What is a risk technologist?
For a long time ... This is how my history teacher taught me to begin storytelling. A long time ago.
So. In order to better understand the need to create a school, I will first tell you who the risk technologist is.
Those who have been working in the banking sector for a long time still remember the time when there were no risk technologists. There were just "risk-takers" who did a little bit of everything. That is, there were T-shapes even before it became mainstream.
They wrote the credit assessment methods themselves, and built the first speed-models themselves, calculated the scammers, and did not forget about the regulator, and monitored the loan portfolio, and tried to implement it all on their knees.
But during the period of rapid development of lending in Russia, banks gradually realized that in order to keep up with demand, it is necessary to expand the staff of risk control (extensive path) or automate processes by digitalizing the credit conveyor (intensive path). As usual, it turned out not "either-or", but "all together."
The processes began to be saturated with tools that allow better and more efficient risk control. Banks purchased specialized software for previously considered narrow risk areas: model building, decision-making engine, anti-fraud, collection, manual verification, data visualization, risk data storage, etc.
In addition to software saturation, the paradigm of understanding the riskier also changed. The scaling effect showed that one person can no longer provide a quality risk control process by doing a little bit of everything. It was more effective to develop specialization.
This is how there were people who know what to do to control risk (analysts, portfolio managers, scoringists, antifraud), and people who know how to implement all this on a turnkey basis using risk software.
This is the risk technologist. A specialist who is able to implement the logic of risk management from idea to production from an applied point of view.
"How does this differ from a simple IT specialist?" - you ask.
Firstly, the risk technologist is deeply immersed in the business process, understands it from the point of view of risk control, therefore, as a rule, he is able not only to transfer an idea to production, but also to challenge it, to offer his own version of implementation. With this status, the technologist also plays the role of a kind of conductor between business and “big IT”, helping them find a common language on common projects.
Secondly, the risk technologist may not be able to write code or administer. It is important to put emphasis on the word “may” here, since it strongly depends on the software and processes of a particular bank. In special cases, the technologist works with software that allows you to customize the logic by visual means, simply by creating logic circuits inside the tool. The "start" cube, the "call to the credit bureau" cube, the "record in the database" cube and the data acquisition process is ready. But, at least at the current level of technology development, this, as a rule, is not enough to make a turnkey task. So I wrote "may" not be able to write code. This is the entry level. As a rule, by gaining competence, a technologist not only builds logical circuits, but is also able to write effective code in different languages, work with the performance of his system, read logs, monitor anomalies,optimize processes, develop DevOps.
Third, the risk technologist is usually self-sufficient. It historically grew out of a T-shape riskier and, due to the specifics of the sphere, had to combine the areas into which the "classic IT" was divided. Let me explain with an example. If we analyzed the risk for the previous period and realized that people from city N fulfill their loan obligations well, but in city M, on the contrary, it is bad, we can set the settings in such a way that residents of N receive loans for facilitated verification. But this will only work if the "black box principle" is preserved. That is, no one, except for risk-takers, knows the logic of making a loan decision, because if residents of city M find out that it is easier to get a loan in a neighboring city, everyone will immediately rush there and the rule will stop working.
That is why the word “confidentiality” is so fond of risks. What does this mean from an applied point of view? Having given the development of logic to outsourcing or to "big IT", we get a significant risk of leakage of the methodology. The same is with testing: it is more profitable to do it by the forces of internal risk employees, therefore the risk technologist sets up the logic himself, monitors the quality, and tests, and assembles installation packages. Therefore, it is self-sufficient. T-shape. This is what we love and encourage in every possible way.
At the same time, in order to finally put an end to the issue of cross-functionality, I will say that in our work there is still a large share of dense and daily interaction with IT. As a rule, we communicate with OPS, DBA, system analysts, corporate architecture, shin workers and those responsible for other IT systems with which the risk-takers have integrations.
Prerequisites for the school
I hope I was able to give you an idea of who risk technologists are.
This is important for understanding why there is a shortage of risk technologists in the personnel market. The specificity of the field, software, readiness for cross-functionality and understanding of business processes - all this led to a significant excess of demand and competition of banks for a risk technologist.
