Trust the Process

Why American Express Chief Privacy Counsel Anwesa Paul believes privacy and other data-sharing issues require a consistent decision-making framework

Anwesa Paul had come from a small start-up before joining American Express in 2012. Not only was the culture quite different, she recalls, but she had to quickly get up to speed on the financial regulation environment. Of course, this wasn’t an easy task, especially when considering the global powerhouse that the financial services corporation has become.

But in expanding her role to the complexities of data governance at American Express, the chief privacy counsel is upholding the company’s commitment to security, trust, and service as the velocity of information increases.

Originally brought on as privacy counsel, Paul says the company was drawn to the digital experience she gained in the advertising world, but shortly into her tenure at American Express, she began applying her skills to financial services. Paul handled all privacy legal issues related to the company’s businesses in the United States.

Kinetic Social, Paul’s previous employer, is a New York-based marketing and advertising agency specializing in social media strategy, cross-channel buying optimization, and big data insights. She adapted to the American Express corporate culture quickly, taking on new responsibilities as American Express added them. Over time, data governance became a major focal point for Paul. She says there are “many flavors” of data governance, including the technical side led by information management teams who handle the quality and access to data itself. She explains that her role is to help strengthen the framework for decision-making surrounding that data, which is a valuable, competitive asset.

American Express leadership appreciated her deft touch as evolving its data strategy became more prominent with the company’s move into mobile and digital payments. In 2015, Paul earned a promotion to vice president and senior counsel, privacy and data use. In January, American Express named Paul its chief privacy counsel, and she began reporting directly to its chief privacy officer.

Her role also became global in nature, with a larger team of seasoned attorneys managing many critical initiatives for the company.

Paul reflects how in her first month as chief privacy counsel, she felt “sort of like a deer in the headlights.”

“It was a big leap to go global and broaden my horizons outside the US. Now, it’s just really interesting,” Paul says. “I’m getting to look at it from a different vantage point and trying to understand where the synergies lie. How people think about privacy norms is heavily driven by cultural context, and it’s been very interesting to learn about those differences and similarities.”

Paul’s focus, however, has remained on creating company-wide consistency in the way data is collected, stored, and shared.

“We keep customers top of mind in everything we do. This means ensuring adequate data security and privacy controls that give customers transparent choices in the way they would like us to serve them.”

Given the nature of American Express’ business, the challenges around data are more complex than they may seem.

“Number one, proper data governance structure is critical in this day and age,” Paul says. “But it’s important to nail down what you mean when you talk about data governance. Different people may have different expectations. Then, it’s getting all the right stakeholders in the room speaking in the same language. Data is key to operating American Express’ closed-loop network, so there are lots of people who touch and use it.”

Then there is the technology that processes the data. It changes quickly. Paul says all the work that went into creating controls and structure can be turned on its head when a newer, innovative platform comes along. Then, it’s back to the drawing board to find new controls. But over time, one improves at identifying what works and what doesn’t, and that leads to stronger efficiency.

Paul also spends time engaging with third-party vendors that American Express works with in an effort to educate them on the sensitivities related to working with a financial company.

“Those third parties have their own needs and requirements, so there are tough negotiations when you have to start at square one,” Paul says. “It’s important to have an understanding of the technology these third parties are using and be nimble enough to figure it out and get the right stakeholders in the room to talk solutions the right away.”

Having experience at a start-up company has helped Paul be agile within the corporate structure at American Express. She says this has become a real asset in a role where she advises on everything from compliance to new product releases. “Coming from a start-up means the expectation around responsiveness is really high,” Paul says. “In a start-up culture, if you don’t answer questions soon after you get them, then people won’t come to you anymore.”

Being able to move from that start-up culture to a trusted financial institution has meant that Paul needs to be just as versatile with people. She can handle discussions with a variety of personalities, including those who push back at her advice.

“I like that give-and-take with clients at American Express,” she says. “My mind-set is that I’m supposed to have clients who are aggressive and push me to think more creatively.”

Paul expects her role to demand more creative thinking moving forward. She says she considers one of her main goals for the foreseeable future to be creating a strong team of privacy lawyers who are sharing information well, learning from each other, and pushing each other to be innovative in a time of significant changes in technology and regulation.

And that’s just internally. She will also be required to anticipate how privacy demands and regulations in one region of the world where American Express operates may affect another. Data, after all, is portable.

Paul will also look to expand the controls and framework of American Express data governance whenever possible and will adapt quickly when it’s not.

Above all, Paul says, she will work to keep an open mind to solve these and an assortment of other challenges in her role on behalf of customers.

“A lot of people have good ideas, so even if you have a point of view, sometimes you need to put it on hold and give new ideas the proper consideration,” Paul explains. “Be flexible, and don’t be so married to a position that you can’t evaluate a new idea objectively.”

It’s a positive approach that is helping Paul steer a massive global company into the Information Age and beyond.