officer - Blog - Global Risk Community2024-03-28T19:19:16Zhttps://globalriskcommunity.com/profiles/blogs/feed/tag/officerAiming to Become a Customer-centric Organization, Then Where's the Customer Department?https://globalriskcommunity.com/profiles/blogs/aiming-to-become-a-customer-centric-organization-then-where-s-the2019-07-16T09:43:55.000Z2019-07-16T09:43:55.000ZMark Bridgeshttps://globalriskcommunity.com/members/MarkBridges<div><p><img src="https://media.licdn.com/dms/image/C4E12AQHHar_lqRkJsw/article-cover_image-shrink_720_1280/0?e=1568851200&v=beta&t=PiSkZGIqqo9FrhWHj62U4SSH5WfNUQhDhpjTZrKfGpU" alt="0?e=1568851200&v=beta&t=PiSkZGIqqo9FrhWHj62U4SSH5WfNUQhDhpjTZrKfGpU" /></p><p>Transforming a product-driven firm to a customer-driven enterprise is inevitable in order to stay ahead in today’s extremely competitive markets. The days of mass marketing, mass media communications, and little-to-none direct interface with customers are long gone. The emphasis, now, should be on maximizing customer relationships and becoming customer-driven organizations rather than merely selling products. The technological advancements of this age offer potent tools for organizations to utilize in order to engage with the customers directly; gather and mine information; and tailor their products and services appropriately.</p><p>Leading organizations are making huge investments in data analytics and transforming their strategies to focus on the customers’ evolving needs. They are striving hard to improve their customer retention and deepen their relationships utilizing rich customer insights, tailoring products according to the personalized needs of the customers, and presenting the offerings in a variety of store formats.</p><h3><strong>The Customer Department</strong></h3><p>To become customer-centric organizations, companies need to transform their traditional marketing function into a new unit called the “Customer Department.” <a href="https://flevy.com/browse/flevypro/customer-centric-organization-the-customer-department-3860" target="_blank">The Customer Department</a> should be created to deliver maximum profits to the customers and nurturing customer relationships instead of pushing products.</p><p>This necessitates transforming the organizational structure, culture, strategy, and reward programs in line with the shift in focus from managing transactions to cultivating customer relationships. Specifically, there is a need to add the position of <a href="https://flevy.com/browse/flevypro/customer-centric-organization-the-customer-department-3860" target="_blank">Chief Customer Officer (CCO)</a>—under the CEO—and various Customer Managers underneath the CCO. The roles and responsibilities of these positions should be:</p><h3><strong>Chief Customer Officer (CCO)</strong></h3><p>The most prominent shift in a customer-centric organization is replacing the traditional Chief Marketing Officer (CMO) role with the Chief Customer Officer (CCO) role. Reporting to the CEO, the CCO is primarily responsible for devising and executing the customer relationship strategy, directing all the client-facing roles, and fostering a customer-driven culture in the organization. The main tasks of the CCO position include ensuring smooth flow of customer information, increasing productivity utilizing various metrics, and regularly interacting with the customers to understand their concerns.</p><h3><strong>Customer Managers</strong></h3><p>In a customer-centric organization, the Customer Managers (CMs) are in charge of various customer segments. They are accountable for enhancing the value of a customer relationship by ascertaining customers’ product needs. To make this role effective, there is a need to realign resources—people, budgets, authority—from product managers to the CMs.</p><p>The main tasks of the CM position include defining customer needs, extracting and interpreting customer insights utilizing various sources—e.g., mining customer forums, blogs, and online purchasing data—, and striving to improve the lives of the customers.