Meet our Manager of Governance, Risk and Compliance

November 17, 2020

It takes a village to create the rewarding experiences Canadians deserve with their money. At Neo, our Manager of Governance, Risk and Compliance knows all about minimizing risks in the banking industry, complying with regulations and going above and beyond to build a secure financial app that Canadians can trust. We chatted with Vicky Lao to understand her role and the importance of protecting our members and brand partners.  

Q. Tell us about your background and how you got involved with Neo.

A: I studied Business Technology Management and Accounting at the University of British Columbia. When I graduated, I worked at PwC, mainly assessing and eliminating IT risk. Then I moved into a specialization in governance, risk and compliance. I’ll admit, it’s very niche, but it allowed me to work on exciting projects for Fortune 500 companies in Canada.

I helped these companies and many others using the “crawl, walk, run” approach to build an integrated process to manage governance, risk and compliance. Believe it or not, but these three practices can sometimes be quite siloed even though they’re really similar in nature. When they failed to talk to each other in the right terms and language, I tightened up the processes.

After four and a half years with PwC, I was itching to try something new. I first heard about Neo through a colleague, who was a software developer at the company. At that point in my life, I’d already experienced the corporate environment, but not what it was like to work for a startup. I’ve always wanted to join a tech company and felt ready to make the change. I met Kris Read (Neo’s Co-founder and Head of Engineering) at a tech meetup to learn more about Neo and I guess the rest is history.

Q: What does your day to day look like?

A: My main job is to stay in the loop on any and all conversations around risk and compliance. Most people don’t even know what compliance is, but basically, it’s making sure we keep the company on track. I keep up to date with banking regulations and requirements and ensure that Neo complies with them all. Think of activities like internal audits, and legal considerations you have to follow, as well as being prepared for any unforeseen events, in order to make Neo reliably move forward.

Whenever we’re scoping a new product, when there are new developments, or even when there’s a new process we need to implement, I’m the person that’s considering what all the risks are. I spend a lot of time answering the team’s questions on compliance and Neo procedures.

The policies we need to follow must reflect our own procedures too and they’ve got to be rational. They need to cover our risks and we need to make sure that people understand them.  

Q: Privacy and data protection are crucial, especially for a new digital banking solution in Canada. What’s it like to build a “bank” from the ground up, and how does Neo stay on top of every regulation and security threat?

A: It’s a balancing act. We’ve all experienced how other banks work. At Neo, we take note of their mistakes, what works and what doesn’t, all in the name of creating something better. 

Compliance feeds into development and informs the process, so when we’re building the app, I work closely with James Nauss (Head of Operations & Risk) and the Product and Engineering teams to ensure that our requirements are met. We’ve also got a dedicated team of experts in every area and we work collaboratively to adhere to policies when building out our platform.

It doesn’t hurt either that our team is passionate about financial industry news. We’re forward-thinking and prepared for any upcoming challenges.

Q: What unique regulations and compliance concerns do we face as a technology company in the financial services industry? 

We’re building Neo to better understand our members and to deliver them a more personalized banking and rewards experience. But as with anything that warrants a more personal approach, we need to be cautious with our members’ data and privacy. We collect only the information we need to make our product better and personalized for each customer. All data is stored with safeguards to ensure completeness and accuracy.

Being a tech company doesn’t mean we get a hall pass on the rules that exist for us in the banking industry. We still very much need to comply with them. The best way to think of it is like this: anything that our banking partners need to comply with, so do we. We’re working in a space where we’re being trusted with people's money. 

We don't take that responsibility lightly, so while we're not a bank, we want to always be operating with the same or better levels of security for our members. 

Q: How do you define risk in our industry? And what are currently the biggest threats?

A: The technical definition of risk is the possibility of losing an asset, so something that’s valuable, whether that’s an image, money, property, etc. But for us, the big three that keep us busy are cybersecurity, fraud and credit risk.

Cybersecurity is the biggest threat in our industry and it’s because it has such a far-reaching impact. These are online threats and there’s a certain degree of vulnerability that comes with opening ourselves up online. 

There are more new and creative ways for criminals to hack and manipulate banking systems, but we stay on top of this is by doing our homework. It’s hard to pinpoint what may come, so we get in front of these issues by keeping ourselves informed. We research, educate and train our teams on trends and specific things to look out for. 

Fraud can be closely tied to cybersecurity, where people are making unauthorized transactions or assuming false identities. Credit risk is when people don't pay their bills. When this happens, the banks are liable for the losses. So that’s a gap that we need to consider.

Q: Does Neo have an advantage in tackling cybersecurity because we’re a tech company? 

A: Being part of a tech culture does have its advantages. Everyone understands technology, what’s at stake and how it can help us improve our lives. Many of us at Neo are developers, so we’re constantly looking for ways to improve our security and not just meet the bare minimum, but to go above and beyond what others expect of us. 

It’s not enough to just follow a basic set of guidelines. The framework that’s in place for us is just that - a baseline. We take risk-based approaches and think about long-term implications in everything we do, which sets us up for success, especially in tackling the unknown.

We also build product features that address specific security concerns. We embed these security features into the design and development of the app as a whole. Security isn’t just an add-on, it’s a priority from the beginning. 

Q: How do we earn the trust of Canadians as a new company?

A: We build trust through the experience we’re offering. It’s one thing to just tell people we have a seamless app that does x, y and z, and sure they can trust us by taking our word for it, but it’s another thing entirely for them to see it themselves. 

The first Neo members using the app are now giving us their valuable feedback. We’re listening to them with open ears and letting them have a major hand in shaping the future of spending and saving to benefit all Canadians. Especially in redefining what’s possible through technology. 

Q: What is Neo’s relationship with its banking partners like? 

A: We have great working relationships with our partners, where we share our knowledge, questions and expertise. It’s not a one-way-street. Information sharing is one of the best ways to fast-track how we can make improvements. We share our findings in market trends, cybersecurity news, address risks and ultimately work closely with our banking partners to build a top-notch product together.

Q: Neo has already begun launching in Canadian cities such as Calgary, and will soon be nationwide. What do we need to achieve today to be across the country tomorrow?

A: From a compliance perspective, we’ve already done the legwork. We’ve prepared for the regulations and requirements that each province has and we’ll continue on with monitoring any policies that may change as we ramp up for our nationwide launch.

Overall, we need to stay focused on improving people’s relationship with their finances, making their lives easier and more rewarding than what was possible before. This means ensuring the highest levels of security and data protection each step along the way, especially as we continue to roll out more innovative approaches to managing your money and earning more relevant rewards each time you spend and save with Neo.   

To learn more about working at Neo and building Canada's most rewarding spending and savings experience, check out our careers page.