Go to the profile of SuperDave Bruno
SuperDave Bruno
Head @UBS #WealthManagement #Innovation #FinTech scout, Co-Founder @YNOME, Strategist and Visionary Thinker. Corporate Deadlifter. All views are my own.

Doing effective FinTech R&D: Decoding Legal, IT Risk, Security & Compliance at a Bank

It took me 18 months but I think we found the secret sauce for getting innovations through some of the most feared regions of a financial institution: the risk, compliance, security and legal guys.

First of all, to be fair and transparent — I like these guys, because I am (or was) one of them. I spent many years in operational finance in a live production environment booking billions in costs — and I can tell you all the regs, controls and policies exist for a good reason, to prevent fraud, theft, reputational damage, loss of licenses, loss of customers. A bank is set-up mainly as defense — all those high walls and brick facades are more than just symbolic — they are the reason people come to a bank and do not just stuff their only under a mattress.

With that said, there is a gordian knot of people and processes involved in any bank that act as white blood cells against any kind of change, whether positive or negative. These are special forces who are measured on keeping things calm and in control, measured and predictable.

So when a “FinTech R&D” team comes in with some wacky new business model idea, we cannot expect the whole bank just to drop all this perfectly reasonable control process and get excited and say “Sure, what the hell, go ahead and just try it!”. There are ways to maximise your own chances of survival and to get your R&D pilot to see the light of day, which is the first step towards creating a real product launch.

Don’t Do

First, let’s look at what Does Not Work:

  • Flailing about insultingly (“Oh all you Risk guys just don’t get it!”)
  • Acting all aggressive and tough (“I want to know on This call that we have your clearance!”)
  • Name-dropping and intimidation (“You know Who is behind this project?”)
  • Generally going late and unready to your colleagues (“We launch Next Week, happy to meet you!”)

With any of these approaches, the bank will eat you for breakfast, and rightly so.

Do

So here’s a method I have found that Works, and its really nothing new for experienced bank change guys, but can help a lot of you trying to do FinTech in your bank without those years of project experience you need to do it successfully. Let’s do it in Six Steps:

  1. Go Early
  2. Ask for Advice (not Signoff)
  3. Know Who you are Talking to
  4. Build a DNA strand
  5. Be Humble
  6. Report Back

The Six Steps

  1. Go Early. Don’t wait until you are into the late prototype stage of an innovation to go ask whether it should scrape internet data, or be hosted on AWS. Are you nuts? Of course it shouldn’t! Instead, go ask your colleagues for help on How to do what you want to do. They usually have an enormous experience through all the fails they have witnessed, and can quickly tell you the pitfalls to avoid, which is more important to know at an early stage than once you are in a trap.
  2. Ask for Advice (not Signoff). I have learned its all about How you say things to the many layers of door guards and security agents. If you walk up to a club front-door, cut the queue, with an open beer in your hand and say “Hey I’m here to party hard, just let me in” which bouncer is going to treat you kindly? Thats like the R&D folks who come in all hot and heavy with some partly working prototype and say “Hey, You! We built this amazing thing and will start testing it with client data in two weeks so we need you to hurry up with your stupid approval process!”. Well obviously I can guarantee a Fail. 
     
    Go when you are still on concept paper / powerpoint, pre-contract and pre-app build, and you need to explain the strategy behind what you are trying to do. I never met a dumb risk professional, IT security guy or lawyer — these are some of the brightest people at your firm and will ask really good questions you didn’t think of. So don’t make them ask all those questions, because as soon as they get to one you can’t answer, you are done, confidence is lost. Instead, make great efforts to explain in an authentic personal tone where you’re coming from, why the firm should be trying this, that’s there possibly good revenue behind this but we need to go try it on a small pilot scale. Build bridges, and listen and take careful notes to their feedback. Build a database of this feedback because what each person you talk to is doing, is actually training you for the next conversation. You will spit back out the same stuff and each person is essentially handing you the keys to unlock the next person.
  3. Know Who you are Talking to. The most common mistake I see in prototype stage pre-New Business Initiative stages of a project are that the team disregards getting to know exactly who all the people are who will have a say and could send a torpedo after their project. Some call this “Alignment”, I call it just being aware of who is potentially on the battlefield who you haven’t seen yet (Sun Tzu). To get even a simple pilot program through a bank you will end up talking to several hundred people. Keep a detailed list of names, write down who reports to who in which region, know the difference between IT, Business, Group Operations versus Divisional colleagues, know what people studied, what they like, who their allies are and why. If you cant face that hard-working reality, change your line of work. 
     
     So don’t walk around complaining about how bad your bank is, and quoting Clay Christensen to defend your own personal lack of competence in getting things done. Go learn the ropes and learn how to work in your own system, every bank is different to some cultural extent.
  4. Build a DNA strand. Sounds weird but this is actually the crux move to climbing the R&D mountain. I have observed that what each risk and compliance and legal and security person is actually doing, is trying to ascertain who else you have talked to or should have talked to, and if you have been doing your diligence. The majority of these people’s comments do not relate to their direct areas of “sign-off” but rather are them commenting on other areas. The legal guy will usually be talking operating model, the risk guy talking data security, the data security guy talking product. Anticipate this “chaos” — it is a normal human instinct to question everything, especially when that’s part of your professional duties and you could be fired or worse if seen to have not done a full understanding of what you reviewed.
     
    See this like a kind of DNA strand where you are building up all the nodes of who you talked to, and shamelessly spitting them out at every following meeting — “We got feedback from x, y, z, a, b, c, d…” so each professional can see you have been doing a full study of the product and potential risks. You don’t have to sequence the DNA strand at all — they will do that for you. At every meeting, be clear who you have already been to see right up front, don’t make them ask. Its a big DNA strand and you will not have to unravel it. Just show you are exploring all the nodes.
  5. Be Humble in your attitude and actions. Look at things from a Compliance Officer’s perspective. In FinTech R&D you are a terrorist on some small scale — your “new thing” is against everything the bank stands for — controlled change, compliance with thousands of regulations and laws, and maintaining a great service level for existing clients. The bank is not set-up to go chasing millions of new clients with new apps and wacky digital methods — it has been set up to maintain an orderly market flow, to protect clients wealth and privacy, and to serve a common good for society, much like the medical and educational fields, banking is part of the societal ecosystem and without them nothing would really function efficiently. So don’t have a bad attitude about all this. Treat people in all professions and functions with respect in your timeline, in setting and keeping orderly meeting diaries, in helping them get any required documents done. Go the extra mile.
  6. Report Back. Finally, most people forget, once they talked to people, to keep them informed of what’s happening as the pilot starts to take shape. You don’t need to do a 100-page powerpoint every month with perfect project governance — you are in R&D for a reason. But you do need to have the courtesy to go back and tell folks what you did with their advice. If you get to a Committee and have a discussion, go back to the Chair with an informal update and tell him/her you’d be glad to come back and talk again about what you learned in the past few months and what controls you put i place, how you can evidence those controls being met in your pilot. You’d be surprised how many people forget to do this — and the next time you come around asking, its really hard to re-open those same doors. Act sustainably, report back how things are going and keep asking for more advice and you will feel the love.

Now Go Get It !

I will leave it there. If you take one thing away from working in FinTech R&D with a bank- its to have respect and pay close attention to learning the ropes at your financial institution from those who have real lessons to teach. That will put you in the envied position of actually getting your stuff through the bank and leaving others in wonderment of how you did that without any official power or authority to do so.

Please do Click the Heart below if you learned something from this. It means alot to me to get Recommended as I’m trying to help others out here.