Every organization is different in its setup, the types of people it has, and its historical constraints. This is why I’m focusing on a list of functions that the RMP team should be in charge of and contain, as well as the relationships between those functions, rather than who reports to whom. In describing these functions, I think of a RMP team that deals with a wide array of problems: merchant on-boarding, fraud, abuse, credit issues, and more. As you decide to focus on specific domains, you can trim and only use some of these functions; however, all of them should exist to some degree, even if your problem domain is more limited.

A RMP team needs to be able to quickly identify threats and loss drivers, quantify and understand their origins, and use or develop tools that will allow it to manage those threats while monitoring them. It needs to be able to cater to its own needs quite independently because it has unique needs and because standard development cycles don’t work well with the ever-changing landscape of user behavior. Finally, it needs to grow and foster domain expertise, making sure that it is documented and shared across the organization.

In its broadest form, a RMP team should contain several functions: Operations, Decision Automation, Analytics, and Product.

Operations is the team in charge of ...