We sit down with Jenny Holt, CRO at top fintech Triver, to reflect on the evolving role of the CRO and the industry changes she has seen over her 20+ year career.
Jenny, it is an absolute pleasure to have you here with us today. We're excited to have you as our first guest as part of our new interview series ‘Sikoia Unified’ where we aim to discuss insights with risk and compliance thought-leaders. To kick off, can you tell us a bit about yourself and how you got to where you are today? We'd love to hear about some of the highlights along the way.
My name is Jenny Holt. I've been in the financial services industry for over 26 years, primarily in risk management positions, though I have also had some commercial roles, the common thread throughout my career has been the use of predictive modelling. I spent 20 years in banking, starting at Santander and later moving to Barclays. I've worked in various roles across different products and industries, mainly in consumer credit risk, and had the opportunity to work in different countries with different jurisdictions. My last appointment at Barclays was as Head of Analytics at Barclays Africa, based in Johannesburg.
After my tenure in banking, I moved to smaller organisations in the FinTech space in the scale-up stage, including Hasting Direct and Vanquis.
In June 2020, amidst the height of the COVID-19 pandemic, I transitioned to SME lending. It felt like the right time, considering the challenges faced by small businesses and the government's provision of loans. Many FinTechs also wanted to participate in lending but lacked experience in that area. This transition allowed me to explore new opportunities and make a difference in a changing landscape.
All this has led me to my current role as Chief Risk Officer at Triver, a London-based startup that uses open banking data and AI to provide short-term working capital to SMEs.
Super impressive, particularly considering the range of institutions you've had the opportunity to work with. It's fascinating to see that you've made the transition to the world of FinTech. We'd love to hear about the key distinctions you've noticed between working at a FinTech company and a traditional bank. How have these differences influenced your approach to risk management and compliance?
In FinTechs, there is a strong desire to leverage agility and move quickly. They are comfortable with taking risks, but often they can be inexperienced and unaware of the risks involved.
As a Chief Risk Officer, my role is more focused on education, building awareness, and fostering a pragmatic approach. I aim to demonstrate that risk management can be commercially minded and that we can find a balance without slowing things down.
In a FinTech, the internal network is smaller and tightly knit, making it easier to understand and get involved in various aspects of the organisation. This allows for better control and a clearer view of the landscape.
On the other hand, traditional banks, often due to their size, adopt a more conservative approach with robust control measures. The impact of their actions goes beyond the company itself and can have social, economic, and regulatory implications. Working in such an environment requires enabling people, establishing consistency, and ensuring adherence to established processes. However, it can limit opportunities for innovation due to the need for uniformity.
So, there can be less opportunity to be innovative because you're all held to a similar standard in order to maintain consistency.
Are you referring to differences in processes, frameworks, and bureaucracy that exist between FinTech companies and traditional banks? Do you think this contrast lead to a more risk-averse environment within the organisation?
Yes, potentially. I think the larger ramifications of incidents and the need for a one-size-fits-all approach can contribute to a more risk-averse culture.
This creates an opportunity for FinTechs to fill the gap in the market.
However, I believe there are commonalities between working in FinTech and a large bank. A good risk manager will establish a clear framework, set expectations, and make risk management easily accessible across different roles. In both scenarios, the role of the Chief Risk Officer is vital in shaping the culture, whether it's in a FinTech where there might be concerns about slowing down or in a large organisation where following due process is emphasized. The goal is to prove that risk management doesn't hinder progress.
That’s really interesting. From what you've shared, it appears that Fintechs inclination towards risk-taking is predominantly influenced by organisational culture rather than being dictated by rigid processes and policies. Would you agree?
It's a combination of both. Processes must be proportionate. For instance, if you have only 100 customers, do you really need 100 different anti-money laundering checks? The consequences of making a mistake are less significant with a smaller customer base. UK legislation often suggests a tiered, risk-based approach. As a startup ourselves, there are certain things we must have in place from day one, while others can be developed over time. The controls can become tighter and more sophisticated as our customer base grows.
