Ask Women in Product: What’s the best way to work with Compliance teams in a regulated space?
I work in a regulated space and struggle with how best to involve our Compliance team in our product work. What tactics do you use as a PM to create and maintain a healthy partnership with Compliance?
Answer from Sara Nofeliyan, Senior Product Manager at Varo Money
It can be daunting to develop and maintain products in regulated spaces such as finance and healthcare, especially in the quickly-evolving technology sphere. So, props to you if you’ve taken on the opportunity and challenge. In this post, I provide some guidelines that I’ve evolved over the last four years working in the financial technology (fintech) sector.
Learn the basics and put yourself in your customers’ boots
Most regulatory bodies exist to protect individual interests like privacy and safety. Think about the actions that have an impact on you as a consumer, and incorporate that perspective into your product development process. The more you do this, the more intuition you can build around what is right by the user and what is compliant with regulations.
Think about the actions that have an impact on you as a consumer and incorporate that perspective into your product development process.
For example, if your product collects information from your users, you should have an understanding of what the consumer perceives and understands they are disclosing by using your product. From this, you can inform decisions about what data are appropriate to distribute among partners or even more broadly within your company.
As a second example, if you are creating or modifying an agreement or operational document, think about how you can be as explicit as possible. Making disclosures and legal documents more user-friendly usually works in parallel with making your product more compliant. To scale, create guidelines that are easily interpreted by cross-functional groups (think designers, copywriters, engineers, and marketers). These guidelines might be in a document with a few examples of best practices, dos and don’ts, and approved boilerplate content to lean on.
Have a clear set of criteria for the go/no-go decisions
The job of product management is complex and typically has several stakeholders. Avoid getting trapped in a bind or getting delayed on your go-to-market plan because you don’t have a clear decision point.
The process of getting approval or feedback from your legal or compliance-focused counterparts should be clear; you should know right from the start who or how many people need to sign off on the requirements for you to get the green light.
You should know right from the start who or how many people need to sign off on the requirements for you to get the green light.
In cases where it’s difficult to get a clear answer or pin down the right person for review, you may — as the Driver — need to identify the people in your organization who will act as either Approvers or Contributors (as described in the DACI framework). You may find it necessary to put in some work up front with your leadership team to get clarity and establish the responsibilities for Drivers, Approvers, and Contributors. Once those roles and responsibilities are agreed on, your go/no-go process should go far more smoothly.
Make sure the inputs and outputs of the feature or product that’s being reviewed are standardized. The work of reviewing products to provide and incorporate feedback can be taxing for compliance teams. You can simplify the process by providing well-annotated user flows and sufficient context.
Instill a culture of collaboration
A working relationship is more than ‘tossing something over the wall’ to your compliance team and hoping for a positive response. Instead, consider it part of a product manager’s job to build this relationship and over-communicate your strategic goals; in the process, you’ll create more advocates for the product you’re building. You’ll also empower a group with different perspectives and voices to provide constructive feedback on your product as a whole, versus nominal feedback on a small piece, which may often feel out of context.
A working relationship is more than ‘tossing something over the wall’ to your compliance team and hoping for a positive response.
The more your reviewing team members understand strategic needs and user behavior, the better they can assist in interpreting the rules and protecting your organization. Remember that compliance teams aim to prevent mishaps or indiscretions that erode the trust of the consumers.
Understand the basics of regulations — the way they interact with your product and the benefits they aim to provide your users — to formulate your initial recommendations with confidence. Clarify the roles of your different stakeholders; if needed, get direction from leadership so that all parties know how they participate in each go/no-go decision. Use a very explicit and transparent set of decision criteria to cut the mental overhead of working in a multi-faceted industry. Foster a culture of collaboration that strengthens your stakeholder relationships with each new product and feature that is deployed.
Don’t be afraid to iterate on your process if you run into hurdles or failures. With a shared goal of doing what’s right for both your customers and your company, you can partner and collaborate effectively with colleagues in Compliance.
Answer from Giada Usan, Junior Product Manager at Moneyfarm
Working in a financial technology (fintech) environment means that my work is subject to regulation by the Financial Conduct Authority, a UK regulator of the financial services industry. In this line of work, having the customers’ interests front of mind is good, but it’s often not enough because there are rules that are not immediately obvious. Ignorance of the rules is not an excuse; as product managers in this industry, we have an obligation to ensure that everything we deliver is compliant.
