In this first of a two part special, returning guest presenter Ian Harrison, Verints’ own Director of Customer Experience chats with Tanushree Dabral, CEO of PX Partners and an accomplished governance, risk, and compliance practitioner. during this episode Ian and Tanushree discuss what compliance means in the current climate, why its needed and the impact it has on customer engagement and the wider CX Landscape
Media player not working?
Here’s a direct link to the post
Or copy and paste this link in to your browser
In conversation with . . . is a series of podcasts from Verint featuring chats and discussions with leading figures from the contact centre, CX and customer engagement industry across the Asia Pacific region.
Martin Riddle: Hello and welcome to In Conversation With, a series of podcasts from Verint featuring chats and discussions with leading figures from the contact centre, CX, and customer engagement industry. During this series, we want to find out what customer service organisations are doing during these challenging times and try and discover what it is that drives the leaders in this space and what makes them tick. My name is Martin Riddle and as well as being your host for this series, I am also Verint’s vice president of marketing for the Asia Pacific region.
In the second episode of this two-part special, Ian Harrison continues his in-depth discussion on compliance with Tanushree Dabral of PX partners. Ian, Sir, back to you.
Ian: Thanks, Martin. Now, Tanushree, let’s return to where we left off last time. If I think back to, say some of my past roles in leading large organisations, what are the things that I would need to do in this world if I’m running a large contact centre or large back-office operations? What are the areas that you think I should be focusing on? What sort of governance risk compliance practices would I, as an executive in that space, need to be focusing on? What would be your top five hints, for want of a better word, things that I should be doing?
Tanushree: It’s something I’m about to say that it feels like a cliche to say but it comes down to people process systems. Do you have right, both the structure and the right individuals in the roles? Do you have the right technology to support the people and the processes that you’re looking to support? Have you rigorously sort of been through the process of understanding where your risk is arising? Breaking it down to those fundamentals is key. With the regulatory change that we’re seeing coming through, the onus is coming back much more into organisations around taking a consumer outcome lens to the regulatory, to the changes they’re making, to the products they’re issuing, to the services they’re providing. Finding a way to have that embedded throughout the organisation is going to be key.
Ian: What about some of the new technologies, I was interested that there are changes coming along with some of the regulatory guidelines and if you think about RG 271, for example, it’s asking us to start thinking about social media and how do we understand a customer’s interaction via social media? Where’s an organisation’s accountability stop and start? I can see the regulator feels like that’s a new space they really need to go into, but do they really understand the complexities of what that actually means for an organisation?
Tanushree: Yes, RG 271 coming into effect fifth of October. Effectively, what that means is that firms or financial services firms will need to start monitoring the social media channels that they own and any complaints in those channels need to be put through the same processes, complaints that they received from other channels. I think that in a way, there’s an opportunity there in terms of the way organisations think about complaints, it’s free feedback. organisations can pay a lot of information to receive feedback and to gauge customer sentiment and to be receiving that for free from a customer, I think, is an opportunity for product owners and service owners to really use that information.
From the regulator’s perspective, they over the last few years have invested a lot more. They’ve created a data office, they’ve got a chief data officer. The regulator really is looking at chain regulatory changes, as well as pilot programs across various parts of the industry, to look at what data they should be collecting and to help them in their surveillance, to be more targeted in their surveillance activity. I do think it’s deliberate on the part of the regulator and I also think the way the world is moving, to exclude the channel as common in this day and age as social media would be amiss.
Ian: That would mean, to me, it’s to imply that the organisation’s need to start thinking about different technologies and different ways of actually interrogating what’s happening and some of those channels.
Tanushree: That’s right.
Ian: That’s obviously a really challenging issue for some smaller organisations only starting to get their head around the implications of the regulatory guidelines for them.
Tanushree: That’s right.
Ian: I’ve talked to lots of different organisations and as you know, some are fairly mature in their processes, and others are only now just starting to realize that AFCA might actually come and talk to them for example and that they’ve probably been lucky to not be the focus for so long. Are there other key areas that you think that organisations should be really addressing right now other than basic things they just need to get out of the way and address straightaway in terms of the looming changes coming with regularization?.
Tanushree: Yes, there are some big changes coming. The Design and Distribution Obligations, DDO, I would say of what’s going to affect anyone that provides financial service to retail customers, that’s probably the biggest. That really does represent quite a fundamental shift. We’ve come historically from a disclosure regime where the onus is really on the product, or the onus is really on the customer I would say, to make sure that they’ve read the disclosures and from a product issuer perspective, you fundamentally just need to meet the compliance requirements in terms of the disclosure.
ASIC has been quite vocal about disclosure now working as of other regulators around the world. A report they put out, probably a little over a year ago now, the research show that about 20% of consumers actually do read the disclosure they’re provided. Disclosure as a regime doesn’t work and it’s come up quite loud and clear through the Royal Commission as well. What DDO is now doing is it’s rebalancing the onus away from customers needing to read disclosure and bringing it back to product issuers and distributors of products. If you’re a product issuer, you need to have determined who it is you want to sell the product to, who your target market is, and really have thought through what are the right sales channels, the right distribution conditions to make sure the product’s being sold to the intended target market. If you’re a distributor of that product, you need to have the processes in place to make sure that you are only selling to that prescribed target market as well.
