“Legal and Compliance.” “Legal.” “Compliance.” “Compliance and Legal.” “Law.” “Lawyer.” “Counsel.” “Compliant.”
If you’re young and new to product management, then those people, teams, and words are probably pretty scary to hear. “Who are they?” “Why do I need to meet with them?” “What are they going to be wearing when we meet?” “How many of them are there?” “How do I prepare?” “Am I in trouble?” These are all understandable thoughts to have.
I remember the first time I had to meet with a lawyer as a product manager for something I was working on. I don’t remember the details of the initiative, but I’ll never forget how uncomfortable I was. His name was Ryan Burch (we were working at PayPal, where he’s now ‘Global Legal Head – Privacy & Data Protection’). Not only won’t he remember this encounter, but he probably won’t even remember me. But how could I forget? I was working on new things with new people in an unfamiliar environment. And I was told that I need to rope in legal for their involvement. “Get with Ryan,” I was told. By the way, meeting with Ryan wasn’t just intimidating because of the group he worked in. He played football at Boston College, and I vaguely remember rumors that he spent some time in the NFL. This was an intimidating situation for me 😂.
What I didn’t know before meeting with him was that legal shouldn’t be brought into initiatives just for their ‘approval’ or for the sake of inclusion; they should be brought in early and often because of the valuable input, guidance, and ideas they can provide. Once you realize that, “legal and compliance” becomes a lot less scary and a lot more exciting. Fortunately, I’ve had the pleasure of working closely with some incredibly friendly, pragmatic, thoughtful legal, and compliance folks throughout my career. Two of whom I’ll talk about throughout the rest of this post are Christine and Chrissy (different people, not alter ego’s, although sometimes it could seem like it).
Let’s cover some background. Most of my career has been spent in financial services (‘FinTech’) with some time spent on mobile advertising (‘AdTech’). Both of these spaces are relatively highly regulated compared to many others. Depending on the area you work in, this post may be more or less relevant to you. Regardless, you should get comfortable with the fact that counterparts in legal and compliance are your friends. They can and should be enablers instead of blockers. It’s never too late to start building relationships with them.
So, what do these terms mean?
The responsibility of the legal department within a company is exceptionally broad-reaching, especially in heavily regulated industries like financial services. Legal generally works across the organization to provide legal advice on everything from data security and retention requirements, 3rd party contracts, corporate governance, IP, employment situations, etc. It’s also not uncommon for your internal legal team to consult frequently with outside counsel for various needs. Christine is an experienced General Counsel who I’ve worked closely with for years.
It’s a broad area, but the act of complying is adhering to a law, requests, or rules. The compliance function at a company is responsible for spearheading all things related to adherence by the company, employees, and partners. The compliance team’s footprint depends on the space you operate in along with the size of the company. To be clear, compliance is everybody’s responsibility, but it is the compliance team’s job to ensure everybody is properly supported, educated, and audited. Compliance is usually a function within the Legal group.
Chrissy is an experienced compliance manager who I’ve worked closely with for years. People like her do the following:
- Implement compliance policies, document them, and ensure they’re adhered to
- Educate employees on compliance policies
- Identify potential issues that could become compliance problems
- Are experts in the regulations the company has to comply with and prioritizes staying up to date with them
- Love acronyms
- Instill a culture of compliance throughout the company because it’s everyone’s responsibility and it never ‘ends’
When should you rope legal and compliance into your conversations for new product development? Like most answers, it depends. I’m inclined to say ‘early and often’ just like I’d answer the question if it were about your designer, marketing, sales leader, ops leader, analyst, etc. But it depends. If you’re fortunate enough to work with legal and compliance folks experienced in your space, then you’ll be able to get a lot more value out of them with a lot less effort of having to get them up to speed, which also can take a lot of time. Everything comes down to ‘risk.’ I bet 80% of my work conversations with Christine included the topic of risk.
What do you mean when you say, “everything comes down to risk?” I mean that most things you do as a product manager will involve evaluating risk (what are the risks associated with that decision, what’s our execution risk, etc.). Similarly, legal and compliance make most of their decisions based on the risk of various outcomes. Making a copy change on a page hidden behind authentication that only 10% of active users see is very different than making an auto-decisioning change that impacts 100% of new applicants for your product. You’ll often need to use your judgment (which will improve over time) to determine what types of things you should get in front of with legal and compliance.
Should I be scared of meeting with legal and compliance? I don’t know. Maybe. Did you do something wrong? Probably not. If it’s just your first time and you’ve heard that the lawyer was a stud football player who is very big, then don’t be scared. Establish a relationship and open lines of communications early in your tenure with a new company. It’ll make dropping by for unannounced, 5-minute chats about ‘if we should have a real meeting on x’ much easier.
What if legal or compliance are getting in the way? This is a loaded and challenging question to answer. It all comes down to culture. Does your organization have a culture of enablement or protection? Some companies (especially older, bigger ones who operate in highly regulated industries) are naturally going to have a different history with their regulators than others. And again, it’s often about risk. Companies with larger customer bases are more at risk than smaller ones. As a product manager, you’ve got to find a way to make friends and understand why things move the way they do. And ultimately, you need to figure out how to make some forward progress or communicate to the appropriate parties why you can’t. While it can often feel like a particular person in legal or compliance is ‘getting in your way,’ that’s not the case. They’re just doing their job. They’ve been instructed to operate a certain way. This is why I say it often comes down to a companies culture. You have to learn not to take things personally (it’s not an easy lesson).
Legal AND compliance are your friends (the people and the function). Treat them like others on your team. Leverage them not for approval but their knowledge and ideas.
‘A Product Manager’s Best Friend‘ is a series aimed at demystifying the role of young product managers. I’m Jared, a PM who has worked in a wide range of environments (fintech & adtech, seed-stage startup to large publicly traded tech & financial services companies, remote and colocated, etc.). I’ve found that there’s a need for practical, straightforward content for PM’s not fortunate enough to find themselves in powerhouses with top-notch product programs like Google & Facebook. Click here for more posts, and please reach out with suggestions or feedback.