Drawing internal buy in for improved Risk management

After my latest posts about risk management (identity management basics and getting the best out of your data) I was asked a great question I think about every day: it's great to have a methodology and a strategy, but how do you get other people in the organization (whether inside or outside of the risk management group) to agree and work with you?

Well, trying to both shape and implement a new terminology is as hard as any other change management, and is very similar to any type of internal marketing: the right catch phrases, proper branding and the right timing and location will do wonders. None of those will work if what you're "selling" is a bad product - an inconsistent, over-complicated or over-simplified method that people cannot use will never be as easy to implement as will a coherent system that makes sense and can be fairly easily comprehended - and used.

Nevertheless, even given a good system this is no mere feat. What are the keys to success? In my experience, there are three:

1. Ownership: what this means is that you take responsibility over the area you are looking to improve. Too many times I have seen a person or a team trying to change a process or a notion while assuming the consultant position; in most cases, they will fail, because the key for making a change is rolling up your sleeves and making something happen. "If you build it, they will come", and "They" here are the aggressive achievers in your organization, the ones that recognize something that works and are not afraid to try and learn it. Stop saying "I told you so" and start doing!
2. Transparency: no siloed organization make a change outside of its own boundaries. Only inclusion of other teams, clear communication and eternal repetition of your messages, coupled with deliverables, can make any type of substantial difference. Don't take the traditional risk management approach - don't scare people with the horrors that might happen if they invest in a project; instead, say: "this is what might happen, this is why, and this is how I intend to solve it. Want to help?".
3. Gradual Enablement: think of new ways to say "yes". If your system is truly innovative it will allow you to take risks others can't because you can understand and manage them better. Still - don't rush into it, because small successes are key for maintaining momentum; use pilots and rapid prototyping to prove that something can be done, and expand responsibly. This way you can prove you can stop more fraud while not hurting users - and get the charter to expand.

Is this the magic bullet? No, but these keys will put you on the road to success, because they earn you the trust of partners while delivering the results you need to fuel your system. And, if we all adopt this point of view, risk will start being a driver of innovation of payment companies - definitely a time I would love to see coming.