Innovation implies a break from the conventional ways of operating a business. Ultimately, innovation is oxygen for companies in almost any vertical, as competition demands new products and services, improving customer experiences in unexpected ways.
It’s no secret that the regulatory landscape is shifting quickly, requiring firms catering to those very customers through innovation to safeguard them at the same time, especially when it comes to their data.
Can risk sandboxes become a proving ground for a firm’s competitive edge?
To serve and protect (to borrow a phrase from law enforcement) is easier said than done. Some companies view risk management and compliance as roadblocks to innovation. After all, so much time is spent making sure regulations are satisfied that there might be less-than-optimal time and money to spend on the actual crafting of new offerings. But viewed proactively, and in the scope of a complement to daily business processes, might innovation, risk and compliance efforts dovetail together, each strengthening the other?
In an interview with PYMNTS, John Epperson, principal, Crowe Horwath LLP, said for most firms, there is an avoidance of risk when it comes to risk management.
What about the trepidation that seems entrenched in corporate approaches to risk? Said Epperson, “I think we’ve seen all these organizations for the better part of the last decade incur year-over-year increase in costs tied to risk and compliance. We throw the kitchen sink at trying to build a fortress around risk and compliance, but rarely is organizational value derived from these efforts other that trying to stay off the cover of The Wall Street Journal.”
Right alongside the headlines, he noted, especially in payments, regulation stretches across state and federal agencies. In grappling with such far-flung mandates, there are varying perceptions of risk that exist within an organization.
“Over time, there has been this tendency by risk management professionals to eliminate risk rather than manage it,” said Epperson. Eliminating risk means devoting substantial assets to the problem, and traditionally risk and compliance has been known as a cost center, he said, accustomed to dealing with events as they happen, such as data breaches.
Time and again, he said, failures are penalized monetarily, at times with public shaming.
“That fear of failure is one of the more foundational components of the risk and compliance function. We have to be able to enable [executives] to take actions within an understandable risk appetite of an organization,” said Epperson.
Beyond the technical terms of “risk appetite” and the like, Epperson said that at their simplest form, organizations must think about what they want to accomplish and be armed with a roadmap on what reasonable risks they intend to take to get there. Risk and compliance becomes part of that strategy, rather than a checklist to, well, check.
Therein lies the value of creating a risk sandbox, he posited, allowing a firm to empower employees to take certain calculated risks. When it comes to calculating those risks, the questions that might be asked include whether strategies and innovations — indeed, the risks — are right for the customer, whether the decision is aligned with values and whether the individual or team is ready to be held accountable.
“Think of principles as opposed to rules. That is a good anchor,” said Epperson.
To flip the script on risk, where innovation is enabled rather than stymied, business units collaborate and own the risk and compliance. Decisions related to risk and compliance are made in the context of natural day-to-day business functions, said Epperson — existing no longer “as the last sign-off on a new idea.”
Instead, think of the risk and compliance officer as being present at innovation’s dawning, coming along for the process of defining and understanding the idea and solution, and seeking to understand where innovation might be fostered.
A good example of this revamped mindset rests with anti-money laundering and Know Your Customer functions, posited Epperson. Firms collect disparate and comprehensive information to monitor account openings, for example, yet that very same information can be used to enable sales, identify market opportunities and understand how products are perceived as they are consumed. In addition, the shift toward greater scrutiny of beneficial ownership means companies can examine relationships on a broader scale in an interrelated network.
In summary, Epperson said, “We will never be able to get the fortress to eliminate risk or compliance issues. But we can have an organization be able to respond nimbly, in a timely manner, and mitigate significant compliance, reputational and financial risks.”
To read more about the Four Strategies for Enabling Innovation in the Face of Risk and Compliance, click here.
. . . . . . . . . .