Risk management has again taken center stage in the world of ﬁnance. Greater regulation, increasingly inter-connected markets, and new sources of volatility leave the door open for an unprecedented level of risk, the sources of which are as varied as they are numerous. At the same time, ﬁnancial services institutions must continue to innovate and grow. This necessitates an entirely new paradigm in risk management—spanning the entire enterprise in its vision, powered by new ideas in action, and underpinned by technological interventions in execution.
Early and provident fear is the mother of safetyEdmund Burke
The ﬁnancial debacle, which the world endured beginning early 2008, has largely been attributed to the increasing de-regulation that the banking and ﬁnancial services industry witnessed from the 1980s onwards. After the frequent ﬁnancial crisis of the global markets, and the state of the American economy in the early decades of the last century, several stringent regulatory measures were imposed. This brought more control to the functioning of ﬁnancial institutions by reducing their ability to take undue risks that could put the whole economy in peril. However, after half a century had passed with no major crises, the rules were relaxed only to cause the latest global economic meltdown. To a large extent, we are still suﬀering the consequences of the excesses of the previous decade. The North American economy continues to remain fragile and the European debt crisis shows no sign of abating anytime soon.
Not surprisingly, much more stringent regulations are back in place. Risk management has again taken center stage in the world of ﬁnance. The volatility and growing complexity in the ﬁnancial services industry has made it necessary for regulatory bodies to impose compliance regulation on capital, liquidity, and operations. The impact on revenues is quite signiﬁcant. This, in turn, has compelled senior management to get directly involved in setting up a robust risk management function that will deal with systemic reforms, cost controls, reputational risks, regulatory compliances, and credit risks. The key then, is to look at this challenge as a path to sustainable success, backed by an enterprise-wide risk strategy, which enables institutions to stay on top of compliance while enabling a growth-driven enterprise.
The lack of speed and agility to assess various risk exposures is a key reason behind why banks and ﬁnancial institutions were unable to manage the volatility in market conditions. Factors like the inability to quickly assess and analyze the risk-reward ratio and calculate fund value on demand resulted in management taking uninformed decisions and even losing out on new opportunities
Today’s volatile market environment, however, demands agility and adaptability—the lack of which may result in missed revenue opportunities. For instance, calculating the mark-to-market value of ﬁnancial instruments held by the ﬁrm, requires informed planning to ensure that a fair value is calculated during a distress sale or forced liquidation, or in cases where enough price inputs are not available, the estimations are based on a scientiﬁc assessment of the value. The lack of such planning could result in liquidity constraints and even increased counter-party risks during negative market upheavals. In a worst case scenario, this lack of foresight can even translate into regulatory violations and avoidable events.
The cost of recent regulations, combined with continued low interest rates, could reduce retail bank revenues by 30 to 50 percentBAI Executive Report
The technology needed to manage risk and regulation will chew-up 15 percent of IT investments. Financial services companies will struggle to ﬁnd the optimal channel mix to deliver value to clientsIndustry analysts
The total bank write-downs in the last ﬁnancial meltdown due to the lack of comprehensive risk management could exceed a shocking $2 trillionInternational Monetary Fund (IMF)
Risks are an inherent part of the business. Banks and ﬁnancial institutions face several types of risks due to the uncertainties associated with market dynamics. For instance, the institution could be facing ﬁnancial risks such as credit, capital or a liquidity crisis. Increased regulatory oversight poses risks of huge ﬁnes and penalties, as ﬁnancial institutes take regular risk-based decisions that could lead to non-compliance if the organization has not enabled a risk intelligent culture throughout the ﬁrm.
There are also risks that could arise from ﬂuctuations in the market. In addition to this, there are several risks that could be of a non-ﬁnancial nature—money laundering, operational, or reputational. Risks could also arise due to reliance on legacy technology, a lack of a homogeneous application landscape or integrated platform, and/or compliance or network security breaches among others. Any impact in one area could have a cascading eﬀect that soon engulfs the other areas. The objective of risk management is to analyze these risks and manage them eﬀectively in order to ensure a proﬁtable trade-oﬀ. In this section, we present a detailed look at the various areas that pose signiﬁcant risks to banks and ﬁnancial institutions.
Lending is one of the central functions of a ﬁnancial institution. It is a key revenue mechanism but also poses one of the biggest areas of risk. Eﬀective measurement and management of credit risk is therefore an integral part of risk management. The objective is to minimize potential risks and maximize returns for the ﬁrm. The value of any collateral that has been pledged by the borrower needs to be evaluated on a regular basis to ascertain whether the loan risk versus collateral value is in the bank’s best interest. Additionally, credit quality also needs to be monitored and proactive actions taken in case of any signs of deterioration.
Risks can arise from both expected as well as unexpected events. Right from 1998, when Basel I was ﬁrst framed for the supervision of international banking, to Basel II that brought more control to how banks and ﬁnancial institutions aligned capital markets with risks, to the more recent Basel III that has suggested regulatory standards for ensuring capital adequacy and adequate liquidity, the industry has been moving towards a state where such risks are minimized. Expected risks can be considered and factored into product pricing. Financial institutions, however, need to have enough reserve capital to manage any unexpected events that may aﬀect functioning. During upward trends in the market, institutions need to plan eﬀectively, and reserve capital to manage any adverse events that may pose a threat to capital. Not doing so could result in regulatory violations. This necessitates a plan to manage crisis situations and a system to monitor and assess the plan at regular intervals.
