Saturday, November 14, 2009

The A-Team: building the best risk management teams

WWII basically ended unemployment in the US. Increased wartime production and the drafting of millions of men had created so many new opportunities, that the effect of the great depression was finally countered. It was a time when millions of women would join the work force. They filled traditionally "female" jobs but also opened up many previously "male" jobs, from operating heavy machinery to traveling sales people. In a sense, it was a revolution stemming from necessity, which is often the case even when the necessity doesn't arise because of a world war; someone's next promotion might occur with the same dynamic.

It was in this atmosphere that Katharine Cook Briggs and her daughter, Isabel Briggs Myers, started working on a personality type test that would help new female workers find the right job for them, where they could be more effective. More than 60 years later, MBTI is a commonly used test to assess personality types and help people of various preferences understand each other's perspective of ideas, data, decision making and planning, among others.

Types in Risk Management, and the ultimate team

Risk and business analytics are data intensive processes, which means that you would most likely find or recruit Risk people who have huge respect to data, facts and detailed analysis. Your usual risk person will analyze, dissect and understand the nitty gritty details of every problem they are faced with, and will probably be very talented at explaining these aspects when coming to a conclusion. And they will probably also stick to it once they reach it, because when you have such great respect for data, you also respect whatever result you got to while employing formal logic and deduction. I have the utmost respect to that, and the utmost respect to the practice that brings forth many highly talented analysts and executives in the industry, namely advanced degrees in statistics and math.

When facing the ever changing world of fraud and risk and faced with building strong successful teams, I'd like to suggest a few thoughts on what's the best mix. A risk management organization should definitely include the data driven, highly analytical people. The perils of real world risks, and their ever changing nature, call for additional abilities: diverse hypotheses on fraudster behavior, creative thought on new methods and tools, a strong ability to adjust and finally, being able to roll all of this into a long lasting strategy that makes sense.

Smart hiring, smart management

Creating diversity in a team of professionals is hard. Too much of the desired analytical types will get you groupthink, sometimes lethal to your business. In a past post I suggested a new way of looking at skill vs. experience, which can get you the diversity you need as long as you can support hiring with a good training plan to provide everyone with the basic language of the business. Hire wisely, but be ready for the tension this will bring to the team. Remember that a science major and a humanities major will often have different views of relationships, motivations and actions. This is what you're looking for, but you have to create a frame of thought that is flexible enough to accommodate this tension.

If your risk management process is a close-ended execution-driven development cycle, you might lose a lot of the innovation that can stem from people who are open ended and come sometimes steer off course. This means that, embedded in your method, there must be a system to discuss and solve risk issues that has room for both facts and concepts. When done the right way, this type of interaction starts from pure academic interest, the passion for creating a new language to describe phenomena, and only then goes back to discussing metrics. The process is somewhat similar to the principles of grounded theory, a methodology one of my esteemed colleagues brought to my attention.

What I described above also means that your solution development process needs to be a lot more iterative than seen in many conventional risk departments. If you get to a stage when immediate feedback changes your "scoring" and flows on a weekly basis, you can probably outrun most big payments services. One of the biggest problems I've discussed in the past is being able to know what happened in your system, but feeding it back to a group that's ready to understand and act upon these new findings is an operational rhythm essentially different than your basic waterfall.

Leading this means more than traditional experience

Now, the big question is - what is the type of person to put all of this together? It must be someone who can take all these bits and pieces and be able to relate to them individually, and as part of a process. Maybe someone who finds fascination both in big ideas and in minute details. But the most important aspect in this person's talent is the ability to roll everything into a concrete long term plan. It is so easy for a group of risk professionals to get lost in the details; everyday a new attack, a new change, a new implementation. When taken too far, you lose the ability to look beyond the day to day challenge. Having a top-down view means that projects are done not only to get to this quarter's results but also in the context of a grand scheme of things, one that leads to noticeable improvement in 2-3 years. It means the ability to build an organization that build with or ahead of the curve, not only makes reactive decisions.

Promoting someone from within the current organization has the risk of putting a highly detail oriented person in a place where detail orientation might fail you; nominating a pure visionary has a good chance of failing by overlooking the minute details that make up risk management. As the payments and risk management industry grows larger, as the need for top talent in risk management grows bigger, it's important to find the right combination of top-down and bottom-up in a leader that can create a successful organization, that can really help make sure that your bottom line is not eaten up by chargebacks and returns.

What are your thoughts on the right mix? How do you hire people to your teams?


Trader Erik said...

In addition to building the right team,the organization the team works for must also be one that can understand and implement the risk management strategies.

For example, at Lehman, there were many talented people there who saw the destruction coming and tried to warn the CEO, but management did not want to hear it, and as we know, Lehman went into bankruptcy.

Ohad Samet said...

I don't envy anyone who's not directly related to the core business. In some businesses, risk management is core. In others, a nusance...