9 Trends Reshaping Risk Software

Register now
  • Scotia Capital, a division of Scotiabank, has been developing technology that lets credit risk officers and traders at the bank share counterparty risk assessments of potential trades. The $575 billion-asset, Toronto bank has already created a real-time view of counterparty risk for its energy, equity and base-metal derivatives trading desks; rates derivatives are next. More recently, it developed a way to turn that information into loan-equivalent data that can be shared with credit officers as well as with the traders.
    January 1

That the market for risk software for the banking industry has never been stronger is a bit ironic, given that the stagnant economy and regulatory uncertainty continue to paralyze banks' efforts to take the very risks they're paid to take on loans to businesses and consumers. But banks are expected to spend 7% more on risk technology this year than they did last year, according to IDC Financial Insights. The firm predicts that worldwide financial services information technology spending on risk management technology will exceed $74 billion by 2015. The analysts expect IT spending on risk management to top 15% of total IT spending in financial services in 2012.

New regulations calling for stronger risk controls and reports, such as Dodd-Frank and Basels II and III, are a big driver. "In the big picture, Dodd-Frank has huge implications for banks' technology spending," says Jaroslaw Knapik, senior industry analyst, banking technology at Ovum. "Right now, banks are preparing the foundation for future changes." For instance, Knapik sees some larger banks upgrading their core banking systems to adjust to new risk rules.

Banks are generally unhappy with their current risk technology. Only 9% of community bank executives (at companies with less than $100 million of assets) think their risk management technology is effective, according to a survey of the American Banker Executive Forum conducted in August (in partnership with Total System Services, Tata Consultancy Services and Jack Henry). Large banks are more satisfied: 48% believe their risk technology works; among midsize banks the rates were in the low 40s. To close this gap, 72% of all banks plan to increase their spending on risk management technology in the next 12 months, according to the survey, which polled 303 U.S. retail bank executives.

These investments will be guided by several trends in risk management approaches.

TREND No. 1 Adoption of enterprisewide risk management software among smaller banks. Such software gathers risk data from different parts of an organization to provide an enterprisewide view of risk. A survey of the American Banker Executive Forum found that large banks are saturated with ERM - 87% of banks with more than $10 billion of assets have enterprise risk management software. Among banks with less than $100 million of assets, only 24% do. However, 36% of small banks plan to introduce an ERM program in the next 12 months.

The market for enterprise risk management and infrastructure solutions as defined by IDC Financial Insights (hardware, software, internal and external services) is $2 billion-plus and is expected to grow more than 8% per year through 2015. "Firms continue to want to chop down the silos and provide more information across disciplines," says Michael Versace, research director of IDC.

"There's an evolution toward personal accountability and responsibility of board members," says Todd Cooper, vice president and general manager - enterprise risk and compliance at Wolters Kluwer Financial Services. "It's part of the need for an organization to be a good steward of all its investors' and customers' funds. This has been coming in the U.S. since the Enron and WorldCom scandals. The financial crisis and Dodd-Frank put an increased emphasis on the ability for an organization to wrap its arms around what its true risk picture looks like. Federal regulators insist that banks effectively manage risk and have programs and technologies that demonstrate their mastery of the situation."

BANK DOING THIS: Blue Hills Bank of Hyde Park, Mass., is using Wolters Kluwer ARC Logics for Financial Services to measure, monitor and manage risk across all of the bank's business lines.

TECH PROVIDERS: The large business intelligence software companies, e.g., International Business Machines (OpenPages), Oracle and SAS, all provide ERM software to large banks. For smaller banks, MetricStream and Wolters Kluwer's ARC Logic are among the options.

TREND No. 2 Adjustment of credit risk models for procyclicality - in other words, the impact of the distressed economy. Procyclicality is a fancy word for the way the actions of policymakers and businesses to adjust for a recession often make the downturn worse.

The financial regulations of the Basel II accord have been said to cause procyclicality because the agreement requires banks to increase their capital ratios when they face greater risks. Basels I, II and III all require banks to calculate risk weightings for all their assets - including consumer and commercial loans - under various economic scenarios to determine how much capital they need to set aside in case of default. This can cause banks to lend less during a recession, which can aggravate the downturn.

