Risk Management: A Critical CX PartnerSeptember 18, 2018 6:55 pm
By Leigh Durst, Chief Instigator, Live Path
I once worked with a highly risk-averse, compliance-ruled, global blue-chip firm. Our process and enabling technology for opening new accounts had become outmoded. Competitors could authorize and open new accounts in 5-10 minutes. Our process took double the time, and required manual processing and data entry on the back end.
In short, weren’t competitive, efficient and our customer experience stunk.
Realizing room for improvement, we conducted some analysis, established the business case for a new solution, established, requirements and procured bids for a new solution. We demonstrated how we could automate our current, inefficient and labor-intensive application process, and showed how our proposed solution would introduce process efficiencies that saved thousands of man-hours per year, freeing up resources to support other tasks. The new solution also shorten the account opening process to a very competitive 4-5 minute span. This promised to increase conversions, leveling the playing field, generate ROI and satisfy our customers. In short, it was a no-brainer, and we quickly secured approval to move forward with a new solution.
Six months later, as we prepping for launch, we hit a wall.
Four weeks prior to launch, our Risk Management team stepped in to express some “concerns.” Now, I should preface this by saying that we’d included the Risk Management team from the beginning. They’d seen the all the presentations. They’d witnessed the demo. They sat in on project calls. They were a formal stakeholder that had reviewed the requirements and provided input along the way. Yet, suddenly, they seemed uncomfortable with everything we’d mutually determined over several months.
We reviewed, rehashed and reiterated all we’d discussed. We showed them all the emails we’d exchanged to remind them that they’d signed off on key requirements. We. addressed. every. single. concern. They jeopardized our launch and put an expensive consultancy on an indefinite hold… but they didn’t seem overly concerned. Our problems were soon escalated to senior management, who pressed us to explain why was not properly included from the start. Once again, we rehashed everything, producing evidence of inclusion and approvals. We came full circle and it simply became apparent that the risk team decided there was some unacceptable risk that had to be addressed.
We were stymied. It was as if someone realized they might be on the hook if things went bad – and they balked!
After two weeks of back and forth, their recommended solution was “enhance” the customer application. The twenty additional “security” questions they proposed we add to the application were, unquestionably overkill: There was no industry precedent for the approach; One third of the “security” related questions they had us include didn’t have established data validation paths, rendering the data either useless to us, forcing a costly and time consuming area of development; and finally, many of the questions had no corresponding data fields in our customer data repository, requiring back-end changes that not only further delayed launch, but triggered a data retention policy review.
Six weeks past our deadline, we pushed the “enhanced” application to user acceptance testing, and as we predicted, it went over like a lead balloon. The new application added 8 minutes to the forecast 5-minute time-to-completion, neutralizing the customer experience improvement we hoped to make. The questions felt invasive, and customers were visibly irritated by them. We escalated the issue. We pleaded. We begged. We took it to the top. We pushed back. We managed to remove five questions. However, in the end, the attorneys in risk management won.
We launched with an over-engineered solution that, within six months, lost us a $1M customer. He had come in inspired and motivated to do business with us, and had left, angry remarking, “You people are ridiculous!”
Why am I mentioning this now? Well, recently a very frustrated colleague, a fellow management consultant, called me to describe nearly the same kind of incident occurring on a client project he was managing. After more than six months of planning and development, validation and inclusion, his client’s Risk Management team decided to “adjust” their approach to his solution during BETA testing, adding a host of new requirements that delayed launch and destroyed the user experience.
They were forced to launch with the changes, which killed conversions and upset customers. This didn’t just impact the company’s bottom line, it killed the ROI of the project. My friend had covered his bases, and had worked inclusively with the risk and security teams – yet in a game of finger pointing, his company was placed under the microscope for “botched execution” and failing to realize the benefits they had promised.
Now, my friend is a good guy. Despite the fact that his hands were effectively tied by corporate attorneys at the last minute, he is working in good faith to correct what went wrong… but it’s at his own expense.
It never ceases to impress me how much time has passed, and how little things have changed!
We’re still in the throes of digital transformation. We’re a little savvier; with AI and machine learning, the technology is more sophisticated than ever; there’s more agility thanks to the cloud; business processes have changed and best-practices have emerged; and integration is easier. In risk-sensitive environments, the game is essentially the same — but the stakes are, in many respects, higher. The work has become more complicated, and there are more rules, more attorneys and more back and forth than ever before.
As a result, in companies that are managing security, compliance, financial services, healthcare, insurance etc., it isn’t uncommon for the attorneys often have the final say in matters that impact the customer experience.
For this reason, establishing better understanding and partnerships with risk management teams is critical to the successful evolution of the customer journey. When I touched on this this with my defeated colleague, he lamented, “Risk management trumps customer experience… every time.” He then continued in a tirade about how risk adversity regularly overrides common sense, and complained how fear and ignorance subvert the potential of digital, ruining everything. Now, I felt his pain, because I’d been there myself. However, I didn’t entirely agreed with him, in the end.
I’ve seen the risk/business stakeholder relationship work well — and poorly. After exposure to these relationships in many different kinds of environments, I believe it is essential for people engineering the customer journey to work in partnership with risk management teams to realize a usable, pleasing, risk-managed customer experience.