So, it's about assessing risks as we progress and determining what's appropriate for the size and type of our business. It's not just about attitude; it's also about scalability.
That makes sense. We'd love to hear more about your role and the initial year of operations at Triver. Could you provide some insights into what a typical day looks like for you as a Chief Risk Officer (CRO) and what your priorities are?
I don't think I can describe a typical day because it doesn't exist. In general I think a chief risk officer commonly divides their time between key activity . Firstly, building the right culture and fostering a positive attitude towards risk management throughout the organisation. Establishing strong foundations and a clear framework, taking people on a journey so they don't perceive risk management as a hindrance. Secondly, keeping an eye on external factors such as regulatory changes and considering any unforeseen risks. Thirdly, ensuring that the running of the business incorporates a comprehensive view of all risks in decision-making. Lastly, being involved in business development. The risk management function itself is like a business development function, but it's also crucial to participate in other areas of business development and ensure awareness of any potential risks.
In a startup, the emphasis often leans more towards business development, as I mentioned earlier. So, my role is broader than just being the Chief Risk Officer at the moment. Since we're small with only six team members, we all contribute in all areas. But I also have a responsibility to ensure that we don't overlook any critical issues in the build, think through every aspect, and avoid making avoidable mistakes. I tend to keep a cautious mindset, always considering what could go wrong. It's important that the whole team shares this mindset.
Embedded finance lies at the heart of Triver's business, can you elaborate on the concept and its implications for companies? How can businesses leverage embedded finance to their advantage, and what benefits can they derive from adopting this approach?
Essentially, it’s about integrating our product offering within other companies' technology and processes to make it easily accessible to their customers. Embedded finance enables us to connect with SMEs in a way that is both convenient and easy for them in that moment when they are managing their finances or their invoices, and by working closely with partners we can minimise the effort on the customer's part to
For embedded finance partners, we provide a solution that enables them to expand their product offerings to their customers with little to no capability investment on their side.
As you embark on building a company from scratch, how do you envision leveraging technology to establish more efficient risk processes and controls? In what ways can technology play a pivotal role in enhancing the effectiveness of risk management within your organisation?
Well, it's great to be part of a startup where you have a blank canvas and can build things from scratch. It can be challenging to change existing processes in larger organisations, whereas starting fresh allows for more flexibility and agility. As part of my role, I have been engaging with various companies to explore the latest innovations and how they can assist us in building efficient processes and customer journeys. The goal is to manage risk intelligently without creating friction or burden for the customers.
That's an interesting perspective because it highlights the role of the CRO as a growth-oriented position rather than a restraining one.
Absolutely. When you start exploring the available technologies, there are some really exciting things out there. By utilizing the latest innovations, we have the opportunity to build something better than what others currently have.
Let's delve deeper into the topic of technology and innovation. what are the specific innovations you are looking for? how does Triver's approach to risk underwriting differ from more conventional methods of underwriting credit risk for SMEs?
We aim to incorporate data as much as possible in risk management, particularly for customer due diligence. We leverage the advantages of open banking, which some organisations have struggled to fully internalise and utilise in their processes. Open banking not only provides a wealth of data but also offers verification capabilities that greatly assist in fraud management and credit risk assessment. Additionally, we are exploring the use of telephony data for verification purposes. Our aim is to minimise the need for customers to upload identification documents and instead focus on verifying their identity through other means. This allows us to conduct the necessary know-your-customer (KYC) checks efficiently. The use of telephony data streamlines the process for customers and shifts the effort to the backend.
You mentioned bank data and open banking as the core of this process. What limitations do you see in that data set and why isn't it fully utilised by the auditing institutions you work with?
Well one point I mentioned earlier is that when something is already in place and doing an acceptable job, the effort required for marginal gains can be substantial. However, when starting from scratch, it's natural to aim for the best available solution, taking costs into consideration. Commercial data advancement lag behind innovation with consumer data and some companies are waiting for open banking data to become more sophisticated in the commercial space. Open banking providers are still building the breadth of availability and ironing out data consistency and integrity issues in the commercial space.