The market volatility we witnessed over the past few years will not be easily forgotten for a long time. The impact of a regional issue, i.e., the subprime debacle in the US, on the global ﬁnancial sector and the rapid rate at which it engulfed and devastated economies that were in seemingly good health, indicates the risks these markets can pose to businesses. The credit or liquidity position of a bank or ﬁnancial institution can be adversely aﬀected by factors such as interest rate changes, inﬂation, currency rate ﬂuctuations, or even stock market movements. A risk management system can provide a framework to continuously measure, monitor, and manage the various elements that can pose a risk to the bank in case of a change in any key factor that could have an adverse impact.
Correctly estimating liquidity is critical to eﬀective risk management. In times of trouble, customers can withdraw cash or liquidate equity and commodity positions. Contractual obligations could however impose restrictions on institutions from calling in credits or loans before the contracted period. This necessitates maintaining liquidity to cover unexpected withdrawals. Risk managers also need to take into account delays in receivables or potential bad debts. A mechanism that monitors the performance of assets and deterioration in credit quality is necessary to take required action to oﬀset such possibilities.
Manual processes could result in human errors creeping into the system. Fraud or failure of internal governance and control mechanisms are other factors that constitute operational risks. External events such as natural disasters or even terrorist attacks can pose grave risks. In the recent past, there has been an increase in such adverse events across the globe. This calls for systems that enable automation where possible, standardization of processes, implementation of various frameworks, and preparing contingency plans for all sorts of possibilities. Internal governance and safeguard mechanisms need to be put in place. Regulatory bodies have mandated various measures to counter such risks, and these requirements need to be adhered to.
Non-adherence to compliance requirements could result in signiﬁcant penalties. This necessitates better governance mechanisms and systemic upgrades to reduce the risks posed by unintentional violations
Technological advancements have increased client expectations, and competitive pressures necessitate staying on top of all client-oriented technological trends. Technology also is integral to the basic functioning of the bank. As such, this sector has traditionally been the early adopter of technological innovations. However, this also brings with it various risks such as downtime, network perimeter breach, technological obsolescence, and an increase in complexities. This needs to be countered by robust enterprise security solutions and a global security operations center to monitor risk.
The erosion of trust in the institution can even lead to bankruptcy. This can happen irrespective of the fact that charges levied may even be proven as false. Reputational risk can, in turn, impact liquidity by encouraging deposit withdrawals, and loss of clients and new business, and thereby, considerably shrink shareholder value. Hence, the risk management policy should take into account potential sources of reputational risk to which the institutions are exposed.
Partnering with a third-party service provider with vast experience and expertise in providing risk management services to banks and ﬁnancial institutions across segments can help accelerate organizational readiness to tackle risks. For those who already have a risk management infrastructure in place, an external view will enable the identiﬁcation of potential gaps they may have missed.
Technology is a critical component of any risk management initiative. It reduces time-to-market considerably, increases operational eﬃciency, enables quick detection of high-risk accounts, identiﬁes potential loss making scenarios, and enables executive management to hedge the risk. Technology also plays a crucial role in ensuring regulatory compliance and enabling regulatory reporting. It provides tools to evaluate liquidity risk regularly and thereby enables the bank or ﬁnancial institution to make informed funding decisions that can mitigate risks or capture short-term opportunities.
Business intelligence tools can help quickly identify new opportunities while newer data assessment technologies can provide deep insights that can impact current and future proﬁtability. For instance, risk management tools can help ﬁnancial institutions make the best possible decisions for their clients using analytical tools across data sources. Integrating data sources can enable the institution to seamlessly analyze credit and liquidity risks, and even keep a check on potential market risks. Uniﬁed dashboards can enable senior management to understand overall risk exposure and take proactive measures to keep it under manageable limits. The possibilities are many, but adopting the technology measures that are relevant to the enterprise is what matters the most.
Shaping an Enterprise-Wide Risk Management Strategy
Implementation of risk controls is not only a compliance mandate. Eﬀective risk management can also have signiﬁcant impact on a bank or ﬁnancial institution’s future proﬁtability and long-term growth. Technology can play a critical role in helping ﬁnancial institutions manage these risks eﬀectively, and there are varied solutions that can be put in place by partnering with an accomplished third-party IT service provider. For example, implementing analytics tools to identify deterioration in credit quality, which triggers proactive measures to restructure or reﬁnance risky loans before they turn into non-performing assets.
However, technology is not an isolated barrier against potential risks. It needs to be a part of the organization’s larger integrated risk management strategy. Areas such as reporting and forecasting should be improved. A strong governance framework should be adopted. Internal control processes should be implemented along with supporting technology systems to enable proactive risk management and mitigation, so ﬁnancial institutions can conﬁdently sail ahead to their next wave of growth without running into icebergs.