The concept of enterprise-wide risk management has become imperative for the financial services industry. Mitali Kalita offers hints to convert this strategy into a success
Chennai: Managing risk is an old habit of human beings. In our day-to-day life, we seem to be always worried about future risks. As a result, we end up investing in insurance or other investment instruments to secure ourselves against those unseen risks. Accidents, environmental disaster, bankruptcy, loss in business, and death are risks that have plagued us since time immemorial.
Generally, we cannot get a complete shield against any potential risk, but we can adopt appropriate proactive measures to mitigate every risk. The same concept applies to the financial services industry, too. However, managing risk individually seems to be less talked-about today, while enterprise-wide risk management (EWRM) or firm-wide risk management or integrated risk management seems to be the current buzzword.
This article is about how the concept of enterprise-wide risk management has evolved over the years. It points out why the concept has become imperative for the financial services industry and offers hints for a successful enterprise-wide risk management strategy. The article also throws light on the difficulties the industry is facing while preparing for the ultimate risk integration mantra.
A classical definition
Enterprise-wide risk management has been defined as the uniform and integrated approach of a financial services organisation to identify and manage risks across the enterprise. Basically, there are four key risks that an organisation encounters - credit risk, market risk, operational risk and liquidity risk. Operational risk is a new effort put forward by the Basel Accord II, which the industry will now have to include into its current risk portfolio.
Traditionally, all these risks were treated independently by companies through different departments with independent specialists to manage them. Ultimately, as days passed, more and more complexities arose in the market, and there evolved an atmosphere, where sharing of information and strategy between these independent departments became a difficult task.
Even senior management members found it difficult to understand the risks to which their firms were really exposed. Thus, the need for enterprise-wide risk management was realised by the financial services industry. Gartner predicts that by 2006, enterprise risk management will be a best practice for financial institutions of all sizes.
Chain of evolution
Risk management was in a rudimentary stage until the 1980s. It was not recognised as part of the business management process but only as a method of taking precautionary measures when a business runs dry. The concept was: "Do business and then measure the risks." Whereas, in today's economy, the concept is: "Measure the risk first, then do business."
Moreover, there was neither the quantitative practice to assess it nor the technology and instruments to manage and distribute it. As a result, formal and systematic risk management was rather difficult until quite recently. The onus of crediting a loan would simply lie on the shoulder of a lending official, who would make this judgement on his own. Very often, the situation would follow a pattern - robust lending decisions during economic booms without worrying about risks undertaken, whereas exercising utmost caution in lending during economic downturns. As a result, there were no proper and quantitative methods to take care of decisions on bad loans.
In addition, the combined effects of wrongdoing by some participants of excessive risk-taking and the effect of reductions in credit availability on global financial markets and economies became too large for the international financial system to endure. Thus, during the late 1980s and early 1990s, apart from profit-making goals, companies were faced with other goals such as accountability, transparency and performance as demanded by their investors. Since the late 1980s, the concept of risk management has been evolving until the late 1990s - at which point, enterprise-wide risk management entered the business arena.
"Regulatory requirements notwithstanding, measuring and managing enterprise risk makes good business sense. The institutions that make the effort will find their investment rewarded," says Maurice H Hartigan II, president and CEO, Risk Management Association, in a recent report.
Gartner says EWRM is far more than a technology initiative; it is an ongoing business process. The segmented approach implemented by the industry to address each risk separately is no longer considered efficient, while EWRM has been identified as the ultimate mantra for survival and success, because:
- It will ensure smooth communication flow - both with external and internal audiences, including shareholders, employees, customers, suppliers, lenders, investors, regulators, communities, and the public at large;
- It will allow an organisation to assess the impact of risks across the enterprise and thereby make quick management decisions;
- It will help to meet the regulations laid down by the 2nd Basel Accord regarding refinement of existing approaches to credit risk and the new arena of operational risk;
- It will increase credibility and accountability, allowing greater transparency in operation to regulate the flow of returns;
- It will save time and effort and the management will be able to take instant decisions as risk exposures will be detected on time;
- It will help the organisation to collect sufficient historical data to qualify for lower capital charges obligations put forward by the 2nd Basel Accord;
- It will ensure the 2006 Basel II deadline of implementing the appropriate risk management practices and the collection of five years of historical data; and
- It will improve corporate image to sustain fierce competition in the global financial market.
Path to success
A recent survey conducted by the Risk Waters Group and SAS has revealed that a fifth of all companies in the financial sector still do not have an operational risk management programme. This is despite the fact that 90 per cent of them lose more than $10 million a year because of poor risk management. It is true that the ultimate integration of market risk, credit risk and operational risk for an EWRM will be a mammoth task, but the following tips may serve useful for firms willing to try:
- An awareness among employees about each and every risk and its implications;
- A clear understanding of the reasons behind all risks and the collection of all significant appropriate data for an effective strategy to manage those risks;
- A clear understanding about the relevant investment in technology to maintain an uninterrupted flow of data across the organisation. It may require revamping of existing legacy systems;
- A single point of contact in the management board to supervise the risk management process across the enterprise;
- The implementation of a single distributed data architecture to collect information from across the organisation while feeding a network of uniform engines to strengthen the front, back and middle office; and
- The one thing that organisations must keep in mind while selecting risk management tools is that they are flexible enough to accommodate any future regulatory and reporting requirement changes.
Pros and cons
Though the concept of EWRM is in vogue, actual implementation is no easy task. In a recent report, Jared Schabib, principal consultant, KPMG, said embarking on such a project is itself a major risk.
According to Gartner, there is still a remarkable absence of standardised risk terminology, valuation methods, reporting and coordination within financial institutions. Some characterise risk management as a technology problem, and while software can certainly help enable risk management, it is not a silver bullet for risk management problems.
Reports say gathering data accounts for more than 50 per cent of the cost and effort of implementing an EWRM system. It brings the added difficulty of ensuring that reference data is common across the front, middle and back office systems. On the other hand, the cost of implementing an EWRM is too high and the firms are wondering whether such a huge investment will bring results in future. According to Gartner, 42 per cent of large financial services providers plan to spend between $500,000 and $2.5 million of IT spending on enterprise risk management.
Another fear that is looming large over the industry is whether the existing technology will become redundant. Though software vendors are claiming that their risk management solutions can be well incorporated into the existing technology network, not all are found to do so. As a result, companies might require major upgrades of their legacy systems.
Parvez Patel, director, Capital Markets Technology at Pinnacle Systems, Inc, a US-based technology consulting and solutions provider to capital markets firms, insists on three golden points that financial services organisations must keep in mind before selecting any risk management tools:
1. A clear idea about current and future risk management goals to drive the data requirements of the overall risk management system. The appropriate tools can then be selected for obtaining this data from the firm's existing infrastructure;
2. A good understanding of business processes and related data flow to drive the operational data requirements that are necessary to correctly measure operational risk; and
3. The tools that are selected must be widely used and also be capable of being extended in future to accommodate the natural evolution of the firm's operations.
Enterprise-wide risk management is much like virgin forests likely to be explored by the financial services industry in the near future. It promises to look across organisations to identify all the risks. It also promises to determine how these risks are interrelated and how they affect performance and profitability, thus weaving a direct relationship between processes, products and profit.
Frankly speaking, there has never been an ideal risk management strategy so far that will serve as a complete shield against any potential risk. EWRM, the flavour of the current times, if implemented in real terms, will definitely be a boon to the financial services industry. But we need not wait for long. Come 2006, and we will be able to witness whether the new buzzword turns out to be myth or reality.