Carrie Di Santo may well be sitting at the precipice of risk in today’s capital markets—and from that high perch, she’s come to recognize the most effective way to manage it is with a laser focus on the risks that matter most.

Di Santo is the global chief compliance officer and managing director of enterprise risk management at CME Group, a derivatives marketplace that brings together buyers and sellers looking to manage risk or profit from it. Through CME exchanges and trading platforms, banks manage risks from changing interest rates. Agriculturalists manage risks from changing commodity prices. Transportation enterprises manage risks from changing fuel costs.

CME manages an average of 3 billion contracts annually, valued at $1 quadrillion. To put that into perspective, 1 quadrillion is 1,000 trillion. Expressed numerically, it’s a 1 followed by 15 zeroes.

Sitting on that mountain of risk, Di Santo knows she can’t manage it by being a micromanager.

About Carrie Di Santo


Title:  Global Chief Compliance Officer and Managing Director of ERM, CME Group


About CME Group: One of the largest, most diverse derivatives marketplaces in the world, CME Group offers a wide range of global benchmarking products across all major asset classes, including futures and options, based on interest rates, equity indexes, foreign exchanges, energy, agricultural products, and metals.


Location: Chicago


Years of experience: 22


Areas of expertise:  Foreign Corrupt Practices Act (FCPA), trade sanctions, data privacy, compliance operations, cyber-security, third-party risk management, enterprise risk management


Quote: “I want to make sure I’m trusted as a risk and compliance business partner to the management team. I want to make sure, in a risk-based manner, that we’re meeting our obligations and standards to ourselves and our regulators, but in a very practical way that’s focused on what’s important to the company and its stakeholders.”

“You have to understand what the business is and where the risks really are,” says Di Santo. “It’s not about insisting on a tick-box approach. You lose your audience that way. Management will lose its sense of seeing you as a trusted adviser if you insist on people worrying about things that are not relevant to the business model.”

Di Santo says one of her key objectives as the global compliance and risk leader for such an enterprise is to assure she’s seen by management not as the “no” police, but as a trusted adviser.

“I want to make sure I’m trusted as a risk and compliance business partner to the management team,” she says. “I want to make sure, in a risk-based manner, that we’re meeting our obligations and standards to ourselves and our regulators, but in a very practical way that’s focused on what’s important to the company and its stakeholders.”

That’s an insight Di Santo has developed and honed over more than two decades in legal and compliance positions that launched her to the top of an entity that’s critical to the global success of orderly financial markets. 

After graduating with a law degree from Notre Dame in the mid 1990s, Di Santo began her legal career as a law clerk for a judge in the 7th Circuit Court of Appeals who was an expert in white-collar crime. “I’m not sure there was such a thing as a compliance profession then,” says Di Santo. It was certainly before the U.S. Federal Sentencing Guidelines had become the de facto basis for an effective corporate compliance program, she says.

Di Santo transitioned to law firm Baker McKenzie where she would begin her practice with a great deal of work in international white-collar crime. “I got a lot of early exposure to international corporate criminal matters—antitrust, [Foreign Corrupt Practices Act], the whole ball of wax in what is a compliance program for a company at that time,” she says.

Di Santo morphed from litigation into the investigative side of white-collar corporate defense work. She advanced to partner and became an adviser to companies on how to remediate compliance problems and establish international compliance programs.

Her legal career would blossom under the guidance of a strong mentor at the law firm, Robert Gareis. With her own parents in the suburbs, Di Santo would eventually refer to Gareis and his wife as her “downtown parents,” she said. “He taught me everything I know about what compliance looks like, how to solve problems, and how to put programs in place.”

After more than a decade at the law firm, Di Santo began to sense she could be a more effective adviser to companies if she had more insight on what it was like to work in a corporate environment. “I needed to understand what it was really like to be on the implementation side, to understand practically what was doable” she says.

In 2007, Di Santo accepted a position as assistant general counsel for compliance and global FCPA officer at insurance broker Aon Corp. Soon after, she became deeply involved in navigating what the Department of Justice would describe as “extraordinary cooperation” in a multiyear, multijurisdictional probe.

It was a complex problem involving multiple regulatory bodies, and Di Santo had extensive FCPA knowledge that was critical in the moment. “I was in the right place at the right time,” she says.

Di Santo even moved to London to work more closely with the business there and with U.K. authorities—both to resolve the compliance issue and to put into place enhanced risk processes and procedures.

“The U.K. regulators had not yet enacted an anti-bribery law at that point,” says Di Santo. The company set forth what it was doing to mitigate its own issues, and that ultimately helped influence the standards that were established for other U.K. companies, she says. 

Soon after settling issues abroad, Di Santo returned to Aon in Chicago just as the company was undertaking its acquisition of Hewitt in 2010. “It was a major acquisition,” says Di Santo, “requiring the integration of two companies that had different compliance priorities.”

Aon was in the insurance brokerage business, while Hewitt was an outsource service provider. That meant they had very different risk profiles.

