If you search our website, you will find some prior posts about Payments Risk Management.
When we launched our Risk Management Advanced Workshop back in 2019, I wrote about how people don’t like talking about risk – Why Talk About Risk in Payments – and why we need to anyway. Then we published a series of articles on the “Money Team” – the people who make payments happen in organizations around the world – and why Payments Risk Management is a Team Sport.
One of the key concepts we highlight in our education workshops is that fraud is not a risk. Fraud is criminal activity. Fraud happens when risks are not managed. If you think of Payments Risk Management (PRM) simply as preventing fraud, you are not alone. But you are also missing the big picture, and likely missing opportunities to increase your revenue, protect your company’s reputation, and delight your customers.
The Big Picture
Over the past few years, we have been building our risk management practice to complement our payments strategy consulting work. As part of that we have developed our Payments Risk Typology to lay out the major categories of payments risk.
Glenbrook’s Payments Risk Management Typology
This typology has proven to be a useful framework to identify where risks exist and where controls should be implemented. For some detail on each of these risk categories, check out the Why Risk Management is a Team Sport Payments Views post.
The Misconception
In working with clients, we have observed that most people in an organization think of payments risk management – if they think of it at all – as a “one and done” task list to fix a problem, or maybe prevent one from occurring.
At the same time, we talk with clients who ask for help with lots of questions and objectives like: “lowering churn”, “increasing authorization approvals”, “reducing customer contacts”, “raising net promoter scores”, or “figuring out what’s draining my affiliate marketing budget”.
Rarely are the dots between these requests for help and payments risk management connected. But when we work with an organization to connect the dots, they see the lift that the right set of risk controls can have across their business, and most importantly they shift from feeling like they are always playing catch up to being empowered to manage their operations and grow.
To help our clients understand the critical success factors in creating a payments risk management environment that truly supports their business in a sustainable way, we have introduced a Payments Risk Management Capability Model.
Glenbrook’s Payments Risk Management Typology
The idea here is that a company’s ability to manage payment risks can be measured using a simple maturity model. The model is similar to those you can find for Enterprise Risk Management (ERM) and Information Technology and Cybersecurity maturity models.
In the model, maturity is read from left to right, with the leftmost column representing Initial maturity (Level 1) and the rightmost column representing an Optimized environment (Level 5) capable of controlling risk in a healthy, sustainable manner. Like all maturity models, it is not possible to skip levels and be successful; however, an organization can decide to accelerate its path to Level 5 with the application of resources, consistent internal communications, and employee education.
Moving to the Next Level
While moving “up the maturity curve” means different things to different companies, the starting point is the same for everyone. To begin your journey, it’s important to understand the key risks for your specific organization, and then to have a clear-eyed, measured assessment of how well you are controlling those risks. Is everything reactive – your controls are reactions to events that already happened? Or predictive – can you prevent a negative event from happening without disrupting what is working properly? Once you have a baseline risk inventory and controls assessment, you can develop a strategy to take your organization to the next level.
It’s still a team sport. These tools can help you define your game plan.
For examples on how we’ve helped companies take their game to the next level, check out these case studies.