Mandeep was recently promoted to Chief Risk & Compliance Officer, in recognition of the work he’s led surrounding compliance posture. With his new role, Mandeep will also be broadly responsible for our enterprise risk management program, including information security, operational risk and several other areas. We sat down with him to hear more about his new role and his plans moving forward.


Congratulations! What most excites you about your new role?

Thanks a lot! All of us at LendUp are unified in achieving our mission and living by our values. One of those values is “setting the new standard.” This means we should not just settle for doing the minimum required by our regulations, but that we should go above and beyond and show the rest of the industry how it’s done. I look forward to leading the team in continuing to take a holistic approach when it comes to our strategic and operational decisions -- to ensure we’re always thinking ahead, thinking big picture, and following through with highly effective execution. We have made tremendous progress across the company in doing this for regulatory compliance, and I am really excited about taking us to the next level for our other key areas of risk.

You’re approaching your one year anniversary with LendUp, having joined from PayPal. What are you most proud of?

Before I talk about what I am proud of, I must say that I am very impressed by the amazing talent we have here across all disciplines, such as engineering, data science, product, Social Impact...the list goes on. I am most proud that in one year, we have been able to build tangibly collaborative relationships with all teams. We have effectively embedded compliance in our day to day DNA. Compliance is viewed as a top business priority by our front line, and this strong momentum will be key as we take the company to the next level of success in 2018.

What are the biggest trends you’re seeing in the areas of fintech risk and compliance?

  • The overall evolution in federal and state regulatory frameworks is an important factor that defines how businesses prioritize investments in their control environment. For instance, the industry is closely following recent developments at the CFPB and any response from other regulatory bodies including the states -- and businesses are preparing for any changes in requirements and guidelines as a result. We are balancing our tactical response to these developments as we continue to focus on enhancing the operation of our control environment so we can withstand changes in the long term without major disruption to our customers and other stakeholders.
  • A strong focus on technology innovation in the execution of compliance programs is a key differentiating trend. As businesses move toward greater automation of products and processes, we are seeing a continued need to leverage advanced automation methods (e.g. big data, machine learning) in compliance and control processes. Compliance programs are transitioning from human intervention/detective controls to hardwiring the requirements and controls into the front line products, services, and processes. This is also broadening and diversifying the skill set needed in front line functions as well as oversight groups, and it’s bringing more data analytics and collaboration skills into the picture.
  • Today’s integrated risk management includes a holistic approach to ensuring that a company’s enterprise value is protected and increased per expectations. Historically, companies have focused on certain types of risk in their vertical functions, and while enterprise risk as a concept is not necessarily new, its importance is increasing. For example, considering the overall reputational risk that could come out of a customer issue that triggers privacy, regulatory, and financial risks, needs to be proactively understood when business strategy and product decisions are being made. Also, Board members are increasingly interested in a holistic discussion about a company’s risk, and they are also seeking insight into new emerging risk topics, such as the impact of rapidly changing technologies, customer trends, reliance on third party vendors and partners, and social media.
  • Privacy and Security continue to be a critical focus area for the entire financial services industry, including greater scrutiny from regulators. Moving forward, I, and many of my compliance and risk peers, expect we’ll see even greater deployment of resources, as well as much greater cross-industry and industry-government collaboration.

As a member of the executive team, you’re aware of most everything happening at LendUp. How do you ensure your team adds value across the board, and fosters a spirit of collaboration and cooperation?

We have so many big goals that we want to achieve here at LendUp. Teamwork, collaboration and cooperation are critical for us to be able to accomplish them all. I think of it as a two-tiered focus. First, we make it very clear in our hiring process that we do rigorous due diligence to ensure candidates can live by our non-negotiable behavior requirements around teamwork and collaboration. Second, we in Compliance do not view any issue or problem that occurs in business operations as “their” problem, and do not say that any success is “our” success. All our team interactions focus on making sure we are having easy, open conversations with a solution-oriented mindset.

We are also very fortunate to have amazing colleagues across LendUp who have the same mindset -- and we keep making progress by capitalizing on this big advantage. I have seen other companies have the same goals and values, but the real work and success comes from living those values on a day to day basis as a natural way of operating, and I am very happy that LendUp’s day to day culture and operating style give us a significant competitive advantage.

As you mentioned, one of LendUp’s values is “Set the New Standard. Go beyond just being compliant -- deliver products and experiences that exceed our expectations and those of our customers, partners and regulators.” How do you ensure that we all live that value each and every day?

“Set the new standard” definitely applies to our tactical execution -- ensuring that our products and processes are compliant and that we exceed expectations. However, we have two overarching strategies that give us the most comfort as we grow and scale:

  • Creating a strong risk culture across the company. This is easier said than done; I don’t believe that any company can have a perfect control environment. While controls are absolutely needed, we need to ensure that our teams -- not just Compliance -- are always thinking about doing the right thing when we launch a product, service, or process. We have been able to create a strong foundation of risk management within how we operate on a day to day basis, and this is helping us enhance our control environment.
  • Instilling risk/compliance as a business objective. A huge element of achieving #1 is how risk and compliance topics are viewed within the company. We spend a lot of energy and focus on ensuring that we talk about risk/compliance as one of our main business objectives. Our risk/compliance teams are very well trained to not have an external “audit” mentality, but rather to discuss matters as true “advisors” of the business. Conversely, our front line business teams have embraced the risk/compliance requirements as their own responsibility rather than being instructed upon by another group. This collaborative culture is possible because the mission/values of the company to do the right thing are clearly set, and we are all expected to live by these values every day.