Given events in the financial sector in the past decade, it’s safe to say all eyes are on risk. In the context of lessons learned from the financial crisis, the Basel Committee on Banking Supervision in its BCBS 239: Principles for Effective Risk Data Aggregation and Risk Reporting has deemed legacy bank IT and data architectures “inadequate to support the broad management of financial risks,” forcing global banks to invest in more sophisticated risk technology.
With regulatory deadlines looming in January 2016 for large organisations, and eventually smaller financial institutions over time, it is fair to say that for most banks, compliance is not just a box-ticking exercise, sufficient to get through the stress-testing requirements. With the business case for ‘fit for purpose’ risk technology in place there is an appreciation of the business insights and competitive advantages – not to mention better use of risk capital – that smart risk technology offers. As recent events have shown, risk stress testing capabilities play a substantial role in banks’ capital distribution plans, and continue to be under regulatory scrutiny.
Increasingly firms are recognising the opportunity to build on existing or adopt new risk management systems that will enable sustainable growth. 89% of respondents to an EY survey this year view BCBS 239 as an ‘enabler’ for their enterprise-wide risk data management capability – a chance for a risk-tech health-check and overhaul, to shape their IT strategy and develop their IT infrastructure, rather than simply as a regulation to comply with.
The key issue now is how best to ensure your business gets what it needs from its risk technology. Implementation of a sustainable and integrated risk management system is no easy task and risk managers must ask themselves the right questions before they make decisions on what system is right for them and why. It is crucial to view risk technology as more than just data management and aggregation. It starts with collecting and managing internal and external inputs, testing assumptions across the entire business, holistically if you will, to calculate statistical answers, producing even more data, and then getting those answers to the right people at the right time.
It is vital risk managers demand the best from their risk platforms and not simply make do with cumbersome legacy systems, or in fact expensive vendor products, that may not be fit to deal with incoming regulatory requirements or market structures.
The following six questions should help discern if existing risk technology will stand the test of time (and regulation), where it needs upgrading and where the gaps are:
Any CRO who can answer ‘yes’ to all of these questions, is in good stead to thrive in today’s risk environment and comply with many of the requirements set out in BCBS 239 around risk data aggregation capabilities and risk reporting practices, as well overarching data & IT governance. If not, these six tenants provide an effective starting point to identify where the gaps are and whether to build on existing capabilities or build a whole new system.
At the same time, avoiding common pitfalls when choosing a risk platform is just as crucial. What any CRO will be looking to minimise is COMPLEXITY, COST and MANUAL LABOUR. With each manual process, for example, comes increased operational risk. As much as possible, the platform should minimise the need for manual intervention. Moreover, automating the mundane, focuses users on the more important analysis of results. Delivering all this, with constraints on cost will be no mean feat, but certainly achievable.
Don’t just make do: demand more from your risk platform.
With the WHAT, WHY and WHEN clearly behind us, the focus is on HOW?
The question now is:
HOW will the CROs and their technology teams ensure the risk platforms are fit for purpose, deliver on multiple fronts and are in line with regulatory requirements and market expectations?
The answer is: by making sure the right tool kit is in place. Don’t just make do with inherited or legacy technology. Demand more from your risk platform. After all, there are more than careers and reputations at stake; the stability of the business, financial markets and health of the global economy depends on risk, and the capability to manage it.