Given how quickly new risks are piling up there is an urgency to respond to this dilemma by implementing risk management platforms that can sense risk as well as see it clearly. Speaking at SIFMA's Systemic Risk Regulation Summit in June, the evp and head of enterprise-wide market risk at Bank of NY Mellon, Robert Rupp, said the uncertainty around global banks' exposure to Greek debt and other European government bonds reminded him of the early days of the financial crisis when banks and markets were uncertain how they were exposed to each other and the mortgage market. He warned: "You need to see the unseeable."
Seeing the unseeable may be impossible, but risk experts contend it is possible to install technology that can sense when risks are getting out of kilter and empower managers to back away from those risks quickly. This sensing mechanism requires a comprehensive view of risk, linking risk management to long-term strategic business objectives, deploying new risk tools without undue cost and delay, and reacting quickly to the first inklings that risks threaten those business objectives.
There is general agreement on the broad outlines of an effective risk management system and the need to spend on it. A recent survey by OpenPages, an ERM vendor, found that 88 percent of managers across industries say that enterprise risk management spending will increase or remain the same this year. "When you're looking at risk in four or five or six different ways, you have a fractured view of risk to pass along to the board of directors, and that's just not flying anymore," says Todd Cooper, vp and general manager of Wolters Kluwer Financial Services' Enterprise Risk Compliance business, which recently released a new ERM offering called ARC Logics for Financial Services.
Banks' ERM solutions must incorporate different types of risk-such as market, credit, and operational-from throughout the enterprise. These systems should look across silos and show how different risks impact each other, keep tabs on the risk profile of the institution as a whole, and they must allow managers to make refinements on a frequent basis. "Data has to be aggregated across the enterprise," says Dana Wiklund, a research director for IDC Financial Insights. "In the future the challenge is defining and understanding risk interdependencies."
John Whittaker, the group head of operational risk at Barclays, explained that with an ERM solution from OpenPages the bank now has a single database that holds its operational risk and Sarbanes-Oxley reporting mechanisms. "This is a single database that holds all elements of our operational risk framework; whether that be internal events, risk and control assessments, key risk scenarios or metrics. It allows us, through the workflow that is included within the system, to link all elements of our framework together and ensure that it is an integrated framework." He made his comments during a recent Web seminar sponsored by OpRisk & Compliance Magazine.
Stephen Davey, svp of risk management at Valley National Bank, a $14 billion institution in Wayne, NJ that recently began to implement the Wolters Kluwer platform says: "We need to be able to benchmark ourselves against peer groups over time, and benchmark ourselves against our own policy limits. We need to remind ourselves where we are and see the overall trends versus a point in time."
While banks generally agree on the need for converged risk management and the broad outlines of what that should look like, analysts say banks need to spend more time altering cultural attitudes toward risk by linking risk management to long-term strategic business objectives, considering new ways to deploy technology faster and more cheaply, and empowering managers to react quickly to the first signals that risks could be mounting and threatening those business objectives.
French Caldwell, vp of research for Gartner, says executives must tighten the relationship between risk management and the bank's key strategic business objectives. He argues a bank should define the top five or six key strategic business objectives, describe the underlying business processes, and identify the risks to those processes. Since not all banks' strategic business objectives will be the same, their approach to risk will be slightly different. This itself will help alleviate systemic risk since not all banks will react the same way to events.
Neglecting to consider the risk inherent in the execution of business strategy can cost a bank dearly. Caldwell knows of one bank that articulated growth through M&A as a key strategic business objective, but was set back when it unexpectedly found the IT systems of a Latin American acquisition difficult to integrate, a delay that quickly ate away at anticipated savings. Another bank that depended heavily on its leasing and finance business was caught off guard when the vendor of a critical piece of software went bankrupt. Says Caldwell, "Suddenly the software was not going to be supported anymore and yet it was absolutely critical to the ongoing organization,"
A recent survey indicates this shift in mindset toward linking risk to business goals may be occurring. A survey of more than 1,100 finance executives across industries worldwide conducted this spring by leading researchers at the Wharton School, Johns Hopkins University, and Duke University ranked the top four goals of corporate risk management programs: avoid a large loss, fulfill shareholder expectations, increase future cash flows, and increase the firm's value. (As of late June, the survey had not yet been published in full.)
The first of those goals is no surprise, but Caldwell says the other three could represent a significant cultural shift in attitude toward risk management's role in attaining business objectives. "They're seeing the upside potential of risk management and are focused on the business objectives. They see risk management as a profit center and are focused on improving business performance."
Be the first to comment on this post using the section below.