De-Siloing Risk
By Kenneth Cline
Banks are urged to take an enterprise-wide approach to managing all their risks.
|
Related
Chart
|
Operational risk has become a more pressing concern for banks in the wake of the Basel II accords. As important as this topic is, it may be only part of a larger issue that financial services institutions need to address, which is enterprise risk management (ERM).
As described in a new research report from TowerGroup Inc. analyst Virginia Garcia, ERM includes operational risk and is essentially a process for managing all categories of risk in a holistic manner. "ERM functions as an integrated part of the business," she writes, "and requires collecting risk data from diverse business units, checking the data for accuracy, manipulating these data to make them comparable, and analyzing them to get a better representation of realistic risk as opposed to absolute or notional risk."
Why is ERM necessary? Garcia estimates that financial services companies waste $10 billion a year globally on information technology spending related to compliance functions, mainly because of redundant investments in databases, storage analytics and reporting tools. This redundancy derives from the fact that banks have tended to manage their various risk concerns — credit, market, liquidity and operational — in isolated silos.
Garcia argues that the $10 billion in annual waste ($4 billion attributable to redundant compliance systems, $6 billion to business processes encumbered by inefficient legacy systems) translates into $40 billion if one takes into account a "multiplier effect," by which every dollar that a bank saves in transforming its legacy systems can achieve $7 in business process savings. This $42 billion (rounded off to $40 billion) represents a lot of inefficiency that mostly burdens the largest global financial institutions, i.e., those with risk management functions spread over multiple businesses and geographies.
"While risk management and compliance weaknesses alone are not the primary cause of poor operational efficiency, there is a clear link between ERM and shareholder value," Garcia writes.
As pointed out in the articles about operational risk, risk management seems a bit esoteric until the bottom-line impact is explained. This will likely also prove the case with ERM. Bankers may look at Garcia's observations about IT duplication and say, while that may be true, we have more pressing concerns right now, like managing through the next merger (which usually leads to more IT duplication). But if it's acknowledged that lack of ERM is shaving a couple of points off return on equity, banks may decide to take a closer look.
The biggest task banks face in adopting an ERM strategy is that old bugaboo of systems integration. Institutions by and large possess the required risk management data to do ERM. "The problem," according to Garcia, "is that most firms don't have the technologies or automated business processes in place to pull together the required data, cleanse it of inconsistencies, and provide relevant reporting in a timely manner."
Firms need good data for managing risk, measuring profitability, financial reporting and marketing outreach. On top of that, regulators are enforcing the requirement for timely data, with criminal penalties in the case of Sarbanes-Oxley in the U.S., and with the imposition of higher capital reserves in the case of the Basel II agreement globally.
With all these requirements as a backdrop, bankers would seem to be well advised to push ERM and its related data integration tasks closer to the top of their to-do list.
Mr. Cline is senior editor of Banking Strategies.