Risk and Compliance manager wanted, must be able to code
Last week I attended an event at Revolut’s offices where the CEO Nik Storonsky and some of his team took us through their approach to managing risk and compliance. They were joined by ClauseMatch, a great RegTech startup who are helping them with smart policy management.
I love to see how new fintech companies are approaching risk and compliance as they tend to think very logically and use technology creatively. This is certainly true of Revolut who have established Compliance Product teams which are made up of a responsible product owner who also knows compliance, front and back end developers, data scientists and a designer. They also have Compliance Service teams who manage manual exceptions. Their objective is to automate as much of risk and compliance as possible to reach a goal of 1 Compliance agent per 100,000 users.
Each team has 6 month goals, Key Performance Indicators (KPIs)and Key Risk Indicators (KRIs) which can be tracked in realtime. They monitor risk indicators in realtime and automatically escalate breaches of their appetite to the Head of the team, the Risk Enterprise Committee or the Board depending on the severity of the breach.
By creating engineering capabilities within the Risk and Compliance teams and producing technology to solve regulatory related problems, they are in effect creating internal RegTechs.
It’s not just Revolut who are building technology and using data to improve their risk and compliance capabilities. Monzo are currently hiring for a Risk Data Analyst and one of the questions the role is meant to help with is:
“What are the high impact automation tools that can be built for the risk team so we minimise time spent on recurring processes?”
Spending large amounts of time on recurring risk and compliance processes is something which I have seen in many organisations and indeed an opportunity which RegTechs are responding to.
In Chris Skinner’s recent blog, he was talking about the important of data to banks and a comment he made resonated a lot with the risk and compliance approach Revolut had showcased:
“But what is new is a bank being organised around data and analytics; the very design of the bank starting with the customer and their data; the basic premise of the bank being an enterprise data store of information and leveraging that information through automated intelligence to win and differentiate itself from the rest of the pack.”
I believe that the approaches these digital banks are spearheading for risk and compliance will eventually become the norm across the industry and the larger organisations looking at opportunities with RegTechs will have a head start on adopting these.
There are undoubtably still a number of challenges to address outside of the ‘recurring processes’ which are more easily automated.
Banks adopting new approaches not only have to tackle internal cultural change but also with the regulators, who not only set the rules but are accustomed to seeing these met in certain ways. Even reconciling the language between technology teams and compliance can be a challenge. For example, to make sure that products are suitable for customers, Compliance would generally be looking for a ‘target market’ to be defined. However, technology teams would have covered off this risk using personas and measuring actual customer usage. I’ve seen teams struggles to reconcile these perspectives and actually understand each other.
Other risk and compliance topics which are not so easily automated are interesting ones as they relate to a company’s ethics and human nature. For example, defining ethics for data use which would ultimately feed into data analytics platforms and machine learning applications, take some deep thinking and debate. Figuring out how to prevent employee misconduct without a command and control environment takes an understanding of human psychology and behaviour. A great example of this is how Starling use Automated Privilege Management via Slack for releases to Production.
This mix of major opportunities to improve with technology and human behavioural considerations is why I find risk and compliance a great area to be working in at the moment. It’s also why I decided to found Smarter Human with my co-founder, Sebastien, to change things here. Despite the common conception that Risk and Compliance is ‘boring’, done the right way it doesn’t have to be.
The full video of the Revolut and ClauseMatch event is here.