Leadership spotlight: Director of Risk, Compliance & Data Privacy

In this series we will hear from the Senior Leadership Team at Three about the latest activity across the company and a little about the people behind the projects.

Vital stats

  • Name: Laura Schmuttermeier
  • Job title:             Director of Risk, Compliance & Data Privacy
  • Function:             Legal, Government & Regulatory Affairs
  • Tenure:             2 years

Tell us a bit about your background

I am from Austria, born in Vienna. I went to the University of Vienna to complete a law degree whilst working as a paralegal for a small law firm. After finishing my degree I completed an internship with the Austrian Trade Commission in Toronto between January and February. What better way to then warm up than a postgraduate degree (LLM) in Australia? I finally decided to settle in London, starting as a graduate at Deloitte and I stayed with the firm for 14 years. As part of my role there I worked on the Siemens bribery investigation and then ended up leading their Telco, Media and Technology Compliance services.

I was later selected for a secondment into my current role at Three and fell in love with the people, the variety of work, the direction of the company and the opportunities to really develop the team. So I applied for the role and the rest is history!

In a nutshell, describe your role and how it supports Three’s objectives

Myth buster: Risk and Compliance is not here to make life difficult or stop our people from offering customers new and exciting ideas! Instead, our role is to support them in designing these in line with our legal and regulatory obligations and to provide input into decision making (“what would happen if we didn’t do X?”).

Some of the areas my teams focus on are:

  • Showing our regulators we are doing what they expect from us, e.g. by carrying out deep-dive reviews and the ongoing monitoring activities
  • Helping with new propositions, products as well as transformation programmes
  • Helping our people understand and identify risks (“what could happen”) in their area of responsibility and think about what could be done to prevent it or reduce the impact
  • Providing independent challenge / suggestions

What is currently happening in the world of Risk and Compliance?

There is a lot of regulatory change coming, including the European Electronic Communications Code (EECC), the Telecom Security Regulations. But also, UK SOX! The consultation on the whitepaper by BEIS is closing on the 8th July and we are waiting to see whether the public interest entity (PIE) definition will be expanded and whether we will fall under the scope of UK SOX.

Get newsletter alerts

Add your email address to stay up to date with the Three Media Centre.