IBM's announcement today of its intent to acquire Toronto-based financial risk management software provider Algorithmics for $387 million is impressive in scale but unsurprising. It is part of a trend in which the enterprise technology vendors that serve financial services — including SAP, SAS, and Oracle — have been building and buying tools to broaden and strengthen their risk analytics platforms for the past six years. Such systems let companies gather data and perform queries, conduct "what if" analysis and produce both internal risk reports and reports to regulators.

IBM has spent more than $14 billion in more than 25 acquisitions of analytics companies, including i2, Algorithmics, Cognos, Unica, SPSS, Sterling Commerce, Open Pages, Ounce Labs, ilog, Netezza, Coremetrics and DataMirror. The most significant of these to bank risk managers is probably Open Pages, which is considered by many to be the crème de la crème of operations risk software. Among IBM's competitors, SAP bought business intelligence software company Business Objects in 2007 and Oracle bought BI company Hyperion in the same year. SAS and Oracle have been diligently creating and releasing new risk technology of their own on a regular basis.

"IBM is now rounding out a 'get bigger, tighter or get-out' dynamic that started with SunGard and Oracle, and more recently, Moody's and Misys with regards to consolidating or expanding their risk offerings via acquisitions," says Cubillas Ding, research director at Celent. "We are expecting a few more to come yet as standalone risk specialists have to find ways to respond and fund new levels of competition."

What these vendors are anticipating, with good reason, is a tsumani of demand among banks for better tools to meet the risk monitoring, reporting and analytics demands of Basels II and III and Dodd-Frank. Both sets of regulations call for more carefully calibrated risk weightings on the assets banks hold, requiring them to hold more capital, naturally, against the riskier holdings. The technologies that make this doable include risk modeling and risk monitoring. The regulations also require better risk reports from banks, which again presents a need for risk analytic tools that can gather data and automatically calculate the likelihood of, say, a loan defaulting or a counterparty renegging on an agreement if the economic environment worsens.

"The regulators are being more prescriptive, they're demanding more frequency, more insight, and more transparency," says Laurence Trigwell, global business analytics executive in IBM’s financial services team at IBM. "They're demanding more analytical rigor and a demonstration of stress-test capabilities and the ability to manage an aggregate risk position. From a bank's point of view, that's created a lot of external oversight that's requiring a new approach, a new level of rigor. It isn't just disclosure any more. It's now weekly and daily disclosures submitted electronically and analyzed."

Trigwell raises two points that will have a growing impact on bank risk managers and the technology teams that support them. Liquidity stress tests essentially require banks to be able to say how much cash they will have on hand on any particular day given a variety of dire scenarios, such as an equity market crash or an interest rate hike. The technology that supports these is predictive modeling. An enterprise view of risk is a major requirement of Dodd-Frank that stemmed from the frustration regulators experienced in the height of the financial crisis, when they wanted banks to be able to tell them their exposure to crashing firms such as Lehman Brothers and Bear Stearns, and most banks were unable to come up with one big number. They simply didn't have the tools to quickly figure out, across all their lines of business, how much business they did with each firm and its many subsidiaries and affiliates. Dodd-Frank will eventually force banks to be able to provide this information within a very short timeframe, which will most likely drive large banks to buy or enhance enterprise risk management programs. This is a sweet spot for Algorithmics, according to independent analytics strategy consultant Seth Grimes. "Their clear strength is enterprise risk management; they've stayed focused and built a strong market position," he says.

The other big regulation-related driver for better risk tools in banks is the overall need for better capital management (beyond the risk weighting of specific assets). "Certain lines of business or product types that require new levels of capital, require greater levels of internal pressure within the bank to make sure capital is allocated appropriately and in a more rigorous, frequently reviewed and closely managed way, so that the right strategic decisions are being made," Trigwell says. "Banks need to find ways to not only get great risk analytical insight from their models, they also need to be able to take that analytical information and deploy it securely throughout their organization in a way that can inform risk-based decisions, whether they're strategic decisions, loan origination decisions or policy control decisions."

Competitors noted IBM's announcement with a degree of approval. "IBM's acquisition once again has validated the mission SAS has been on for many years," says David Wallace, industry marketing manager, financial services for analytics software company SAS. "In financial services, the track SAS has been on for a long time is moving deeper into an area we see customers asking for, integrated risk management. We're addressing questions that executive management and boards want to know, such as 'What's our total risk exposure? Don't consolidate 100 spreadsheets, I want a dashboard that provides one consolidated view of risk across the company."