Episode 12: People and compliance. With Martin Lønstrup, VP and Head of Group Compliance at Sandvik

"Get out there and meet the people", Martin Lønstrup, the VP and Head of Group Compliance at Sandvik, says. In this episode of Inspiring Legal, Stine & Martin discuss the importance of the people that make up the business, its operations, and its level of compliance.

Transcript

Welcome to inspiring legal, the podcast for inhouse legal. 

Get insights, learn from peers, life lessons from some of the most influential GCs. If it's related to inhouse legal, we cover it. For more inspiration, go to openli.com/community.

Stine: So my name is Stine. I'm your host. And today I'm joined by Martin. I'll let him introduce himself in a second. But what we're going to be talking today about is something about compliance and not being afraid of failure. Well, how do those two things connect? Well, that is what we'll be talking to Martin about today. Welcome, Martin.

Martin: Thanks. Thanks for having me, Stine.

Stine: So Martin, for the listeners out there that don't know you, could you maybe just give them a little flavor as to who you are and your background? Absolutely. I can do that.

Martin: Well, first and foremost, I'm a father. I have three kids and a wife.

And I love to ride on my bikes. So I think that's important for me to start with, because that's probably who I really am. But professionally, of course, I'm today head of compliance for a large global Swedish engineering company called Sandvik. And I have a legal background and have worked now, what, more than  years or so in, I guess, mainly large corporates. 

Before Sandvik, it was Falk. So everyone knows Falk in Denmark, at least. Emergency healthcare company. And before that, around eight years in Maersk, another Danish conglomerate with presence all over the world, the container shipping logistics business there. So, and I've, you know, background-wise, I've gone from working with actually negotiating contracts and being a lawyer and legal work in-house. To slowly transitioning, as many do, into compliance.

And working now, I have now worked with compliance for roughly ten years. So, Morten, I know you from LinkedIn. I've seen a lot of your posts. You're very good at sharing, not only sharing your bike rides, but also sharing wins, struggles, challenges. So in that regard, you've always been very open about giving to others. 

So when you and I started talking, we started talking about compliance and building out a compliance framework for companies, big companies, for example. And at that point, I remember you saying, well, if you want to build really good compliance programs, you have to be open to failure. And for me, that was, I agree, but failure and compliance and being open to failure are two things that normally don't go hand in hand. So I think the people out there would love to hear some of your stories, some of your learnings. 

Stine: So could you maybe give a little insight into why you believe that failure and compliance is, well, a good thing? 

Martin: Yeah, I can absolutely do that. And it should not sound as if I just go halfway into my things. Of course, with a legal background, we have our methods. So I think everyone who works within this field are definitely capable of doing so. I think for me, the failure part is, it resonates quite clearly to me because I think it's important that you build a comfort in your team and your teams with your employees, with your talents, that you don't have this no failure culture. 

I think that it can literally lock people down a little bit. And I have actually, if I have to take one example from my very early young days working in Maersk, actually in an area where we were outside of, we were in the legal space, we were not in compliance, but I had to pitch something for the management, a project. I did that, it completely failed. I pitched in the wrong way. I probably used the wrong arguments, even though I felt I was overly prepared. And at that time, it resulted in me actually not being given a chance to then do it again until like a year later. 

And then it was actually then a success and we could do the project. But that made me kind of feel like, okay, you really don't get a lot of chances at that point in time. And then as I've moved up in my career, I've seen it over and over again that at least sometimes there's this, I guess, general respect or fear that if you don't do it right the first time, then you shouldn't do it. 

And I think that that's unfortunate because I think that it doesn't really energize anyone or gives any motivation to anyone if you go in and you just get hit for them to come back and sit at your desk and then sit and grumble over like, why did it go wrong? I think that that's quite important to me. And I've seen it also in my later positions. Many of these situations, I have many failures, at least where I go in and maybe I've discussed a project or a pitch with my team, with everyone, and then I go in and then it should have been % different. 

But you learn from that, you become stronger from that. And I think it's important to talk about it. Because if I don't talk about it, and if I don't grab my employees, if they face this type of dilemma in my compliance function today, they're left on their own to deal with that. And I don't think that that's fair. I think that it's also part of my leadership task to try and open this up a little bit and talk about it as something that is okay. And I kind of hate the word failure. 

