Risky Business with PaymentWorks: E1–The Evolution of Risk

Welcome to the inaugural episode of our podcast, Risky Business with PaymentWorks!

In each episode, we interview industry experts and front line practitioners in the world of vendor management and risk.

Read an except of the first episode below or listen in full here.

PaymentWorks Presents: Risky Business Ep 1: Clay Deutsh

Clayton Deutsch has been a strategic advisor to PaymentWorks since our early days, bringing us decades of experience in the financial sector and the vendor risk assessment space, most recently as CEO of Boston Private Bank.

Previously, he was a managing director at McKinsey. Clay brings an unrivaled perspective on what risk assessment entails and what is at stake for a company if a payments fraud gets through.

Our head of strategy and market development, Taylor Nemeth, sat down with Clay to discuss why it’s so difficult to solve the problem of securely and efficiently onboarding vendors, and how this problem contributes to the overall risk a company needs to manage.

Originally recorded for our initial podcast, the conversation is excerpted below and has been edited for clarity. You can listen to the entire podcast here.

Overview of Evolution in Vendor Risk Assessment

Taylor: In your time at McKinsey or Boston Private, did you have any exposure to business-to-business payments fraud?

Also, it seems like over the last 5-6 years it’s gone in a hockey stick direction. Was that ever a concern for you?

Clay: For most of my career, “capital R, capital M,” Risk Management was not front and center. For years, risk management primarily meant credit risk assessment, balance sheet management, audit and compliance and crime.

I think it didn’t really gain a head of steam until post 2000. Since then what has come into the foreground is obviously fraud, crime and cyber…9-11, obviously aggravated things. All of the concerns about KYC, AML, Patriot Act, all the lists came from then.

I’d summarize the whole thing by saying: if you’re leading a financial intermediary, you have an unambiguous accountability to not only risk manage your own shop, there’s an accountability to absolutely warrant that you’re doing business with appropriate clients, appropriate counter parties, and appropriate business partners and vendors.

That’s a real accountability that’s inescapable. And if you shirk that duty, if you do it with anything less than superb operating integrity, you’re going to pay a high price. You’re going to face regulatory sanctions.

As a CEO, I actually felt that the regulatory sanction risk, to some extent, dwarfs the financial risk. And I think anyone leading a financial institution today knows that, and at the same time views it as one of their most vexing business problems to solve.

Risk Management in the Vendor Management Space

Taylor: It’s well known that the banks do quite a bit of diligence around customer onboarding. They know who, what, where, why, when and how those people got to where they are.

Conversely, risk management is sort of a broad category and generally has not been focused on in the world of vendor management. What are the banks doing today to verify the identity of their payees, and are they doing some of this KYB diligence when they choose a vendor?

Clay: I think what’s most vexing about the KYB problem—qualifying business partners and vendors, and then ensuring integrity in all the arrangements—is that it is extraordinarily manual, it’s extraordinarily labor intensive. And for a CEO, that’s the worst kind of a problem. I think every CEO likes to solve operating problems with replicable, highly efficient processes.

I think most institutions, even some of the most sophisticated, solve the problem just by throwing people at it. And that’s a high cost problem. Those kinds of solutions that are driven just by people don’t really solve the problem. You’re still exposed.

So figuring out how to bring real process discipline, real process efficiency to this problem, I think remains a challenge. Even very large technology-forward companies are doing the vendor qualification and vendor management thing in a very labor intensive way. It’s typically relatively distributed. It’s a very hard thing to render efficient.

“The real complication is that the threats are very dynamic. This is not a static problem. Every day every financial institution will be fending off all kinds of nefarious activity, fraudulent activity, et cetera. It’s an incredibly fast moving, incredibly dynamic space.” – Clay Deutsch

Fast-Moving Threats to Vendor Management Processes

Taylor: If you’re looking at the totem pole of risk at a financial institution, and you consider all the other types of risk that a bank sees on a day-to-day basis, is this towards the bottom, the KYB and the vendor maintenance piece?

Clay: I don’t think it’s a lack of attention. The vendor management, vendor payables function is typically under very able guidance, usually in the finance function or within treasury. But it’s very complicated. Risk management people absolutely have to have a say in the protocols and the requirements.

The real complication is that the threats are very dynamic. This is not a static problem. Every day every financial institution will be fending off all kinds of nefarious activity, fraudulent activity, et cetera. It’s an incredibly fast moving, incredibly dynamic space.

And what we’re finding now is some of the most elegant frauds are in this B2B space. And why? Because that’s where the big tickets are. It’s kind of like Willie Sutton, who famously said, “Why do I rob banks? Because that’s where the money is.”

Why Resolving the Payments Fraud Problem is So Hard

Taylor: You’ve brought up a fast moving dynamic experience as it relates to some of this risk.

Why is this payments fraud problem so prevalent? Why haven’t people like the Fed or the banks solved this problem? Additionally, why is it so challenging?

Clay: First off, I think the Fed is trying very hard to be a constructive agent here. My impression though, historically at least, is the Fed’s preference is not to solve problems in isolation.

I think the Fed tries to play a very powerful convener role to get the right kind of public sector, private sector interaction, to solve problems like this in concert. They’re trying to be a very constructive influencer of solutions.

These big multi-participant problem-solving efforts are, by nature, complicated. And I think in B2B specifically, the problem requires any individual institution to efficiently collect information from an astounding array of primary feeds or primary sources.

And even those sources are changing pretty rapidly in terms of quality and confidence you can have in the data. So the amount of just pinging and assembly that you have to do, with the overlay that this is a global identity problem, it’s not just a US identity problem.

So in the old days when banking was local, knowing your customer was a little more…they lived right next door. Your suppliers lived right next door. Your clients lived right next door.

If you’re even a relatively smaller financial intermediary today, you’re dealing with a staggering array of clients, partners, vendors, et cetera. I’ll stop there. This is really complicated.

Want the Full Episode on Vendor Risk Assessment?

Listen to the full vendor risk assessment podcast episode here.

About Our Guest, Clay Deutsch

Clay Deutsch was Chief Executive Officer of Boston Private Financial Holdings and Boston Private Bank for eight years, responsible for overseeing the strategic management of the Company and its affiliates.

During his tenure, the Company had a $7 billion Private Banking balance sheet, and managed $30 billion of client assets.

He began his career in banking in the 1970s before joining McKinsey & Company in 1980. There, he was a Director, served on the Shareholders Council which manages the Firm worldwide, and was Global Leader of the firm’s Merger Management Practice.

Clay also developed deep experience working with many leading financial institutions, with a particular focus in the private banking, wealth advisory, and wealth management sectors, helping to establish and build McKinsey’s Financial Services practice globally.

He holds a Bachelor of Arts in economics from Brown University and a Masters of Business Administration from the Weatherhead School of Management at Case Western Reserve University.

Clay is a past Trustee of the New York Yacht Club, on the boards of the Courageous Sailing Center and the International Yacht Restoration School, the Board of Overseers of Beth Israel Deaconess Medical Center, and the Massachusetts Insight Financial Services Leadership Council.