In a provocative, never-before-published report from Meridien Research, the world of enterprise risk technology providers is broken out by company; each technology firm is dissected for its strengths and weaknesses in functions including analysis, data storage, reporting, and integration. The report's objective is to clarify the range of expertise in the industry, and what vendors are truly closest to delivering enterprise risk technology solutions. Excerpts follow.
Pressure from regulators and stockholders has increased the amount of time, energy and spending financial services firms devote to enterprise level market and credit risk management. Supporting this increased effort is a layer of technology infrastructure which is unique in scope and complexity. Enterprise risk management is the control of risk across all locations and products for the highest level corporate entity. Few, if any, financial institutions today have achieved this pinnacle of risk management. It is an ongoing process, with a goal which is not yet well defined. The demands that enterprise risk management place on technology are extreme. The infrastructure must be stable and reliable while maintaining a high degree of flexibility-two often opposing demands.
NO EASY TASK
The enterprise risk area has not been an easy one for vendors either. Enterprise risk technology requirements are not alike from institution to institution or even from one industry segment to another. In fact, even within an institution, risk management requirements will differ, as will the data available for analysis, and the underlying assumptions. The most successful vendor solutions to date have been those that are easily customized or those that are custom built.
In-house development and custom development dominate the market and packages play a very minor role in the industry today. However, as risk management practices extend into smaller institutions, the ability to engage in custom development diminishes and vendor solutions are far more critical. We believe that a dramatic shift toward vendor-provided solutions will take place over the next three to five years, especially at smaller institutions where packaged solutions will dominate. By 2007, vendor solutions will dominate risk management technology in the industry as a whole.
Despite low reliance on packaged solutions today, vendors are playing an increasingly important role in the creation and implementation of enterprise risk solutions at institutions of all sizes, due to the trend toward buying best of breed solution components in order to minimize development costs. Every risk solution will require some degree of customization or proprietary development, however. Much of the complexity of implementing enterprise risk, in fact, lies in managing the myriad vendors involved in the project and integrating the variety of partial solutions that they provide.
assessing the players
Due to the complexity, the importance of vendor selection cannot be underestimated. Though no vendor will provide all of the necessary technology, the right collection of vendors can reduce wrong turns and about faces, saving on integration and providing for a system which is flexible and extensible.
Enterprise risk management has not been pursued by the entire financial services industry in the same manner. Banks and securities firms have been the first to invest heavily in methodologies and technologies to support an enterprise level assessment of financial risks. Some fund management companies also calculate risk exposures in a similar fashion but do so on a portfolio level rather than for the entire fund complex or corporation. The vendor solutions described below are less likely to be implemented by these companies. In addition, insurance companies have an entirely different view of risk based on actuarial science developed over the last two decades. The solutions described in this report are unlikely to be used by insurers except perhaps in the treasury departments or securities subsidiaries.
The world of enterprise risk solution providers is extremely complex. No two solutions are alike and the type and priority of user needs varies in the extreme from implementation to implementation. These factors make it very difficult to generalize about a vendor's capabilities. Nonetheless, there are ways to distinguish among the providers and risk management technology offerings. There are varying degrees of skill in the implementation of the four components discussed above and the focus, even within a sub-segment like analysis, is different from vendor to vendor (see chart p. 10A).
how VENDORs stack up
Software Vendors. Within the broad category of software vendors, there are at least three types of providers:
Risk software vendors;
Integration software vendors; and
Financial services institutions.
Each of these providers comes at the enterprise risk solution with a different perspective, different goals and different skill sets.
Risk Software Vendors. This kind of provider is focused on risk analysis. There are a few that lead the market in high-end functionality tailored to the needs of very sophisticated market makers (Algorithmics, C*ATS, Infinity). These vendors have all made their names in the area of derivative valuation. C*ATS and Infinity both started out as front-office solutions and grew into the middle office and risk management areas. Algorithmics started out as a financial engineering operation devoted to risk management and then added software to help manage the risks. Today Algorithmics leads the market and is largely responsible for setting the standards for what is expected in terms of valuation and exposure calculation capabilities.
There continues to be a great deal of movement at these vendors. Staff turnover has hurt many, and growing without losing the ability to stay on top of a quickly changing market landscape has proven a challenge which some have not survived. We do not anticipate many changes among the top players in this market, but growth in overall market size, as well as in the portion spent on outside software solutions, should provide enough space for some of the second tier vendors to have sizable increases in revenue. Our guess is that those who provide functional integration, either between market and credit risk or market risk and financial accounting, will be the firms that grow fastest and become the market leaders of tomorrow.
