The financial crisis exposed a number of weaknesses in the financial industry’s ability to assess, realise and mitigate risk on a very public scale. The knock-on effect of this exposure has been, and continues to be, vast with financial institutions being subject to heavy scrutiny from regulators. The expectation on banks to demonstrate increased transparency and the ability to effectively manage their risk has intensified substantially. Continued dissatisfaction with banks’ abilities to disclose information has led regulators to step in to create a global, overarching risk-data aggregation and risk reporting framework with a clear objective to strengthen banks’ risk management capabilities and practices. With implementation deadlines looming in January 2016, the onus is firmly on banks to comply against a very short timetable.
This raises a key question: will banks comply purely because they have to, or because it makes sense to? For some, compliance may be regarded as a box-ticking exercise, sufficient to get through the stress-testing requirements. For others, an appreciation of the business insights and competitive advantages – not to mention better use of risk capital - that smart risk technology offers, is giving pause for thought.
In a climate where trust in the banking sector is low and capital is scarce, is investment in risk technology simply a result of regulatory pressure, in which case banks are reacting to the presence of a stick, or considered as crucial for the better running and understanding of a business – which, as a planned by-product, adheres to regulatory requirements?
The industry is falling short of Basel III
In January 2013 in an effort to achieve globally standardised risk practices, the Basel Committee on Banking Supervision issued 14 Principles for effective risk data aggregation and risk reporting. The principles of BCBS 239 require global and domestic systemic banks to adhere to a set of principles around risk data aggregation capabilities and risk reporting practices, as well implement overarching governance and supervisory infrastructures. However, recent reports suggest that a 2016 implementation deadline is optimistic. For example, the BCBS interim findings suggest that while banks are largely compliant with principles such as distribution and completeness or usefulness of reports, a large proportion of banks are materially non-compliant in crucially significant areas of data and IT infrastructure, accuracy and integrity, as well as adaptability to market conditions.
The challenge is clear: the devil is in the data
At the heart of successful risk aggregation, analysis and meaningful risk reporting lies data: market data and reference data, a clear data architecture and governance to ensure accuracy and consistency (no garbage in / garbage out). What is necessary, is the ability to automate and aggregate data and risk calculations across the organisation in order to gain an understanding of firm-wide risk exposures and act accordingly. The key is in doing so without duplication of knowledge, effort and technology.
The progress report finds: “many banks continue to encounter difficulties in establishing strong data aggregation governance, architecture and processes. Banks reported that they often rely on manual workarounds.”
What Chief Risk Officers don’t want from risk management technology is a reliance on manual processes or legacy IT systems unable to manage daily risk calculations. Getting data architectures and IT infrastructures right, in accordance with regulatory requirements, is no mean feat. What we are seeing across the banking industry is a split between large players dedicating significant spend towards risk technology and tier 2/tier 3 banks, with significantly lower balance sheets, trying to figure out where to start.
Paragraph 26 of the Principles states that a strong governance framework, risk data architecture and IT infrastructure are, in most cases, “preconditions to ensure compliance with the other Principles”.
The business case for risk technology
In its broadest sense, risk management is the ability to analyse the current state of a business and look in to the future. It is the ability to make informed decisions safe in the knowledge that any potential risk has been mitigated, enabling a firm to grow more effectively. Transparency and accuracy in this process will lead to a more stable financial market if businesses are on top of their risk. Implementing the required steps towards more a standardised and robust approach to risk management is, in fact, the right thing to do both for individual companies and for the stability of the banking sector as a whole.
Although the threat of regulation and the impending deadlines can be overwhelming, there is a real business case for putting the right risk aggregation technology in place.
1.More effective use of capital
Better risk controls and lower capital requirements go hand in hand. Effective risk management technology can help any business use their capital more efficiently and enable them to demonstrate better ROI to the shareholders. In fact, regulators incentivise the use of more sophisticated risk technology in order to reduce regulatory capital requirements. At times when capital is scarce, investing in risk technology can provide a real competitive advantage and contribute to a firm’s overall profitability and performance.
2.Making informed risk based decisions across siloed divisions
A risk technology platform consolidates an organisation’s credit and market risk exposures, making it visible not just to the risk managers but to the Head of Trading or the CFO, for example. Traders have access to the same data sets that the risk managers see, enabling them to understand their trading limits quickly and act swiftly. Risk managers can make quicker and more informed decisions when speaking to traders who are, as a result, more involved in the process by having access to the same numbers. This in turn aids the communication between trading, risk and finance. With trust between the teams and their systems, problems are identified and fixed earlier, freeing up time to focus on the highly competitive business of trading.
3.Readiness for innovation and product development
Investment in adaptable and scalable risk technology can make all the difference to business success. Time to market for new business lines is always crucial, while the luxury of time is not always afforded. As financial markets continue to innovate and launch new products or trading systems, having a risk system that is ready for any scenario is key. Ensuring that IT and risk systems continuously evolve and adapt means that ultimately time to market for new business initiatives is shortened, often bringing with it a first mover and competitive advantage. What the Head of Trading needs to hear from his Risk Officer is that risk reporting is ready – when the trading system is good to go, risk calculations automatically flow. Having a risk technology platform that is integrated into trading systems means that there is always a ‘yes’ when asked if risk is ready, because the technology should be designed to be ready.
The results are in
The business case to have sophisticated risk technology in place is laid out, not just because regulation requires you to do so. Advances in risk technology help executive management understand and run a business better, making it more competitive, while gaining a better handle on its risk capital. In turn, this provides space and time-to-market for new business. In addition, investment in the right risk technology should certainly be able to answer the ongoing regulatory questions with ease.
As regulatory deadlines loom, the largest, globally important systemic banks (G-SIBs) have been working on complying with risk regulation. It is only a matter of time before domestic systemically important banks (D-SIBs) and other smaller firms will need to follow suit.
So why wait for the stick, when there are carrots to pursue?