Multiply this by the natural decline in staff and get a search for a specialist from six months or longer. And this is not a figure of speech. If the search comes from the open market, then the search can take a very long time.
If you can't find it, teach it. Therefore, we have created an internship practice in risk technologies at Rosbank.
At the same time, we had to solve several fundamental issues for ourselves.
1. Target group
Who do we want to see as our interns? First of all, motivated and flexible people! A person should have a desire to learn a new field for himself from scratch.
I would also like the person to have basic technical skills to distinguish one programming language from another. And of course, I was able to write a simple database query. SQL is the head! In any modern field.
In addition, a person should have time for training and be ready to be in this mode for six months.
Everything points to graduate students of technical universities or to young specialists who have recently completed their studies.
Although I would like to emphasize that, first of all, at interviews, we still look at a person's motivation. This means that the road is open to almost anyone.
2. Duration of the internship
After some thought, we decided that a person with sufficient motivation from zero to a basic level can grow in 6 months (just as much as we are looking for in the market). Therefore, the internship period is now six months. At the same time, looking ahead, I will say that in practice we managed to reduce the training time for a specialist to 3-4 months. Next is a set of practical experience.
3. Mode of study
Although our target group includes students, we still expect full-time engagement. That's 40 hours a week. But, of course, there is an opportunity to flexibly agree on a session and other activities, the main thing is that it is transparent and manageable.
Why full time? Because in this mode, the trainee is immersed as much as possible in the atmosphere of training and work. We kind of simulate the situation "and this is how we can work in case of successful completion of the internship."
4. Paid or free
You can already see that we have everything in an adult way. The intern is positioned as a full-fledged member of the team with expectations for engagement and work time.
Therefore, we pay a salary for the internship.
5. Whether to hire in the staff
Here it is necessary to clarify that interns in Rosbank are formalized, and work in a separate structural unit - the internship department. By the state, I will further mean the staff of risk technologies, where the trainee can be transferred at the end of the internship.
When we teach people at school, we, of course, see them as potential risk technologists, people with whom we will work side by side. But the decision to move to the state, as a rule, depends on two factors. On how the person showed himself during the internship, and on the availability of vacancies at Rosbank at the end of the internship. And it is in Rosbank. Even if there are no vacancies in the risk technologies themselves, we try to use the opportunities and offer close directions within the perimeter of the entire Rosbank.
Below you will see that most of the interns get into the state, but we still admit that there may not be vacancies or that our field is not suitable for a person.
School creation
With the answers to key questions received, in 2018 we began to create the school.
Having decided on the budget, we drew presentations, wrote memos and held a demonstration session at various corporate levels.
As a result, the approval of the chairman of the board was received and the school was officially considered established. While on paper.
Then there was the question of the seating of the interns. In general, luck was favorable to us and there were, in principle, free places on the floor, which they agreed to allocate to us. However, they were far from the place of work of risk technologists.
Having reasoned that the effectiveness of the learning process directly correlates with the distance from student to teacher, we decided that trainees should sit inside the space of risk technologies.
Therefore, a difficult transplant process was launched, in which several departments took part. There was a LOT of communications and many thanks to everyone who sympathized with our need and eventually agreed to the move.
Now it was necessary to find candidates for an internship. After discussing the options with HR, we settled on placement at HeadHunter and job fairs "Find IT", "Fresh tech". Subsequently, the option with an assessment interview from a recruiting agency was also added, when a group of candidates comes to the company and interviews collectively with representatives of the departments they are interested in. HR, by the way, helped us a lot at different stages of the school's creation. As you can see, we had enough acquisition channels.
Now, two years after the creation of the school, I can say with confidence that HeadHunter has become the main selection channel for us. Most of the trainees came from HH.
So, in July 2018, the first candidate was interviewed and became the first trainee of the risk technology school. Not on paper anymore.
School learning process
From the first trainee to today, we have had several iterations of tuning the learning approach. In fact, each trainee in the learning process gives several cycles of feedback and based on it, the next trainee already receives an improved version of the course.
However, the basic principles remain the same. Let's see what training looks like.
As soon as the intern gets to the workplace, we give a short briefing on what awaits him in the coming days. Briefings are kept on a daily basis for a week and a half.
