My favorite quote about uncertainty comes from a not-so-famous publishing executive, R.I. Fitzhenry, who said, "Uncertainty and mystery are energies of life. Don't let them scare you unduly, for they keep boredom at bay and spark creativity."

How's that for an optimist's take on the limbo that waiting for regulatory reform has imposed on the financial services industry for the last year? And while watching the antics in Congress-and actively lobbying for as near as possible to status quo- has certainly kept boredom at bay for many bank execs, it may have sparked as much whining and gnashing of teeth as creativity.

One banker said recently, "We're being governed by a regulatory system that doesn't have a clue and has a reasonable chance of destroying banking in the Western world as we know it."

A consultant, worried about looming systemic risk monitoring requirements, put his fears this way: "You can spend $4B to put together this all-singing, all-dancing database with an audit trail of every transaction, but even with all the data cut exactly the way they want to cut it, they still won't be able to figure out. It's impossible to figure out."

The laments went on and on. Thankfully, finally, the time for action is here. Risk management-and the buzzwords that accompany it, like transparency and mitigation-are now a priority. And achieving risk management, first and foremost, requires mastering technology, and falls squarely on the shoulders of the CIO.

Surely, a firm's risk strategy emanates from senior executives, but without the dashboard that risk systems offer, the firm is flying blind when it comes to hewing to strategy.

Luckily, most banks have been waiting for this moment. In recent research, 45 percent of chief risk officers at Tier 1 banks told IDC Financial Insights that they're making capital investments in risk management technology. IBM and SIFMA surveyed executives from both universal banks and broker dealers and found 55 percent say regulatory action around systemic risk will be their largest driver of IT investment in the coming year.

The challenge for institutions will first be in implementing systems-cleaning and then integrating all that dirty, cross-silo data, both legacy and that inherited via recession-era acquisitions. But the bigger challenge, as analysts told writer Michael Sisk in his cover story, "Mastering a Mountain of Risk" (p. 18), is getting from the nirvana of convergence to the next level. We'll call it Risk Management 3.0, and it requires taking risk management tools and data and turning them into successful performance management. Enterprise risk management reports may be the holy grail regulators are looking for, but executives must set their eyes on the prize of using the knowledge gained through risk management to better run the business.

Subscribe Now

Access to authoritative analysis and perspective and our data-driven report series.

14-Day Free Trial

No credit card required. Complete access to articles, breaking news and industry data.