Mike Lamberth: Shepherding the future of compliance

Today, Lamberth serves as the senior compliance officer responsible for all aspects of compliance risk assessment for Capital One’s global credit card businesses. During his career, he has led compliance functions in support of almost every financial product and has overseen compliance functions specializing in complex, high-risk areas of financial regulatory compliance. It all started, however, with the career choices of a young man who would meld lessons learned from the careers of his parents.

A legal career seemed a logical path when thinking about the future. “But I didn’t want to do anything related to criminal law or family law,” Lamberth says. “I always wanted to be a lawyer, but for something that was more business oriented.” Good advice led him to seek an understanding of finance and accounting, which in turn led to a CPA from Georgia Southern University.

“I worked at public accounting firms for a couple of years while getting my CPA license,” Lamberth recalls. “There were a lot of things about that profession I liked and a lot of things that bored me to tears.” While corporate law still held some appeal, “I needed to be able to feel like I was helping people, not just some faceless corporation.

Law school did beckon, and Lamberth graduated in 2001 with both JD and MBA degrees from Georgia State University. Upon graduation, he went to work for SunTrust in Atlanta as a regulatory attorney for its mortgage business.

At that time, Lamberth’s multidisciplinary studies paid off. “In 2001, compliance programs really started getting legs, especially at the large banks,” he says. “I happened to be sitting right at the point where regulators started saying, ‘You guys need to have compliance organizations that really understand things end-to-end.’ I was in a great place, because I was one of the very few attorneys anybody could find who understood controls, testing, and policies and procedures because of my CPA background.”

Fast forward to about 12 years ago, and organizational changes at SunTrust led Lamberth to Capital One. “I wanted a different challenge, one where I was not just a mortgage guy,” he says. “I came to Capital One right at the time they were asked by regulators to create a compliance function. I was there at the beginning when compliance was created as a new organization split out of the legal department. I just happened to be at the right place and had an interesting background. I was one of the very few people who understood how something went from beginning to end, all the way from Congress thinking about a bill to implementation, creating training programs, and remediation. I could see end-to-end.”

What makes his job rewarding? “I am not just helping a company. When I do my job well I have the ability to affect 100 million people’s lives around the globe. That speaks to me.”

Over the years, Lamberth has devoted a lot of critical thinking to the current state of compliance as a profession. There are lawyers asked to do compliance work, and while “they are pretty good at understanding change, they are terrible at sustainability and just can’t think of a program.” Those on the operations side who find themselves thrust into compliance hate change because their thinking is very process-based.

“Both of them get overwhelmed,” he says. “If you are an operations person who came over into compliance, you built processes that were supposed to last forever, versus something that had change built on. If you were lawyers, you never actually thought about putting a program or a framework in place. That’s where I’ve been able to slot in the middle and see both ends.”

The pace of regulatory change in the financial world is staggering. In Lamberth’s view, keeping pace is greatly aided by maintaining a people-focused approach. He refers to the massive, tissue paper-printed, constantly updated “blue book” of bank regulations he has long needed to consult. It used to be that “everything you needed was in that book,” but over time, “especially as the Consumer Financial Protection Bureau came on board, we pretty much had to throw the book out the window.”

“The book was written by people in a very different environment where people focused on technical compliance regardless of an impact on customers,” he explains. “My job became easier when I started telling people to stop thinking, first and foremost, about what the requirements in the book are and to start thinking about what we are trying to accomplish. What is any way something could go wrong and affect the customer? Let’s think about all the fault mechanisms and work backwards from that. I will make sure the book gets adopted, but I can guarantee you that 95 percent of the time, if you will work backwards from understanding your risk failure modes and on doing the right thing for the customer, we will solve it.”

Lamberth likens his approach to compliance leadership and working with business lines to parenting his daughters. You want to encourage them to do things on their own, but not without a watchful eye in case something goes wrong.

