As Chief Risk Officer, Kimberly Hebb oversees and maintains all BillGO’s risk management-related policies and activities.
Hebb joined BillGO after serving for more than two decades as a commissioned national bank examiner and served as the Director for Compliance Policy and the Director for Compliance Training and Tools with the Office of the Comptroller of the Currency (OCC), the arm of the Treasury Department tasked with regulating and supervising all national banks and federal savings associations as well as federal branches and agencies of foreign banks. In her role at the OCC, she was responsible for development of industry guidance, examination procedures, examiner tools, and maintaining examiner training across the financial services industry. She also helmed a variety of international training initiatives for anti-money laundering programs, consumer protection and capacity building, and other compliance activities.
After 20 years in the public sector, what drew you to join BillGO?
I saw BillGO as a system disrupter - but in a very positive way. Unlike some other fintech companies, BillGO was looking for ways to make payments better for everyone. After a career as a public servant, I saw an opportunity to influence guidance and legislation in this space by doing things, by disrupting the status quo, but in the right way - being respectful of the current industry regulatory framework. Most importantly, BillGO’s leadership team shared my outlook.
For some organizations, it's easy to say, “that law doesn't apply to us”. But it takes commitment to maintain the integrity of the financial system and say, “having these policies or programs may not be required, but it is the right thing to do”. That's one of the things that I saw in BillGO and I believe it sets us apart from many other fintechs in financial services.
Does the current regulatory environment hinder the industry from keeping pace with the demands of today’s digital consumers?
Most of the legislation and regulations that govern the banking space were written before the systems, rails, modalities that are in use today - or those that are in development.
In many cases, the regulations are “silent”, which is a little scary for financial institutions (FIs). That silence should scare fintechs a little too.
It doesn’t mean there are no rules, but rather the rules haven’t been fully articulated yet. That means we need to look to the original intent of the laws, regulations or guidance. What did they intend to protect, prohibit, promote or prevent? What is the spirit of the original requirements?
So, when I look at an existing law, I bring an understanding of its preamble and context and it helps me understand how it applies to today’s digital environment.
Some FIs are wary of partnering with fintechs. How does compliance play in this partnership?
There needs to be a familiarity and understanding of regulatory and guidance expectations - particularly when it comes to consumer protection. Many fintechs understand what consumers want, but often they have little to no experience in understanding the regulations.
In many ways, laws and regulations still haven’t caught up with the idea that consumers can bank through their phones.
Bankers tend to be risk-averse when it comes to pivoting to a new fintech option if the fintech lacks understanding of the regulations or the types of information and documentation the bank will need to provide to their regulator regarding the relationship. So, it’s essential for fintechs to fully understand the current guidance from the federal (and state) banking agencies with respect to due diligence and regulatory expectations. The agencies encourage innovation, but the key or focus is on responsible innovation.
Are there regulatory “gray areas” that leave fintechs – or their partners – open to risk if not properly addressed?
We’re here to meet consumer needs. This is important. We’re not competing with traditional FIs. We’re a technology services provider that helps FIs retain and regain their customers by helping them with their bank bill pay management system.
Today’s consumers are looking for one-stop shops and there are many fintech companies they can go to, but there is always the potential they will work with a fintech without an appropriate risk management program in place.
The regulator in me wants to make sure BillGO’s innovations are in-step with all regulations to make sure that we protect the consumer, our clients and BillGO.
As I said, BillGO is a disruptor. We’re pushing technological innovations but doing so in a way that ensures the financial institutions we work with can do so while remaining fully compliant.
BillGO understands the compliance challenges banks face. We’re not a financial institution, but we’ve built a system and risk management program that tracks to those things financial institutions - and regulators - will be asking for.
What advice do you have for other fintechs looking to take their programs to the next level?
Innovation shouldn’t be the wild, wild west. That would scare banks.
My advice to fintechs is not to reinvent the wheel. Sometimes they are more interested in doing “what no one else does”. As a result, they don’t complete their due diligence and they don’t stop to understand the language or formatting needs FIs must comply with. That lack of understanding can quickly become a roadblock.
Mainstream FIs operate under the oversight of many regulators, so if you’re planning on working with them, you need to speak their language and be prepared to answer 72 million questions including disclosing “what’s under the hood”. If a FI can’t describe a fintech’s information security protocols or other system internal controls to its regulator, then it can’t be fully compliant. Without that understanding, many fintechs may find themselves in trouble.
You have a sign on your office door that says, “Comply or Die.” What does that mean for BillGO?
We work in a heavily regulated space. One single systematic error - intentional or not - can result in significant harm to the consumer. Reputation is paramount in this space.
For BillGO that means we are not operating in an industry where the motto can be “ask for forgiveness, not permission”. There is research and support behind everything BillGO does. Decisions make not only good business sense, but they align with both the spirit and requirements of industry law and guidance.
This is one of the very reasons I made the decision to join the BillGO team. BillGO understands and respects the compliance and regulatory framework in place. BillGO understands that we can continue to be innovative and meet consumer needs, responsibly.
And, for the record, the sign also says, “Have a Nice Day” underneath it.
Want to know more about BillGO’s commitment to doing the right thing? Read how our core values shape BillGO’s culture.