Welcome to the next episode of Legal.io Community Spotlight, a series in which we highlight the careers and experiences of some of the most impressive legal and legal operations professionals working in-house.

In this episode, we explore the career journey of Mara Senn, Executive Global Compliance Lead at GE Healthcare. Mara talks about the evolution of data analytics from her experience with the DOJ and into her current role in compliance. Pieter and Mara cover:

• Mara's career journey to date
• Key responsibilities in her role as Executive Global Compliance Lead
• Key challenges and lessons learned in her role over time
• On the evolution of data analytics requirements in compliance 

Pieter Gunst

Hi everyone, my name is Pieter Gunst. I'm excited to be here for another community spotlight with Mara Senn, the Executive Global Compliance Lead at GE Healthcare. Mara, thanks for joining today.

Mara Senn

Thanks so much for having me.

Pieter Gunst

Mara, let's dive right in. I’m really excited to learn a bit more about the compliance role in general, but also your journey becoming the Executive Global Compliance Lead at a huge company like GE Healthcare. Can you tell me a bit about what your career journey has looked like leading up to this?

Mara Senn

Yeah, absolutely! I went to law school, became a lawyer, did not like law school, but luckily I love being a lawyer. So, for those of you who don't like law school, there's still hope. I started out for many years at BigLaw firms. Arnold & Porter was where I was for most of the time; I was a partner there for ten years.

Basically it was sort of serendipitous timing, because I started out as a court litigator. But in about 2008 the Siemens FCPA case came along and it was the biggest game changer when it came to FCPA. Before that, people had heard of FCPA, but it wasn't very mainstream. So right around then was when I started practicing law in that area. As the FCPA enforcement side of DOJ grew, so did the compliance side that had to basically correct compliance programs within companies in order to address the findings of the FCPA cases we’re making about improper payments and bribes and things like that. The FCPA part grew first, but then pretty soon after that, the compliance as we know it today, (it didn't look exactly the same) the beginnings of that evolution started soon thereafter. And so I came up as that was developing.

I did compliance investigations as a white collar partner. Then in 2016, I decided to leave the private practice of law and I went to the DOJ to become a corruption in money laundering prosecutor. It's something I'd always wanted to do. I always wanted to serve in the government, and I always wanted to be a prosecutor. It was a great experience in a lot of ways. Part of the Department of Justice - in the U.S. was there's Main Justice which has more sophisticated cases, but less trial work. Then there's U.S. attorney's offices which are the everyday crimes but they also have specialized units like securities and things like that. 

I was able to do six months at a U.S. attorney's office. I got a little bit of both and then a little bit more than two years at Main Justice. My unit at Main Justice was called the Kleptocracy Initiative. So FCPA really goes after the bribe givers and we were going after a wide receiver.

Any foreign officials who received bribes or stole from their countries, we would try to find their assets, seize their assets, and then give it back to the original country that they stole from. It was a very, very cool mission. 

Then after that, I went to the World Bank. The World Bank had very similar investigations-focused. They have a debarment system that was based on the U.S. debarment system. Essentially the idea is that if you get World Bank money for a project you're working on and you engage in fraud or bid rigging or corruption -if you get caught and go through this process - you could be debarred from getting future World Bank money.

Those were the cases that I was doing there.

Pieter Gunst

Now Mara, of course the World Bank is a very well known organization where you’re dealing with the Foreign Corrupt Practices Act. I'm thinking about these really big cases, right? How was that environment for you? And especially I'm thinking in contrast of then later going into the private sector and [going] to your GE healthcare role. How is that contrast? Because you're just dealing with a completely different environment and set of tasks.

Mara Senn

They're very different. The FCPA is a local or a national law in the United States. It does not reach the World Bank. As a World Bank employee, you could be prosecuted of course, but they have privileges and immunities for their work. So for the most part, they're not really involved very much.

But of course, some of their cases rose out of FCPA cases, because World Bank money recipients were sometimes being investigated for FCPA violations. And sometimes the World Bank also referred cases to national enforcement agencies around the world. Sometimes the World Bank cases could lead to criminal cases. 

