The nature of banking demands an integrated means of managing risk, argues Mr Vo Tan Long, Deputy General Director of IBM Vietnam....

It’s no surprise to find that banks are among the first businesses to take a look at managing risk, not just in transactions or individual business units but across the enterprise. The business of banking is clearly all about managing risk, whether it entails physical security, market trends or investment strategies. Money is the chief product, and money is always a risk.

However, to succeed in the nervous, electron-quick environment of the early 21st century, it’s also clear that banks need to manage risk in a new way. For many financial services companies, the catalyst for that change has come with the imposition of new, more restrictive and costlier regulatory mandates.

Compliance vs management

For the record, managing regulatory compliance issues and managing company-wide risk is not necessarily the same thing. Compliance is defined as conformance to international laws, standards and regulations through acceptable conduct and specific activities that can relate to markets, pricing, taxes, the environment, reporting, trade and employee welfare, just to name a few. If not handled intelligently, this area can become a human resources sink.

Ms Virginia Garcia, a senior analyst with TowerGroup’s financial services strategies and IT investments practice, says that although technology can provide tremendous automation benefits, “compliance remains a heavily people-based activity. TowerGroup estimates that the technology component of compliance expenditures is relatively small, at approximately 15 per cent. Conversely, roughly 55 per cent of total compliance expenditures across all segments of financial services represent salaries and benefits.”

Enterprise risk management (ERM) points the way to a more effective and efficient means of managing risk and compliance. ERM is a strategic, technology-based process designed to identify events with the potential to affect the company – positively and negatively – and to manage risks associated with those events in accordance with a bank’s particular appetite for risk. All of that is done to provide reasonable assurances that the enterprise will meet its objectives. The goal is something called operational resilience; a state in which banks rely on leading-edge information technology systems and integrated process control to help them weather unexpected or adverse conditions.

It’s not easy getting to that state, or inexpensive. If it were then more banks would be there now. Several have been persuaded, however, that a more intelligent use of customer, process and market data can help transform their business models to differentiate them from the competition, and others are being shown the light by regulatory mandates that demand to be satisfied, no matter what the cost. If it’s going to happen, goes the thinking, and it’s going to cost money no matter what, why not capitalise on the moment for the benefit of the business?

How sweet it is

Historically, risk management has revolved around discrete controls. It meant making sure that processes like price verification, stock reconciliation and credit analysis were in place to identify, monitor and control potential problems, and then testing regularly for correct configuration and effectiveness. But times have changed, and so has the notion about what risk management can be.
ERM goes beyond controls, strategically managing risk in an integrated, enterprise-wide fashion that yields additional business value. It means understanding inherent and residual risks that exist after controls are put in place, and managing their collective impact. Leading ERM adopters are moving toward real-time risk allocation and transfer across their entire portfolio and enterprise; a strategy that can translate into more accurate product pricing and effective packaging of services.
Until fairly recently, risk management was a process most likely to be siloed inside a bank’s individual business units. Strategies for implementing and capitalising on it were ad hoc and, consequently, results were disjointed and inconsistent. Using the right strategy and IT underpinnings, a bank now has the capacity to quantify not only credit and market risk but also operational risk (people, process and technology risk) across the entire enterprise.

Crank ‘em up

Risk engines – centrally controlled measurement and monitoring systems integrated across discrete lines of business – can give financial institutions the ability to rapidly anticipate and adjust to shifting market dynamics in line with pre-determined risk tolerances. ERM enabling technology, like Grid, have made it possible for some banks to reduce the time to make important calculations from 15 hours to 15 minutes – a competitive advantage that can be leveraged to improve cost-effectiveness, capture business opportunities and drive growth.

To be sure, ERM is about more effectively managing risk and thereby reducing it – not eliminating it. As much as we might like it to be otherwise, the frailties of human nature and the laws of physics remain firmly in place. But with advanced IT tools, process modeling software and an integrated, cross-functional strategy, banks are better able to identify and quantify operational risk across an entire enterprise. Controls and tasks can be determined in response to given events. Decisions can be made in near real time concerning what mitigating activities may lead to which financial impacts. Bottlenecks can be more quickly identified and removed from the system.

The medical analogy is that, instead of having a yearly check-up, measurement and monitoring systems are in place to probe mission-critical functions and identify interdependencies across LOBs, telling banks every day whether they’re healthy or not. Predictive modeling and algorithms based on behaviour help to create a single, enterprise-wide view of the truth about what’s happening inside the company in response to both operational and market pressures.
Make no mistake; ERM is about making money. The holistic application of risk management across a banking enterprise can mean an enhanced ability to slice and dice data by asset class, business product, industry, individual, counterparty, geography or in any other imaginable way. Applied intelligently, that information can lead to more accurate transaction valuations and more appropriately quantified risk-to-return ratios on which to base decisions across a portfolio. In addition, a sound risk-management strategy can release regulatory capital (more than $500 million annually for top US banks) and drive reduced costs in non-front-office functions.

It’s all in the mind

In truth, there are relatively few technological constraints to making ERM a valuable differentiator. The real challenge is in changing mindsets. New approaches are required for banks to begin the progressive transformations necessary to implement value-added ERM. Moving to a fully integrated risk-management model requires organisational and cultural change, and a commitment by senior executives.

In fact, many industry leaders are already out of the gate. A recent survey by CEO Magazine shows that nearly 40 per cent of more than 1,300 cross-industry chief executives interviewed globally already have effective ERM programs in place, and 62 per cent of the more committed CEOs agree that ERM enhances their ability to create value by taking appropriate risks. Importantly, some 18 per cent of respondents identified themselves as CEOs in the financial services sector.

With the growing awareness of ERM and the advantages it can bring, some banks are turning to vendors and business partners to help quickly implement a comprehensive risk management strategy attuned to their specific goals. TowerGroup’s Ms Garcia points out that, so far, only a few vendors have demonstrated the capability of providing “comprehensive solutions spanning a wide array technologies and compliance mandates.” She adds that banks in the market for business partners should be looking for firms that can bring to the table “an ERM-capable combination of hardware, software, services and data integration capabilities, as well as important financial services domain expertise.”

The bottom line is that banks utilising an ERM approach to deal with compliance issues on a process and market-activity level can go a long way toward transforming themselves from institutions that simply react to regulations, to enterprises that are proactive to business. And that’s no myth.

Source: VNECONOMY, 17/2/2006