While the outlook for the commercial lending sector has improved considerably since the recession years of the early 1990s, bankers should not get complacent.

Loan losses are down, the banking industry is well capitalized, and earnings have recovered, and yet lenders remain under pressure as pricing margins and underwriting standards have weakened. Unless you believe that recessions have been outlawed, now is the best time to proactively manage your commercial credit risk - before the next round of economic weakness hits.

For financial institutions, successful credit risk management requires an integrated approach that combines improvements in analytics and business processes, using a new generation of risk information technology.

Within this three-legged approach, investment in risk information technology may in fact provide the biggest relative bang for the "buck" precisely because this is the weakest leg of the stool. Solving the problem of poor quality, getting at once-inaccessible risk information can go a long way toward improving on the traditional risk management axiom that "you cannot manage what you cannot measure."

Because quality risk information is so vital to managing risk, information technology improvements have the potential to play an important role in risk management implementation strategies. The Tower Group, a consulting firm, has estimated that bank technology spending in the commercial lending area is expected to approach $1 billion this year.

Until recently, most risk management business processes have focused on traditional, transaction-level analysis. Banks typically analyze the borrower's financial condition, determine a risk rating, obtain approval for the loan, set the terms and conditions, and process the transaction.

The information technology used to support these decisions still is dominated by legacy systems. These primarily host-based systems were designed to support back-office functionality like processing loan transactions and posting revenue to the general ledger, but they were not designed to support risk management activities.

Today, banks are augmenting traditional transaction approaches to risk with new decision processes, like portfolio management. One of the main drivers for this evolution is significant improvements in analytical techniques like portfolio optimization. However, implementing proactive portfolio management with the new analytic techniques compounds the mismatch between analytic/business processes and the legacy accounting systems.

As analytic techniques and decision-support systems undergo rapid change relative to risk information technology, the technology gap between where banks are now and where they need to be is actually widening.

To evolve from the transaction risk view to the new portfolio view, leading banks are implementing a combination of applications that may include, for example, default-based risk rating, detailed financial spreading and monitoring, risk-adjusted capital allocation, risk-adjusted loan pricing, and portfolio optimization.

Unfortunately, these new applications tend to end up as isolated stand- alone pieces of the overall risk management puzzle. In most banks today, these new risk applications must make do with poor quality, inflexible, manually fed risk data that are cumbersome to aggregate in support of proactive portfolio decision-making. The primary sources for the information are multiple legacy systems, designed 10 to 20 years ago and structured to support a completely different business objective.

For example, here are a few of the specific kinds of information problems banks face in supporting new risk applications and implementing portfolio management decisions:

* Establishing a unified Standard Industrial Classification code structure across multiple operational systems and distinct data sources, and ensuring integrity of the code data.

* Collecting the required information to undertake loan-equivalency calculations, to quantify committed but unfunded loan guarantees.

* Aggregating accurate, up-to-date exposure information on loan authorizations and outstandings, across customer segments, industry sectors, or geographic regions.

* Establishing an updated, accurate picture of current loan pricing to support risk-reward analysis.

* Collecting accurate, up-to-date exposure, cost, and income data to support relationship profitability or capital allocation applications.

This list of problems is certainly not exhaustive; it is meant only as a sample highlighting the significant information hurdles for the credit risk management effort.

To improve on this situation, commercial banks must begin to develop an integrated implementation plan for narrowing the current technology mismatches. This strategy should be designed to coherently link together risk analytic applications, desired business decision processes, and the required risk systems infrastructure.

Developing the risk information technology component of the overall risk strategy in the context of these "three-legged approach," is probably the best way to begin to solve current problems and successfully satisfy long- term business objectives in a cost-effective way.

Within this integrated risk management approach, a good risk systems plan should include: analysis of current and planned risk applications, analytics, and decision processes; an integrated data management strategy; and a high-level technology architecture.

Beginning with the risk applications and decision support analytics, developing an systems development plan requires a significant effort to identify the kinds of information required to undertake the analysis and feed the applications. In many cases this information is internal, many times it is not.

In either case, this analysis effort is designed to identify in detail the specific types of information required, their frequency, how often they need to be updated, and how they need to be aggregated or disaggregated to support certain kinds of models or risk decisions.

To fully define the information requirements a good technology plan must be supported by a detailed mapping of the business process. This approach should identify actual data elements that are required to run risk applications and how they will be used.

The data management strategy should include planning for both the pure technology components, like a data warehouse, and the "softer" data integrity issues that heavily influence data quality. Successful risk management requires accurate, flexible, consistent, time synchronized information with a facility for collecting and storing significant quantities of historical data. For example, if banks had only collected quality information on loan defaults and recoveries over the last 20 years, they would have a much richer information set with which to analyze loan default behavior.

To successfully manage and use detailed information, banks require much more than legacy operational systems. Therefore, any reasonable data management strategy should include some form of structured management information system or data warehouse. Managing the diverse informational inputs for these data warehouses also requires analysis of data capture processes and the overall data integrity in the operational systems.

In some cases, banks are designing enterprise warehouse strategies. In this case, the data warehouses used to support credit risk management efforts, should be integrated with the enterprise strategy. The risk warehouses will typically be physically distinct, but will become part of the logical structure of the bank's information architecture.

Part of the data management strategy should also address end-user computing and information access issues for the multiple functions and organizations charged with managing risk. Information used to support risk decisions must be flexible, because it typically supports multiple objectives. In some cases, access is standardized, such as quarterly exposure reporting relative to limits for board meetings. In other cases risk information is used to support ad hoc decision applications, which analyze and price an individual loan deal in the context of the correlation structure of the overall loan portfolio.

When using risk information to support decision applications, like risk- adjusted return on capital, for example, a number of banks have had mixed results primarily because of the lack of good-quality information to feed the application platforms.

Loan officers running these applications typically have to manually collect exposure data from multiple bank sources and systems, including making phone calls to foreign branches to get balance and pricing updates, and therefore these data must be manually entered, leaving significant room for problems.

This process can be so cumbersome that some analysts or relationship officers say they spend a relatively significant amount of time collecting, scrubbing, and maintaining the information, losing valuable quality time with the bank's customers.

As a final step, the systems development plan should include analysis of the overall technology architecture. This includes hardware, software, database tools, distributed processing, etc. Most large banks have established a preferred set of technology tools, standards, and procedures to be used throughout the bank, and these can be used to help build this component of the risk management information technology plan.

Unless banks choose the unlikely course of no longer extending loans to commercial customers, successful management of credit risk will be a primary business objective within the industry.

Achieving enhanced shareholder value requires better identification of profitable lending opportunities that have balanced risk-reward characteristics.

Reaching this goal for commercial banking requires coordinated planning and significant near-term investments in risk measurement technology that narrows the current mismatch of their legacy systems. Only then will banks begin to position themselves well for the next economic downturn, to better "measure and manage" credit risk and commercial lending profitability.

Mr. Aguais is a senior principal at American Management Systems Inc., a software and systems integration firm based in New York.

Subscribe Now

Access to authoritative analysis and perspective and our data-driven report series.

14-Day Free Trial

No credit card required. Complete access to articles, breaking news and industry data.