Risk at GoCardless: A conversation with Chief Risk Officer, Erez Mathan
Last editedJan 20204 min read
Erez Mathan takes a different approach to risk. At GoCardless, Risk is a core function, which not only provides the business with the safety net to operate but is also fundamental to its growth.
When you think of risk organisations within financial services, you’d be forgiven for thinking about long conversations with your bank manager, or cumbersome forms that take hours of your time to fill in.
This is because risk has traditionally been viewed as a box that regulated businesses have to tick.
For GoCardless’ Chief Risk Officer (CRO), Erez Mathan, this approach has a profound impact on the effectiveness of risk management. He says:
“Somewhere along the way, risk became more about showing that you go through a process, rather than actually mitigating risk for businesses and their customers. What happens then is that the experience for the customer is unsatisfactory, and time consuming and for the business. It requires a huge team to manage the process. All of that and still the risk hasn’t been mitigated, just boxes ticked.”
What makes risk at GoCardless different?
Erez sees risk differently – not as a box that needs to be ticked but as an exciting commercial function that can help GoCardless achieve its goals more quickly, without undue exposure to risk. He says:
“I am on a mission to change the perception of risk, at GoCardless and beyond, because I believe Risk is one of the most exciting functions in any business.
“At GoCardless, our Risk organisation has a clear mission – to protect and grow our business.”
This mission is split into different initiatives that build on how risk organisations have been structured up until now, with a commercial twist. He explains:
“We do 4 things to realise our mission to protect and grow GC. The first is protecting GoCardless and is the fundamental thing that we do. We safeguard the business from events that can bring us down and make sure that we are never in a position where, for example, we lose any licence, go bankrupt or can’t provide our service to customers. The ‘protect’ part of our mission is fundamental to everything else we want to do as a business and as a risk function. It is the foundation of how we run a sustainable and trusted business.”
The second part of the mission, and where Erez says it starts to get really exciting, refers to the things we do on top of the 'protect' part that the Risk team does to help GoCardless grow and achieve its commercial goals.
“It’s really about understanding how risk becomes something that increases the value of our business - what we call 'Risk as Intellectual property' - through how we use Risk as a selling point ('Risk as a feature') and ending with business growth enablement ('unlocking potential')."
These components are underpinned by a clear set of operating principles that are very different from those you might see in a less progressive Risk team – we don’t do box-ticking, hide in our corner in the office or employ an army of naysayers. In all we do in risk, we aim to:
Be ready to serve everyone, if we wanted to - We ensure Risk does not constrain the business but unlocks the potential to serve everyone and achieve our goals while providing the business with a safety net.
Automate everything we do - We don’t like inefficiencies and believe real risk mitigation cannot be achieved by throwing people at the problem.
Create the best possible customer experience - We want our customers (both internal and external) to actively want to go through our processes. We believe that designing risk processes around the customer ultimately leads to better risk management.
Risk as intellectual property
Part of this includes thinking about how the Risk team can improve the onboarding and verification process for businesses signing up to GoCardless. Erez explains:
“We have seen the process for setting up new accounts with challenger banks, or applying for loans online, improve significantly in B2C businesses over the last few years. It used to take you weeks to open a high street bank account. With the arrival of Monzo and other challenger banks, this same process takes a matter of minutes. For B2B, this shift is yet to happen – the processes are still very complex.
“One of the main aims for the Risk team over the next few years is to make GoCardless onboarding as smooth as it is with a B2C business, while keeping us and our customers safe.”
Risk as a feature
Another way in which the Risk team drives GoCardless’ growth is with our rapid expansion into different markets around the world. The recent addition of US payments took the number of countries in GoCardless’ payments network to 30 – this includes eight bank debit schemes, each of which has its own rules and regulations.
“Over the last two years, we’ve been building the first global payment network specifically designed for recurring payments, that is truly borderless. This has involved building new banking relationships, obtaining new licences and working with different committees. This process takes six to twelve months to set each one up.”
“The main reason the set up takes a long time is the number of different committees within the banks you need to go through. This means that 'selling' how we do risk at GoCardless is critical for our success.
“Based on what we have learned from setting up banking relationships in the UK and Europe, the team went on to produce collateral showing how we manage Credit, Fraud, Anti Money Laundering, Data Privacy and Security and many other risks banking partners evaluate in their onboarding process. This meant we could accelerate the rate at which we opened in new markets, allowing GoCardless to grow our international presence more quickly,” Erez says.
Erez also believes that risk should be forward looking. He believes that legal and compliance teams can have a role in unlocking new opportunities the business wouldn’t otherwise be able to reach. Thoroughly understanding upcoming regulations and being prepared to adapt and use them for the benefit of our customers are a key part of that.
In one recent example, GoCardless worked closely with the Payment Systems Regulator in the UK to ensure fairer ways for businesses to switch between Direct Debit providers – without needing permission from their existing supplier.
Erez takes this approach a step further to look at how risk mitigation can be done so well that it doesn’t bind commercial decisions.
“I want to get to a place where the commercial teams don’t feel restricted by considering risk mitigation in their decisions – the way we build the 'safety net' needs to be future proof, whether in preparation for upcoming regulations or other risks looming on the horizon.”
Risk team at GoCardless
The Risk team at GoCardless works under very different principals to traditional banks. Working together with risk owners across the business, the team look at how they can automate processes and develop new products and features that will help GoCardless achieve its goals. Erez says:
“It’s a really exciting time for the Risk function at GoCardless. This year, we have introduced the enterprise risk management process which has included establishing the Risk Committee and a Risk Stream. This is designed to pull together all of the risk owners in the business to help us look at risk holistically, improving how we do things and learning from each other.
“As GoCardless continues to grow, we face new challenges. We’re continually looking at how we can serve more people without taking on additional risk, how risk can enable new innovative products that will ultimately help support the GoCardless mission - taking the pain out of getting paid so our customers can focus on what they do best. We’re looking for like-minded risk professionals to join us on this journey to protect and grow GoCardless.”
Find out more about careers in our Risk team here.