Bill payments provider Bpay is finding the balance between quick-moving growth and robust risk management. It comes down to culture, says head of corporate governance and risk Francesca Dickson

For Francesca Dickson, good risk management is fully intertwined with strong corporate governance. As head of corporate governance and risk at Bpay, Dickson is responsible for keeping the payments company up to speed with its biggest risks, enforcing best practice on governance, and maintaining consistent risk management.

Managing those tasks isn’t an easy job in the rapidly growing, fast-paced payments sector. Bpay, based in Sydney, is used by more than 11 million people to pay their household bills. The group processes more than $1.5 billion every day, and describes itself as a “medium-sized business”. It is, however, developing quickly into a large business and recently expanded into person-to-person payments through new business Osko.


Dickson joined Bpay 12 years ago and has worked across several parts of the business, including company secretarial, risk, compliance, contract management, and joint venture management, before taking on the group risk manager role in July 2014. Dickson has been instrumental in developing Bpay’s risk management approach as it processes more payments and wins new customers. Earlier this year, Francesca and her team were finalists for Risk Management Team of the Year at the StrategicRISK Asia-Pacific Awards.

Bpay has grown steadily since its inception in 1997, and Dickson has been there for more than half of that journey. She says the company’s risk and governance methods have evolved with the company. Bpay takes risk seriously. The entire leadership team sits on the Bpay executive risk committee. Dickson works alongside senior compliance and insurance analyst Heidi Simon. “Over the first 10–15 years, the company was building brand awareness,” says Dickson. “But in recent years, we have focused more on innovation.While we aren’t regulated, we are in the financial services sector, dealing with customers, so our [compliance and risk] practices have to be at a high standard. We’ve developed an innovation culture where we can move quickly, not be too controlled, and still have strong risk management.”


Bpay has a strong emphasis on culture, Dickson says, and the company ensures all teams are “aligned” to “fit Bpay values” on risk. To ensure a consistent approach, Bpay has several “risk champions”, drawn from each side of the business, who are responsible for risk in their area. These risk champions help develop online training modules and provide valuable insight.

Dickson wants Bpay employees to be “bold, and take risks, but also manage them”. “Our risk champions might not have much to do with risk outside of their role, but we spend a lot of time with them. They come up with ideas on how to embed risk management into their areas. So we have a mature risk framework that is focused on culture, awareness and understanding.”

Every member of sta is encouraged to think about risk. “We have entwined it into our culture, so it’s part of our performance management. Every single employee here has a risk role,” Dickson says. She believes her corporate governance experience and knowledge of the company have helped to embed these risk management practices across the business.

“As a risk manager, you have to understand the business. I attend board meetings as part of the other side of my role. Working across the business and understanding what different teams do enables you to become more involved in the organisation.” As Bpay continues to expand, with new business Okso, its growing corporate structure presents new challenges for Dickson: “Differing levels of size and maturity in different markets are a challenge. We want risk management to be consistent, but also appropriate for each part of the business.” Dickson says her biggest challenge now is “balancing strong governance with innovation and growth. And helping people embrace the idea that risk is positive as well; making sure you’re involved early enough in the conversation so that risk management isn’t used to stifle ideas. It’s there to make ideas successful.”


What are the main risks for a fast-growing fintech company in 2019? As well as the financial risks, nonfinancial risks such as reputation and brand protection are key considerations, Dickson says. Cyber security is another significant risk, “as it is for all companies”. After more than a decade at Bpay, what advice would Dickson give to risk managers in an innovative technology business? “It takes time. If it’s a new idea to your organisation, it takes a while to communicate the concept and the reasons risk is important. It’s a mixture of formal process and culture. If people see it is working in one area, they will generally be more receptive.”