For years, CME Group, a Chicago-based derivatives exchange and financial services company, has seen more of its trading volume move from its iconic Chicago and New York trading floors onto its global electronic platform. As a result (and like all major institutions), the company has continued to invest in its cyber- and information-security infrastructure—an evolution that includes the company’s managing director and general counsel, Kathleen Cronin.
Cronin says she can now facilitate productive discourse between the company’s legal department and its chief security officer and IT department. She’s also confident in the procedures CME Group has in place to answer any questions stakeholders might have about security. Cronin says the idea of her becoming something of a cybersecurity expert is somewhat unexpected.
“I still call the head of IT when my computer’s not working,” she laughs.
Nevertheless, that facet of Cronin’s role at CME Group speaks to her larger ability to learn quickly and adapt as the purview of her role evolves.
“As our information security function was evolving, my team and I had to take a bigger role in terms of making sure we understood the threats, what our strategy was, translating that to the audit committee, and making sure the board had the right information,” she says. “Developing that understanding of technology and what you should be expecting your IT folks to be doing was the one thing I never expected to be doing when I became a lawyer.”
Cronin says that ability to take on new challenges was honed during her time as corporate counsel for Skadden Arps, a global law firm that advises corporate, industrial, and financial companies. As she worked with clients on a broad variety of corporate challenges—including acquisitions, financing, and governance across industries—she developed a quick understanding of how different companies operate and their unique challenges.
Navigating regulation is a part of Kathleen Cronin’s job, but it’s not limited to just the United States. Given CME Group’s international presence, Cronin has teams in Europe and Asia, and says there’s a lot to learn as the company crosses into different territories.
“We dealt with the development of the European regulations on swap trading and capital requirements,” she says. “There are new conflicts that arise that you need to figure out how to manage. The other challenge working on a global level is becoming familiar with how other regulatory and governmental systems work, and how to have any influence on what’s being done there or who you deal with to try to talk about how it will impact the industry. It’s an eye-opening experience.”
“You need to be able to think about the whole,” she says. “I didn’t know the specialized areas of law in depth, but I had enough familiarity that I could ask questions. I still think my most important role is asking the right questions.”
She joined CME Group just as the company was going public in 2003. When she started, Cronin’s team consisted of five lawyers. Shortly after the company’s initial public offering, she assumed oversight of internal audit and market regulation. As the company continued to grow, so too did the need for other roles and responsibilities—enterprise risk management and corporate compliance among them. She now oversees about 225 people globally.
That isn’t solely a result of organic growth. In the past ten years, CME Group has also grown through mergers—the 2007 merger with the Chicago Board of Trade and subsequent merger with NYMEX among them. A year after that deal, however, the financial crisis hit, leading to what she calls one of the biggest challenges she faced in her career.
“In terms of the complexity of the regulatory web we operate in, oversight became so much more complicated and so much more prescriptive,” she says. “When we were regulated by CFTC, it was pretty straightforward. . . . Now, because the scrutiny of financial services has increased and our business and infrastructure is global, there’s a lot more demanded of us in terms of communication and compliance.”
That means Cronin also has to ensure her team is on the same page on how new regulations affect CME, but that’s not necessarily a burden.
“Regulation is constantly changing,” she says. “You try to digest that and incorporate that into how you operate, but you also try to identify what the opportunities and challenges are created by change.”
Key to that is the familiar adage of not thinking with the mind-set of a lawyer, but instead that of a businessperson. In a highly regulated industry in particular, Cronin says, it’s important that the legal teams and regulation aren’t viewed as obstacles to growth, but simply as ways to help ensure business is done the right way. It’s a mind-set that she says she looks for in the employees she hires, and as the company and her team
have grown through the years, so too has her satisfaction.
“I think what I enjoy about this job most is my team,” she says. “My peers at the company are fantastic to work with. I like being involved with a company that has so many opportunities in front of it and is in such a dynamic field that there’s always something going on.”