"When the economy gets worse, risk gets worse, and when the economy gets better, risk profiles and risk levels improve," says Andy Jennings, the chief analytics officer and head of FICO Labs. "One of the drawbacks of the way we model risk today is that it amplifies both cycles." As risks increase, banks' capital requirements increase when it's too late to make a difference. "You have to put capital away when times are good, not when times are bad," Jennings points out.

This vicious cycle has thrown the normal use of credit scores and credit risk modeling into confusion. Today a credit score of 700 might mean a customer has a 1 in 20 chance of not repaying. If the economy were to get worse, the odds would change to 15 to 1 or something like that. "The problem arises, how do you predict what that the odds ratio might be under a given set of economic factors?" Jennings says. New or modified credit score models can help. The catch? Someone in the bank has to take a stand on what the economy will do - the models cannot forecast the future.

BANK DOING THIS: Raiffeisen Bank International is using FICO's economic impact service to overlay macroeconomic information on top of its traditional credit scoring system, adjusting risk scores based on recent and projected economic conditions.

TECH PROVIDERS: FICO (economic impact service) and SunGard (Ambit credit portfolio). 

TREND No. 3 Looking beyond the credit bureau report to assess consumer creditworthiness. As the pool of potential borrowers with pristine credit records has dwindled, and 25% of U.S. adults don't even have a credit report, banks have begun considering alternative and/or additional types of data, such as rental records.

One idea banks are toying with is that of incorporating social media data into assessments of credit risk, for instance, by considering the credit scores of a person's friends in addition to that person's own score. However, information posted on social media is not always 100% accurate. Under the Fair Credit Reporting Act, banks have to be able to verify customer data. "If I went on LinkedIn and said I have a PhD in astrophysics, which is not true, a number of people might comment on that, but the bank would still need to check that," Jennings points out. "This is not a cure for credit histories. We're inching our way in this direction."

BANKS DOING THIS: Lenddo (an online microlender) uses information about Twitter and Facebook friends in assessing consumer credit risk and the online bank front-end Movenbank is said to be working with the social media influence ranker Klout on a similar approach.

TECH PROVIDERS: Credit Karma, Experian, FICO, L2C and LexisNexis Risk Solutions.

TREND No. 4 The use of new methods of calculating product pricing based on risk. Given the changing patterns in creditworthiness and default rates, some banks are reconsidering the way they price their credit lines. If a bank increases a customer's credit line and that person's balance goes up, more capital needs to be allocated. By feeding the capital requirement into the pricing engine, banks can better allocate capital between competing objectives - expanding the portfolio versus being profitable given the cost of capital.

BANK DOING THIS: Scotiabank is considering the cost and impact of capital requirements in its lending and trading decisions using Algorithmics software (see sidebar on page 25). Samsung Credit Card in Korea is using FICO's decision optimizer to model its card portfolio and make pricing decisions.

TECH PROVIDERS: Algorithmics, FICO and SAP.

TREND No. 5 Risk model validation. Another trend, driven not just by Basel, but by the intensified scrutiny of banks in general in the aftermath of the financial crisis, is the validation of risk models and reporting on the use and effectiveness of models across the organization.

The Office of the Comptroller of the Currency issued a paper in April about best practices for model validation in banking. "Banks rely heavily on quantitative analysis and models in most aspects of financial decision-making," the OCC said in its report. "They routinely use models for a broad range of activities, including underwriting credits; valuing exposures, instruments and positions; measuring risk; managing and safeguarding client assets; determining capital and reserve adequacy; and many other activities. ... The expanding use of models in all aspects of banking reflects the extent to which models can improve business decisions, but models also come with costs. There is the direct cost of devoting resources to develop and implement models properly. There are also the potential indirect costs of relying on models, such as the possible adverse consequences (including financial loss) of decisions based on models that are incorrect or misused. Those consequences should be addressed by active management of model risk."

BANK DOING THIS: First Gulf Bank uses Standard & Poor's risk solutions to validate its probability of default ratings models.

TECH PROVIDERS: IBM SPSS, S&P (risk model validation service) FICO (model central) and Quantifi.

TREND No. 6 Creation of keep-it-simple dashboards for bank board members. "The information for the board members has to be packaged in the right size for them," Cooper says. "One of the fascinating things about working with banks is every bank has a slightly different way of making money, even two retail banks that are relatively the same asset size in adjacent counties have specialties and a different customer base. Therefore the risk picture changes a little bit and the type of information the top of the house would want to track would be slightly different."