I actually grew up, from a legal perspective, I grew up in the private sector. I love the private sector. So even though there were some great things about the World Bank and DOJ, like really interesting and fun things, I think - it's hard to say because they're so different - but I personally prefer the private practice of law or the private sector, just because; I would say in the public sector, a lot of the things that you're dealing with to the extent there aren’t any barriers, I would say it's more political because they're not acting for money. Everybody kind of makes the same or whatever level you are, you're making the same. The only thing they have to argue about is [the] more political side of things which I did not love. And I don't really mean political like one side of a party like the political parties, I'm just talking about office politics much more than that. I love my experience at World Bank and at DOJ in a lot of ways. 

Then I started to go in-house. I had done defending companies from FCPA and bribery corruptions, then I'd prosecuted them or gone after them from debarment. And I thought, okay, what haven’t I done? What area haven’t I covered? That was really in-house, being part of the company. Which I really enjoy a lot. I started out as an investigator doing primarily Latin America investigations at Zimmer Biomet which was a great job. Really interesting things were happening and I worked a lot investigating third parties because in Latin America that was the challenge. It was mostly somebody was reporting: your distributor did X, Y and Z. So I was investigating that a lot. 

Now I am just recently in the beginning of January, I moved over to GE Healthcare which just spun out from Big GE. It's now it's own separate company as of January 4th. Now I'm supervising a team of 25 and we do interesting things and we do all the non-privileged compliance investigations. We do all the compliance monitoring and then we do transparency reporting which is basically you have to publicly report any payments you give to doctors or hospitals for various regulations and then I have one person who does anti-money laundering too.

Pieter Gunst

Now, very familiar with the work of Zimmer Biomet, which indeed is an awesome organization. And now you're at the spin out of this iconic company - G.E. You've evolved into this role seeing all the sides of the equation, and now your title is Executive Global Compliance Lead. I think for many people watching, I think that title is a bit effuse. What does that mean? I, as an attorney, I honestly can't paint a picture very easily of the day to day. Can you explain to me a bit - in this particular role now given the trajectory - what are the key responsibilities? What is it exactly that you do?

Mara Senn

Every day is really different and especially since I’m new. In the beginning in particular, was just me meeting a lot of new people. Overall, I went from a sole contributor, individual contributor role, which was great in its own way. I’ve done a lot of supervision when I was at the law firm and I miss that.

So, now I have a team and a lot of what I do is, strategically think about what kind of resources does my team need. What direction should we be going in. What kind of structures do I have to put in place to track things to make sure that we're getting things done the way we should. And then, if I have job openings, it means, l have to envision what kind of person I want to have in those roles. I'm lucky in that my team is very strong, so I don't have to deal with HR problem issues. Which sometimes as managers that can really bog you down, if you have people who are underperforming or people who have a lot of conflict with each other. Luckily, we don't have that. At least, not yet in my team. We've just put together an annual monitoring plan and making sure that's executed and getting feedback from people at my level. What do you think about this? Is this capturing what you want to see results about? 

A lot of it is sort of coordinating with them as well. But then, also, there are specific projects that are time consuming for my team. I'll jump in and discuss with them like, “How's it going?”, help them, direct them; the best way to get it done or ideas like that. Plus, I talk to my direct reports and they have teams, so then they talk to their direct reports. So, it’s sort of a bit of everything.

Pieter Gunst

Now, it's interesting because of course, compliance - depending on your industry - it looks completely different. I imagine for the healthcare arm here, it's mainly about making sure that in the activities of the company and in particular they're interfacing with the medical sector like industry specific regulations, compensation, bribes, etc. are complied with. Is that the main mission of your team? Are there other huge areas of compliance that come into play? What does that look like?

