 2022?

In my view, the main challenges in compliance will be digitalization, embedding the ESG risks into the compliance culture, the re-assessment of priorities in a post-pandemic world, and establishing a strong compliance function to manage such challenges.

Compliance departments should incorporate digital transformation and new technology solutions in order to be well-equipped (both in skills and infrastructure) to manage the enormous volume of data, regulatory changes, and increasing cyber-risks. In June 2020, the US Department of Justice (DOJ) updated its guidance on the Evaluation of Corporate Compliance Programs to include the application of data analytics as a critical compliance ingredient for all organizations to effectively monitor policies and controls, assess the relevant risks, and remediate misconduct.

2021 has been described as the “watershed moment for ESG”. It is expected that this trend will continue to grow throughout 2022. The main challenges for companies will be mandatory ESG reporting, corporate governance, and ESG-related litigation risk. Compliance departments are already incorporating ESG into their controls, risk assessment catalogues, and training plans.

Companies will also have to adapt to the post-pandemic way of working and rethink compliance risks and productivity metrics, as remote workers need management oversight to provide them with ethical guides and reinforcement. As a result of the pandemic and post-pandemic environment, privacy and cybersecurity have been particularly hit. Hence, fraud and anti-money laundering, as well as data privacy protection, will be risks which will need to be managed in both pandemic and remote-working scenarios.

The challenges legal departments will face are similar to those affecting compliance departments: digitalization, ESG, and cybersecurity. It will become increasingly necessary for legal departments to use AI technology to manage their workflow, know-how, and filing systems, and reduce or eliminate automatable tasks to increase efficiency and reduce expenses. They will also need to manage ESG-related litigation and address the risk of cybersecurity breaches in the new remote working environment.

 

What do you consider to be your biggest accomplishments in your six years as Head of Legal & Compliance with UniCredit?

I would say that the main accomplishment has been to create a strong, capable, knowledgeable, and effective legal and compliance Department, which with limited resources has successfully managed to support a complex business model and created a widespread and accepted compliance culture. One of the main challenges has been to adjust the local regulatory framework to UniCredit's complex operational model and cover all applicabe compliance areas as well as data protection. 

I’ve also organized legal support structure that is fast and effective, providing solutions for the business’ legal needs. Because the legal model in Spain has worked so well, I was asked to coordinate the legal department in our Abu Dhabi office when it was opened a few years ago.

An additional accomplishment has been our rapid adjustment to the pandemic and post-pandemic way of working and rethinking the compliance risks for our employees. Our challenge has been to effectively address the closing of continuous transactions without physical signing documents in a cross-border environment that was not accustomed to digital signatures, where different jurisdictions with diverse legislation came into play. Of course, we worked against the clock to provide a safe and secure environment at the local office in Madrid so that employees could use the local premises if they wished. I have also been working closely with the central cybersecurity team to ensure data privacy protection to employees, customers, and providers.

I have made a significant effort to keep up with continuous legislative changes which have affected almost all aspects of the legal spectrum (regulatory, finance, corporate, labor, tax, antitrust, and market abuse to name a few), and making such changes to the local business model and labor force.

I am particularly proud that, on top of my responsibilities as Head of Legal, Compliance and DPO, I am responsible for the local social responsibility program, which we started five years ago in collaboration with the Ronald McDonald Foundation, through the Casa Ronald McDonald, which hosts children undergoing long-term treatment and their families in local Madrid hospitals. We organize monthly visits to the house and perform different activities with the children and their families. Our contribution received an award from the Ronald McDonald Foundation in 2019. I am very fond of the involvement and social responsibility culture that we have created and shared in our local Madrid office.

 

What key elements do you look for when selecting external counsel?

The main drivers are experience in the relevant type of transactions, know-how, billing method and fees, and personal relationship with the partner. A key element is that external counsel must be in the group’s panel list to be eligible. It is worth noting that, with so many excellent law firms providing quality legal services, sustainability, diversity, and inclusion are playing a significant role lately when deciding between different legal options.