Can you tell us about your journey to becoming an in-house counsel? What inspired you to pursue a career in this field?

At the end of my legal clerkship, I spent the elective stage with my current employer and was faced with the decision of whether to join a major law firm or a company. My motivation for starting directly in a company was and is to create the closest possible link between the operational business and the business requirements of a company on the one hand, and the requirements for pragmatic, risk-oriented advice and the most efficient implementation of compliance possible on the other.

In your role as an in-house counsel, what are the main responsibilities and tasks you handle on a day-to-day basis?

The focus is on managing interdisciplinary, cross-functional teams that are responsible for implementing regulatory tasks. Currently, this particularly concerns the implementation of the requirements of the Digital Operational Resilience Act (DORA), which is intended to strengthen IT security and risk management in financial companies. In close consultation with the sub-project managers, we are overhauling our entire organisational management regarding information security, paying close attention to the management of third-party ICT service providers and strengthening our own systems for maintaining IT operations. In this context, my responsibilities include reporting to and regularly exchanging information with the board of directors.

What are some of the key challenges you have faced as a rising star in-house counsel, and how have you overcome them?

DORA and the Sustainable Finance Disclosure Regulation (SFDR) are relatively new and complex regulations. Both regulations require extensive changes and adjustments to internal processes and control systems and, due to the two-stage nature of the legislation, are always subject to uncertainties until final adoption. However, to succeed in the financial markets, the regulatory requirements must be analysed at the draft stage. I first analysed the requirements from a legal perspective and then worked closely with the business, IT and risk management departments to translate the likely requirements into practical measures. We developed tailored tools in-house with a high degree of agility, thus driving implementation forward before larger competitors or specialised software providers had even finalised their requirements analysis. As a result, we are in a very good position compared to our peer group.

What steps have you taken to enhance your professional development and expand your legal skill set?

To develop my personal and business management skills, I completed an MBA at WHU – Otto Beisheim School of Management while continuing to work. To better understand the requirements of supervisory law, I regularly attend events hosted by the German Investment Funds Association (BVI). I gained the necessary technical expertise through further training to become a certified data protection and information security officer.