If top executives and board members look at the numbers and realize they're more exposed than they expected on the operational risk side, for instance, they can decide to hold on to more capital to offset that risk. "They can tune the organization through a stricter set of controls automatically distributed through the organization, they can change policies and procedures and distribute them automatically and they can start to steer this ship in a different direction," Cooper says.

BANK DOING THIS: Security National Bank in Laurel, Neb., gives top executives loan dashboards using WebEquity Solutions software.

TECH PROVIDERS: WebEquity and Wolters Kluwer.

TREND No. 7 Real-time and intraday risk monitoring, alerts and reports. "Basel II put forward the idea that the requirements for stress testing and shock testing on portfolios are not a midyear exercise but something that needs to be more real time," Versace says. "Basel III reinforces that with a stiffer capital reserve requirement. We think that will drive more investment to the analytic platforms, improving the timeliness and frequency of capital adequacy reporting, and giving rise to new technology stacks coming to market from the likes of Oracle, IBM, HP and even VmWare (with Gemfire). These risk analytic stacks are well tuned to meet new reporting requirements."

Continuous monitoring of key risk indicators lets employees tune their behavior and self-correct, creating a feedback loop that results in an overall better risk picture for the organization. Real-time monitoring could cover attempts to access an online banking system or downtime for customer-facing Internet services, for instance.

BANKS DOING THIS: JPMorgan Chase has implemented a high-performance computing system to calculate real-time credit risk using field-programmable gate arrays developed with Maxeler Technologies. (FPGAs are an example of specialized hardware being used to conduct data-intense risk analyses at high speeds; graphics processing units are another.) British Arab Commercial bank recently installed IBM's real-time business analytics system; it no longer needs to rely on spreadsheets and human input.

TECH PROVIDERS: HP, IBM, MathWorks (working with Nvidia on high-speed risk calculation engines), Oracle, Sybase, SAS and VmWare.

TREND No. 8 The bringing together of different risk systems, such as commercial loan risk and trading risk or fraud and anti-money-laundering.

"There's a strong movement to merge those systems to have similar underlying technologies, business process and workflow," Knapik says. "It makes sense and increases efficiency." In some cases, it saves money. "If you manage to consolidate your data sources, it's much easier to use analytics and reporting rather than having data in different point solutions," he says. "It's much easier to handle for the operational manager who needs to report for various areas, not just fraud, but also anti-money-laundering and credit risk."

Knapik also sees banks trying to obtain a similar user interface for different types of risk systems. "The major reason is long-term, it's a lower cost of ownership if you have the same business intelligence tools being used for credit, market or operational risk and similar reporting templates."

BANKS DOING THIS: Capital One is at the end of a three-year project merging antifraud and anti-money-laundering systems to achieve cost reduction and efficiency. Citigroup is going through a consolidation of 20 antifraud systems. Scotiabank is bringing together risk data from its capital markets and commercial loan areas to provide a more complete view of risk (see sidebar).

TECH PROVIDERS: IBM/Algorithmics, Oracle and SAP business objects

TREND No. 9 Bigger risk data sets leading to the use of performance- enhancing technologies such as in-memory computing. "The whole issue of large data is becoming key," says Steve Wilcockson, financial services manager at MathWorks. "We've got to hold a lot of data, the more granular and fine-grained it is the better. This presents difficult problems for vendors."

"One thing that's getting a lot of support is the integration of in-memory computing with traditional database technology," Versace says.

BANKS DOING THIS: None on the record, but vendors say banks are testing this technology.

TECH PROVIDERS: Oracle (Exalytics) and SAP (HANA).

Top 10 Concerns of U.S. Executives

The Economist Intelligence Unit and Lloyd's of London conducted a global survey of risk attitudes among 500 c-suite and board executives in August 2011. Among U.S. company heads, the following were the most worrisome risks:

1.Loss of customers/canceled orders (this ranked third among global executives).

2.Reputational risk (sixth globally).

3.Changing legislation.

4.Price of material inputs.

5.Fraud and corruption.

6.Talent and skills shortage (including succession risk).

7.Rapid technological changes.

8.Cost and availability of credit.

9.Corporate liability.

10. Theft of assets/intellectual property. 

For reprint and licensing requests for this article, click here.