Q&A: Enterprise-wide Risk Management Part I

Waters gathered together four capital markets sources ─ two representing end-user firms, ANZ and AIA Group ─ and two sponsors ─ Thomson Reuters and GFT ─ to discuss the challenges facing capital markets firms when it comes to designing and implementing enterprise wide-risk management systems. Here are their thoughts... 

Q: How do capital markets firms make the business case for implementing the technologies and operational disciplines in order to manage their risk across the entire enterprise?

Marion Leslie, managing director of Thomson Reuters' pricing and reference services business:
Regulations are often perceived as the stick behind many technology or operational changes. However, a positive side-effect is the fact that incoming regulations are driving the industry toward a more holistic approach to data management in general, but specifically for risk. New regulations such as the Basel Committee's BCBS 239 are pushing financial institutions to adopt best practices for managing risk data by requiring them to aggregate their exposures for a comprehensive view of the broader picture. 
Of course, the output in terms of risk calculations will only be as good as the input, which translates into the need for an equally robust approach to data and data management. More than just garbage in, garbage out (GIGO), the complexity and scope of today's financial institutions introduce a whole series of data quality requirements as far as risk data is concerned, not just quality, accuracy and timeliness, but also aggregation, normalization, validation and interpretation.
This brings the focus back to the importance of data quality, which is central to the discussion. Ultimately, data management systems and processes supporting risk and operational management need to deliver relevant, consistent, timely and accurate data to risk managers so they can trust their risk calculations. The business case may be compliance in the first instance, but ultimately it will be about the creation of growth and returns through proactive risk management.

Vijay Aviur, head of risk, global markets and wholesale lending technology for ANZ:
An enterprise-wide risk management (EWRM) business case must ideally include: the expected risk measurement results-both tangible and intangible; the estimated potential hard-dollar savings achieved through centralization and consolidation; the estimated costs, including hard dollars and internal resource support; and the project timing and minimum program requirements, ideally defined according to short-, middle- and long-term as per EWRM objectives.
Additional executive buy-in may involve more technical sessions. Internal courses must ideally focus on risk modeling and aggregation concepts-including value-at-
risk and probability, risk results interpretation and mitigation strategies, and general market and derivatives sessions. Educational materials could address risk tolerance levels, aggregated risk results, related limit setting process, and board review and approval requirements. 
The benefits and value of EWRM far outweigh the financial and operational challenges. A successful EWRM implementation enables every member of a firm to systematically assess and proactively respond to events or uncertainties that could reduce stakeholder value; align risk appetite and strategy; improve decision-making by aligning growth, risk and reward; reduce operational and financial surprises/shocks and related costs or losses; leverage opportunities by considering the uncertainty as an entire range of potential events; and achieve consistency with an holistic risk management philosophy, process and strategy.

Drew Wade, senior managing partner, AIA Group:
At our firm, we always start our risk identification process with a brainstorming session. Next, we do interviews and self-assessments. A scenario analysis from these questionnaires is the next step. Finally, a SWOT (strengths, weaknesses, opportunities and threats) analysis is performed. We've found that a ranking system is critical to our risk measurement activities, giving us the tools we need to implement enterprise risk management (ERM) maturity models and education/training that is fully integrated into our culture and values. The main benefit of this is that we're ahead of the game when it comes to assessing and responding to challenges when they arise in real time, leading to a greater awareness of the trade-off between risk and return.

Ultimately, data management systems and processes supporting risk and operational management need to deliver relevant, consistent, timely and accurate data to risk managers so they can trust their risk calculations - Marion Leslie, managing director of Thomson Reuters' pricing and reference services business.

Ami Grewal, head of business consulting, GFT:
The business cases tend to be ─ for regulatory work ─ non-existent in many ways. Firms think, "Well, if we don't do this, we won't stay in business." No one will really question that in any way. What's interesting is that when business cases do need to be made, there's often this view of, how do we consolidate infrastructure?
If you mushed all these disparate systems together into one system, wouldn't we get the benefit from not having 50,000 servers, but just 50? Unfortunately, when you actually look at the spend on hardware and the infrastructure, they don't actually add up to very much. So while it may look initially like a great save, from an accounting perspective, it doesn't hit the bottom line in the right way and provide the benefit that you thought it would. Additionally, there's often a belief that this kind of consolidation can decrease headcount, but in many ways you don't reduce headcount, you just reallocate headcount. However, since companies must make these investments in order to remain in the market, doing so strategically is crucial to continued success.

Part II of this four-part Q&A will be published on October 8.