Open banking comes in various formats, with different interpretations and requirements across banks. There can be a lack of consistency across the market and it’s difficult to verify the accuracy of the data you receive when you don’t have an alternative sources to compare the data to. These complications make some companies hesitant to fully embrace open banking.
When we discussed open banking services with providers, many features were just available on consumer data and the stats they quoted were on the consumer side. Also, where there are developments to commercial open banking data it’s often a recycle from the consumer world which isn’t always where the development is needed.
Then there is also the complication if you are delivering a service through a third party particularly when the ‘broker’ applies on behalf of the customer. For open banking data, customers need to grant access, and this can make it difficult to integrate open banking into your customer journeys.
Then there’s the added issue that the data cannot be immediately incorporated into underwriting models. Users need to build up scale and history to understand the predictive characteristics of the data and its use in making decisions. This delay in realising the benefits is yet another barrier. Add to that, the fragmentation of data sources in large organisations and yet another source of data is not necessarily perceived as a benefit.
Apart from open banking, what other data sources do you use to gather this information on business?
Credit bureau data remains an essential source of data, especially for new entrants. It is the only source of record connecting lending with an outcome which is necessary to build underwriting models if you don’t have your own data.
Credit Bureau data has come a long way in recent years, improving significantly in coverage and depth of information. The introduction of Commercial Credit Data Sharing (CCDS) provides aggregated banking data and has served as a precursor to open banking data. This is how we’ve gained insight into the predictiveness of banking data in the commercial space as we've had access to for some time.
The expanse of data and services from the credit bureau is continually growing. It’s a relationship you need to manage closely as it’s hard to keep abreast of all of the developments. It’s not quite a one stop shop but you can keep the number of integrated suppliers to a minimum. Our relationship with our credit bureau has enabled us to utlise some of their recent enhancements in the use of telephony data and AML (Anti-Money Laundering) solutions which have helped us to minimise the customer interaction and complete our checks in an automated less invasive way.
With the rapid advancement of technology in the financial sector, what do you perceive as the most significant risks and opportunities for fintech companies like Triver?
As a new company, building a new solution for an existing market that removes the frustrations that customer’s experience with what’s already out there, there’s a real opportunity to exploit the latest technology, lay the right foundations and deliver a product and experience that is the best it can be, minimising the pain points for the customer. But, you have to believe that the advancements provide the customer with something tangibly better and do not expose you to new risks – because it’s not tried and tested. I think you also have to remember that tomorrow you will be behind the curve… and technology may have moved on – while you are small it may be easy to make implement advancements, but it gets harder.
With your extensive career and diverse experience across various institutions, we greatly value your insights. Considering your journey, is there any professional advice that you wish you had received earlier in your career?
I've contemplated this quite a lot, and the advice I would give is to seek advice. It might not apply to everyone, but from my perspective, when I was less experienced, I viewed asking for help or seeking input from others as a sign of failure. I felt the need to prove to others that I could handle things independently. However, as you grow older, you realise the importance of your network and receiving input and advice from others, even if you believe you have all the answers. It is incredibly valuable. I especially feel its significance now in the startup environment, where making connections and listening to others' experiences is crucial. Just reaching out and saying, "Hey, I'm currently working on this. What do you think?" and seeking feedback is immensely valuable. So, the strongest piece of advice I would give myself is to talk to lots of people, make connections, and let them have an opinion on what I'm doing. I would emphasise not seeing it as a vulnerability on my part.
Thank you for that insightful perspective. It's true that the journey of professional growth is never-ending, and the more experienced you become, the more you start to realise that there's always something new to learn, especially in an environment that evolves rapidly.
Yes, even after 26 years in financial services, I'm still engaged in day-to-day activities. If I weren't, I would probably be quite bored or retired by now.
Thank you so much for your time and valuable insights today. It has been a pleasure having you with us. We greatly appreciate your contribution to the conversation, and we wish you continued success in all your endeavors.
If you find onboarding, monitoring and risk assessment processes to be inefficient we can help.