I prefer to talk about learnings, because you kind of get something out of it, you learn something, you reflect on it. And then you come out actually stronger in the end. So that's kind of how I try to see it. And I don't know, we've recently done a tech development that I've also told you a little bit about it before, where we did one development, we were very, very positive, we developed it in a system in eight weeks. 

We did use a technology that was not maybe fully suited for the purpose, but that was for some strategic business reasons. And the day before, we had to scrap it because it could not live up to the data privacy requirements. And data privacy is within my function, so I couldn't really approve it, because then my function would not be following what we are supposed to follow. And immediately after, the first immediate reaction was, because it was taking a chance in the first place, it was like, you have failed. 

So we have failed in this, you know, and actually, I had to really walk around in all the corridors and talk about, no, no, this is not failure. This is a learning. We have now learned that this tool, or this technology we chose for strategic reasons, were not suited for what we wanted to do. 

So we have now learned, we should have taken the other technology that we knew of, but we didn't choose that because it may be a tiny bit more expensive for many reasons. We should have taken that one. Now we will take that one and do it over again, and then we'll be successful. It's a learning piece to that. 

And I think we're all learning, right? Like, that's a part of growing up. It's about developing yourself personally, but also professionally. And what you often remember are the failures you made along the way, where you're definitely remembering, I'm not going to do that one again, because I learned from it. But what I also think is really interesting in a conversation you and I have had is around maybe having some presumptions, which we're good at, especially in legal, that might not really, well, live up to the reality. 

Stine: So I'm going to be a little bold, and I didn't ask you before, but Martin, you told me this great example of building a training program for one of your organizations that, well, didn't really live up to the expectations you had, and then the learnings you got from it. Could you maybe share a little bit about that one? 

Because I think that is very much what we in the legal community and in-house need to be better at, understanding our audience, our customers, our clients, whatever you want to call them. 

Martin: Yeah, but I think it's, and that, honestly, again, that was a learning for me too. Here we are talking about a healthcare emergency company where if you are a compliance person, that's also quite important when you're talking about failures or learnings, is that it actually, well, it does actually require you to step out of your comfort zone. It also requires you to listen to the business side and actually go and meet the business. 

And it's easy to have perceptions. It's the easiest to just put up an assumption that they don't do the training because they don't like the training, or they don't do the training because it's  minutes. Maybe that's a bit too long, but anyway, maybe even less nowadays, but still, they don't do the training. 

And when I worked in Falk, I quite often went out with the paramedics on the ambulances on shifts to, well, to learn something, actually, to learn about how it is to be a paramedic, and also to kind of get under the skin of what we're doing every day. And in Falk, we are saving lives. We save lives every minute. So it's a super important task. 

And we were sitting there in the station for this -hour shift between some of these calls, and there's this fairly old, not to criticize anyone, but it was quite a fairly old laptop in the corner of that room. And then we were sitting in these leather chairs, and I asked the guy who I was riding with, like, what is this laptop for? And he said, this is for e-learning. I said, okay, but when do you do e-learning? Yeah, but we do that in between calls. And when you sit there with a paramedic in a leather chair in a station where you get that really under the skin feeling that, you know, within minutes, you have to be in that ambulance and leave that station, then during a -minute e-learning becomes almost impossible to do. 

So the reality was actually that their bad training scores was not a result of them ignoring compliance or don't feel that it was relevant, but more the fact that they were focused on their main task, saving lives in their setting. So that was quite an interesting learning. 

And before I went out in the ambulances, the perception was a little bit, again, from the central point where I was sitting too, that they were way behind on e-learning because they didn't care about it. That was the perception. So you can say that was one piece. And then the second piece was that when you have an organization, you have different people, you have different risk exposures. And a paramedic who sits in an ambulance might not have the same risks, sorry to say, as a white-collar person sitting, approving huge expenses and can sign the contracts. So when you're talking about a huge e-learning program, you probably should dare to differentiate a little bit and say, hey, the paramedic, he needs to know only a few things, but the other guy or the other person in the organization needs to know a bit more. 

So they will get a bit more, they will get a bit less. Then they actually would be able to fit it into their station schedule and do it between calls. But the challenge was no one had really actually done that, asked that question or been sitting in that leather chair, talking to that paramedic. And I think that was, again, super learning. In Maersk, I went with the container vessels. I've been in the harbors. I typically always do that because I think for me, compliance is not compliance. I'm not there for compliance. I'm there for the business. I want to understand the business, be part of the business and live with the business. That's important. 

