Citi CCO Mary McNiff taking to compliance one year in

In the summer of 2020, McNiff took over as CCO at Citi. Although she was previously Citi’s chief auditor and chief administrator for Mexico and Latin America and held posts with Lloyds Banking Group, Barclays, and JPMorgan Chase, McNiff never worked in compliance. Now, she heads up compliance functions of a bank with 200,000 employees in 95 countries.

“I’ve had a fabulous near-first year in compliance,” she said during her keynote to kick off Day 2 of Compliance Week’s 16th annual National Conference on Wednesday.

Taking on new roles is nothing new to McNiff, who said her versatility, curiosity, and willingness to tackle challenges and opportunities have served her well.

McNiff said she’s used a “listen-to-learn” approach in order to pick up the job. Like many others in the profession, she didn’t see herself getting into compliance but has enjoyed taking to the role.

“From the moment of birth, compliance should help a business stay healthy. It should infuse the culture, the thinking, and the launch of that new product.”

Mary McNiff, Chief Compliance Officer, Citi

McNiff talked about Citi’s “reverse mentor” program, in which eight people in various positions and locations throughout the bank give her advice and feedback on how bank initiatives and procedures are viewed by the rank-and-file. They regularly text and email her, and she asks them questions as well.

“It keeps you fresh in terms of how you’re thinking about things,” she said. “It also keeps you open and humble.”

One initial thing she did after taking the helm of Citi’s compliance department was “sharpen” its focus. That measure meant trimming the bank’s worldwide compliance leadership team from 19 members to 10. Another step involved better integration of risk management into the daily decision-making by all Citi employees.

McNiff has strived to modernize Citi’s systems—asking, “but why?” when others say, “This is the way we’ve always done things.” That question has helped pave the way to the bank updating its controls.

Like most financial services firms, Citi keeps its eyes on emerging opportunities. McNiff sees the future of the bank as digital, both internally for compliance and to better serve its customers.

Clients expect all the bank’s services should be available at the click of a mouse or tap of a smartphone. Now, they demand the bank offer individual guidance and advice based on insights gleaned from data generated by its international footprint.

An all-digital service offering comes with plenty of risks, and the bank must manage those risks in every step of the digitization process, she said.

McNiff is in favor of simplifying whenever possible. She often tells colleagues that if an idea or concept can’t be boiled down to one page, it’s too complicated. She dreams of the day when she can “push a button” and see all of Citi’s compliance risks shown in real time on her computer’s dashboard. She wants to make that dream a reality in three years, she said.

McNiff took issue with a statement made in Tuesday’s opening remarks at Compliance Week 2021 by former FBI Director James Comey. Comey likened compliance officers to first responders who arrive at the scene of an emergency.

It’s a fine analogy for part of what compliance does for an organization, McNiff said, but it’s incomplete. Compliance absolutely should dive in when established processes and controls go haywire or when rules are broken. But helping employees understand how compliance risks play into the day-to-day decision-making is equally, if not more, important.

“From the moment of birth, compliance should help a business stay healthy,” she said. “It should infuse the culture, the thinking, and the launch of that new product.”

McNiff has sought to elevate compliance as a strategic partner with the bank in a way that makes deals stronger and improves the bank’s reputation for providing sound financial advice.

She gave the example of a Citi client seeking to expand a mobile app in a foreign country. Citi’s role was not just to provide financial services, she said. The client needed to understand the risks inherent in such a move, including the regulatory landscape the app would be dropping into.

“We want to make sure we’re advising the client in a safe way,” she said. Understanding compliance risk is part of the bank’s goal of providing sound financial advice. A risk and control mindset should be integrated in the business mindset, she said.

“It comes down to being a true partner, where we advise the client how to put up strong guardrails” as the project launches, she said, as well as while it grows and thrives.

Talking to the next generation of compliance

In a previous banking job, a manager criticized McNiff to her superior. Instead of getting defensive about the criticism, McNiff embraced it and eventually asked the critical manager to become her mentor.

They had a long laugh about it at the time, she said. The woman would become a trusted advisor.

McNiff’s advice to younger compliance officers is to never turn an opportunity down. “I think that’s why I’ve ended up moving around the world,” she said. Indeed, her company bio touts her experience across markets in Hong Kong, Singapore, Australia, London, Latin America, and the United States.

Compliance has made progress in promoting diversity, McNiff said, but not nearly enough. There are still very few Black or Latinx compliance practitioners.

“Be an advocate to bringing diversity of thought to issues,” she said.

Throughout her career, she said, someone pulled her aside, tapped her on the shoulder, or offered advice or guidance. She asked questions and remained curious and hopes others have the same opportunities.

“I tell people to think in terms of skill sets, rather than positions.” McNiff said. Think about what skills are in demand within your current organization, she said, and seek to learn about them from experts who also happen to be colleagues.