</p><h3><strong>Additional Responsibilities of the Customer Department</strong></h3><p>Customer-centric organizations make the <a href="https://flevy.com/browse/flevypro/customer-centric-organization-the-customer-department-3860" target="_blank">Customer Department</a> accountable for some of the critical customer-facing functions which were once considered an integral part of the Marketing Department. These functions include:</p><ol><li><strong>Customer Relationship Management (CRM)</strong></li><li><strong>Market Research</strong></li><li><strong>Research & Development (R&D)</strong></li><li><strong>Customer Service</strong></li></ol><div class="slate-resizable-image-embed slate-image-embed__resize-full-width"><a href="http://flevy.com/browse/flevypro/customer-centric-organization-the-customer-department-3860" target="_blank"><img src="https://media.licdn.com/dms/image/C4E12AQFu7XzQnf1J8w/article-inline_image-shrink_1000_1488/0?e=1568851200&v=beta&t=0U2Mc4iCVbKRjXdcZYaq3H42GtQM1rcyOU2v_zBOzQk" alt="No alt text provided for this image" /></a></div><h3><strong>Customer Relationship Management (CRM)</strong></h3><p>Traditionally, the CRM function belongs to the Information Technology Department owing to the technicalities involved in managing the CRM systems. The function demands evaluating the customer requirements and behaviors—which is a core function of the Customer Department alongside gathering and analyzing data necessary to execute a customer-development strategy.</p><h3><strong>Market Research</strong></h3><p>In customer-centric organizations, the Market Research function goes all the way from the marketing unit to other units that deal with customers—e.g., Finance for payments, Distribution for delivery. These organizations take a more granular view of customers’ behaviors, and gather and incorporate clients’ feedback to further improve customer lifetime value and equity.</p><h3><strong>Research & Development (R&D)</strong></h3><p>The <a href="https://smallbusiness.chron.com/function-descriptions-research-development-department-37150.html" target="_blank">R&D</a> function should also report to the Customer Department, as, nowadays, the traditional R&D-driven new product development models are conceding to creative collaboration between the client (users) and producers. It’s not a good idea anymore to pack tons of features into a product and cause feature fatigue to customers. What’s more appropriate is to seek and incorporate customers’ input into product features by involving them into the product design process.</p><h3><strong>Customer Service (CS)</strong></h3><p>CS is another function that should be handled by the Customer Department to guarantee quality of service and to nurture long-term relationships. This important function isn’t worth outsourcing overseas as this often causes negative impact to the clients and organizations alike, due to poor customer service.</p><p>Interested in learning more about <a href="https://flevy.com/browse/flevypro/customer-centric-organization-the-customer-department-3860" target="_blank">Customer Metrics, Customer Department, and Customer-centric Organizations</a>? You can download <a href="https://flevy.com/browse/flevypro/customer-centric-organization-the-customer-department-3860" target="_blank"><u>an editable PowerPoint on </u><strong><u>Customer-centric Organizations: The Customer Department here</u></strong></a> on the <a href="https://flevy.com/browse" target="_blank">Flevy documents marketplace</a>.</p><h3><strong>Are you a Management Consultant?</strong></h3><p>You can download this and hundreds of other <a href="http://flevy.com/pro/library/frameworks" target="_blank">consulting frameworks</a> and <a href="http://flevy.com/pro/library/consulting" target="_blank">consulting training guides</a> from the <a href="http://flevy.com/pro/library" target="_blank">FlevyPro library</a>.</p><p> </p></div>United Arab Emirates (UAE) Data Protection and Privacy Laws & Regulationshttps://globalriskcommunity.com/profiles/blogs/united-arab-emirates-uae-data-protection-and-privacy-laws-amp2017-10-20T09:21:01.000Z2017-10-20T09:21:01.000ZBiji Scariahttps://globalriskcommunity.com/members/BijiScaria<div><div id="ember5557" class="ember-view"><div class="reader-article-content"><h2><strong>Introduction</strong></h2><p>In simple words ‘Data Protection’ can be defined as the law and/or regulation designed to protect your <span>Personal Data or Personally Identifiable Information (PII)</span>, which is collected, processed and stored by companies, institutions etc. In this era where data security breaches happen almost daily, it is essential that data protection laws and regulations restrain and shape the activities of companies and other institutions.