Mara Senn

The healthcare sector has very specific risks. One of the things that I'm doing is just making sure that we're capturing all those risks. You're right, a lot of it is our interactions with healthcare professionals, our interactions with healthcare institutions, but also with all kinds of intermediaries, so that the specialized part is the healthcare part. In addition to healthcare, many countries have regulations about how you interact with doctors if you're trying to sell them things.

Under the FCPA, many countries have public healthcare systems. Technically, many of those healthcare professionals are also foreign officials under the FCPA. That complicates it even more. We have other risks that everybody has like, how do you deal with distributors? How do you make sure that they're trained? How do you make sure they're following your requirements in terms of compliance? Making sure they're not making so much money that they have all this extra money where they could, in theory, pay people? We have a lot of overlapping risks as other companies, but then, really, it’s the healthcare sector aspect of it that is the most different from other industries.

Pieter Gunst

Now that sounds like a lot of data to monitor and I'll get back to that. In this kind of role, what are the or maybe what is the key challenge that you've encountered? Do you have a lesson you learned from it along the way?

Mara Senn

I would say that the key challenge is really making sure for investigations, this is true, and for monitoring transparency as more of a reporting function. You're not as much trying to get to the root cause of things, but one thing that's always challenging in both investigations and monitoring is if you find an issue - what is really going on? Figuring out what explains what's going on? Is it that you have one person who just knows the rules and is ignoring them? Do you have rules that are not clear to people? Do you have rules or procedures that don't capture the risk? Like people are doing exactly what they're supposed to, but something bad is happening just because the procedures are wrong and they're not taking into account, “Oh, we have to prevent this from happening”.

Something that we have a challenge with in monitoring is we do all these analyses of, “Oh, okay, this is an outlier, this is different. We see a trend here”. Okay, that's great, but why? What explains why this is happening? If you don't have the why then all you have is a pretty graph. You really have to tell a story with the data you're finding and kind of explain, “What does this explain about the current state of compliance in the company?”, basically.

Pieter Gunst

That's interesting. I think it's so fascinating like this fast evolving world right now. You look at companies in the healthcare space or like everything we've seen in finance and crypto, by extension. It's moving so fast! You're dealing on an international stage. All these stakeholders. I imagine, you're looking at all these workflow flows, all this data is being captured. And we spoke a bit about the increased role of data analytics in compliance. I wonder, can you talk a bit to that? And you've been in this industry for quite a while. What's different now compared to ten years ago and what are some of the opportunities and challenges with that?

Mara Senn

As compliance has evolved, there's more and more sophistication in all different areas. One thing that's relatively recent in the last few years is that companies have been starting to use data. Everybody uses data to a certain extent, of course, because you're looking at things and trying to figure it out. But now, all of a sudden, within the last number of years, the Department of Justice in the United States has said data analytics has to be a core part of your compliance program. They're the main enforcers in the international corruption space, generally. I mean, there are other countries who have the Serious Fraud Office in the UK, so there are other countries that do these prosecutions, but the bulk of them and the highest profile ones are typically in the United States. They have extra territorial reach. So, just because you're not in the United States, if you have a contact in the United States, a subsidiary in the United States, even if you're like a Swedish company that has no other connection just your presence - the United States will give the US Department of Justice at least some measure of jurisdiction over you.

It's a very far reaching power. When they say something about compliance, people tend to listen. One of those more recent things is data analytics. Data analytics can be very sophisticated. It can be machine learning where you have a humongous 9 million pieces of data and then you say, “Okay, this is the profile that I want to look for within that data”. And then they spit out something that says, “Okay, here are ten things that are this profile.” And you say, “No, this isn't right, this isn't right, and this isn't right”, and you feed it back in. Then they do another calculation and it spits more things out. Every time you iterate, the computer is understanding from the fact that you're saying “no” to certain things or “yes, this is right”. It's learning in it’s own algorithm to try to find the other ones that are like that. That's sort of the highest level of sophistication.

Pieter Gunst

What I'm imagining when I hear that - and tell me if this is right - you have all these payments flowing in an organization, somehow you connect your systems, keeping track of that to your legal and compliance systems and then flags go on that maybe make a risk assessment score depending on a work stream. Then humans dive in and check what's happening. And to your previous point, try to understand the why. Is that kind of an example?