Stine: But isn't that kind of the core of if you're sitting and having the responsibility for compliance, you can't really do compliance if you don't understand your business?

Martin: I fully agree. But I think it's to be maybe a little bit bold myself here, then you can say what I just experienced. Also, when I come into organizations and take over teams is that quite often I experience employees who have been sitting in a headquarter function for five, six years, never been out in a sales area or in a factory or production site. And then I immediately push them out. You have to go out and see that. But you could say it's easier said than done, I think, because also on the other hand, we cannot go there constantly because then they also have to do some work out there. They can't just entertain everyone from compliance and legal. But of course, it's a balance. 

I think it doesn't have to be overly complicated, but it shows a bit of you step out in their territory, you come out, you listen to how they use the machines. It means quite a lot. 

Stine: What it also does, in my experience, is that it builds credibility. So when you're sitting around the management table, and you are talking about risks, you're talking about risk mitigation. Well, sometimes you might be sitting across the CFO don't really understand why this is such a big risk, or the CEO, they're sitting in, of course, wanting to mitigate but not really sure what it is that we're talking about. 

So when you're all of a sudden making it extremely concrete, and saying, if we are just saying something right on the vessels are doing A, B and C and going into the harbors in this way, the likelihood of these risks occurring are just so much bigger than what you or me are sitting here are talking about, because this is how it works in reality. And when you're making it that specific to the business, it becomes very difficult to be well in disagreement with, because you know the business, you know where the pains are. 

Martin: Yeah, no, I agree. And I think that, you know, in my current role today, I, you know, I've had the overall responsibility for the entire program since I joined. But since August, I've had a second role of being heading up compliance temporarily for our mining business area. 

And again, then you go into a mine, you go, then you go on the ground in a coal mine with some some business people and some legal people and so on. And you see how the equipment works, you understand how they operate in South Africa, you understand suddenly how they operate in China or somewhere in Congo. And then it's, it's all it everything becomes much easier because you don't have to do a like a hundred percent model, you can do % there where it really matters. And then you can ease up a little bit where the risks are less. But you can't really do that if you haven't really gotten that flavor to the business you're in. Then you would do a little bit more generic approach, I would say. 

Stine: So Martin, you've been working at, well, some huge enterprises. We're talking, well, , employees maybe in Maersk, right? Sandvik, as I understand it, also have a lot of employees. 

So if we have a listener sitting out there, sitting with the responsibility for compliance, maybe not in such a big organization as you have been in or are in, what would be your kind of like best tip or best advice for that person to build a successful compliance program? 

Martin: Okay, that's a tricky question. I think that, you know, the immediate thought I have is that it's actually what we just talked about. Go out there, meet the business, meet the people. There's a shift happening also in compliance. Ten years ago, we focused very much on the pillars of the DOJ and ticking off everything and do training, do risk assessments, all these things. Do we have a code of conduct? Do people know where it is and so on? That was pretty much typically the model five-ten years ago. 

Where we're shifting now is actually what I believe is more important is that you have a flavor of the frontline and the people in your organization because they are compliance. Compliance is not a central function. That means it's about being out there and have the conversations in a common language with everyone and show an interest because then you get something back and then that gives you comfort, whether you are on a good side or maybe need improvements in certain areas. 

I think that is for me, that's the integrated compliance program today. It's not enough just to focus on all these documents. If someone asked me, if you have to prioritize getting a policy % better so I feel absolutely safe in my policy or spending that time at the frontline, I would choose the frontline. 

Being on the frontline, understanding the business, is it also then about delegating responsibilities and being okay with giving up control? It kind of is because you can't have control over everything. In our organization today, we are around , employees globally in a heavily decentralized organization and approximately a little bit above  compliance resources full-time, part-time globally. 