</p><p>The objective of this article is to give an overview of key UAE Laws and Regulations existing in mainland (DIFC has separate Data Protection Law) which will ensure that UAE citizens and residents personal information is protected. Its an attempt by the author and all data and information provided on this article is for informational purposes only and the accuracy, completeness, suitability, or validity of any information on this article must be validated individually before making any decisions.</p><h2><strong>Laws and Regulations</strong></h2><p>The definition of personal data must be looked in much broader terms than what’s defined in other countries where pictures, private messages etc can be also considered as personal data.</p><p>Overall Data Protection in UAE is governed by federal laws and regulations from UAE Central Bank & Telecommunications Regulatory Authority (TRA). These UAE Federal Laws and regulations contain various provisions in relation to privacy and the protection of Personal Data.</p><ul><li>The Cyber Crime Law - Federal Decree Law no. (5) of 2012. The Cyber Crime Law criminalises obtaining, possessing, modifying, destroying or disclosing (without authorisation) electronic documents or electronic information relating to medical records (Article 7).</li><li>Article 31 of the UAE Constitution of 1971, which guarantees the right to secrecy of communications.</li><li>Penal Code (Federal Law No 3 of 1987 as amended)</li><li>UAE's Central Bank published the Regulatory Framework for Stored Values and Electronic Payment Systems ("Digital Payment Regulation") Jan 1st 2017</li><li>Telecommunications Regulatory Authority (TRA)- The Consumer Protection Regulations, Version 1.3, Issued 10 January 2017</li><li>The DHCC Health Data Protection Regulation No. 7 of 2013</li><li>The DIFC implemented DIFC Law No. 1 of 2007 Data Protection Law in 2007 which was subsequently amended by DIFC Law No. 5 of 2012 Data Protection Law Amendment Law ('DPL').</li><li>The Dubai Data Law, which has been in force since 27 December 2015</li></ul><h3><strong>Data Residency or Data Transfer Restrictions</strong></h3><p>According to the Penal Code (Clause 379), personal data may be transferred to third parties inside and/or outside of the UAE if the concerned person have consented in writing to such transfer. The key expectation is to have consent from the concerned person.</p><p>However, Central Bank of The United Arab Emirates ‘Regulatory Framework For Stored Values and Electronic Payment Systems’ mandates that all Payment System Operators (PSPs) must store and retain all User and transaction data exclusively within the borders of the UAE.</p><p>As per Telecommunications Regulatory Authority (TRA) ‘The Consumer Protection Regulations, Version 1.3, Issued 10 January 2017’ licensees must obtain a Subscriber’s prior consent before sharing any 'Subscriber Information' with its affiliates and/or other third parties not directly involved in the provision of the telecommunications services ordered by the Subscriber. Further the licensees must ensure that the third-parties are taking all reasonable and appropriate measures to protect the confidentiality and security of the Subscriber Information and the third party’s obligation should be taken care contractually and they should be made responsible for protecting confidentially and security of Subscriber Information. It’s the obligation of licensee to ensure that all reasonable measures to protect the privacy of Subscriber Information that it maintains in its files, whether in electronic or paper form.</p><h3><strong>Data Retention</strong></h3><p>Central Bank of The United Arab Emirates ‘Regulatory Framework For Stored Values and Electronic Payment Systems’ mandates that all Payment System Operators (PSPs) must store and retain user and transaction data for a period of five (5) years from the date of the original transaction.</p><p>The DHCC Health Data Protection Regulation mandates that medical and dental records of UAE national and expatriate patients should be retained for 10 years after the date of last entry into the record; 20 years for medico-legal cases and 10 years for deceased patients.</p><p>Telecommunications Regulatory Authority (TRA) CPR mandates that Licensees shall maintain records of Consumer Complaints for a minimum period of two (2) years, or such other period as may be specified in the License (3 years).