Integration Software Vendors. Three of the four vendors in this specialty group are new to the market. Neon, which came out of the network management world, is new to financial services and also to risk management. Mint has a long history in financial services in the world of payment systems but is also new to risk management. Softwire is a brand new company (formed in 1996 by a group exiting Sybase) and has no announced installations of any kind. TIBCO, the new name for Teknekron Software Systems, which was purchased by Reuters in 1995, is the most well established in the industry, but this application of its technology is only about a year old.
So far, none of these vendors has distinguished itself as a force in the risk management implementations market. Mint, Neon and TIBCO each has a small number of implementations to its credit. We expect that it will be 12 months before it is clear who the players are in this niche and probably a bit longer before a leader emerges.
Financial Services Institutions. Given the risk technology investment and experience levels within financial services institutions, it is not surprising that an increasing number are looking to become technology providers themselves. Three banks, Bankers Trust, CIBC, and JP Morgan, are openly marketing software. Some others, including Goldman Sachs, are quietly developing software which will be sold to their own clients. It is important to note that none of these institutions is offering to sell the complete solution that it uses internally. Rather, they have bundled pieces of their internally developed software which do not divulge too much of their proprietary risk techniques.
Data storage vendors. The database vendors do not really play a critical role in defining enterprise risk solutions. Though they are an integral part of the solution, the database has largely become a commodity and the database vendors find it increasingly difficult to differentiate themselves from their competitors. Today, Sybase leads the market with the greatest installed base in the risk management area. This dominance grows out of the recent emphasis on market risk management for traded products and Sybase's strong foothold in the trading room. It is likely to be a short-lived position, however, as Oracle is quickly catching up (capitalizing both on partnerships and on its strength in the financial analysis/core systems segment).
GLOBAL SPENDING ON TECHNOLOGY
Solution marketplace. Today the total size of the spending devoted purely to enterprise risk management is relatively small (see chart on this page). Globally, financial institutions spend over US$150 billion on information technology. The US$572 million, which represents enterprise risk technology expenditures, is a mere 0.6 percent of the total. A vast majority of this total, however, is devoted to routine spending on operations systems support. Of the US$22.6 billion that we estimate is the portion spent on strategic technology initiatives, enterprise risk management represents about 3 percent. By 2002, enterprise risk technology spending will nearly triple, but will still only represent about 0.7 percent of total technology spending by the industry, or about 3 percent of the strategic technology investments.
It is important to note the proportional spending relationships because they highlights enterprise risk's dependence on the technology infrastructure that exists within the financial services institutions. The data and analysis that are used to support enterprise risk management is a small subset of the vast systems infrastructure that makes it possible to manage the institution's daily operations. Spending numbers indicated include only spending on the technology which exclusively supports enterprise risk management.
LOOKING AHEAD
The growth rate and emerging growth patterns in the spending indicate a stronger rate of growth in Europe and Asia than in the United States. This is due to the relatively smaller number of financial institutions that are required to comply with international risk-based capital requirements (e.g., BIS capital adequacy guidelines) and the limited complexity of the product mix of smaller domestic banks within the USA. No doubt, smaller banks within the USA and other countries will implement enterprise risk management, but they are not likely to need the same level of systems support.
The enterprise risk solutions market is likely to become more complex for financial institutions before it becomes easier. In the short term, more firms will enter the space as the industry experiments with the new solution architecture. The drivers that determine the cost and ultimate shape of the implementation will be:
Vendor management;
Number and distribution of source data providers;
Robustness of the required solution; and
Growing volumes.
As pressures from regulators force smaller institutions to adopt enterprise risk management, providers of packages will dominate the large second tier of the market, a market that is virtually unexploited today. The long-term drivers of risk implementations will be:
Regulatory requirements;
Integration of market, credit and liquidity risk systems;
Integration with financial and profitability calculations; and
Ability of a single vendor to provide low cost, global risk software.
Over the next seven to ten years, the revenues from enterprise risk management will shift from integrators and consultants to software vendors and from database vendors to integration software providers. There will always be an element of risk management that is proprietary and requires customizing to meet individual needs. The portion of technology spending that is devoted to meeting these needs, however, will be increasingly small.
"Vendor-Provided Enterprise Risk Technology Solutions" was authored by Deborah Williams, founding principal of Meridien Research, based in Needham, MA.