Di Santo would have her work cut out for her learning the newly combined business and its critical risk drivers and assuring the same for her team as well.

After some time integrating both the teams and the approach to compliance, Di Santo began itching for change. “I wanted to be in a position where I could be a trusted business adviser,” she says. “I didn’t want to be just a compliance officer who was really charged with enforcing the rules.”

After some time consulting, Di Santo connected with CME. “The management team I interviewed with was extremely talented, and this felt like an interesting opportunity to learn something different,” she says.

In 2012, Di Santo began with CME, “a highly regulated, systemically important company,” she says. She oversees functions that have aspects of both compliance and risk attached to them. That includes, for example, ERM, third-party risk management, corporate compliance, privacy, information governance, and e-Discovery. The key risks that are front and center for Di Santo are information security, data, and privacy, she says.

When Di Santo left her position at Baker McKenzie to gain some corporate experience, her intent was to eventually return to a law firm setting. “I really enjoyed being partner, but I found so many interesting issues in-house,” she says. “I found I really loved building high-performing teams. So, I never went back.”

Today, Di Santo is focused on some key priorities as the head of compliance and risk at CME Group. The first is to assure she is seen by management as a trusted adviser, one who partners with the management team, not someone intent on being a roadblock.

It’s challenging to work through the initial perception that many have of compliance as merely police officers laying down the law and calling out infractions. “That’s something I’m always striving for, both for myself and my team,” Di Santo says.

It takes time to establish credibility with management, says Di Santo. “You have to have them realize you’re offering practical solutions and trying to help them safely advance their business objectives rather than just being there to tell them no and all the reasons why they can’t do what they want to do,” she says. “You have to continually demonstrate that what you’re trying to do is help them do what they want to do in the safest way possible, protecting the reputation and good integrity of the company.”

Di Santo’s other big priority is to assure the company is compliant, of course, meeting its obligations to its stakeholders and its regulators in an effective, yet practical and efficient way.

And a third important priority to Di Santo is to build up her team, “I have the privilege to lead this team, and I want to make sure they all have an interesting, fun, and challenging workplace,” she says.

Di Santo is especially passionate about mentoring women in legal and compliance circles. “When I started in the legal profession more than 20 years ago, it was a challenging environment for women,” she says. “I’m pleased to see the efforts and successes of many women are changing that environment, and I hope to only continue to work in companies and foster teams where respect for women goes without saying.”

Striving to be that mentor to women, Di Santo says she wants to be regarded as one who can offer advice and guidance. “I’m so pleased at CME Group to see our leadership team comprised of many talented and strong women,” she says.

This summer, Di Santo will begin a term as president of the Chicago Bar Foundation, the charitable arm of the Chicago Bar Association. “It’s one of the leading foundations in the country, and I’m incredibly proud of being able to give back,” she says.

The Foundation does extensive work in assuring fair access to justice, says Di Santo, whether that means asylum seekers, children, people in poverty, and others. “I feel very lucky to have had a good, successful career in the legal community in Chicago,” she says. “I try to do as much as I can to support legal aid and charitable issues.”

For several years, Di Santo also has chaired an annual human rights awards luncheon in Chicago that raises money to support the legal needs of those who may have difficulty navigating the legal system on their own—refugees from violence, asylum seekers, immigrants, and children, for example. “Regardless of one’s political persuasion, it is so important to protect those who can’t protect themselves from violence, abuse, and injustice,” she says.

In the future, Di Santo hopes to extend her charitable endeavors to include others areas for which she also has a passion, such as animal rights and environmental issues. As the owner of a rescue dog, she sees firsthand the need for animals to have human advocates.

Di Santo credits her Italian immigrant grandmother for giving her the inspiration to become a strong woman pursuing leadership positions in business. Speaking no English when she arrived in America, Di Santo’s grandmother became a cook in a factory, but eventually opened her own restaurant.

“I’ve got a picture in my office of my grandma cooking,” she says. “She’s my strong woman role model—fierce and independent. I think she’d be pleased to see that I’m supporting the notion of women’s advancement.”

Risk and compliance present some strong career opportunities for young professionals, says Di Santo, and she sells that point often in her mentoring of young professionals. But it’s a profession where it’s a little difficult to demonstrate the full measure of your success with tangible results.

“The biggest successes are the things that never come to fruition,” she says. “The problems that never happen. But when I think of successes, I also think of helping to be part of the business achieving its business success in the best way possible.”

Responsiveness is certainly a critical component to success in compliance, says Di Santo, both to business partners and regulators. “Risk and compliance functions are there to help the business safely and thoughtfully achieve their goals, not the other way around,” she says. “I always encourage my team members to be prompt, responsive, and user-friendly.”

Whether the company is pursuing a new line of business, engaging in mergers or acquisitions, or interfacing with regulators, what’s the best possible outcome? Compliance plays a key part in making that happen, she says. “I definitely feel best when my team is able to help achieve objectives in the safest way possible.”