Q&A: Enterprise-wide Risk Management Part III

Waters gathered together four capital markets sources ─ two representing end-user firms, ANZ and AIA Group ─ and two sponsors ─ Thomson Reuters and GFT ─ to discuss the challenges facing capital markets firms when it comes to designing and implementing enterprise wide-risk management systems. Here are their thoughts...

Click on the relevant links to view Part I and Part II of this four-part Q&A. 

Q: What aspects of enterprise-wide risk management do capital market firms tend to underestimate in terms of complexity?

Vijay Aviur, head of risk, global markets and wholesale lending technology for ANZ: Successful ERM implementations have to feature strong support from top management, sufficient resources in terms of cost and trained professionals, expert knowledge in risk management, and the continued focus on the implementation without losing steam in the middle of the project. For instance, integration of market risk management, credit risk management, liquidity risk management, and operational risk with other "financial" risks is a difficult step, which requires significant effort, time and costs to improve the underlying data management.
A fact that most firms do not realize is that EWRM integrates risk management into activities at all levels of a firm-right from enterprise-level activities such as strategy all the way to business unit processes and technology projects.

Marion Leslie, managing director of Thomson Reuters' pricing and reference services business:
When it comes to enterprise-wide risk management, capital markets firms tend to underestimate the importance of employee ownership and accountability. Anyone in a firm who touches the data required for risk management needs to be aware of their responsibilities with regards to the data "assets." The front office, for example, needs to be accountable for the quality of the data it inputs in order for the middle and back offices to use it effectively. This highlights the need for relationships between business units and central functions to evolve in a positive way in order to facilitate better data management and governance.
There needs to be a shift away from siloed management of legacy databases. Firms cannot outsource strategic management of this process, nor can they outsource their ultimate responsibility for understanding the new regulatory environment and ensuring that their data is governed and fit for compliance. Data vendors and service providers can play a key role here, with technology, enterprise usage models and high-quality, connected datasets designed for enterprise use. 

Successful ERM implementations have to feature strong support from top management, sufficient resources in terms of cost and trained professionals, expert vijay-aviur-profknowledge in risk management, and the continued focus on the implementation without losing steam in the middle of the project - Vijay Aviur, head of risk, global markets and wholesale lending technology for ANZ.

Drew Wade, senior managing partner, AIA Group:
In my experience, setting a mission, strategy and roadmap sets the basis for assessing risks and effectively dealing with them. Firms that set up a foundation and a uniform philosophy may have a faster response time. Equally important is that these firms will have a reliable risk management system in place to provide proper policies to ensure that procedures are efficiently carried out, which can reduce the guesswork for assessing risks and ensure that enterprise-wide compliance is achieved at all times.

Ami Grewal, head of business consulting, GFT:
The data. The data is by far and away the biggest thing that everyone seems to assume is really easy. Unfortunately, I've made mistakes myself when I've gone in on some projects thinking, "This will be easy because how can you not have the data to run your business? You must have the data somewhere."
The assumption that you have the data is really bad. The quality of it and the understanding of it is quite disparate. Over the last few years, we've seen a huge amount of churn of people in the banking sector. So the person who knew all about your data last month may have moved across the street. The institutional knowledge is gone, and with it leaving, they don't know their data as well as they should.

Q: How has the current landscape added to the complexity facing the industry when it comes to managing their risk on an enterprise-wide basis?

Grewal: The current landscape in terms of the regulatory change is forcing banks to start to get their acts together to reduce not only front-office risk but back-office risk, too. At GFT, we commissioned a global survey that found that 95 percent of financial firms agree that they are operating in a "new normal" environment of constant, and in fact increasing, regulatory change.
Historically, banks have worked around some of these regulatory challenges tactically rather than fixing them strategically; however, they're now getting to a point where regulatory compliance demands will leave them deficient. They find that the investments they've made are not quite as innovative or strategic as they could have been, so they'll have to look to rebuild to a better solution.
I was speaking with someone the other day who said: "We build things three times. The first time we don't know what we're doing; the second time we think we know what we're doing, but we haven't figured it out; and by the third time we build it, we actually know what we're building."
This doesn't mean that you're spending the same amount on the second or third iterations, but you do have to keep on spending over time. Firms are finding that their regulatory burdens split their attention and resources away from managing enterprise risk, unless they approach compliance in a strategic way.

Wade: The increased regulatory environment, while necessary, in some cases exacerbates the complexities of risk management, particularly for smaller funds and trading operations. For example, firms have to set aside time and resources to train employees on compliance and risk management procedures. Additionally, in order to keep pace with regulators, firms must constantly monitor regulations and new rulings. They must also dedicate resources to maintain documentation and compliance guidelines, which can be expensive. The handling of vast amounts of data, including protecting against cyber-attacks, can place further weight on the firm's resources, especially when taking into account the priority of maintaining a secure platform on a perpetual basis. Of course, innovation is a key to success. However, the reality is that being on the cutting edge increases the complexity of risk management. For example, algorithmic trading operations like the one I manage must innovate to achieve consistent returns that exceed investor expectations.

The final part of this four-part Q&A will be published on October 12.