“I made the mistake of thinking I knew better how [business units] should implement a control. They were implementing my controls,” he says. “Now, I tell them to come up with a control they truly believe in.”

His message to business lines: “I am going to give you a lot of leeway, but I am going to set these guardrails and you can play anywhere between them. We will look for failure modes—and if you go outside of these lines, I am going to assert my authority. I want you to be independent, but if there is a point where I see things going bad, I’m going to step in and escalate the conversation.”

Increasingly, technology and the automation it brings is the key component of any well-realized compliance function. Lamberth has thought a lot about this digital revolution, how it can—and must—transform compliance and how to prepare for it.

Most, especially those with a legal background, are comfortable having defensible positions, “that you were probably 90 percent right and could make an argument if you had to,” Lamberth says. “An auditor, by comparison, is only concerned with material risk. Audit disclosures say, ‘We’ve done the best we could do with our ability.’ They are probably shooting for 98 percent competence. They are all accepting there is a failure rate, but when you look at the reality of life, especially with regulators and the Department of Justice, what you find is that even a single point of failure is a problem.”

Capital One, he estimates, probably runs half-a-billion transactions a day, but, “if we miss one terrorist thing, one AML incident, or even one consumer who is financially harmed, when the Justice Department comes in they look backwards and say, ‘… but you had the data.’ ”

The way firms are held accountable has changed and zero tolerance cannot be abstract thinking. “The only way you are going to get to that level of standard is to have technology that is looking at those half-a-billion transactions,” he says. “People can’t do it. It becomes less about a framework that ensures 98 percent compliance. It is more about having that framework and some kind of automated technology solution.”

The “Holy Grail” Lamberth has been searching for is what he describes as “the haystacks philosophy.”

At any given moment, at any company, there are problems that must be addressed. “I don’t want to do what everybody else is doing and pick through the haystack to look for needles,” he says. “It would take tens of thousands of people and even then you might not find them. I want to create some kind of technology solution that puts a magnet over the haystacks to pull those needles up. I’m looking for technology that helps me find patterns and clusters that aren’t what you would expect.

The vision: letting technology draw out those clusters, whether they are problematic or ultimately benign, so that a compliance team can parse through the extracted “needles.”

Technology of this sort will likely mean that large financial organizations no longer need to employ and deploy a 25,000-employee compliance organization, relying instead on a more streamlined team of highly qualified experts. “I really think we are at the front line,” Lamberth says of his firm. While “not there yet” he expects his efforts to pay off in about three years.

Lamberth is well aware of the need to nurture the next generation of compliance experts, especially amid changes the profession will face. As an advocate for compliance as a career path, he has worked with law school career development centers to provide insight to students and recent graduates on compliance careers and is a strong proponent of mentoring and training efforts.

“About five years ago I started pitching these ideas to the law schools because I couldn’t find qualified people to start off in compliance,” he says. The glut of lawyers and law students at the time left many hard-pressed for work, an oversupply that offered an opportunity to shape them in the compliance mold. The pitch fell flat.

More recently, a sign of how things have changed, Lamberth is now the one being approached by law schools for help.

His advice: Learn the history of the profession and how it has evolved. Then, take it to the next level.

“What I really find lacking in compliance professionals is an ability to understand what the business is trying to do and communicate effectively with them,” he says. “I see so many people hung up on having to be independent—‘I can’t go to their meetings. I can’t understand their strategy.’

“Being independent means you are free to make your own decisions, but you cannot do your job successfully if you don’t understand, intimately and deeply, what they are trying to accomplish, as much, if not more, than they do. Good, business-minded compliance people work with the business, understand what they want to do, and have both a natural curiosity and soft skills around influencing.”

There is no magic or secret formula behind what makes a great compliance officer. “People need to really feel that it is a profession, take it seriously, understand the history, and really focus on their influencing skills,” he says. “Those who are comfortable with teaching, and trying to explain things, make far better compliance people.”