Mitigating risk at a fintech with Naaika Himidi, GC, Pleo

Naaika Himidi, 14 September 2021

Managing risk is a key part of the job for leadership at a fintech. In her first GC role, how does Naaika Himidi approach risk mitigation at Pleo?

Hi 👋 who are you?

I’m Naaika Himidi, and recently joined Pleo as its General Counsel. I have more than a decade of experience from private practice with a legacy law firm. 

My career has followed the financial cycle, starting with the aftermath of the financial crisis working with insolvency and the last seven or eight years focusing on leveraged finance, corporate lending and other types of debt-driven transactional work. 

Is this your first GC role?

Yes - my previous in-house experience is a secondment with a legacy bank when I was newly qualified so joining a fintech scaleup, with this being my first GC role, is in many ways different from where I came from!

What was the appeal in moving away from private practice?

When you're in an established law firm you achieve a certain level of specialty and you have an idea of how your career will develop for the foreseeable future. I had moved beyond the initial steep learning curve and was comfortable in my role, so it was time to move on to something that offered a wider range of development opportunities and where the immediate output is more clear.  

What skillsets did you bring with you from private practice?

Being in private practice helps you integrate with your colleagues in an organization. Most people at a small company aren’t used to working with lawyers. Naturally, sometimes colleagues won’t understand a legal concept or process, and the request they have for you may be different to what they actually need. 

For me, the interactions involve figuring out the need behind the ask. And that’s a skill that gets ingrained in you when you’re at a law firm, trying to understand various clients. 

"There are many processes in place that work perfectly fine when the company is at 50 people and everyone knows each other. And then you reach the 200 mark and that dynamic completely changes"

The business completed the largest Series C raised for any Danish-headquartered company. At this level of scale, what are the risks legal needs to consider?

Fintechs face certain risks from inception due to the regulated environment, and this sets us apart from other industries. There’s the obvious risk in terms of security breaches - leaked data, compromised passwords, and so on. 

But there’s also operational risk in terms of our payment infrastructure; adherence to our licenses and navigating in a space where the regulators are not necessarily up to speed with the technical developments. 

And then there’s risk in the broader sense, in light of our rapid growth; we are subjecting ourselves to increased risk with growing headcount, additional jurisdictions and new product features, for example.

How do you address those rapid growth risks?

It’s all about setting a scalable foundation, and having a growth mindset. You have to look ahead: will this structure still work in three to six months? What’s the short-term plan for the business where they need legal support, and what are the risks that we may need to address in that timeframe? 

That’s really front-of-mind for me - there are many processes in place that work perfectly fine when the company is at 50 people and everyone knows each other. You’re able to collaborate in a wholly different way. And then you reach the 200 mark and that dynamic completely changes. 

With so many aspects to consider, what do you prioritize? 

When setting up Pleo’s legal function the priorities for me around making sure we adequately mitigate risk included:

  • Regulatory compliance: the highest level of risk comes from product development, and making sure we’re always compliant, as a regulated entity. I need to ensure that legal can support our product teams and get involved as soon as possible to mitigate risk. When legal is part of the product development process at an earlier stage, we ensure that legal isn’t a blocker invited last-minute to check over a new release, but instead part of the initial process. We are moving fast so we need to make sure everyone is set up for success and do not waste valuable time.

  • Contract management: we’re looking into a single source of truth for our contracts. This involves making sure everyone can work independently of each other, and making sure everyone has access to updated documents, as and when they need them.

  • Structured access to legal: as we continue to scale, we need to move towards a more structured approach when it comes to submitting legal requests. It’s also important that everyone in the organisation understands who to involve, and when - is it easy to identify the right process, and approach the right person for supplier agreements, for example?

  • Support prioritization: with a lean legal team, in the face of a scaling business, do we need to rethink the work we prioritize? Do we prioritize in terms of time commitment, level of risk, or impact on the business? When you’re in a 50-person organisation, legal requests are often treated equally. When headcount reaches the hundreds, that same approach doesn’t work anymore - it needs to be intentional.

  • A consistent legal approach: it’s important to have a consistent view on liabilities or trigger points, for example. I need to ensure that, as and when the legal function scales, we have a solid approach to these problems, and that it’s communicated to the organization. 

It’s important to remember that all risks aren’t created equal and one of the challenges is to make sure that the prioritization is intentional. 

Is there a jurisdictional element to your work now? And what challenges or risks does that present?

We're now active in six markets, but I’m really just trying to contend with the legal operations aspect of it; how can we make sure we have the right local legal advice readily available while we’re not at the stage of hiring in that region?

Right now we’re based in Europe, and can somewhat comfortably navigate the legal framework for the UK and EU with a combination of in-house counsels and ad hoc advice from external advisors. If we do decide to enter a new continent I would have to rethink the way our legal function is structured, and how we would offer that jurisdictional support. 

"It’s extremely important having advisors that make the attempt to understand your business and where you're coming from. That commercial mindset is imperative, and I definitely look out for it"

How do you find the right law firms to support on that legal work?

With my own background, having been an advisor for over a decade, I'm probably not the easiest client! Hard skills are a given, but in terms of soft skills, it’s extremely important having advisors that make the attempt to understand your business and where you're coming from. 

It’s a two-way street, though - I understand that, as an external advisor, it’s difficult to fully grasp all the elements of a client you’re supporting. So when purchasing legal services I try to be as clear as possible about what it is I am asking of them, because you can’t expect your external advisors to know everything. That commercial mindset is imperative, though, and I definitely look out for it.

Finally, what’s next for Pleo?

We’re on an exciting journey to create a spending solution that encourages a work culture built on trust and transparency, instead of overwhelming control and needless bureaucracy. 

I’ve joined a company moving at high speed, and I'm still in the process of figuring out the scope of the General Counsel’s role in a Pleo context. It’s an exciting stage of my career, and I can’t wait to see where it leads me. 

Thanks Naaika!

Naaika Himidi is the General Counsel at Pleo. Want to hear more from the visionaries scaling in-house legal? Join our community of 400+ lawyers and legal ops teams. 

 

Topics: Legal operations

Download the guide