Ian: Does that mean that as an organisation, I need to be able to prove that Mrs Smith has actually received the Product Disclosure Statement, has actually acknowledged it and I have to be able to keep track of that? Is that how it works? What are the implications for me as an organisation or an operations team sending out disclosures and PDS and other material?
Tanushree: Yes, actually, if anything, the onus also shifts back a bit more to the product governance side for the design of the product, but when it does come to the distribution of the product, it will have impacts on things relating to online sales and how those flows work and the scripting. It also has an impact on call centre scripting as well because effectively, product issuers are now going to need to determine what their distribution conditions are, and the types of consumers they want to distribute to. As the person selling the product on the phone, they’ll need to be the controls there to help ensure only those target customers are coming into the product, asking eligibility questions, for example. A lot of this, it’ll be a systems and controls approach with organisations really needing to think through their core scripting, their monitoring, and intent really.
Ian: It goes back to what you were saying before, which is getting timely guidance to the call centre agents and the rest of the organisation about well, this is the new process, and this is a new flowing, and you need to do the following things and making sure they adhere to that is going to be an ongoing challenge which I guess also raises the issue about what’s the single source of truth an organisation has about their relationship with the customer because many organisations don’t have that CRM and single view desktop that allows you to see everything that’s going on because of the way the organisations have evolved over time. I imagine that’s going to be a huge challenge for organisations to get their head around it. Do you think they’re prepared on the whole?
Tanushree: Firms are quite well progressed in coming up with a target market determinations. Where firms are a bit more challenged is considering how they’re going to monitor their distribution channels, what’s the information that they’re going to seek back and also is the right approach to seek back information because once you have information, you still have to have a process around, what does this mean, what am I going to do with it, what does this data actually tell us? Firms are grappling with the role, what’s the informational data we want back? Or would we rather take more of a due diligence approach to understanding the systems and controls of our distributors? Then only on an exceptions basis seeking information. That’s something that different parts of the industry are grappling with at the moment
Ian: Just thinking about call centres or customer experience as a whole, to me they’ve always been the ones who are, that’s called, more aware of some of the challenges around frustrated customer, poor sentiment, a level of emotion and annoyance from the customer. They go through this painful journey. They’ve often had insights from quality management and compliance data and speech analytics and other sources. Do you see that the contact centre is going to become a more important source of information in the future? I say that, as the virtualisation of distribution happens, then contact centres actually have a really powerful seat at the table and a whole lot of insights about customers that perhaps they never realised they had before.
Tanushree: Yes, no, I absolutely agree because I guess with online channels and contact centres, there’s the ability to monitor and interrogate information in the way that there isn’t the same when it’s a pure face-to-face interaction. I wholeheartedly agree with you, but I think contact centres is an area extremely rich for the management of information and insights.
Ian: Tanushree, thinking about response to pandemic so as you know many of the organisations were really quite happy and patted themselves on the back, they suddenly rapidly got their workforce at home. Some of them had employees driving through car parks, picking up laptops, and then running off home and plugging in and suddenly they were working and calls are being answered.
Probably a little while later, I think a few of them probably realised that. Okay, calls are being answered but actually what on earth were people saying and was it compliant? What about these new people we suddenly added to our workforce rapidly to scale up to the demand? Talk to me a bit about the work from home and what does that mean for governance risk and compliance perspective and challenges ahead?
Tanushree: Yes. It was fascinating. I mean the whole period has been fascinating from a governance risk and compliance perspective, I think it’s really opened the organisations’ eyes, about just the flaw in maintaining manual controls, right. There is some value in supervision by osmosis, by being on the floor, and everyone began to hear or see what everyone else is doing but I would say that that value is limited. Once you move your workforce to be work from home, it’s negligible, beyond limited.
I think it’s been– For firms that do rely very much on paper-based forms, manual KYC processes, et cetera, it’s been quite eye-opening, even if you look at trading floors, where the controls were fundamentally, we keep our traders separated, we don’t let them bring their mobile phone onto the trading floor. In today’s world, none of that’s really enough. Adopting technology, I think is key.
I think for firms that have already had that in place, the transition and the comfort levels of management, it’s been much smoother because fundamentally, the same monitoring and oversight mechanisms you were relying on as your key controls in the office can be the same ones that you’re relying on when your workforce starts working from home as well. The key risk coming out of this is really around the people risks, employee morale, and firms that have been quite considerate in thinking about okay, as we have staff working from home, and then say, we want certain staff working from the office, what’s the right mix? Also, what’s the right activity to be undertaken in an office? so the time in the office be spent more on the collaboration and connection, rather than for the sake of it people coming into the office to simply be on a Zoom call with their colleagues working from home.
I think thinking about people impacts, employee morale in parts of the world where you got team members still in lockdown, that’s quite an alive issue. I think that’s really important but having your monitoring and oversight controls being technology-based, I think is going to be key.
Ian: With all that technology, what sort things are you thinking of in that space?
