GRC Professional: The GRC's professional toolkit - leadership and change management - Michelle Gibbings

Today’s risk and compliance professionals need all-round skills to thrive in increasingly complex roles. Leadership and change management are two areas upon which all senior GRC professionals need to focus. Michelle Gibbings was interviewed by GRC Magazine on this topic. You can read the full article here.

The role of the Risk and Compliance Professional continues to expand in its prominence and strategic influence within organisations. Companies are expanding their risk and compliance teams and giving them a greater voice at the decision-making table. CCO and CRO ’s are now leadership positions, as an integral part of the executive teams that determines strategies and objective.

But are risk and compliance staff ready for the changing nature of their role? Do they have the necessary leadership and change management skills?


CRO and CCO need an executive skill set that spans much more than risk and compliance. Michelle Gibbings has more than 20 years’ experience in a variety of senior risk and compliance roles, including being part of the senior executive for the National Australia Bank (NAB). She says risk and compliance people do have the capability to be true strategic leaders in their organisations.

“For compliance people to be successful in their role it’s really critical for them to have that seat at the table. If they are there amongst peers, and those peers are making the key decisions, they are able to influence those decisions. The conversation is different if you are peer to peer than if you are subordinate to a peer, or in a more junior role.”

Gibbings says that, already, compliance is getting that leverage. “Compliance has greater standing and influence now because it is established as a discipline, and therefore is seen as a core function within the organisation. Many compliance people are in very senior roles.”

Senior risk and compliance personnel need to be strong leaders. That involves establishing priorities and leading a motivated team to achieve those goals, but it also means being able to interact successfully with other areas of the business. Being able to cultivate good relationships and communicate is critical in such a diverse function that touches so many areas. The most effective risk and compliance personnel understand how to work with other people, how to listen, how to deal with different personalities.

Compliance has much more credibility now because it is established as a discipline, and therefore as a function within the organisation. Some compliance people are in very senior roles.

Change Management

Gibbings says that compliance and risk are about changing behaviour. “You can build processes and give people the tools and controls, and all of that helps you. But, people can work around that if you don’t have the right behaviours.”

The scale and speed of change is so much more than it has been in the last 20 years, meaning organisations and the leaders of organisations need to be better at managing change. Compliance and risk are at the very sharp end of this change. They are central to the change management process in any large organisation, particularly where this change is driven by a regulatory imperative. “Compliance managers are uniquely placed to be strong change managers,” says Gibbings.

“You can use a lot of the principles that underpin how you lead in change and apply them to how you should lead the risk and compliance function.”

“Organisations and the environments in which they operate are now much more complex. And the pace of change is rapid. Everyone needs the ability to lead through change and the ambiguity it creates. As the saying goes ‘Change is the new normal.”’

“Compliance professionals need to be able to cope with change and also to work with senior stakeholders and other teams that are going through change.” The role of the compliance professional is to help other areas of the business understand what change means. “Compliance professionals need to be equipped with both the technical skills and the emotional resilience to effectively manage through change.”

The reason why risk and compliance have become so crucial to change management is that much of the change through which business is undergoing, particularly in financial services, is driven by regulatory change.

The challenge with regulatory change is that it ranges from small to very large projects. Often there is so much change happening at the same time, it is hard for people to cope with the volume of the change, says Gibbings.

“It is really important to build that regulatory change roadmap, to show what changes are happening and when are they impacting certain teams and areas of the organisation, so the change is well-planned. You have to give people a sense of what the change is, what it means for them and how it all fits together for the organisation. Building that picture of the ‘what the future looks like’ is really important. Planning is critical. All change initiatives live and die on the strength of their planning,” says Gibbings.

“Where I have seen change management work best is when it has been very well-planned and coordinated. People know what their role is in the change, and they can get involved – to provide input throughout the change and to be provided with support throughout the change, in terms of coaching, development, conversations with their team members and their team leader.”

“They are given capabilities in terms of the skills needed to operate in that environment and to be able to manage and recognise how the change is impacting them.”

Gibbings says too much change at once, and not being transparent about the changes, will sink a project. If there is too much change, people will become confused and resist. You need to bring people along on the journey with you.

“Being as transparent and open and honest about what the impact of the change will be is always the best approach. Saying, ‘it is compliance, you have to do it,’ doesn’t sell the message or build sustainable change.”

“You must talk to the business and explain what it means for the customers, what the benefits are and be honest about the impacts. All the research on intrinsic and extrinsic motivation shows you need to appeal to people’s intrinsic motivations to get sustainable change.”

“You can use a lot of the principles that underpin how you lead in change and apply them to how you should lead the risk and compliance function.”

Reading List – Change Management

  • “Switch: how to change things when change is hard” – Chip and Dan Heath
  • “Managing Transitions: making the most of change” – William Bridges
  • “The Change Leaders Roadmap” – Linda Ackerman Anderson and Dean Anderson