GRC & Me: The Human Side of Risk & Compliance — Building Culture, Not Just Controls

Podcast by LogicGate
Episode Date: June 5, 2025
Host: Megan Manifold
Guests: Elizabeth (Group Risk & Compliance Officer, Vinted) and Goda (Risk Process Manager, Vinted)

Episode Overview

This episode explores why building a culture of governance, risk, and compliance (GRC) in organizations—particularly in the online retail sector—goes far beyond enforcing rules and policies. Instead, it's about fostering human connection, empowering staff, and making compliance a part of organizational DNA. Elizabeth and Goda from Vinted share their experiences and strategies for creating a compliance culture that supports both business agility and lasting trust, debunking myths that GRC stifles innovation or hinges on strict, top-down mandates.

Key Discussion Points & Insights

1. Personal Introductions: Humanizing Compliance (00:09–01:53)

• Elizabeth: Outside of GRC, she's learning to ride a motorcycle—“When I'm not driving policies or talking about compliance culture, I'm learning how to take curves at the right angle. Literally.” (01:03)
• Goda: An “Excel geek” who tracks everything in spreadsheets, including packing for holidays.

Tone: Warm, personal, building rapport.

2. Mythbusting GRC: Speed, Innovation, and Engagement (01:53–04:04)

• Myth 1: Strong compliance cultures slow innovation.

  • Elizabeth: “That's a myth… When the culture is right, things actually move faster with more confidence. So it's definitely not about blocking innovation. It's about creating clear rules that support smart decisions.” (02:26)

• Myth 2: Employee engagement in GRC is mainly about mandatory training.

  • Goda: “It's way more important to have the right culture for people to do the right things and the right process integration for people to easily do the right things… it's way more important to allow people to talk about risk and compliance in their day to day than to fill in spreadsheets and follow the strict procedures.” (03:13)

3. Building and Embedding Compliance Culture (04:04–08:15)

• Transparency & Accessibility

  • Elizabeth: Redesigned privacy policy and Code of Conduct for ease and trust; working on a “public facing complaints page… clear, visual, and designed to earn trust.” (04:35)

• Practical Integration

  • Elizabeth: “We've met compliance and risk part of the way we work. So not a separate layer… launched a new e-learning with a Sponsor video to set the tone and paired it with practical tools like a downright manual transformed into an animated.” (05:21)

  • Goda: Collaboration and openness—embedding compliance comes from active stakeholder engagement, not just top-down directives. “When we have this conversation… they see that it's compliance as part of their job, not just us imposing something additional.” (05:42)

• Remote & Hybrid Challenges

  • Elizabeth: “Culture doesn't spread on its own… needs to be intentional. So what we're doing is using digital tools, clear guidance, and making our resources easy to find, not hidden in a folder.” (06:40)

  • Goda: Shift from effective in-person risk workshops to innovative online engagement tools: “It’s way harder to get people engaged [remotely]… so tooling… and finding the right tools for increasing the engagement is very important.” (07:12)

4. GRC Training That Engages (08:15–10:37)

• Personalizing Training

  • Elizabeth: New e-learning features:

    • Executive intro video sets a “human and relatable tone.”
    • Pre-test allows knowledgeable users to skip to key takeaways.
    • “You have like real situation in simple language. So I think this is one of the way where you can have people really feeling empowered and engaged into your training.” (08:46)

  • Goda: Targeted training per team; adapts content and examples to specific roles. “Every time I do it, it's a bit different because I try to ensure that it's relevant for the specific team.” (09:33)

• Impact: Relevant, flexible approaches are more engaging and less of a “check-the-box” exercise.

5. Industry & Organizational Blind Spots (10:47–14:39)

• Regulatory Complexity

  • Elizabeth: “We don't know all the laws that apply to us… We're operating across multiple countries and in a fast evolving areas like AI and sustainability… So the goal will not be to be 100% compliant or 100% perfect, because no one can do that. Right? But it's to be ready and able to adapt.” (11:18–12:22)

• Measuring Awareness and Culture

  • Elizabeth: Organization-wide surveys revealed gaps, spurring new engagement and outreach—“After the survey, people started to reach out to us. So honestly, that was already a win because the culture started to spread.” (12:45)

  • Goda: Culture and impact are hard to quantify—external consultants assessed their Enterprise Risk Management framework, which “gave us a lot of information on our impact… and this is one of the things that we will definitely use in the future.” (13:38)

