Risk management is a subject which has come to occupy the minds of more and more financial institutions in recent years. It has always been important at the trading desk level, for hedging, exposures, relative value trading, limits, and such. But enterprisewide risk management is now a major concern for financial institutions around the world.
This is not simply due to recent debacles which have cost institutions enormous sums of money. Organizations can reap huge rewards from well-managed trading, but the key to success is to actively take risks. This requires a long-term, sophisticated approach to risk management system development that is customized to each bank's specific needs.
There are five key areas where bankers risk getting the smallest payoff on their risk management investment. While many banks recognize the importance of enterprisewide risk management, only a few have tackled the challenge effectively. There is a strong desire to do something, but, in many cases, much time and money has been spent without very much being achieved. With any new and difficult challenge, mistakes are understandably going to be made. Here are the five biggest mistakes to avoid when planning, developing or upgrading a bank's risk management systems.
getting what you pay for
Mistake One: Trying to Get Something for Nothing. It's easy to underestimate what goes into a risk management solution, and thus guarantee failure right at the outset. There is a great temptation to look for a cheap and easy solution. Banks doing this don't treat information as an asset, and fail to see how taking the right risks is inextricably woven into the fabric of the bank's success.
An effective system requires integrating a host of important information, and is costly to implement both in time and money. The cost of a good system, however, is far outweighed by both the possible loss avoided-sometimes the whole bank-and what can be gained in business profits. Good information from risk management helps bankers make more effective, long-term strategic decisions about where to allocate their scarce capital in dynamic, competitive markets in order to make the most money.
In the false hope of a quick and easy solution, severe expectation problems can arise. By not getting sufficient executive attention, and by treating risk management as a quick-fix rather than an integral planning process, banks can severely undermine the value and usefulness of their risk management solution. Give the problem and solution their due. Make sure that everyone in the bank understands that the project will take time, money and, more importantly, managerial attention. It is also important to build in milestones that mark progress and provide value to those doing the real business. Without showing some business value early, the project may never get past the first annual budget cycle.
Mistake Two: Don't Start from Scratch. This is the opposite extreme from buying a quick-fix solution in Mistake One. There have been many large, failed projects where heady, self-reliant banks try going from green fields to a super-mega-monster system completely on their own. This is a good way to blow $100 million. In fact, many banks have faced massive write-offs for home-grown systems that never got off the ground.
The do-it-yourself banks do gradually gain a very good understanding of the enormity of the challenge. But often by then the scope is so huge that paralysis sets in as banks see their progress and their goals getting even further apart. Most business people have heard the advice "buy the best, build the rest." For banks with expertise and proprietary advantages in particular areas, the converse applies: build your best, buy the rest. Many critical components of risk management solutions are already commoditized and can be bought for one-half to one-tenth the cost of building them in-house.
learn to be a risk taker
Banks already have many systems in place and don't need to start from scratch. Key core competencies such as legacy systems, models and other proprietary information systems might remain as is, need to be enhanced, or even be replaced; but they represent a starting point for the risk management solution. Be realistic and don't try and do it all yourself. Banks should leverage existing investment and integrate in-house expertise with market-proven, open standards-based solutions.
Mistake Three: Building What the Risk Controller Wants. This is also known as the best defense is a good defense. It's easy to fall into the trap of building a risk management system that solely provides for regulatory compliance. Risk management is more than an insurance policy. This "defensive" approach can be achieved a bit more quickly, but only addresses one-half of the business equation-risk, but not return. The instant gratification of getting regulators off the bank's back quickly disappears, and the defensive solution stops there. This trivializes risk management by disconnecting it from the business drivers. An offensive, strategic approach is harder, but leverages the investment in the risk management system to provide higher returns.
Effective risk management is more about taking risk than avoiding it. That's how banks make money. A risk management system has to be used by the risk-takers and profit-makers in the bank in order to be effective and add value. It should help banks make effective decisions about how and where capital is allocated. Risk managers should build a strategic solution with a flexible open system that allows for possible integration across other problem areas besides risk management.
Mistake Four: Building the "Roof" First. The "top-end" of risk management solutions is the exciting world of models, analytics and graphics. The most important aspect, however, is the foundation's dealing effectively with data, which is tedious and boring. Banks frequently err by over-emphasizing the enhancement of esoteric models at the expense of good data handling. Often, banks will initially devote 80 percent of their attention to "roof stuff" that represents only 20 percent of the value and work. This is backwards; banks embarking on global risk management find that data is the most difficult problem and most important-and time consuming-part of the solution.
thinking Ahead
Data is the foundation on which the whole system is built; this foundation must be strong, but also open and flexible. In a bank's risk management system, the foundation should be built first. A good foundation will support whatever is built on it and can be extended and leveraged many times over.
Mistake Five: Just Solving Today's Problem. This is perhaps the most dangerous mistake. It may be tempting to reach for the first solution that addresses your current needs, but rigid system solutions are often stale by the time they are in place. Banking is a dynamic industry, and change is the only constant. Tomorrow's problems will be different from today, and so will tomorrow's solutions. So if a bank wants to solve today's problem, it needs to ensure it does so with something that can change and grow. Otherwise the bank will need to re-create the system each year, leaving a trail of broken solutions and budgets in its wake.
Therefore, when planning the development of the system, the smart bank keeps its options open. If the solution is going to be able to grow with the organization through uncertain times, it will need to be flexible and extensible. Such a system will cost a bit more in time and money in the first year. But the added value and future savings are enormous. Plan for future success with a flexible system that can solve tomorrow's problems as well as today's. Those bankers who harness technology and use information most effectively will rise to the top and ride the wave of industry globalization.
Mike Edleson is director of risk management at Infinity Financial Technology, Inc., a Silicon-Valley based technology company that develops and markets software for financial trading and risk management.
SAFEGUARDING AGAINST THE PITFALLS OF GLOBAL RISK MANAGEMENT
MISTAKE ONE: TRYING TO GET SOMETHING FOR NOTHING.
Enterprisewide risk management systems are data-intensive and costly to implement. But banks that view information as an asset can take the right risks and that, in turn, yields greater profitability.
MISTAKE TWO: DON'T START FROM SCRATCH.
Utilizing some pre-existing systems-models, proprietary information systems, etc.-can be leveraged in building a risk management system. This saves banks time and money.
MISTAKE THREE: BUILDING FOR THE RISK CONTROLLER.
Risk management is much more than an insurance policy; it's a strategic business issue that can influence the profitability of an institution in that it gauges risk-adjusted return on capital.
MISTAKE FOUR: BUILDING THE "ROOF" FIRST.
The foundation of a global risk management system is data-not the models, analytics and graphics that top off risk management.
MISTAKE FIVE: JUST SOLVING TODAY'S PROBLEM.
Banking is a dynamic industry experiencing radical, on-going change. Build a system that solves today's problem and is flexibility and extensibility over the long term.
