Spotlight on Risk: Q&A with Highnote’s Director of Risk: Rayna Coleman
Many Highnote prospects and customers single out our risk management as a key differentiator. In the highly regulated, ever-vulnerable world of financial services, protecting ourselves and our customers is one of the most important things we do. We sat down with Rayna Coleman, our head of risk management, who is in charge of making this possible at Highnote.
Q: Rayna, Highnote sits in a unique place in the risk landscape. On the one hand, being in financial services, we operate in highly regulated environments that are generally risk-averse. At the same time, we are a technology company that works with innovators and disruptors in their space. How do you approach balancing risk and innovation at Highnote?
A: Pablo Picasso once said, “Learn the rules like a pro, so you can break them like an artist.” Now, at Highnote, we never break any rules, but the philosophy I run our risk team by is that we need to be EXHAUSTIVELY well-versed in the rules of our field and the patterns of both good and bad actors so that we know when we can recommend creative strategies to our customers that fit with their particular use case.
Because our space is so regulated, many card partners will take a one-size-fits-all approach to risk management for their customers. But that can sometimes be a bit reductionist. Just because something CAN indicate fraudulent behavior doesn’t necessarily mean it is. The view we take is that our customers are all incredibly unique in their business models, in the target audiences they have, and in the goals they are trying to achieve. Depending on these factors, companies may need to be comfortable with different risk levels. So what we do is obsess over each customer’s relevant data, in addition to obsessing over the rules and regulations governing each customer’s respective area, and create policies, technologies, and recommendations that are hyper-tailored to each customer’s needs.
Q: Is this what initially attracted you to Highnote?
A: Yes, that’s part of it. I also generally appreciated how, even before I arrived, Highnote had a “measure twice, cut once” philosophy around risk and compliance. If you look back to a few years ago, many fintech companies were receiving notices that they violated certain regulations, often because they had indexed too far on the innovation side and had not paid enough attention to the risk management side.
Highnote took a different view early on, which I think comes from the team’s long pedigree of working in the payment industry. That view mostly centers on the idea: Let’s do this right the first time, and that will only make it easier for ourselves and our customers later. I think the reason companies don’t do that is because they want to be the first or the fastest. Highnote wants to help its customers move fast and be differentiated too, but we are ok with not being the very first or the very fastest if that means doing things the right way and not cutting corners. That’s a view I generally take in life, so it felt like the right fit seeing that philosophy in play at Highnote.
The other thing that attracted me to Highnote was that I saw how the company was building something new, which was exciting. It’s so rewarding to see something I do have a ground-up impact on an entire organization. That’s what I like about risk management at startups in general, but it seemed particularly pronounced at Highnote with its emphasis on its “builder’s” culture.
Q: You talk about understanding the rules and regulations and different behavioral patterns to catch fraudulent activity early. How do you stay on top of the changes constantly happening in the space?
A: It can be a whirlwind because, for fraud tactics in particular, things can honestly change within an hour. There are always new ways bad actors are looking to exploit financial services. A lot of what we do is a matter of digging deep into the data to recognize trends and follow storylines, like a detective.
Beyond our own information, we also take huge advantage of the community around us and the mutual knowledge-sharing within it. For example, both the card networks, Visa and Mastercard, have regular seminars and communications about the latest risks to watch for and how to ensure we are best prepared. We follow their communications about these topics very closely, and any time a regulatory body puts out guidance or instructive information. I’m also personally subscribed to several listservs for people in risk management, and they always supply me with helpful updates and alerts on the latest risk management strategies. Just this morning, I received four new updates!
Q: What’s personally exciting to you in the world of risk management right now?
A: The pace of change seems to be getting faster and faster, likely enabled by technology. It is energizing to serve as that first line of defense, always adapting to new factors and working with new information. No two of my days have ever been the same.
Q: For companies that may be attempting to launch a card program for the first time, what advice do you have for them regarding risk management? What sorts of green or red flags should they watch for?
A: My first piece of advice would be that they should pick Highnote! But in all seriousness, what they really should be looking for is a responsive partner. Money movement is not like some industries, like, let’s say, clothing, where if something happens and a shirt is manufactured incorrectly, that’s usually not an immediate emergency. But with finances, it’s a different story. If a cardholder tries to pay their rent on a card and something has happened that prevents that person from doing so, that can be a life-changing, extremely distressing event.
So, I recommend seeking a partner you know will dedicate the time and resources to troubleshooting in real-time alongside you. That’s something powerful about Highnote. Our customers can almost always guarantee they will have someone on their case, be it an individual contributor or even someone in management, no matter what time of day.