Does managing risk mean hitting pause on innovation?
A fintech firm strengthens its control environment without losing forward momentum.
The situation
It’s Newton’s first law: A body in motion tends to stay in motion unless acted on by an outside force. Fintech companies are in rapid motion—they’re expanding and moving into areas previously dominated by traditional banks. But when fintech companies neglect, from the start, to make risk management part of their innovation processes, that forward momentum can slow or even screech to a halt.
In some instances, fintech firms are going so fast they can leave themselves open to fraud or security breaches. Additionally, new services may be subject to regulatory and compliance requirements that management might not even realize are necessary. Our client, an established tech company using its platform for fintech expansions, faced several challenges. Not only was it expanding rapidly into new, regulated areas such as money movement, but it recently experienced a large fraudulent transaction and several other fraudulent transactions that were almost paid.
Our client realized identifying potential risks early could prevent, or at least minimize, future events like these from occurring. The client’s compliance function, audit function, and senior leadership agreed they needed to improve and formalize the client’s operational risk management processes. Also, the supporting control environment had to be part of the road map for developing new offerings, not a detour.
We set out to help the client bring its risk and control environment up to speed with its drive to deliver new services and products.
Risk management puts guardrails, not brakes, on innovation.
The solve
Our specialists took a closer look at one of the client’s newest offerings at the time—a cloud-based version of a software-based tool that was previously used on a desktop—and talked with client managers to understand key areas of the business. Together with the client, we looked at what was working and what could be improved, and we created process flows, identified risks and controls, and closed gaps, resulting in an all-new, improved process. We also helped create a testable risk control environment designed to enable the client to better understand, moving forward, whether controls were working as intended.
Because the fintech company had been developing new products so quickly, many of its processes and key oversight functions were informal—or, in some cases, nonexistent. Our client needed to formalize its overall governance process so it would be better positioned to navigate unanticipated twists and turns in the road ahead.
Starting with an approach we used effectively with numerous financial services clients, we created an operational risk playbook for our client. However, because the fintech company isn’t a bank, we customized our approach to align with the direction it was moving in. Along with the playbook, we also designed an issue-resolution framework to address deficiencies in a timely and effective manner.
Know the limits. Then push them.
The impact
Our client has implemented an approach to risk management that keeps pace with industry advancements and the speed at which it’s developing new products. Now equipped with tools such as an operational risk playbook and an issue-resolution framework, the client is better prepared to navigate obstacles that may arise as it continues to expand. The client can more easily identify and avert potential risk events without needing to retrofit controls and oversight after new offerings are launched.
60+ controls identified, formalized, and documented across more than 10 areas.
With controls in place for pricing and governance, merchant onboarding/monitoring, collections, and other areas, our client is well positioned to weave them into future products or enhancements. Our client isn’t just building a better risk and control environment; it’s also building momentum.
Risk is part of innovation. So is managing it.
Gina Primeaux
