Lessons from Leaders: Kam Dodge in Conversation

speaker-0: Welcome to Compliance Chronicles, we learn from professionals shaping the world of compliance. ⁓ your host, Liisa Thomas, ⁓ Privacy and Compliance Counsel, an professor at Northwestern Law School, and a lifelong learner of organizational change. ⁓ From journeys to hard-earned lessons, ⁓ these the Chronicles that inspire and guide. ⁓ Let's in. ⁓ Welcome another episode of Compliance Chronicles, and I am delighted to be... joined today by Kam Dodge. And Kam, I'm going to turn it over to you to introduce yourself, and then we'll get started with your personal journey.

speaker-1: Yeah, thanks Liisa. Really happy to be here. I, as Liisa said, I'm Kam Dodge. I am the deputy general counsel and assistant corporate secretary at Triumph Financial. We are a New York stock exchange listed financial technology and payments company that also at its core is a community bank. So really happy to be here.

speaker-0: Well, Pam, we're going to start with your journey to how you got where you are. I remember part of that journey because it had the name Shepherd in it. So talk to us about the journey and how you got and Suspie.

speaker-1: Yes, exactly. So ⁓ way back when I went to Northwestern in Evanston for undergrad, which is, as Liisa mentioned, the School of Education and Social Policy. ⁓ actually into college initially in Weinberg and was thinking I was going to do economics and didn't know about this degree in learning and organizational change that I discovered while I was there and did a Inter-college transfer to SESP. know, an LOC is a Northwestern specific major, but it really takes apart how organizations navigate through change. You know, what their inputs are, how they figure out how they navigate corporate change, which is a really good foundation. I didn't even know at the time for, you know, stuff that I'm doing now 15 years later. When I left Northwestern, I went out to Washington, DC and spent some time on Capitol Hill working for a Senator and did some variety of trade association activities in Washington. Then went to law school, joined a law firm. And then subsequently, as Liisa mentioned, or alluded to at least, joined Shepard Mullin in the Washington DC office, where I was in the corporate practice, primarily focused on private equity clients that are in the regulated space and aerospace and defense and some.

speaker-0: So you've gone from one regulated area to another regulated area.

speaker-1: Exactly. you know, I always say I'm like privacy and compliance kind of found me. I didn't necessarily find it. You know, I'd always been positioned, you know, prior to law school, I worked for largely manufacturing companies. So a heavily regulated industry came into private practice, worked for aerospace and defense companies and then work at Triumph now, which obviously has plenty of regulation in the financial space. you know, privacy is not an option and compliance is not an option. And it's been a really ⁓ an interesting area of law over the last couple of years.

speaker-0: So you said privacy is not an option, compliance is not an option. So talk about some of the challenges you've faced and I suspect you're going to draw on some of your SESP learning and organizational change, LOC, knowledge, because I've seen it in practice, how you pull it into play. So talk a little bit about that.

speaker-1: Yeah, you know, it's really interesting. ⁓ You know, I think, as I mentioned, working in a heavily regulated industry, there's a lot of opportunities to intersect with compliance. What's really interesting living in a bank, which is both an opportunity and a challenge, we get the pleasure of going through a full compliance audit from our regulators every year. You know, there are varying degrees of perspectives about that. I like to say that it allows us to showcase ourselves at our best because we get the opportunity to show to our regulators. you know, how we're honoring our customers, how we're honoring our compliance with the law, which is really exciting. You know, I think what's interesting in this seat, as I think about it, is there's a lot of juggling and that's an overused phrase. But I think what's interesting is you're juggling at the same time, rubber balls and glass balls. And it's really, really important you don't drop the glass balls. And unfortunately in privacy and compliance, those tend to be less rubber and they tend to be more glass. So helping the businesses think through like, hey, you this is actually a problem if it goes wrong, you know, we have a little bit of a different problem that isn't always easy to fix on the back end, you know, and that's been something that I've used kind of with our teams here and in partnership with them quite a bit.

speaker-0: How do you differentiate between what's a rubber ball and what's a glass ball?