Mara Senn

That's exactly right. But the thing is, first you have to determine what are your risks. I mean, what you're saying is absolutely right in the sense that you're looking at data, you're trying to find the outliers, but you have to understand what it is that you're trying to isolate.

For example, let's say most companies have a limit on the amount of money you can spend on entertaining customers or foreign officials or healthcare providers. If you go over that limit, then you could be flagged and you could get in trouble for it. But let's say you go $5 over the limit. Do you really care? I mean, depending, you may or may not. Okay, I think the riskiest thing is when you have a meal with a doctor and it goes over by more than $10 and it happens more than once. That's the kind of thing that you say, “Okay, I want to define the parameters of my risk”, because if you say, “I want every meal, no matter where that went over by any amount of money”, you're going to get thousands - depending on how big your company is - you could get thousands of hits and all of them are going to be junk. So you really have to be careful about thinking about the risk. And then how do you measure that risk with the data that you have, essentially.

Pieter Gunst

Yeah, fascinating. Now, in this world having a technological sophistication (and it's evolving quite rapidly). Many attorneys and other legal professionals are either buying into this hype or really resisting automation. How do you see that? You're talking about your team. Does this really affect in the end how many humans you need to remain compliant as an organization? How do you see the scope as this evolves further?

Mara Senn

That's a really good question. First of all, it depends on the size of your company, because if you have fewer widgets and fewer people and fewer things, it doesn't take as much human firepower to analyze the data you have. If you have 100 instances of something versus two million, that may determine whether or not automation is necessary.

I don't think it replaces people, because people are the ones that are doing the analytical part. The actual analytical part as opposed to the data analytical part. In our case, we're going to be beefing up our actual hard core data analytics capabilities, in the hopes that we can make the backend and the spitting out of the exceptions more automated, so that our people are spending less time digging through data and more time analyzing data. It's not much that we're going to need fewer people, we're just going to be able to do more things and be more efficient with the people that we have. I don't think it's really a question of replacing people, but it's more using them to their best and highest use, while maximizing what we can get out of the data analytics side now.

Pieter Gunst

I think that makes sense also in a regulatory environment that's not getting simpler by any means. It sounds almost a bit like an arms race of being able to increase your compliance capacity over time, rather than just replacing existing resources.

Mara Senn

Absolutely. The thing is, when we talk about data analytics, when you hear those words, you think, “Oh, robotic this and machine learning that”. But actually data analytics really comes down to just analysis of data, so you don't have to be doing anything sophisticated. You can literally just have a list of everybody in France and say, “Okay, how many investigations have come out of France?” in a physical list. And, “How many complaints have we had? Does this seem like a hot spot now?”

Is it harder to do when you have a big company and you have 150 countries? Yeah, I mean, it takes more time to do that manually, but you still can do that. You could do anything. You could do something as simple as - every company usually takes a survey of “how do you feel about the company”. If you have a situation where in the Netherlands, people are complaining constantly and they say this is going on and that’s going on, maybe we should go in and talk to people and see what the atmosphere is like, because maybe there is something underlying that's going on there. That counts as data analytics; just looking at the results of your survey, because that is the data that you're using to evaluate and discover compliance problems. You don't have to hire a data analytics person to do data analytics.

Pieter Gunst

Understood. - Mara, thank you. This is so interesting. I have many more follow up questions and I feel like we could probably talk about this for a day. For now, I really want to thank you for shedding some light on the journey you've been on from the various angles, and also your experiences in this role. So, thank you for sharing that and I really appreciated this discussion.

Mara Senn

Yeah, my pleasure. I had fun.

--

Do you work in-house and are you interested in sharing your career journey and experiences with the community? Apply here to be featured in a Community Spotlight. 

Are you a legal operations professional or considering entering the field? Join Legal.io to discover legal operations jobs, resources and more.