A truly comprehensive risk management system monitors the internal and external forces which create financial risk.
Financial institutions are not currently able to monitor and manage global risk at the level of detail and frequency required, although some are giving serious thought to defining the analytical and systems requirements that would be necessary to support such an undertaking.
Though improved systems will facilitate the migration to this advanced vision of risk management, we believe that effective global risk management will only be achieved by more accurately identifying risks, defining internal and external data requirements, formulating measurement techniques, and educating bank management.
In today's dynamic marketplace, global risk management requires measuring risks -- product and operational -- across business lines and across continents.
Ironically, while technology has fueled worldwide expansion and presented new business opportunities, many banks put their profits in jeopardy by failing to leverage their significant investment in computer systems to manage global risk.
Throughout the industry, fragmented applications systems environments often make it impossible for banks to determine their overall interest rate exposure or the credit risk of major customers.
WIth these systems inadequacies, complicated by the breadth of information to be gathered and monitored, one question looms on the horizon of the global enterprise -- can risk indeed be managed on today's global playing field?
A positive response depends on cutting the complex notion down to size. If we view global risk management as a process, we can overcome the daunting scope of the endeavor and begin to apply techniques of management and control.
Like any other risk under review, the adoption of an effective
Mr. Gilbert heads the wholesale banking and financial services group at Logica, which is based in Waltham, Mass. global risk management policy will evolve from a three-step process -- identifying risks, defining internal and external data requirements, and formulating measurement techniques.
Typically defined as an unexpected event which negatively affects earnings and/or market value, risk is inherent in a bank's products and services.
Unfortunately, while attuned to some of their exposure, most banks don't realize their vulnerability to a wide spectrum of risks, or they fail to emphasize the appropriate categories.
A comprehensive and ongoing evaluation must include the following types of risk: interest rate, credit, foreign exchange, operations, liquidity, treading, market, and fraud.
In addition, we can assess multiple views of each of these categories of risk. For example, we could analyze credit risk by customer, geographic region, industry, product, business unit, portfolio, or various combinations thereof.
In short, there are two fundamentally different types of risk -- attributable to market volatilities where the immediate impact is on either the market value of an asset/liability and/or earnings, and risks associated with operational breakdown.
This characterization becomes more significant as we address risk measurement techniques for each category.
The effectiveness of the entire risk management process begins with the quality of the data provided by the multiple transaction and accounting systems which support a bank's products and services and the accuracy of the data extraction process.
Our experience with a number of financial institutions suggests the high probability of widespread data problems. Because risk management requirements are rarely addressed by application developers, data must be restructured and manipulated in order to provide some measurement of risk exposure.
What's more, to measure risk at the global level, the fragmented systems across functional organizational units must be linked to the incremental systems dispersed around the world.
For example, controlling credit risk demands the identification and aggregation of the entire spectrum of the customer relationship across multiple transaction systems.
The process gives rise to the probability of errors in identifying each component of the relationship, and in obtaining and combining the data extracted from different accounting systems on which the elements of the customer's business with the bank reside.
Because a truly comprehensive risk management system monitors the internal and external forces which create financial risk, it's necessary to gather, evaluate, and integrate data residing outside the bank's scope.
For example, an evaluation of industry concentrations of borrowing risk should ideally apply techniques of modern portfolio theory to the world of loan transactions, systematically relating macroeconomics variables -- as well as industry and corporate financial data -- to loan risk.
While the challenge is significant, accurate and comprehensive risk management data can be attained.
The information itself, however, must first be viewed as a valuable corporate asset --one that is deserving of the investment of management's time and the institution's resources.
Identifying the potential impact of risk on profitability requires that banks develop techniques to compare risks across their range of products and services.
Risk points systems, for example, translate market-related risks into indexes of potential loss by statistically estimating in small time bands, such as daily, the historical volatility of the market value of each financial instrument.
Although this measurement technique may well offer potential for addressing market volatilities among traded instruments, risk points systems are unlikely to make much of a near-term contribution to measuring credit and operational risk.
For most products that contain credit risk, we rely largely on qualitative judgments about the degree of potential loss. The same holds true for operational risk.
For example, while expansion into non-credit-related services such as custody, clearing, and loan servicing ostensibly offered banks new revenue streams without further balance sheet leverage -- and with minimal risk -- operational breakdown can result in the indirect assumption of credit risk.
The extreme difficulties in estimating the potential loss derived from such breakdowns exemplifies the impact of the operational risk attributes.
It would be easy to adopt a pessimistic view of the ability of the banking industry to manage the spectrum of risks it faces.
Fragmented computer systems and inaccurate data have created a foundation of sand for risk management, a foundation which is hardly prepared to support global risk management.
Managing global risk simply depends on replicating the progression and refinement achieved in the domain of interest rate management in other categories of risk.
Though improved systems will facilitate our migration, we believe that the real effort will need to be focused on educating bank management not only about the characteristics of the risks across the bank's many lines of business, but also about how those risks might interact with each other.
The banks' willingness to monitor relevant external information will lead to the development of new measurement techniques -- techniques that will improve our ability to measure and control global risk and improve profitability.
However, even by mounting an integrated attack by theoreticians, information technologists, bankers, and regulators on these components of global risk management, it will be a slow and difficult process for banks to effectively manage risk on a global basis.