</p><h3><strong>Security</strong></h3><p>The security requirements or measures that needs to be taken to protect the data must be defined by companies, institutions etc by looking at the applicable legislative and regulatory requirements. Once the legislative and regulatory requirements are identified, companies should do a detailed due diligence and come up with best practices and security controls to protect ‘Personal Data or Personally Identifiable Information (PII)’. Its important to ensure that, the level of best practices and security controls implemented can provide adequate level of ‘Personal Data’ protection and will ensure that companies are protected from data breaches or claims arising out of data breaches.</p><p>Details of Best Practices and Security Controls to protect ‘Personal Data’ will be discussed in a separate article.</p><h3><strong>References</strong></h3><p>Regulatory Framework For Stored Values and Electronic Payment Systems Published on 1-1-2017</p><p><a href="https://www.centralbank.ae/en/pdf/notices/Regulatory-Framework-For-Stored-Values-And-Electronic-Payment-Systems-En.pdf" target="_blank">https://www.centralbank.ae/en/pdf/notices/Regulatory-Framework-For-Stored-Values-And-Electronic-Payment-Systems-En.pdf</a></p><p>Federal Decree-Law no. (5) of 2012 ON COMBATING CYBERCRIMES</p><p><a href="http://ejustice.gov.ae/downloads/latest_laws/cybercrimes_5_2012_en.pdf" target="_blank">http://ejustice.gov.ae/downloads/latest_laws/cybercrimes_5_2012_en.pdf</a></p><p>The Consumer Protection Regulations, Version 1.3, Issued 10 January 2017</p><p><a href="https://www.tra.gov.ae/assets/xy9LbOAZ.pdf.aspx" target="_blank">https://www.tra.gov.ae/assets/xy9LbOAZ.pdf.aspx</a></p><p>Dubai Health Care City Authority Health Data Protection Regulation No. 7 of 2013</p><p><a href="https://www.dhcr.gov.ae/AboutDHCRDocuments/9-Health%20Data%20Protection%20Regulation.pdf" target="_blank">https://www.dhcr.gov.ae/AboutDHCRDocuments/9-Health%20Data%20Protection%20Regulation.pdf</a></p><h3><strong>Disclaimer</strong></h3><p>All data and information provided on this article is for informational purposes only. The author makes no representations as to accuracy, completeness, suitability, or validity of any information on this article and will not be liable for any errors, omissions, or delays in this information or any losses, injuries, or damages arising from its display or use. All information is provided on an as-is basis.</p><p></p><p></p></div></div></div>The data-generating generation – what does it mean for banks?https://globalriskcommunity.com/profiles/blogs/the-data-generating-generation-what-does-it-mean-for-banks2013-09-24T15:47:47.000Z2013-09-24T15:47:47.000ZAlexandre Vandeputhttps://globalriskcommunity.com/members/AlexandreVandeput<div><p>Baby-boomers will soon be transferring their assets to generations X and Y, primarily defined by their exposure to technology and the web from an early age. As banks’ relationship management styles gravitate towards digital mediums, their next priority should be the associated customer data. How can banks adapt their IT infrastructures to manage the amounts of data new generations are generating?</p><p>In today’s digitalised world customer data is increasing daily. Social media alone (Twitter, Facebook, LinkedIn, etc.) produces huge amounts of information that banks are only starting to make use of.</p><p>In addition, banks’ monopoly over their customers’ finances is a thing of the past. Nowadays, clients keep current, savings and brokerage accounts with multiple providers. If a bank only owns one account with a client, information management becomes even more important. </p><p>The ultimate challenge for banks is to transform client data into tangible, customised offers. The rewards will be significant: cross-selling opportunities, product innovation, hyper-segmentation of offerings, leading to greater revenues and customer engagement.</p><p>The unfortunate truth is that banks are not yet fully equipped with tools, processes, applications and frameworks capable of managing huge amounts of data derived from multiple sources, in real time. Data from social media channels, for example, is only being used for product promotion rather than as part of banks’ holistic data governance solution, due to security, integrity and customer privacy issues.</p><p><b>How to get the data right?</b></p><p>The right vision and culture are paramount. This involves ownership of customer data projects at the Chief Data Officer level.