Nicola Matthias, director of risk and compliance at Aro, explains how she readied the business for Consumer Duty and her priorities for the coming 12 to 18 months, as the UK’s regulator becomes more “hands on”.
1. What does your role at Aro involve?
I’m responsible for managing all areas of risk and compliance at Aro, across both sides of the business: the platform and the second-charge advisory service as well. At Aro, it goes beyond meeting our regulatory requirements. I don’t stand around with a checklist. Instead, we’re very much about understanding what’s best for our customer and ensuring we protect them and provide good customer outcomes throughout the journey.
It means that my team and I work closely with all areas of the business. We need to understand the processes, and the customer impacts throughout the journey. We tend to be involved in projects right from the outset, ensuring that we’re not hindering any progress, or that innovation isn’t being delayed by any risk and compliance objectives.
2. When a new piece of legislation is coming in, like Consumer Duty, what are your priorities to ensure the business is ready for that?
With any new piece of legislation or regulation that’s coming over the hill – and we did this with Consumer Duty – we look at what the initial guidance is from the regulator. The regulator started talking about consulting on Consumer Duty way back, in December 2021.
So, when I joined the business in November 2021, I started doing a gap analysis straight away, asking: What does that look like for Aro? Are we already meeting the requirements, and by what percentage? Where are gaps?
We started talking about ‘good’ customer outcomes, as opposed to ‘fair’ customer outcomes to get people used to the Consumer Duty language. And, as we reviewed our policies on an annual basis, we applied a Consumer Duty tilt to all our policies, to ensure we hit the ground running. As we do for any new changes that come through, we start with educating the board and the executive committee on what that’s going to look like and then we have a waterfall effect. I’ve held numerous workshops with different areas of the business, tailoring what they need to know about Consumer Duty for them.
I wanted to make sure we understood that it is a big upheaval and the changes that we needed to make. But the biggest change for nearly every partner that I’ve spoken to has been the need for evidence. Our lenders come into work every day wanting to do the right thing by the customer, wanting to produce a good outcome for every customer that we interact with – whether that be digitally or verbally. But, being able to demonstrate what we’ve done to the regulator, in some areas that’s new. It’s about being able to demonstrate what outcomes we actually produced for that customer and to prove how we did it and why it happened. So, it’s been a long journey and now, all that hard work is coming to fruition.
3. Fraudulent activity and cyberattacks are on the rise and becoming more sophisticated. What can UK lenders do to better protect their customers from fraud and cybercrime?
The fraudsters move and adapt very quickly. And, historically, financial institutions haven’t always been able to do that. As you say, statistics show that cybercrime is now replacing conventional crime because, as the world becomes more digital, money becomes digital – and crime follows the money.
At Aro, education is very important to ensure our customers are aware of who we are, what we do and what we don’t do. We’ve updated our website with some dos and don’ts – some things for customers to watch out for.
But, internally, it’s important that our people can identify where someone is applying for a loan under somebody else’s name, so an identity fraud. We hold workshops and education sessions, we share documents that a customer – albeit a fraudulent customer – may share with us to prove their income, or to prove they are who they say they are.
We work with companies, such as Onfido, to do identity checks for us and then flag any issues. Collaboration is everything. And that’s where I’ve been working with other members of the industry and other people who deal with fraud at a lender or a partner, so that we can collaborate to share best practice and protect our customers. Any insights we can gain from other people or other financial services providers, that’s a two-way approach – we pass things the other way.
We have a knowledge exchange and a business culture that allows for continuous improvement and that goes right back to how we work – to ensure that risks are mitigated for us and for our customers.
4. What are your risk and compliance priorities at Aro over the next 12 to 18 months?
The biggest one in the short term is Consumer Duty, of course, and making sure we are able to implement the rules and objectives that come with the Duty.
I think what is key is there’s an ever-changing economic environment, with more customers who are identifying vulnerable characteristics, or who are becoming vulnerable because of the economic environment. So, that’s really high on our priorities, and how we can support those customers. In a purely digital journey, that is notoriously difficult. It’s about ensuring we find ways – such as through collaboration with our lenders and our partners – to support customers.
I’d be lying if I didn’t say data management. It’s not something that’s unique to Aro, but it’s very high on everyone’s priorities; ensuring that we continue to have that governance in place to manage people’s data, make sure people have trust that Aro is handling their data in the right way.
Finally, the regulator is becoming more hands on, and has a renewed appetite to hold firms and senior managers to account for what happens in their business under their watch. So, they’ve made it clear that if we, as an industry, fail to act and put those programmes in place, then they will step in. For us, that means developing codes of conduct, making sure that everyone’s following those codes of conduct, articulating our expectations, getting the right tone – from the board, through the executive committee, right through the entire business. And, continuing to build a good relationship with the regulator is important too.
Nicola is taking part in a panel session at Open Banking Expo UK and Europe in London on 18-19 October, titled ‘Consumer Duty and Open Banking – are you adapting to the new rulebook?’. Get your tickets here.
Read our Q&A with Aro’s chief executive officer Emma Steeley about deploying data intelligence in personal credit.