6. Securing Executive Sponsorship (14:39–18:25)

• Early & Ongoing Involvement

  • Elizabeth: “Right from the beginning, we involved top management… they felt really empowered… they had the possibility to ask questions. So they were not just informed.” (15:20)

  • Transparency: Regular updates, annual reports, sharing maturity assessments to “help us to ask for resources… because they know directly where we are going.” (15:20)

• Problem-Solving, Not Gatekeeping

  • Goda: “We constantly get this feedback of, ‘Why are you doing this? Will this, like, slow us down?’… so it's very important for us to constantly show them that we are, like, trying to solve problems and not creating additional ones.” (16:56)

7. Human-Centric GRC Practices (18:25–22:32)

• Trust and Consistency

  • Elizabeth: “Be clear and honest, so not just legally correct… and be consistent so people and our users will trust us when our actions match our words.” (19:08)

• Customer Impact

  • Goda: “Look at your risk not only through the impact on your organization, but also through the impact on your customers… Because if you do that, naturally the customers will be just way more happy and safe.” (19:36)

• People-Centric Strategies for Success

  • Elizabeth: "Start with people… involve the business early, use real-life examples, keep messages simple but don’t hide the risks. Invest in storytelling, celebrate the wins, not just the mistakes. Build trust—culture grows when people feel safe to ask questions and raise concerns." (20:38)

  • Goda: “Nothing more important than collaboration and listening… The best human centric approach that you can have… adapt to show them that their feedback is valuable… being agile and change when needed is crucial.” (21:21)

    • Fun, food, and social connection help: "We had a lunch and learn session... if people don't go and listen to your online trainings, maybe lunch and training is like the greatest idea that you can have, which is really people centric." (21:21)

  • Elizabeth: "And making fun make it." (22:32)

Notable Quotes & Memorable Moments

• Elizabeth (on GRC and innovation):
  “Risk and compliance aren't just about rules or checklists. They help people make the right choices when no one is watching... things actually move faster with more confidence.” (02:26)

• Goda (on culture vs. ticking boxes):
  “It's way more important to allow people to talk about risk and compliance in their day to day… than to fill in spreadsheets and follow the strict procedures.” (03:13)

• Elizabeth (on regulatory blind spots):
  “We don't know all the laws that apply to us… [but] the goal will not be to be 100% compliant or 100% perfect, because no one can do that. Right? But it's to be ready and able to adapt.” (11:18)

• Elizabeth (on executive sponsorship):
  “When your leadership says that GRC is a business enabler and they are invited to shape our direction, then the sponsorship becomes kind of natural.” (15:20)

• Goda (on feedback):
  “Nothing more important than collaboration and listening… take the feedback, you listen, and then you try to adapt to show them that their feedback is valuable… being agile and change when needed is crucial.” (21:21)

Timestamps for Important Segments

| Timestamp | Segment | |-----------|----------------------------------------------| | 00:09 | Personal introductions, humanizing GRC | | 01:53 | Mythbusters: Culture slows innovation? | | 02:26 | Rules enable speed, not slow it down | | 03:13 | Engagement is more than mandatory training | | 04:35 | Building trust via transparency in policy | | 05:21 | Practical culture embedding & elearning | | 06:40 | Remote vs. in-person GRC culture challenges | | 08:46 | Impactful, efficient and relevant training | | 10:47 | Industry-specific blind spots & exposure | | 11:18 | Not knowing all regulations—constant change | | 12:45 | Surveying employee awareness and impact | | 13:38 | Using external consultants for maturity | | 15:20 | Securing and sustaining executive buy-in | | 16:56 | Demonstrating GRC as a problem-solver | | 19:08 | Human-centric GRC—trust and consistency | | 20:38 | Proactive, people-centered strategies | | 21:21 | Importance of feedback and fun in GRC | | 22:32 | Wrapping up: make it fun, build friendship |

Strategies for Success: Takeaways

• Embed GRC in everyday actions and language—they’re not a separate layer.
• Make compliance relatable and relevant; personalize training and feedback.
• Be transparent, consistent, and visible at all levels of the organization.
• Actively include leadership in shaping GRC strategy.
• Measure what you can, seek external validation for culture and maturity.
• Prioritize collaboration, listening, and real-life examples over rigid processes.
• Use creative people-first engagement strategies—lunch-and-learns, accessible communication, storytelling.

“Culture grows when people feel safe to ask questions and raise concerns. So when the culture is right, compliance becomes part of how we work, not an obstacle.” — Elizabeth (20:38)

For further practical steps on building a people-centric GRC culture, listen to the full episode or join the conversation in the comments!