</p><p>The next step is to align technology with this new vision. The good news is that the infrastructures necessary for the capture, storage and processing of large data volumes in real time are increasingly affordable and much simpler, thanks to vast improvements in storage technologies.</p><p>So what do banks need to do?</p><ul><li>Prioritise data topics in order to centralise reference data requirements into one centre of competence;</li><li>Manage data from a holistic point of view, encompassing the relevant end-to-end data value chain;</li><li>Monitor continuity of operations and feasibility of objectives by breaking down changes into digestible packages with clear mandates, timelines and delivery focus.</li></ul><p>All this requires investment and resources. The increasing competition for the new generations’ wallet-share makes this investment a necessity for banks, to become data-powered businesses with products and services that belong in the digital marketplace of the future. </p></div>A Chief Risk Officer Needs to be a Trusted Advisorhttps://globalriskcommunity.com/profiles/blogs/a-chief-risk-officer-needs-to-be-a-trusted-advisor2013-03-04T23:18:27.000Z2013-03-04T23:18:27.000ZBryan Whitefieldhttps://globalriskcommunity.com/members/BryanWhitefield<div><h3><span class="font-size-2">Recently I read a comment in a LinkedIn Group that stated Chief Risk Officers should be given more authority in order to enforce sound risk management practices. This made me raise my pen.</span></h3><p>The notion of authority for a CRO worries me a bit along the lines that the risk management function and internal audit should be separated. </p><p>I am more of the school that CROs sell benefits, facilitate better practices and influence good decision-making as broadly as they are able while the assurance function (eg Internal Audit) attests to the success or otherwise of the CRO's efforts (<a href="http://www.rmpartners.com.au/risk-management-blog/entry/risk-leadership-should-boards-have-risk-committees.html">Also see my blog on should Boards have a separate Risk Committee</a>). Yes, sometimes the CRO’s job will be near on impossible and you would need the charisma of Richard Branson, however, being seen as a “Trusted Advisor” rather than an authoritative figure will in the end assist management make better decisions. </p><p>As many of the subsequent posts to the comment stated, you need to earn respect. In my words, “Trusted Advisor” status must be earned. You can have notional authority without influence.</p><p>Lastly, I was involved in the establishment of a Masters in Risk Management at Monash University, Australia, about 12 years ago and during a workshop on what might be a CRO's ultimate skill set, we concluded someone with the core technical RM skills and an MBA was getting towards the mark. Since then I have often commented that a <b>CRO needs to be an MBA on steroids.</b> </p><p>A CRO needs to understand strategy, finance, safety, project and change management, organisational behaviour as well as have a great understanding of the business. On top of that, a CRO needs to show strong leadership across all of these areas.</p><p><a href="http://www.rmpartners.com.au/">www.rmpartners.com.au</a></p><p> </p></div>Assessing Risk Management Culture to Better Understand the Characteristics of ERM Programshttps://globalriskcommunity.com/profiles/blogs/assessing-risk-management-culture-to-better-understand-the2012-08-27T16:03:35.000Z2012-08-27T16:03:35.000ZMichele Westergaardhttps://globalriskcommunity.com/members/MicheleWestergaard<div><p>The past 24 months have seen a number of man-made and natural disasters bring risk management demands to the forefront of executives and board directors. Whether these have been natural disasters, such as the Japanese Tsunami or man-made disasters, such as the Gulf of Mexico oil spill, fat-tail disasters have created a renewed interest in <a href="http://www.marcusevansch.com/ERMCanadaInterview">enterprise risk management</a> (ERM) practices.</p><p>Although demand for these practices and the discussion level for their use is high inside the C-suite of many corporations and private enterprises, studies have shown that there is a discontinuity of both talent and practice in Western economies. So, how can organizations ensure a culture of risk awareness is put into place?