by Karen Gregory
Randi Gordon, Vice President, Product Management, for Insurance & Retirement Services (I&RS) at DTCC.
“The reality is that our ability to protect the financial system and clients requires us to have state-of-the-art risk management.” – DTCC 2012 Annual Report
Fulfilling the goal of mitigating risk in the financial industry started with a comprehensive review of DTCC’s Enterprise Risk Management systems and capabilities. What followed was the development of a multiyear plan to transform DTCC's risk infrastructure and position the organization at the cutting edge of risk-management practices across the industry. That plan included the creation of a new role: the Business Risk Manager.
This profile of Randi Gordon, Vice President, Product Management, for Insurance & Retirement Services (I&RS), is the first in a series of articles introducing the company’s embedded business risk managers and explaining the roles they perform in assessing risks associated with their business areas, as well as in driving the risk assessment of proposed products and services.
@dtcc: Randi, what exactly is the position of an embedded risk manager at DTCC?
Gordon: Let me first explain that the people within our individual business lines are our first line of defense for managing risk, and that line is composed of all the areas critical to the daily operation and functioning of DTCC and its various businesses. My job in representing I&RS is to understand the ways DTCC measures and reports on risk, foster an environment of risk awareness and ensure that we are compliant with the different risk requirements and policies – from compliance and operational risk reviews to business continuity – and coordinate them with the team. We need to continually be thinking about the risk aspects of everything we do, whether it’s product development, relationship management or daily processing of our business. I am also responsible for reviewing new policies and procedures implemented by supporting services such as Audit, Operational Risk, Technology Risk Management and Compliance.
@dtcc: How has your role impacted your business line?
Gordon: I have a dual role as both a product manager and risk manager so I am able to integrate risk considerations into the way we design, develop and deploy initiatives for our clients. I’ve also been able to bring issues that impact my department to the forefront and, therefore, cultivate a larger voice for my business unit.
@dtcc: Can you provide specific examples?
Gordon. Because I had an opportunity to collaborate with my risk-manager peers across the company, we were able to identify a common issue that was impacting not only my business unit but multiple areas of the company, as well. The problem wasn’t significant for each of the businesses, but, altogether, it became apparent that it was systemic. So by addressing the issue enterprise-wide, we were able to bring improvements to the organization, as well to my business, in a very effective way.
@dtcc: Have you come across situations where a particular initiative that DTCC was pursuing did not quite fit the profile of I&RS clients?
Gordon: Yes, I have encountered such a situation. Corporate information security is becoming more and more important at DTCC as cyber-security threats increase. One of these threats is the risk of what is called a Distributed Denial of Service (DDoS) attack. This is an attempt to flood the bandwidth and connectivity between a financial institution and the Internet, typically by sending requests from compromised machines to the institution’s website
To help counter these attacks, we were planning to advise our clients to establish connectivity to the organization via SMART, which is DTCC’s proprietary and preferred method. However, many I&RS clients connect to us only through the Internet. So, I partnered with our Technology Risk Management team to validate an alternative approach, which worked very well for our clients.
@dtcc: What is the most important part of your responsibility as a business risk manager?
Gordon: I believe it is to help set the standards for DTCC and to incorporate my knowledge and expertise of risk issues into the I&RS business. That is true for all members of the Business Risk Manager team.
@dtcc: Any personal observations?
Gordon: It is challenging, learning about the myriad risks that DTCC looks at and reports on every day, and it’s constantly evolving. The analytical work that we do is to develop solutions on a corporate-wide level as well as on an individual-business level. That combination of high-level and individual business involvement is allowing me to make a difference in the organization’s future. Altogether, it’s an incredibly rewarding experience.