Tanushree: Anything from call recording, relying on speech analytics, trade surveillance, and calibrating all of that to see that you’re still comfortable with the thresholds. You’re still comfortable with the sample sizes you’re using, is it exceptions-based enough or is it a bit too one-size-fits-all? Are you focusing in on the transactions that are perceived as being higher risk, but that you’ve determined a higher risk?
I think there are a lot of tools out there. I think there’s also an opportunity for firms to think a bit more creatively around the culture and conduct aspects of what data already exists in an organisation that can help you to be an indicator of potential culture or conduct type of issues. I’ve heard of firms doing things like starting to look at who’s submitting expense reports late. Is there a correlation between submitting an expense report late, and potentially, also lagging and doing a mandatory compliance training?
There’s quite a lot of information out there and I think it’s about firms just testing and learning and using what there is.
Ian: I think it holds what we’re saying before, isn’t it? Because there’s such a massive amount of unstructured data you could put into the mix and then it’s how do you actually analyse that data creating relationships and correlation between all the data sources which is a huge opportunity, but any organisations just haven’t got the ability ranges to those different channels.
Tanushree: That’s right. It’s interesting when you work with clients that have received regulatory notices from ASIC for vast amounts of data, often transactional data. After they’ve provided that information, and they received the follow-up questions from ASIC, that’s often the first time the data has been interrogated and it’s been by the regulator so firms have a lot of this information themselves.
It’s important to put the practices in place and the accountabilities in place for that data to be looked at rather than it being looked at by an external party for the first time.
Ian: Talking about first time. Obviously, post Royal Commission in Australia, the vulnerable customer issues suddenly, it came to the fore as part of the Banking Code of Practice implementation et cetera. Probably there were some people, I think, particularly in context, they were probably surprised that suddenly that was such an issue. First time, everybody’s talking about this and they have been dealing with these very needy customers for quite some time and they could really relate to some of those experiences that then became really rather high profile and needed to be addressed as part of the code.
What’s your thoughts on the approach to customer vulnerability? Because I know with the banking code compliance committee, there was obviously, in their recent report, they found all sorts of breaches still in the various banks with regards to code. In fact, I think there was about a 600% increase if I remember rightly in terms of code breaches. What are your thoughts? What’s going on there and how should organisations respond?
Tanushree: Yes, so I think, in terms of the increase in the number of breaches, I guess the organisations, their data has an input into that report, they have attributed that to an increase in risk awareness, largely. That may very well be the case.
Ian: It’s a bit scary really, probably they have realised it, they’re going to do something.
Tanushree: Yes. Then that may well be the case, the awareness of the requirements essentially is what’s leading to the increase in reporting. I guess from the perspective of risk and compliance practitioner, reporting is a good thing.
Looking at an increase in the number of breaches in and of itself, I wouldn’t see it as a red flag, I think it becomes more interesting when you look on year-on-year or multi-year-on-year trend analysis, that’s when it becomes more interesting. If, say, for example, so in the report, you’re referring to some of the larger increase is related to small business customers. I guess what you would expect to see or ideally hope to see, is you would haven’t, as awareness grows, and as controls improve, or detective controls improve, you may have an increase in the reporting of breaches, but really, what should then be happening is quite systemic changes being made within the organisation. Shifting their control environment to be more preventative, and then you should see the number of breaches, plateau, or even decrease even with the same level of risk awareness. I think looking at year-on-year trends will be interesting.
Ian: Again, ironically, you end up talking about the need to interrogate a lot of information, what it does, [crosstalk] gather all at one place, which is the increasing challenge, isn’t it? The wider, I guess, not just customer experience functions, but the whole organisation. To my comment earlier, I think that the context centres customer experience functions have so much to contribute and so many insights to add, and therefore, I think they then end up in this conversation around, how are those organisations structured?
How are they set up to facilitate that interrogation and that sharing of data and I guess also increasingly, given the speed at which things change, how quickly can they share their insights with the other parts of the organisation? Then can organisations respond in a nimble enough fashion to close out those issues? That’s the challenges where we want to change something fast and the risk community says it takes so many months and the marketing team, so it’s going to take them ages to read through all that material and change the wording, and meanwhile, the regulator or even the customers demanding a quick fix to an issue almost overnight.
Tanushree: Yes. Yes. I think that has to to change. I think the sorts of lead times organisations have said they need, that can’t be the way of the future, especially given organisations have shown that when it matters, they can change. I also think when it comes to capabilities within an organisation, this applies across the organisation including to the risk and compliance community. Really thinking about is the capability mix you have the right capability mix for the future?
The same risk and compliance teams historically have been people, I’m including myself in this bucket, of audit backgrounds, accounting backgrounds, legal backgrounds. Is that the right background mix to have in an environment where actually you’re going to get your insights through the analysis and data with people knowing how to analyse and how to integrate it, how to gain insights from it. I think across the organisation, making sure that that capability exists is going to be it.
Ian: Well, Tanushree Dabral, thank you so much. Appreciate you taking the time out to talk to us today.
Tanushree: It’s a pleasure. Thanks, Ian.
Ian: Thank you.