In Chapter 6 of our “Fraud Fighters Manual for Fintech, Crypto, and Neobanks,” we got input from two experts at Brex—Rajeev Muppala, Head of Risk Ops, and Ali Rathod-Papier, Head of Financial Crime—for insights on risk operations. They explore how to justify the investment in risk operations, how to build your risk operation, and how to promote cross-departmental collaboration.
In a perfect world, every organization would consider fraud & compliance from the outset and include risk teams in the product development stages to ensure anti-fraud and compliance functionality can be incorporated.
But in reality, this is often not the case. Most experts who work in the industry experience this same challenge—getting buy-in from leadership to support risk operations throughout the process.
In this installment of Fraud Fighters Manual: Community Insights, we explore the challenges with getting leadership buy-in and explain why it’s so important to have. We also delve into what the solution is—cross-departmental collaboration. We then explore how to build an effective risk operation; one that gets leadership buy-in and promotes cross-departmental collaboration.
The Challenge: Getting Leadership Buy-In
You know when your water heater breaks, and you need to fork over a hefty amount of cash to repair or replace it? It’s a necessary expense, but it’s the last place you’d like to invest your time or money.
That’s kind of how organizations feel about risk operations. Oftentimes, they see it as time (and money) that could be better spent building out the product and focusing on marketing and growth.
Despite risk operations being necessary, they don't push forward the core objectives of developing a top-of-the-line product and executing on their marketing campaigns. In fact, it holds up those processes by diverting valuable resources.
That’s why most executives, product developers, and engineers see risk operations as a thorn in their side, and why it’s often the final step in a long line of processes. But making risk operations an afterthought not only does a disservice to the risk team, but it actually does a disservice to the organization by making it more challenging for risk management teams to do their jobs effectively.
Without proper buy-in, teams struggle to:
- Streamline risk operations alongside product development
- Be prepared for compliance and anti-fraud operations at product launch
- Analyze the product for potential weaknesses and elements that make it a target of fraud
- Offer security input throughout the product development process
- Establish adequate protective and preventative measures to prevent fraud
All of this leaves risk teams struggling to do their best job of managing risk operations and overall product safety, as opposed to being included throughout the design and development processes. While product developers and execs are trying to be more efficient and focused on the actual product they are delivering, failing to adequately include risk operations (or give it its proper due) is shortsighted and often leads to complications—and additional expenses—down the line.
The Solution: Cross-Departmental Collaboration
The solution to these problems is cross-departmental collaboration throughout the entire process, from design, to development, to implementation.
As one anonymous respondent notes, “building cross-departmental open communication is crucial in all companies. Communicating with platform architecture, engineering, and development must be coordinated, mainly when it affects numerous platform operations.”
It’s the difference between the risk team needing to react to changes the company makes to their product and services, and the risk team being able to work effectively throughout the entire time, working constructively on risk operations in parallel with the rest of the product development.
But first, that requires buy-in from the leadership team and other departments within the organization. For collaboration to be constructive, communication needs to be honest, open, and accessible.
There is no denying that risk operations desperately need support from leadership. In our State of Fraud Report Volume 2, we found that leadership-buy in was the top factor for building an effective risk and compliance program, with “64% of respondents” saying it was most important to them.
Despite this, it’s still hard to actually get buy-in. To convince leadership of the importance of including risk operations early on is all about how you make the argument.
When developing your pitch, really think about what matters to executives and product developers. As one anonymous respondent states, “there is always a challenge of loss versus friction,” and organizations struggle to find this perfect balance. And with their focus on optimizing their product and organizational growth, leadership often prioritizes reducing friction.
Make sure you emphasize where you are saving friction and where it’s essential to conduct operations, and point out the consequences of failing to do so—whether it’s fines for non-compliance or fraud losses. Risk ops need to be vocal about where friction is necessary and really advocate for their needs.
If they don’t, it can lead to serious problems down the line. The anonymous respondent noted an experience at a previous company where risk ops weren’t taken seriously and were put on the back burner. Risk operations weren’t prioritized because the “CEO was very friction averse.”
Despite the risk ops team warning the product development team that “once fraudsters identify a crack in the process, they will take advantage and this can result in extreme loss,” nothing was done. Unfortunately, “it took an event like this before the loss management mindset was given the credit it was due.” The way they did get buy-in was by “doing an ROI on loss prevention spend versus losses and keeping account growth and friction stats to balance out the full picture.”
As most respondents noted, getting buy-in comes down to arguing your case properly to product teams and executives. It’s about how you make your case, framing things in a language the leadership team can get behind. Explain how it will impact their bottom line, including revenue and growth projections. Outline the costs of the options you’re proposing, but be sure to compare this with the costs associated with failing to meet Risk & Compliance objectives.
As Pratik Zanke from PayMate, states, he “always collaborates with other departments to implement new rules or SOP’s. Explaining the urgency to them is always challenging, but it gets sorted when impact on revenue is discussed.”
It’s clearly important to incorporate risk teams throughout the entire process to streamline product development and risk operations, working on both in parallel. But risk teams also have a lot to offer other departments as well. Risk & Compliance teams have unique insight into how a feature may be abused and can more readily identify risks associated with adding a new feature or product to the company’s ecosystem.
The more risk operations are incorporated in conversations about planning, development, and implementation, the more protected your organization—and the products and services it offers—will be.
How to Build an Effective Risk Operation
No matter how big the organization is, building an effective risk operation is extremely challenging—and equally as important.
Fortunately, there are a few strategies every organization can use to ensure success:
- Get leadership buy-in early on and have the tone set from the top
- Connect—and collaborate effectively—with other departments
- Have open channels of communication throughout the entire process
- Assess your level of risk exposure and consider your needs
- Align on the core anti-fraud functions to focus on and employ
- Plan—and then build out—your risk management workflow
- Reevaluate and reiterate regularly to improve your processes and procedures
Ultimately, if you can get leadership buy-in and foster an environment of cross-departmental collaboration, you can build an effective risk operation at your organization.
Get Leadership Buy-in and Foster Company-wide Collaboration
While risk teams know the value of their operations, it’s not always as clear to other members of an organization, including product development, engineering, and even leadership.
Most executives see Risk & Compliance as a box they need to check rather than a core component of the product or service they are offering. It’s something they have to do, not something they want to do.
To make sure other departments know their worth—and are on board with their objectives—risk teams need to advocate on behalf of their own goals. However, for risk operations to be heard by leadership, they need to ensure their objectives align with those of the leadership team, engineering, product development, and the entire organization.
To get proper buy-in, risk teams need to emphasize that anti-fraud operations are a small cost when compared to the costs associated with fraud losses and reputational damage. When compared to the alternative, risk operations are a small cost that keeps customers, the platform, and the company’s reputation safe. The fact is, when stacked up against what the costs could be related to fraud and non-compliance, it pales in comparison.
As we covered in our State of Fraud Report Volume 2, “leadership buy-in and a cooperative culture are pivotal. Without support from the top and collaborative efforts, risk and compliance objectives remain challenging to achieve (PG 30).”
That’s all for our Fraud Fighters Manual: Community Insights! If you haven’t already, read the Fraud Fighters Manual to get even more insights into how to fight fraud in the modern era.