Dr. Bruce Choy, Partner at PwC Canada, explores how risk management functions are improving their effectiveness by using methods usually associated with their organisation’s customer facing operations: design thinking and behavioural science.
Experience Centres, Digital Factories, Innovation Hubs, Behavioural Economics teams: every large financial institution has them to help craft marketing campaigns and the next level of customer experiences. Indeed courtesy of our modern data-rich, digital world, a whole industry has been formed in recent decades that put process and rigour on how to nudge customers to choose your bank’s product or service, or in the case of government sponsored units, nudging citizens pay their taxes on time and comply with laws.
The President of a major South American wealth manager has spoken about how he has been putting into action training and cultural change programmes for the divisions of risk management and legal services to start using these same approaches. After all, the same techniques that governments use to encourage citizens to make healthier choices or recycle more can also be used to nudge for internal risk policy compliance within a financial institution.
I have been involved with improving the effectiveness of risk management using such user-centric approaches in three broad areas of application:
Designing for our customers to help mitigate risk
Consumers are now blindly conditioned to accepting terms of usage, such as when installing an update of an app on one’s mobile device. The aforementioned CEO noticed this pain-point with the dense terms and conditions his legal team required for onboarding new customers. He found that clients didn’t necessarily comprehend the risks and liabilities in the financial choices they were making irrespective of the verbal warnings given by the company’s advisors.
Using a design thinking methodology his legal team worked with a cross functional team of user experience and information designers. Skandia started to produce consumer friendly literature and new advisor onboarding processes that helped clients understand the liabilities they were exposed to.
Designing for our employees to help identify risk
All banks will have operational risk processes for the voluntary reporting of operational losses and ‘near-misses’. However, unlike the overarching culture instilled and supporting process in a company with an embedded “Kaizen” continuous improvement programme, voluntarily calling out ‘near misses’ in a typical bank’s operational risk framework is viewed as more likely to cause unnecessary headaches from the additional critical management scrutiny.
A large Canadian bank designed an experiment to see what risk data they could be missing out on in their operational risk loss reporting. Of concern was not being able to risk manage what was not known. Using PwC’s enhancement of the UK Government’s Behavioural Insights Team EAST framework (easy, attractive, social, timely), the online reporting portal and the policy communication strategy were redesigned to take advantage of many of the nudging techniques from the field of behavioural science.
Designing for our shareholders' representatives to better understand risk
Returning to information design practices, several global banks have employed their use on the overloaded and dense information that is reported up to their board level Risk Committees. Personas and user stories are design techniques that help articulate the motivation and needs of an audience. A/B user tests are applied to understand preferred means to digest information. These may well be standard practices for enhancing our customers experiences, however it was new to most of the Board members we put through the process. The boards appreciated the changes that presented the risk information in a way that improved understanding and made it easier for them to do their duties.
Additionally, the use of design thinking created personas is becoming a new standard to present non-financial risks to the board. It has permitted a customer-centric calibration in a bank’s operational resilience framework, whereby instead of independently setting tolerances by non-financial risk stripes (such as third party risk management, technology risk, culture risk etc.), it recognises that these tolerances are interlinked by overall availability of the critical service to the end customer.
Conclusion
Customers, employees and board members are the human face of the stakeholders every risk management function delivers services to. Employing methods that acknowledge the idiosyncrasies of being human will make the risk function more effective and impactful to all of these stakeholders. 