A Proactive Risk Approach in Uncertain Times

Annie Delgado, Chief Compliance Officer, Upstart

As compliance professionals in the financial services sector, we cannot plan for every type of risk, but 2020 is a perfect moment to reflect on the importance of having effective risk assessment practices in place. The calamities of this past year have been marked by compounding disasters made worse by a lack of preparation. As we plan for 2021, this is a good time to take inventory of how our organizations measure, mitigate, and monitor risk.

Fine-tune a mental risk model

When it comes to conducting risk assessments, we all have established measurement tools and techniques, but risk assessment should be a daily exercise. Investing mindshare in developing a simple mental risk measurement model that works across your organization will allow you to make quick assessments and judgment calls.

To adapt, we must detect, and having predefined risk vitals will give you a starting framework

Our function has the unique responsibility of listening to excited sales and product teams, sharing their enthusiasm about the opportunities of a project but with a duty to provide feedback on the things that could go wrong. We will all be better prepared to give this feedback constructively with a simple mental risk model.

I personally use a test I learned from my high school economics teacher, Jeremy Bentham’s creed: The greatest good to the greatest number of people is the true measure of right and wrong. My quick mental risk model comes down to, “How many people are harmed or helped by this, and how big is that harm or help?” Those two questions guide me both in conveying risk to business partners and also in deciding where to focus my team’s energy and resources.

Prioritize risks, deploy resources accordingly

Once you have assessed risks, order them from highest potential impact to lowest and try to calculate the investment required - in hours and dollars - you would need to allocate to mitigate each one. The largest investments should go to areas of elevated risk and not just to the last thing that broke. We have all been in a scenario in which something unexpected goes wrong, and to prevent it from recurring we engage a vendor to assist or require 100% QA review over that area on a go-forward basis. Over time, these costs add up, and can at times introduce new unintended risks - such as slowing down your new customer onboarding process in a way that turns off good customers. Yes, we want to mitigate risk, but that means continuously reevaluating where to deploy resources and observing if our valiant efforts appropriately map to actual risk.

Measure what matters

The first step to evaluating risk is establishing a baseline of normal activity for your organization. This is going to vary by company and by sector. Once you have identified your personal key risk areas, develop a set of metrics that inform how those areas are doing - your risk vital signs. As a force-extender for your team, try to find a way to automate these warning signals. At Upstart, we have built several automated dashboards that monitor a variety of inputs and outputs which help us flag any shifts in risk. For instance: How many complaints does your company typically receive in a month, or how many disputes, or how many inbound phone calls? Unexpected shifts in those “risk vitals” act as an advanced warning signal of a shifting risk landscape, which will allow you to react quickly.

From March 2020 to today, this year is a case study in changes coming fast; organizations must adapt quickly to thrive. To adapt, we must detect, and having predefined risk vitals will give you a starting framework.

None of us know what 2021 has in store for the world, but with the upcoming election and the current economic climate, financial services compliance and risk professionals can predict one thing: unpredictability. To prepare for the unknown, this is a good time to sharpen our risk assessment tools.