In short, compliance is part of a product manager’s job description. You need to know your product and the industry you are working in, and you need to read and understand the rules and regulations. Your company’s compliance team should be your source of truth and often are ready and willing to provide assistance and interpretation when you need it.
Compliance is part of a product manager’s job description.
This post outlines how I handle most of my daily work and the processes we have in place at different stages of the product’s lifecycle to work in a highly-regulated environment.
Developing a new feature
Creating a new feature means you start swimming in a sea of opportunities, innovations, and smart ideas that might not be always aligned with what’s really best for customers. Here’s how I approach this work.
- Check in with the compliance officer. When set with the task of scoping a new feature, a coffee with the Compliance Officer is one of the first appointments in my calendar. At these preliminary meetings, I usually ask about regulations that affect the planned feature and request resources that are available to help ensure I am delivering a compliant product.
- Understand the rules. There’s no substitute for having a look at the rules; they might seem scary at the beginning, but after a while, you start to understand that they actually help you give shape to your new feature. Check if the new feature needs a new legal document or come with new requirements. Make sure you collect them all before starting your core product work.
- Confirm that the design is still compliant. After the first design, I usually go back to the compliance team to confirm that what the customers will see is the right way to show the new feature.
- Get sign-off for all product communications. I work with the content team to make sure that everything we say to our audience is checked and approved by our compliance team.
In the course of product development, you might find new rules and requirements that you weren’t expecting. Keep calm and check with the compliance team. They are one of your main stakeholders and will do what they can to protect the company from liability.
Planning and conducting product tests
We need to include compliance in the conversation when we plan improvements or test our product. A feature that already exists might have passed compliance review when it was first created, but this doesn’t mean you can assume it’s still okay. It’s worth rechecking the rules and regulations in case there’s been an update, or in case improvements can be made to follow the regulation more closely. When a product manager plans a round of testing, s/he needs to be sure that the change doesn’t make the feature noncompliant.
A feature that already exists might have passed compliance review when it was first created, but this doesn’t mean you can assume it’s still okay.
I usually run a demo with the Compliance team and show them what feature we will test and how the test will look. We perform the same steps that our users take on our platform and confirm that everything is compliant. Make the compliance team part of your test, and you’ll have more confidence that the product is always protecting your customers’ interests.
Cutting an old feature
There will be times when you’ll need to get retire an old feature due to a change in business requirements. At the beginning of this scoping exercise, I catch up with Compliance to first learn the applicable requirements and only then do I draw the timeline according to any regulations that might apply.
Be prepared for the possibility that you’ll need to delay your project to give your customers enough notice.
Review your terms and conditions, contracts, or any legal documents to understand the implications of disabling a specific feature. Will there be a legal problem if the feature is removed? Might you go against your customers’ interests by killing that feature? What else would you need to do to remain compliant? Be prepared for the possibility that you’ll need to delay your project to give your customers enough notice. You may also need to craft customer communications so your clients gain a thorough understanding of what’s going to happen when the feature is removed.
Keep up to date
We need to always keep in mind that rules and regulations change over time. You’ll need to stay updated as the applicable regulations change. Mifid2 (Markets in Financial Instruments Directive) and GDPR (General Data Protection Regulation) are just two examples of regulations that have changed our industry recently and have had a large impact on a product team’s daily work.
Partner with your Compliance team to stay updated about any new rules. You can achieve this through a monthly catch-up or a compliance email update. Whatever approach you agree on, you’ll want to plan your future work and prioritise your backlog in compliance with any deadlines for implementing the new rules.
When you’re at the beginning of your career in product, there are so many things to learn and being in a highly-regulated environment might add to the feeling of being under pressure.
You can greatly improve your ability to remain compliant by establishing a healthy and early collaboration with your Compliance team. With their help, you can ask yourself the right questions, do a better job of meeting your customers’ needs, and see the product in a different light. With each round of collaboration, you’ll find that having someone to guide you on the regulations at each step of your product development journey will really help you grow as a product manager.
Thank you to Rachel Bodnar for editing this piece.
You may also like – Ask Women in Product: What are the best ways to get up to date on microservices?
Louise Heatley shares a curated list of resources that will help product managers get up to speed on microservices.