I have a lot of sympathy for risk managers, the watch dogs of their respective organizations. They must attempt to minimize risk while helping organizations realize opportunity. Most hail from a heavy legal and/or compliance background, so they’re not exactly design thinkers. However, in my experience, the really good risk mangers do understand the critical role they must play in helping produce good customer experiences while preserving an organization’s ability to be market-competitive and agile!
A good risk manager is not only smart, but secure enough to work openly and inclusively with project leads, customer experience experts, customer service personnel, marketers, market researchers and business stakeholders… as they seek to obtain a comprehensive view of risks, problems, the market, competitor approaches to common problems.
In my observation, more dysfunctional organizational cultures have risk/business stakeholder relationships that feel borderline adversarial. It’s not uncommon for risk or compliance teams to be viewed as “the bad guys” who “ruin all the fun.” While to a certain extent, risk and compliance simply exist with this kind of stigma — in healthier organizational cultures, the risk / business stakeholder relationship feels more like a partnership.
Regardless of your company’s culture, it’s possible for a “them vs. us” feeling to exist between you and your risk or compliance teams. So, here are three things you can do to build a better, more effective partnership:
ENGAGE EARLY — All too often, risk management teams are brought in retroactively at the “last minute.” They are given insufficient information, time and/or a lack of background or context related to the problems the business stakeholders seek to resolve. This naturally puts them in a defensive position and impedes their ability to serve as a partner in the creation solutions that have proactive risk management built-in. As a result, they are often perceived more like adversaries than partners. This fosters an environment marked by a lack of communication and collaboration, which often results in an over-engineered, dictated solutions that can be overkill.
Look — I understand you may have had a bad experience or two. I get the inclination to “fly under the radar” or to fear someone may shut you down. However, when you decide to partner proactively with your risk management team with the goal of creating “risk-balanced” customer experience — even before projects begin — you lay the groundwork for long-term success. When teams take the time to proactively assess the customer journey, identify pain points and areas of business risk, they can address them more proactively together. By engaging early and taking the initiative to flag areas of risk they may not be aware of, you can set the stage for this kind of partnership. By providing carefully timed, well thought-out, clear, compelling, proactive thoughts, backed by objective facts you can become a risk management ally. By quantifing the risks you’ve identified, as well as the risks associated with inaction — such as revenue loss, customer attrition, increased man hours, etc. — you become a watcher on the wall. This builds trust, teamwork and the potential for more effective collaboration.
EDUCATE & ENLIGHTEN – Risk teams have an awful LOT to stay on top of across the organization, from HR to business development, Information security to compliance-related issues. While good risk managers make a concerted effort to dedicate time and focus to understanding emerging market trends, it’s never safe to assume your risk manager is up-to-date on the very latest trends in your particular area of focus. Why? Well, remember, they’re often dealing with the tyranny of the urgent, caught up in deadlines, putting out fires or buried in last-minute requests, managing crises, fielding compliance inquiries, investigating issues, handling frivolous lawsuits or fraud. Further, because they often have to deal with “bad news”, their exposure to worst-case scenarios may expose them to negative buzz or “horror stories” (in the form of lawsuits, etc.) that may create bias related to particular areas of transformation.
Take time to build common ground — allow your risk team to tell you what they know and understand. Provide support to your risk manager by providing (ideally objective) analysis, use cases, success stories, competitive analysis, research and educational articles that provide new dimension and perspective to support a case for change. Choose your timing well and give your risk manager a clear and compelling reason to review the information you provide. Then, follow up with a latte or free lunch to discuss things. You’ll not only build a better relationship, by listening actively, you’ll educate yourself about the risks involved with your undertaking and position yourself to proactively address those concerns.
ESTABLISH EMPATHY – Empathy is a two-way street. However, if you want to motivate your risk team to develop empathy for your plight, you must first demonstrate empathy for the plight of your risk and compliance teams. Take the time to consider the plight of the risk management people with whom you work; whose jobs may very well depend on their ability to protect your company from lawsuits, audits, fraud, compliance violations and other risks of doing business! When you walk a mile in a compliance or risk manager’s shoes, it’s easier to understand the forces that drive their decision making. This will also better equip you to engage proactively, productively and in a more helpful and positive way to address their concerns.
As you demonstrate empathy, you’ll motivate your risk team to develop some in return. This can open the door to developing a greater understanding of the customer journey and the associated pain points, pitfalls, risks and opportunities that exist along the way within your risk team. While you can always provide detailed analysis to help them understand things — consider getting more creative. Consider inviting a risk manager to role play as a customer, to listen in on customer interviews, attend user testing or sit in on focus groups to bring the message home. The more immersed they become in wearing a customer’s shoes, the more empowered they will be to balance risk management tactics with the plight of the customer!
In summary, as executive, team leader, change agent, project manager and/or transformation agent or CX practitioner … it’s important to embrace your essential role in helping break down silos to rally your organization around the customer journey. By proactively inviting broader engagement, establishing common understanding and empathy, you can foster stronger internal partnerships that balance risk management with the need to optimize customer experiences — ensuring competitive market positioning and maximizing return-on-investment.