Conf42 Incident Management 2024 - Online

- premiere 5PM GMT

Strategies for incorporating compliance into the product development process

Abstract

In highly regulated industries like finance, ensuring product compliance is crucial. Minimize risk by involving the Compliance team early in development, including them in demo sessions, tracking their requests in systems like Jira, and regularly reviewing the product from a compliance standpoint.

Summary

Transcript

This transcript was autogenerated. To make changes, submit a PR.
Hi, everyone. Thank you for joining in today. I'm Kyra. I'm a product manager with over 10 years of experience in building B2B and B2C products, preferably in fintech. And now I'm working as a product lead at Neboos, a fintech service that provides access to traditional finance products and cryptocurrencies. And today I want to speak about strategies for incorporating compliance into product development. You may ask me, why, compliance? Why do you focus on compliance? Because, when you're working on a digital product, you always work in a cross functional, team, where all the departments involved like marketing, support, finance, you name it. So why am I focusing on compliance? That's because in highly regulated sectors, there are a lot on the line. So being fully compliant with all the regulatory requirements is crucial. compliance department, is in charge for following industry regulation for reducing any risks the company faces and for building trust. trust, of the customers. And also trust of the, regulators from the government and so on. And failing compliance can lead to fines, reputation damage, customer loss, and as a severe consequence. So that's why today I want to focus on how to deal with compliance, how to involve compliance professionals into your product development life cycle. And that's it. So what is compliance in Fintech? there's some key elements of compliance, such like regulatory requirements, AML and KYC, which stands for anti money laundering and know your customer, and sometimes data protection because from company to company it may vary. Sometimes compliance is in charge of data protection. Sometimes it is, the part of responsibilities of the other departments. again, why it matters, it's because, that's a lot on the line, that because the stakes are high in highly regulated industries, and Compliance Department, Helps to build and establish trust and ensure safety and mitigate any risks a company can face. And the consequence of non compliance are really severe. So it's not only legal penalties or reputation harm or operational disruption. it's gonna even lead to business closure. So there are the key components, from the technological point of view. So first of all, KYC and KYT, which is. Know your customer and know your transactions in anti money laundering. Also it's rec tech, any kinds of compliance management system. And of course, AI based fraud detection and KYT, KYC automation solutions, because, nowadays there are a lot of players on the market and the client wants to, that transaction to be very fast. And there are a lot of transactions, so the client won't, wait for, hours to the transaction to perform. The client won't, wait for KYC procedure to perform, for, days. that's impossible without AI based solutions. what are the common problem of cross functional collaboration challenges and how it's effect to compliance relations? first of all, it's very common to have communication silos due to limited interaction between teams. But, the truth is that if you have cis you are very likely to have a limited interaction between teams. And if you have a limited in, if you have a limited interaction, you're highly likely to have cis. Because teams doesn't talk to each other, teams doesn't communicate. Teams doesn't found, like the common things, like common goals and common ideas. So yeah, it's a very common, mistake. The second is late involvement of compliance. So sometimes compliance introduced when it's too late. And there's a reason why it happens. Because, when a product manager and product team. is inspired by an idea. you just want to deploy this. You just want to make it live. You just want to experiment. And sometimes compliance person ask too many questions because there's a lot on the line. They're in charge of very important things. So they don't know what to do. They ask challenging questions, and sometimes the product team is not so happy with answering. They want to move fast, they want time to market. And sometimes it can look like compliance put, the sticks through the wheels, but, really they're just doing their work. So if you're involving compliance professionals, too late, It's highly likely will lead to, late issues. So when something important turn out to be so very late on the later stage of the project. And the third one is about balancing. Um, deploy and developing fintech or other highly regulated, industries product is always a balance between innovation and regulation, which means that you are always should be aware, how risky is what you are trying to deploy. For example, me as a product manager, I think like all other, every other product managers, I want as many clients as we can. So if we have a hundred clients a day, please, I want all of them to use our application to perform transactions. But compliance specialists understand that they're like some percent of those customers are not a good customers who will be paying bills, paying for the coffee, paying for everyday life expenses. But they will pay. Perform some fraud and so on. So that's always balancing between what we can get and what's on the line. So early engagement, is the key to success. When we talk about working with compliance professionals. So I would recommend to involve compliance from ideation. So from very early stage of your project. So normally when I have some idea and I understand that it's not just you, improvement and, I am very likely to