</p><p> “Get a commitment from senior management that encouraging a risk culture throughout the organization is a priority. Put together a communication strategy that can include newsletters, lunch-and-learns, speaking at head office and regional business meetings. Look at the gaps or challenges in your Risk Appetite and Material Risks for ideas on where to focus your efforts” says <b>Diana L. Graham, Chief Risk Officer at ResMor Trust Company.</b></p><p>marcus evans spoke to Ms. Graham, before the forthcoming <a href="http://www.marcusevansch.com/ERMCanada_DGInterview"><b>2<sup>nd</sup> Annual Enterprise Risk Management Canada Conference, October 2-3, 2012 in Toronto, Canada</b></a><b>.</b> Within her role at Resmor Trust, she has built a successful internal risk culture involving individuals from every level of the organization. Key to this success is developing transparency across these risk buckets to enhance communication and minimize potential gap risk from falling through the cracks.</p><p>“Ideally, <a href="http://www.marcusevans.com/marcus-evans-news/marcus-evans-news.asp?newsID=449">risk management</a> would be included as a business stakeholder in budgeting decisions when areas seek to streamline operations resulting in the elimination or weakening of controls” says Graham.</p><p>“Risk management should be an influencing stakeholder regarding certain compensation decisions, i.e., risk management targets in areas outside risk management and weighting of the risk management segment in balanced scorecards. Additionally, risk management should sign-off on all new product/new business decisions” says Graham.</p><p>Companies in Canada are in a unique position because they are in various levels of implementing enterprise risk strategies within their organizations. The key to the success of establishing an <a href="http://www.marcusevansch.com/HRERMCanada_Interview">enterprise risk management</a> (ERM) framework lies within the creation of risk appetite and tolerance levels across risk buckets.</p><p> “Canadian companies tend to be more conservative than those in the US, so there may be more of a foundation in place across the organization. Generally, I have found that there is a “healthy tension” among stakeholders in Canada as opposed to that found in the US in building a risk culture” says Graham. While the need to incorporate the Board of Directors within the ERM framework is a global challenge, Canadian companies’ cultures are more open to implementing risk structures and processes at every level of the organization.</p><p><i>Diana Graham has been Chief Risk Officer at ResMor Trust Company since January, 2010. Prior to this, she worked on behalf of the FDIC in the closure of US banks, and in senior risk management positions in large US and Canadian financial institutions. Ms. Graham received her MBA from New York University, Stern School of Business. </i></p><p>For more information, please contact Michele Westergaard at 312-540-3000 ext. 6625 or <a href="mailto:Michelew@marcusevansch.com">Michelew@marcusevansch.com</a>.</p></div>Venue Assigned for the ERM in the Banking Industry Conference!https://globalriskcommunity.com/profiles/blogs/venue-assigned-for-the-erm-in2011-06-23T20:20:35.000Z2011-06-23T20:20:35.000ZMichele Westergaardhttps://globalriskcommunity.com/members/MicheleWestergaard<div><p>Join over 16 industry leading experts at the Hilton Times Square in New York City, NY from July 14-15, 2011. Venue information here: <a href="http://www1.hilton.com/en_US/hi/hotel/NYCTSHF-Hilton-Times-Square-New-York/index.do">http://www1.hilton.com/en_US/hi/hotel/NYCTSHF-Hilton-Times-Square-New-York/index.do</a><br /><br />This practical, hands-on event will enable delegates to benchmark their ERM strategies against their peers, and is a “must-attend” conference for banks to stay ahead of the game by developing a comprehensive ERM program.<br /><br />Hear from:<br />FDIC<br />KeyBank<br />PNC Financial Services Group<br />Bank of Montreal<br />HSBC Bank<br />TD Bank Financial Group<br />SunTrust Bank<br />State Street Corporation<br />Union Bank<br />Fifth Third Bank<br />The Hunington National Bank<br />US Treasury Department<br />BOK Financial<br />Hyde Park Savings Bank</p><p>For more information or to <b>RECEIVE A DISCOUNTED RATE BY REGISTERING BY June 28, 2011</b> return this email to <a href="mailto:Michelew@marcusevansch.com">Michelew@marcusevansch.com</a>.</p><p><br />Register Online at: <a href="http://www.marcusevans.com/marcusevans-conferences-event-bookingoption.asp?eventID=17898">http://www.marcusevans.com/marcusevans-conferences-event-bookingoption.asp?eventID=17898</a>§orID=2&enquiry=brochure</p></div>