At these briefings, we discuss how the process of completing assignments goes, sort out the difficulties that have arisen, answer questions, keep, so to speak, our finger on the pulse.
To begin with, the trainee is given tasks to adapt to the environment. In the form of tasks, he must find internal bank resources, the structure of his division, get the necessary access to systems, install the necessary software, add to mailing groups, chats, etc. This way we put the trainee in context.
Then the cycle of training begins, reminiscent of the institute. Over the course of two to three weeks (depending on the dynamics of the assignments), the trainee receives dosed theoretical information, after which he needs to complete a number of practical assignments on the topic he listened to.
Theory
The theory is read by acting risk technologists. This approach allows you to get win-win in a cube.
First, it allows the trainee to get to know the team members and vice versa.
Secondly, it is the people who use what they say in the lecture every day. These are not theoretical inferences, but applied skills.
Third, it develops the current risk technologists. They improve presentation skills, learn to work with questions, and also receive feedback on processes that seem obvious to them for a long time.
In theory, the block begins with a lecture on the general principles of bank lending and the role of risk technologies in the credit conveyor.
Then we talk about what Agile is and how it works for us.
Then we talk in detail about what agile teams are in risk technologies, and delve into the processes of each of the teams.
Finally, we move on to the technologies and tools that teams work with.
Some of the lectures are held in the form of workshops, which deal with the mechanics of the instrument. For example, if it is SAS RTDM, then right in the lecture we open the interface and talk about the purpose of each of the elements, show the current campaigns for processing loan applications.
The materials used in the lectures are available in the knowledge base of risk technologies on Confluence, so the trainee can always make out in detail what was not clear, or contact the technologist who gave the lecture.
At the end of the lecture, the trainee is told the task that he must complete. As a rule, this is some kind of synthetic case that repeats a real situation, only in a non-production environment.
This can be building a query to a database, tuning existing code, testing changes, analyzing an anomalous situation, and so on.
By the way, the trainees' assignments are checked by the risk technologists themselves.
Separately, I will say that in the learning process, in addition to our lectures, we use free courses on open Internet resources, for example, the principles of database operation on stepik or git training. In this case, the task is for the trainee to provide a certificate of completion or a screenshot confirming the completion of the course.
The theoretical part ends with a block of lectures on testing improvements and collecting installation packages.
This is, as I said, within two to three weeks.
Practice
After the trainee has completed the last synthetic task, we make an appointment to discuss the learning process, and we also assign the trainee to one of the existing agile risk technology teams.
Teamwork is the second major part of the internship. Now, having a general understanding of how risk technologies work in general, the trainee begins to work with the team on specific combat missions.
Within the team, he is allocated a mentor - a person who primarily defines the tasks for the trainee and helps him to come to the solution of these problems.
At first, these are simple tasks like analyzing anomalies, filling out a crash registry, testing, and so on. But gradually the class of tasks becomes more complicated and by the end of the internship, the person, as a rule, already has experience in basic development.
It is important that the trainee becomes a full-fledged member of the team. He participates in all team events, has the right to vote on an equal basis with the current technologists, takes responsibility for solving specific problems and for the climate in the team.
At the end of the internship, we once again make an appointment, where we give and receive feedback for the entire training period. At the same meeting, we can offer the intern to move to one of the full-time positions in Rosbank (if there is such an opportunity).
And that's all. Cheers cheers! The internship process is complete. An internship vacancy appears at the school, and the process is repeated again, taking into account the feedback received.
Figures and facts
Now some numbers.
- The creation of the school lasted from April 2018 to July 2018.
- The first intern began training in July 2018.
- 6 agile- () .
- ( ): 9 .
- : 3-4 .
- - : 22 .
- 100% , .
The school as a project can certainly be considered successful.
We have not only created a working tool in Rosbank for training specialists of the required qualifications, but have formed a new system of teamwork values, when training is perceived as a continuous development process. First, you are a trainee and a listener, then you teach yourself for new trainees, perfectly understanding their needs and experiences.
Already, most of the vacancies in risk technologies are filled by the school graduates.
Of course, the Covid-19 pandemic this year has made its own adjustments, and after the last graduation, the process of hiring trainees of risk technologists has not yet been fully resumed, but we hope for the best and hope that the school will open its doors again soon.