ask compliance professionals. I have a quick call with one of my colleagues. And just share this idea and sometimes I have a very good piece of advice of how to transform this idea in something fully compliant, how to make sure that we won't fail and we won't engage in non compliance and so on. So also, it's very important to foster a culture of collaboration. So that's when you, when you are happy to interact with your compliance professional colleagues. on the daily basis, when you are grateful for their questions, when you're grateful for their comments, and when you are really listening to them. everybody appreciate when someone listens. I think this culture may be fostered in every organization. the benefits of such an approach, a few last minutes issues, smoothie launches and overall better atmosphere in your, company. So what. I do personally to, implement seamlessly compliance into product development process. first of all, I, integrated compliance to design of all the products we produce. So on the early stages, a compliance professional is a part of a cross functional team and, We listen to the questions, we listen to advice and we shape our product. in accordance with what our compliance colleagues say. Other thing is to clarify roles, because you know sometimes there are several people in charge of other parts of compliance process. For example, you have one person in charge for KYC and KYB, the other person is in charge for KYT, and the third person is in charge of, KYC and KYT. communication with partners, risk appetites, and so on. So make sure that you are with the right person. And if you need to involve all the three persons, you should involve them. And all in all, the, you should be to have a regular meetings with, compliance, regular compliance review. it's not only product demo when you like show everything you produced. Recommend to have a separate meetings dedicated to compliance needs. I personally do such meetings once every two weeks. It's 30 minutes, just to make sure we are on the same page with the colleagues, make sure that nothing is missing, that we didn't miss any news, any upcoming audit or something like that. let's talk about methodologies and tools that, helps, me to deal with, compliance. First of all, the agile product, development is a very good, in perspective, because that regulation, very volatile and risk appetite of partners, even more volatile. So everything can change very rapidly and agile. A very good solution for that because you don't need to wait for a long cycle of development, to integrate some new compliance ideas or tasks you just have to you could just have deployment every two weeks so you can. be very rapid in addressing compliance issues. Also, I think it's important to use risk assessment frameworks and make it clear for all the team and proactively identify the risk and address the risks. Also, you may understand that Compliance is not a one off action, it's a continuous process, so everything is changing rapidly and audit is coming like every quarter or every year, so you should continuously include compliance tasks in your sprints. So let's talk about software we use to address compliance tasks. first of all, we automated all the tasks and when compliance professional need something from a product development team, they can address the JIRA, create a ticket, and then we can discard this ticket, in person, being sure that everything is track traceable. so we use Jira, for this, for, task tracking. we also use Confluent for all the documents available for every member of the team, so we always can refer to risk appetite for compliance rules and so on. And we also use Slack for day to day communication and Trello for, for meeting notes. And as I mentioned before, we use AI in, for, process automation, such like KYT, KYC, and for, in blockchain, for data integrity. So what else can I share with you? Let's talk about the best practice for building a compliance culture in the company. So I think everyone who works. In highly regulated industries, our finance and so on, knows about trainings and those trainings are regular and they are usually very boring and nobody loved those trainings, but apart from them, that's very useful. To have some workshops with compliance professionals because sometimes they can share some issue they addressed the previous week or previous months, some use from the industry. And this is really helpful and really fun. Continuous monitoring and adaptive regulatory changes. as I mentioned, it can be 30 minutes, meetings every two weeks or every week. It can be, inviting a compliance professional to your daily stand up or anything you wish, but it should be a continuous process. And the third one, I highly recommend to document everything regarding compliance. I know that the most companies, the most, software development is agile. So the word of the product is more important than documentation. But, if we talk about compliance. It's crucial to be very precise. So document everything, store this in Jira in Confluence or elsewhere you, your company choose, but, I, I really recommend to do that. So let's sum up all said. compliance is crucial for safety, trust, and market success, and even for company existence. If we talk about highly regulated industries about finance, for example, early integration of compliance professional into product development and clear understanding of the roles are very important when we talk about compliance. Thanks. And the third one that using technologies and continuous learning is a key to stay ahead. Thank you so much for your attention today. let's discuss any questions or challenges you may have. I'll be more than happy to answer your questions.
...

Kira Balabanova

Product Lead @ Nebeus

Kira Balabanova's LinkedIn account Kira Balabanova's twitter account



Awesome tech events for

Priority access to all content

Video hallway track

Community chat

Exclusive promotions and giveaways