I need to rely on the VP of sales in a region to have the right mindset so when something pops up that looks odd, that it's not being stopped by compliance but it's being raised by the VP of sales or some people in his organization or her organization because compliance cannot be all over the place. If they have comfort, if they have seen us and I see that actually, if they see that we can speak a common language and we are interested in their areas and so on and we go around and we know a part of our current customer days where all our customers come and so on and we care about meeting our customers as a compliance function, they kind of have a tiny bit more attention to these situations and they will raise it even if they have no clue but okay, I'm not really sure, then they will raise it. I think that's for me is where you get most value because you can't be all over the place and you can't sit, you can put as many internal controls up and you can do as much internal audit you want but you will not catch it all. 

So I think that's where we rely on creating a culture of transparency, being open and again back to failure, that it's okay to ask the questions. If there's no wrong questions, you can just bring it up and then we find a good solution to it. So today and maybe also not in the very far future, compliance is not a function, it's a culture, it's a mindset? 

I think it should already be that today actually. I think it is, well I think at least that's how I operate. It's literally, it is a mindset, it's a culture, it's a thing that kind of goes into everything whether it's a leadership development program or it's hiring new executives or it's doing sales training or it's anything that you do. You kind of have to, it's about giving them some tools and comfort that they can spot things that might be a little bit odd and then also being comfortable that they can then bring it to their sidekick or to the closest person that they know in the organization who might be able to help them or direct them in the right place. 

So I would say that that's kind of at least the thinking today. I think in fact we did an enormous project around creating culture, new culture and back then our communication team, branding team were like excellent in creating taglines like who you are is how you act. And you can say that's again back to just showing employees like before you take a decision, think about how it can look or how people will see it. If you just do that, that's a good start. 

Stine: So the future for you and where you are going, well where do you see that going? 

Martin: Yeah, that's a good question. For now I'm at Sandvik. I've resigned my position at Sandvik back in October and I think I probably have some new exciting stuff coming up very soon I can reveal but unfortunately not today. 

But I'm also expanding very much my horizon within the whole legal tech space and technology space. It's a big part of the program we have at Sandvik today about applying new types of technologies to automate and digitalize the compliance program as much as you can. And I'm not meaning using code in an Excel spreadsheet, I mean true compliance technology development and I think that's a way I will focus very much in the future too. 

Stine? So what you're also saying is that scaling privacy and compliance as how you see it will also be through tools? 

Martin: Absolutely. I think that whether it's privacy or third parties, that's obvious. It has to go through tools. You create the transparency, the oversight. You suddenly have the data to show. It gives you the comfort. That gives you a bit of control if you are talking about the need of control. So I think that we have a long way to go looking at compliance programs. In general, they are very manual, very little technology. 

Quite often, the old players of more like five to ten year old technology, we need to new players in. We need to also dare to take chances on new technology. I think that's where we need to go. 

Stine: Martin, you are for me always writing great content on LinkedIn. You're always very open about sharing. So for the listeners out there, I can recommend if you're working within compliance, follow Martin on LinkedIn. He's posting and writing good stories both from his personal life but also from his professional life. 

Martin, where do you get your inspiration from? Who are you following? 

Martin: Yeah, that's a good question. Actually, I think I get a lot of inspiration from a handful of CEOs around in some of the Danish companies like Jakob Aarup in ISS, for example, or Carsten Ingrids in Danske Bank, who have stepped up a little bit and literally shown their personalities through their posts but also showing vulnerability, transparency, and literally, honestly sharing difficult times on social media, kind of demystifying the business environment, but also their role as CEOs.

I find that actually quite inspiring. So I think that's probably where I get my inspiration from. And then I think it's also a matter of I have had a CEO, sorry, CFO back in Maersk in my early days who's really good at telling or learning people, employees, things about how you promote yourself, how you show that you do good things, which I think is positive. The same comes from when I lived and worked out of Houston from Mask later, is that here I can learn from the culture side that we can sometimes be a little bit closed in the Nordics. 

We're not really comfortable with saying we've done something good. And that I've tried to literally take it away and say that I find it really inspiring and it's positive, gives you energy. And it also creates energy for your employees and for the company and how the company is seen. So why not talk about the positive stuff? So like with Carsten and Jakob here for those two great Danish companies, I just try in my small, humble way to do a little bit the same. 

Stine: So on that inspiring note, Martin, thank you so much for joining. It was a pleasure having you and we will be looking forward to following your adventure, both on LinkedIn and well around.

Thank you so much for listening to Inspiring Legal. Remember to subscribe and if you want more information, you can always go to openli.com/community.