speaker-1: It's a great question. That's why we pay great lawyers like you, Liisa, to help us figure out what they want. You know, I have a framework that exists and it works for anything, right? Not just for privacy, although it's a little bit easier to digest with privacy. Unfortunately, just there's been so much litigation out there to kind of help the business team think through it. As you kind of have to do a little bit of a math problem. And I know lawyers are sometimes adverse to math and this is why we didn't go get MBAs, but I think it's really important. if you're going to be in the privacy and compliance space to take a set of problems and say, you know, Hey, there is, you know, a potential range of outcomes. One expected outcome here has class action exposure, which means that like we're talking about eight or nine figure lawsuits. Now you take, you know, that unhappy path and kind of multiply it by what's the expected rate of outcome, right? You know, engaging Liisa and her team to understand, you know, how often are these things happening? What are the target companies that look like? And you can kind of come up with a little bit of a rough framework for like, okay, we've got this really big, scary outcome out here. We have the expected value of like, how likely is it that we look like some of these companies that could be in the crosshairs? And then you have to take a long, hard look at yourself, both from a product side, from a development standpoint, from your compliance infrastructure and say, you know, how likely is it that we have this problem in our system? And then you can kind of have a quantum at the end. you know, and every business has its own risk tolerance. So I think when you put it in terms that the business understands, right, they're used to dealing in P &L, they're used to dealing with, you know, if we have this, you know, this is a cost to be managed and kind of what's the likelihood of the outcome, that helps bring them along as partners because then they want to solve it too. You know, nobody wants to have a bad compliance day, a data breach. you know, exposing customer information. Nobody wants that to happen, but you know, it's kind of like driving a car, right? The number one guarantee to never get in a car accident is you never get in car. And that's not realistic in business, right? We have to take risks. So we need to be able to speak that language with our business clients to make sure that they can kind of understand that. And then as the business owner who ultimately owns the risk.

speaker-0: What are some of the key lessons that you've learned that you would share with junior people or with people that have been doing this for a long time and are feeling a little burned out or looking for inspiration?

speaker-1: Yeah, I think somebody told this to me and it's true and it's trite, but it's real. It's just don't be afraid to be the dumb person in the room. Sometimes as lawyers, we have this like ego about us that it's like, well, people are looking to us to be ⁓ so smart and know so many things. And I'm like, hey, I don't have a magic omnipotence that I just know every law. Having the humility to ask the dumb question, especially in privacy and compliance is so important because often we're dealing with the leading edge of some really, really technical problems. And it's okay. Like one of my closest colleagues here is our chief technology officer and our chief information officer. And I asked both of them questions and I'm like, hey, I totally don't know this. Explain it and walk me through how this all works so I can be smarter for you. And that's taken a lot of humility from me that I think I had to learn initially because I wanted to be the person, you know, everybody wants to get the gold star on the test. and everyone wants to have the answer, but you just don't. And that's completely okay.

speaker-0: question as you leave us your key distilled down parting advice.

speaker-1: When I think about this, sometimes it's helpful and I use this example, this is kind of another analogy that, you know, I use with the business teams that are really effective is like strip away all the legal stuff. And which is interesting because the minute a lawyer says that it's kind of disarming for folks. It's like, just think about you're sitting around your Thanksgiving table or just your dinner table and you're explaining an issue to somebody. Like is the outcome what they expect? Like I have found like the law is really imperfect. in a whole lot of ways. But there's a lot of goodness that comes from like, is this outcome what we would expect if you give your data to a company that we trust? Is it the expectation that we would distribute or show your social security number to the world? Of course not. Right. But I think there are like when you get to these gray areas that are really difficult, it comes back to me. Respect for your customers. And is this what they expected? know, respect for your customers means You know, if we have a customer relationship, whatever that might be, if it's a banking product, if it's a transportation product, is what they're getting from us and giving to us and what we are using that information from or with what they expected us to. You know, my parting advice is always just, you know, respect your customers like you are one of them. And, you know, when it comes to being a lawyer inside an organization, and this goes for outside counsel or anyone, sometimes it's helpful to just set all the technical legal. down and just say, hey, if we were explaining this to somebody who's not a lawyer or isn't as steeped this as we are, does it make sense to them? And if it doesn't, that probably gives us some good intuition that something's a little off and we should think about it or at least double down on the explanation for.

speaker-0: Great advice, Kim. Thank you. And thanks for making the time to have this conversation with me. I hope you enjoyed this episode of Compliance Chronicles, where we look for guidance and inspiration from the personal journeys of compliance professionals.