How Innovators and Risk Managers Can Work Better Together

February 11, 2019

In our “How Innovators and Risk Managers Can Work Better Together” Master Class, Mastercard’s Bob Reany and InnoLead’s Scott Kirsner shared best practices for getting security, legal, and compliance teams constructively involved with innovation initiatives. Other topics included:

  • Factors that can cause tension between innovation teams and security teams
  • Data about how well-aligned innovators feel with their security, legal, and compliance colleagues
  • Best practices for building more collaborative relationships

Reany is the Executive Vice President of Identity Solutions at Mastercard. In this role, he works with industry leaders to develop develop safe and consumer-friendly payment solutions for the company. Kirsner is InnoLead’s editor and CEO.  Read the highlights, or download a PDF of the slide deck.

Innovation leaders may realize it’s important to engage with product and marketing teams as they develop new and creative solutions, but that thinking may not be instinctive when it comes to colleagues in legal, security, and compliance groups. According to data from InnoLead’s “Innovation and Risk” report, only 20 percent of surveyed corporate innovators said they felt well-aligned with their company’s legal, security, and compliance teams.

According to Reany, while innovators want to move fast and test things quickly, their colleagues may be thinking about mitigating risk once a new concept rolls out globally. That can create conflicts.

“If you’re trying to do a quick and dirty [proof of concept] on a new technology, and there are a lot of things that aren’t answered yet, you [might] just want to go out there and say, ‘Is this worth exploring further?'” He said. But in contrast, those in security and technology groups may say, “What if this worked well and scaled out to be 100 million users or I have a billion users making transactions, would this be secure?”

Kirsner concurred: “I do think that innovation teams [are] often trying to move so quickly in these organizations … [W]hen the risk managers get seen as the ‘bad cop,’ it’s because they have one bucket and say that we need to treat everything like it’s being rolled out globally — [yet] all you’re trying to do is a test on a university campus to see if you can get five students to buy something.”

While tension may exist between teams, there are many steps organizations can take to improve the relationship. Listeners suggested creating office hours where security, legal, or compliance experts can meet with innovators. Having one of those experts embedded on an innovation project for a period of time can help. They also recommended that innovators make sure that their legal, security, and compliance teams get recognition when collaborative projects are successful.

Getting security colleagues involved early on in the innovation process can also be helpful. “You need to include [security] much earlier in the front stages of innovation, and get them involved in ways that aren’t just rubber-stamping or approving or commenting on things,” Kirsner said, paraphrasing an answer from a survey respondent. “[G]et them involved in the generative discussions so that they’re involved in the creative process instead of thinking, ‘We’re just a risk manager and we need to red or green light something.’ … That makes them feel like they helped create something new and they’ll be more likely to champion it.”

Reany also said that people on both types of teams should recognize that they are trying to solve the same problems.

“We are all working on a common problem,” Reany said. “When I get a risk manager involved…on a problem and they understand what the end vision is … that’s when you really get everyone working together on the same team.”