Changing role of chief risk officer
Wednesday April 26 2023
Over a year ago, Irene Auma made a shift to the US-based electronic payment company, Visa, to head risk management in the sub-Saharan Africa region, overseeing 52 countries.
Many of the risk management jobs globally are 80 to 90 percent dominated by men. She is one of the few women seizing chances to rise in the industry.
Having moved from taking care of 13 countries in Eastern Africa, Ms Auma says the role has been demanding as various countries are exposed to risk differently.
“It’s a tall order in terms of just having the scope of what is going on across all these footprints,” she says.
“The most amazing thing is when one looks from outside Africa, they see Africa as one country but it’s a full-fledged market with different dynamics in terms of consumers, cultures, financial setup, and drivers of the economies. In my area of expertise, we are exposed to different risks in every market that we operate in.”
Ms Auma says her job largely entails curbing fraud, both from clients and enterprise processes, and that there are similarities to risk management whether dealing with two countries or members of a regional bloc.
The Eastern Africa region, she observes, is service-sector driven like the tourism industry unlike Western and Central Africa which are commodity-driven, and Southern Africa which is a mix of both service and commodity.
The similarities are also due to regulations where countries within a bloc tend to borrow from each other when it comes to policies.
“In analysing risks, a country gets exposed to, I start by identifying the drivers of an economy,” Ms Auma says.
“Western Central Africa is largely commodity-driven with oil, cocoa, and large production of products and you will find a single line driving the economy. If any headwinds directly impact the business, then we, therefore, are exposed from an operational risk part.’’
Travel Managing several markets means frequent travel across the world, making the job as demanding a discipline for women as other C-suite roles.
However, Ms Auma says technology has helped as she now does online meetings and video calls, instead of globetrotting.
“The pandemic gave us a good reset; one of the positives I take away from the pandemic. I don’t have to travel to, say Brazil, to know what is happening there. I normally joke that I do virtual travel in a day, I can travel across six countries on four continents. That allows me to engage in day-to-day collaborate more efficiently, but he has they still travel with it.”
Most of her travels nowadays are driven by client and market visits or regulatory engagement to help shape the payments ecosystem.
As the chief risk officer, the job involves curbing financial risks including fraud, and operating and market risks, arising from regulatory procedures.
Visa works primarily with banks as their main clients, meaning any risks that the banks are exposed to, indirectly the San Francisco -headquartered corporation gets exposed to, other than the fraud risks.
This makes the company take it upon itself to ensure security to help prevent payment fraud.
The former regional head of fraud risk management for Africa and the Middle East at Standard Chartered Bank says clients across the markets have been exposed to the same types of card fraud, market with the differentiator only being in their investment in solutions to mitigate fraud.
And now the role of risk management has become more strategic in nature. “The exposure when it comes to card fraud, trust me, it’s similar across the board,” Ms Auma says.
“The trends tend to be the same. What client experiences, irrespective of their country, is directly linked to their investments in systems and capability in people to be able to proactively manage.
So you will find that a very old model of fraud may happen to a client who probably has all the assistance but doesn’t have the people to use the system.”
With the increasing adoption of e-commerce during the pandemic period, fraudsters have also moved online, meaning that the same fraud that we see in Kenya is the same that is affecting the rest of the world in the digital space.
“More users are online and also the fraudsters, therefore, have a bigger market catchment area to get into.”
“The target is hardly the individual consumer because monetisation of the fraud that the threat actors can get out of one individual consumer is small. So the investment they make to be able to hack or intercept you and make money out of you is small.”
Ms Auma notes that threat actors are targeting e-commerce platforms and institutions with a high frequency of transactions and payment account data.
“Fraudsters are moving upstream; they want to get a bigger catchment. So they will tend to target more the establishment and the institution and will look for gaps in the financial institution through cybercrime breaches, look for gaps in the applets, merchants who are blind, for example, on how they can replicate an online site that sells goods and services and make you come in pay and in that they able to collect your data through the fake site.’
The global firm has been using technology to monitor, provide solutions for clients and ensure a safe payment ecosystem including the introduction of tokenisation, where Visa devalue customers’ data so “when it is hacked, it is useless.”
The company is also using artificial intelligence (AI) to score a transaction and determine the probability of it being a fraud, where a bank would decide whether they should call you to approve the transaction or not.
“With a combination of these activities, we see traction in terms of the rate of detection and also the reduction in fraud. As more consumers become aware to protect themselves, they will be the quickest to alert banks that this is not right.”