| De-Siloing
Risk
By Kenneth Cline
Banks are urged to take an enterprise-wide
approach to managing all their risks.
Operational risk has become a more pressing
concern for banks in the wake of the Basel II accords.
As important as this topic is, it may be only part of
a larger issue that financial services institutions need
to address, which is enterprise risk management (ERM).
As described in a new research report
from TowerGroup Inc. analyst Virginia Garcia, ERM includes
operational risk and is essentially a process for managing
all categories of risk in a holistic manner. "ERM functions
as an integrated part of the business," she writes, "and
requires collecting risk data from diverse business units,
checking the data for accuracy, manipulating these data
to make them comparable, and analyzing them to get a better
representation of realistic risk as opposed to absolute
or notional risk."
Why is ERM necessary? Garcia estimates
that financial services companies waste $10 billion a
year globally on information technology spending related
to compliance functions, mainly because of redundant investments
in databases, storage analytics and reporting tools. This
redundancy derives from the fact that banks have tended
to manage their various risk concerns — credit,
market, liquidity and operational — in isolated
silos.
Garcia argues that the $10 billion
in annual waste ($4 billion attributable to redundant
compliance systems, $6 billion to business processes encumbered
by inefficient legacy systems) translates into $40 billion
if one takes into account a "multiplier effect," by which
every dollar that a bank saves in transforming its legacy
systems can achieve $7 in business process savings. This
$42 billion (rounded off to $40 billion) represents a
lot of inefficiency that mostly burdens the largest global
financial institutions, i.e., those with risk management
functions spread over multiple businesses and geographies.
"While risk management and compliance
weaknesses alone are not the primary cause of poor operational
efficiency, there is a clear link between ERM and shareholder
value," Garcia writes.
As pointed out in the articles about
operational risk, risk management seems a bit esoteric
until the bottom-line impact is explained. This will likely
also prove the case with ERM. Bankers may look at Garcia's
observations about IT duplication and say, while that
may be true, we have more pressing concerns right now,
like managing through the next merger (which usually leads
to more IT duplication). But if it's acknowledged that
lack of ERM is shaving a couple of points off return on
equity, banks may decide to take a closer look.
The biggest task banks face in adopting
an ERM strategy is that old bugaboo of systems integration.
Institutions by and large possess the required risk management
data to do ERM. "The problem," according to Garcia, "is
that most firms don't have the technologies or automated
business processes in place to pull together the required
data, cleanse it of inconsistencies, and provide relevant
reporting in a timely manner."
Firms need good data for managing risk,
measuring profitability, financial reporting and marketing
outreach. On top of that, regulators are enforcing the
requirement for timely data, with criminal penalties in
the case of Sarbanes-Oxley in the U.S., and with the imposition
of higher capital reserves in the case of the Basel II
agreement globally.
With all these requirements as a backdrop,
bankers would seem to be well advised to push ERM and
its related data integration tasks closer to the top of
their to-do list.
Mr.
Cline is senior editor of Banking
Strategies.
Copyright © 2004 by Banking
Strategies, published by BAI.
back
to top |
