Embracing risk

2022 Global Risk Survey – interview series

Culture is Key to Successful Compliance & Risk Management

The pandemic, the energy crisis and geopolitical events have upended the transport industry. In this interview with Stephanie Bregy, we cover the critical role that compliance and risk functions play in strategic business transformation. Stephanie also shares why a supportive organisational culture as well as having a passion for the business and an ease with collaborative problem-solving approaches are critical to successful compliance and risk management.

“Compliance doesn’t sit in a function: compliance is the business of the business.”

Stephanie Bregy,Group General Counsel, Head Legal & Compliance at SBB CFF FFS

Richard Thomas: There are many paths to compliance and other risk functions. What has your journey been?

Stephanie Bregy: It has been a journey of discovery and a very fulfilling one. I completed a double degree in Law and Economics at the University of St. Gallen. I then commenced my career in a law firm and in a commercial court but I soon realised that I would fit better in the in-house legal world, where I would be able to combine my passion for both, legal and business challenges.

Being in a combined legal and compliance role not only set the bar higher professionally but made it easier for me to bring my values into the organisation. It broadened the scope from a purely legal perspective to one encompassing ethics and integrity.

Talking about values, what is your vision for compliance?

In the early days of compliance, it was all about processes and checking boxes. Compliance is much more than that; it’s about the long-term view, though discussions and decisions and above all, integrity. It means taking the extra step to do what is right, not just legal. It is about identifying questions that are not (yet) anticipated and that must be discussed, as well as thinking beyond the legal and regulatory requirements. Other aspects, such as public expectations, the legitimate demands of stakeholders or the reputation, have to be factored in. And another important point, compliance doesn’t sit in a function: compliance is the business of the business. It is of utmost importance that the business takes ownership in these topics.

What skill sets do you need to successfully deliver on this promise?

There are several key characteristics. In my view, successful compliance professionals are courageous and dare to raise and discuss issues that people don’t want to deal with or talk about. Being an analytical thinker is imperative and involves taking a holistic view. You need to understand and be genuinely interested in the business in which you work.

And lastly, one of the most important skills is communicating with business partners on their terms. This entails translating theoretical legal concepts, for example, regarding competition or procurement, into practical advice that is meaningful and understandable to your audience.

“Culture is the key success factor. The tone is set at the top of the organisation and involves managers ‘walking the talk’.”

How important is culture in the success of compliance and risk management?

It’s the key factor. The tone is set at the top of the organisation and involves managers “walking the talk”. Without top management support and leadership, you can’t have a successful compliance and risk culture. A successful culture makes the difference between having 33,000 people managing risks and compliance issues as part of their daily business compared with one compliance lead.

Our expert for questions
Trust in Transformation

Richard Thomas
Partner, Risk Consulting Leader TIS, Territory Leader Internal Audit, PwC Switzerland
Tel.: +41 79 816 27 00

What is the role of Legal in successful compliance risk management?

It is essential for my role to translate legal risks, which often seem theoretical or abstract to non-lawyers, into very real and tangible commercial consequences. We are working in an ever-changing environment; the complexity of the applicable laws and regulations is increasing and in the midst of this, Legal and Compliance is asked to find ways to do business while mitigating risks. To give valuable advice, it is of the utmost importance to really understand your business and the environment you are working in. Legal advice is not a science. Sound judgment is key. This is also true for risk management.

How important is the interaction between various control functions to successful risk and compliance management?

It is important to discuss issues across all assurance functions and work closely together. We have an institutionalised Compliance and Risk Committee comprising members of the board and the top management and representing different assurance functions (compliance, risk, audit and IT security). My credo is “substance over form”. I understand the need to have an aligned process encompassing how you identify, assess, mitigate and manage risks. It’s important not to underestimate the fundamental need for solid and open conversations to take place at various levels, especially within executive management and the board. Even the best tools and processes are no substitute for good risk discussions.

“Even the best tools and processes are no substitute for good risk discussions.”

About the Swiss Federal Railways (SBB)

The Swiss Federal Railways (SBB) is the state-owned railway company of Switzerland headquartered in the capital of Bern. Founded in 1902, it has been a joint-stock company, majority-owned by the Swiss state, since 1999. With around 33,900 employees, SBB transports over 880,000 passengers and 185,000 tonnes of goods to their destinations every day. SBB is ranked first among national European rail systems, according to the latest European Railway Performance Index, for its intensity of use, quality of service, and safety rating.

In what ways have the pandemic and recent geopolitical events impacted your industry and the compliance function?

It has turned everything upside down. A very long-term and rather rigid business model, like the railways, must adapt its revenue scheme to the recently changed customer needs and habits. At the same time, our risk landscape has broadened. This ranges from addressing changed customer and employee needs through to globally-driven issues such as energy prices and other supply chain dependencies. For example, in the new work era, the regular Monday to Friday work week has all but disappeared. I don’t think we know yet the full impact of hybrid or remote working conditions on employee-employer relationships. These are relatively new topics, all of which bring new challenges as well as many opportunities.

Trust in Transformation

2022 Global Risk Survey

Embracing risk in the face of disruption.

Learn more

How are your compliance and risk functions changing to meet this challenge?

It starts with re-evaluating our strategy and goals. If customer needs have changed, how does your product offering need to evolve? You also need to discuss and reassess the company’s risk strategy, including risk tolerance and appetite. For example, if the external risk has significantly increased, do you accept it as the “new normal” or do you take a more conservative approach to risk mitigation? And as a state-owned company, you will come to different conclusions than, for example, a start-up where your shareholders expect you to take risks and navigate new waters.

Do you see opportunities for taking more risks in order to improve returns?

It depends. Our most important consideration is that of safety, and we want to deliver excellent quality. Of course, it cannot cost whatever it takes, but it is a very fine line between improving returns and taking (too much) risks. These are multifaceted decisions, and many aspects have to be taken into consideration.

“Legal advice is not a science. Sound judgment is key. This is also true for risk management.”

Finally, what advice would you give to someone starting out in compliance and risk management functions?

Be curious and never stop learning, because this job never stops teaching (in a good way!). Success is about having the right mindset. You need to be comfortable in a problem-solving role. Don’t base your career decision on the salary or title but start somewhere where you can grow and develop. And it’s a serious job, so don’t forget to have fun!

Marco Aspesi

About Stephanie Bregy

Stephanie is Group General Counsel, Head of Legal & Compliance at SBB.

She was recently voted “In-House Counsel of the Year – Transport” by members of the Swiss Legal community. Prior to joining SBB, Stephanie worked at Novartis, where she was Head of Legal & Compliance for Central & Southern Europe, Russia/CIS as well as a member of the Diversity & Inclusion Council.

Stephanie holds a master’s degree in Law and Economics from the University of St. Gallen, Switzerland and has post graduate business qualifications from the École Supérieure de Commerce, Paris.


Contact us

Richard Thomas

Richard Thomas

Partner, Risk Consulting, PwC Switzerland

Tel: +41 79 816 27 00

Alexandra Burns

Alexandra Burns

Partner, Leader Financial Services Risk Consulting & Internal Audit, PwC Switzerland

Tel: +41 58 792 46 28