When dealing with risk management issues, bank technology officers should be allowed to claim reimbursement for their Advil expense.
Keeping tabs on the high volume and rapid pace of bank risk management software offerings deserves a computer program of its own. What's more, risk management applications have become increasingly complex, covering myriad elements of risk confronting bankers, including time horizons, specific risk measures, benchmarks and scenarios. No wonder IT managers feel like they don't have a grip on what's available in the risk management software marketplace today.
A migraine might be justified after all. Bankers overseeing IT know it's imperative to implement a risk management system that can handle an ever- growing range and complexity of financial instruments while enabling their institutions to meet regulatory requirements. The system must also provide meaningful and timely reporting of risk-related information.
Today's risk measurement specialists also require a risk management and monitoring tool that assesses hedges and reports risk by business line, customer and product, allowing them to aggregate all of this risk information across the bank.
"Banks today are using risk management software to understand if their businesses are managing a good return on investment or not," offers Peter Nakada, vice president of business development at ERisk, a New York City- based risk management software developer. "And they're using it to show regulators and rating agencies that they have enough capital. They're also using capital management tools for risk transfer, deciding which risks they want to transfer- credit risk in particular-and talking with ratings agencies and investment banks to demonstrate what the nature of the risk they are undertaking is and to facilitate discussions on how to price that risk."
A tall order indeed, but there's good news as well: Risk management is one area of bank technology in which the vendor community's expertise and offerings are deep and wide.
Consider KeyCorp, the Cleveland-based investment banking giant with $68 billion in assets. When the institution moved into investment banking in the 1990s, KeyCorp executives knew they would need a comprehensive risk management system to help evaluate the firm's massive investment portfolio. Using a risk management tool from Algorithmics Inc. called "RiskWatch," KeyCorp found it could handle not only the investment end of the risk management spectrum, but the regulatory end as well (a burgeoning issue in contemporary financial risk measurement circles).
Through their corporate banking division, KeyCorp now offers clients a comprehensive range of derivatives and financial exchange trading services. The corporation is involved in mortgage origination at the wholesale and retail level, and uses derivative strategies for anticipatory hedging purposes.
A few years ago, the Federal Reserve granted KeyCorp Section 20 powers, further expanding the corporation's investment banking capabilities.
"We are now positioned to address an even broader set of financial segments, enhancing our competitive differentiation," says Eric Falkenstein, a senior vice president at KeyCorp. But on the compliance side, regulators had requested that KeyCorp demonstrate an ability to measure, manage and control risk exposure as a prerequisite for their nascent investment banking subsidiary.
The company also wanted to avoid a repeat of a previous $5 million trading loss, a byproduct of an outdated system that didn't provide a clear picture of the exposure of their complex derivatives and securities portfolios.
KeyCorp asked for-and got from Algorithmics Inc.-a concise report providing them with a single, consolidated risk measure. The company wanted to eliminate lengthy reports that simply "bucketed" the risks of their FX, swaps and mortgage securities. Those voluminous reports often seemed to do more to mask risk than expose it.
Algorithmics' software allowed the investment bank to monitor complex enterprise and individual business exposures that derive from the various risks of their corporate banking, national consumer finance and commercial banking units' lines of business. "Now we have the ability to add a greater level of discipline to our risk management process," says Falkenstein.
In today's real-time, global banking marketplace, no one person-perhaps not even one dozen-can keep tabs on a bank's entire risk management operation.
What risk position a bank holds at a given time is critical information, and the job of determining that position is left increasingly to state-of-the- art software and mathematical models.
Ron Dembo, president and CEO of Algorithmics, believes the burgeoning reliance on risk management software tends to strengthen the link between risk and capital management. "Prompted by recent bank failures and corporate risk management disasters, regulators are mandating that banks compute their risk exposure on a firm-wide basis," Dembo writes in a white paper titled The Future of Risk Management in Banking. "There is an important and unexpected benefit to this: a vast improvement in the management of economic capital. As enterprise- wide risk systems become more sophisticated, banks will have the ability to price any instrument they trade across all of their markets. Ultimately, this will 'free up' and allow for a more efficient allocation of capital."
That's what is occurring at Denver-based CoBank. The 85-year-old bank is part of the $91 billion Farm Credit System, the largest lender to U.S. agriculture and rural America, specializing in cooperatives, agribusiness, rural communications and energy systems.
Eager to join the growing number of banks measuring risk on an enterprise- wide basis, CoBank hooked up with software vendor ERisk earlier this year. ERisk is helping CoBank measure and aggregate credit risk, asset/liability mismatch risk, market risk and operating risk. Paul Kern, vice president of risk management at CoBank, says the bank expects to benefit from the partnership in a number of ways: improving overall management of its portfolio risk, identifying credit concentrations, assessing the profitability of business lines and pricing risk into individual projects and products.
"I think we already have a risk management mentality and believe we understand our risks," Kern says. "But developing complicated, enterprise- wide models in-house isn't practical for us." The application service provider model means that the bank will be able to feed updated sets of risk data into a risk management model built and maintained by ERisk.
The new software solution should also help the bank manage the credit risk in its portfolios even more effectively. Doug Wilhelm, another CoBank vice president, says the institution is one of the nation's largest lenders to agribusiness and provides significant financing to a relatively narrow, rural customer base, such as agricultural cooperatives and food-processing companies.
"Although we lend large amounts to individual companies," Wilhelm says, "our relatively small customer base requires us to look outside our own historical experience when we want to relate our internal credit scores to statistically derived probabilities of default and loss. The new software has helped us transform our relative credit scores into hard numbers and analytical models necessary for calculating risk-adjusted return on capital."
That approach squares nicely with the latest proposals by the Swiss- based risk management standards body Basel Committee on Banking Supervision for the reform of bank capital adequacy rules. The proposals, which are still being tweaked but are expected to become final within a few months, have encouraged many banks to re-examine their internal credit ratings process and explore how to calibrate credit scores against statistical measures of default risk and public credit ratings. Banks that want to use their internal credit ratings for capital allocation will be expected to use the same process throughout their risk management and decision-making processes.
"Banks are really wrestling two drivers of strategic issues," explains ERisk's Nakada "One is the business issue, dealing with linking risk measurement into capital management and business strategy. Second, there's the regulatory issue." According to Nakada, the Basel Committee wants banks to link risk and capital. "It used to be eight percent of risk-weighted assets had to be held for capital, and that really screwed up banks. Now, new regulations allow banks to use their own internal models to link risk with capital."
Nakada adds that the Federal Reserve has its own version of the Basel regulation called SR99-18, a supervisory recommendation issued in 1999 that says all large financial institutions must have a way of linking risk to capital.
Today's risk management packages help build a bridge between the regulatory side and the business side. "The business problem says that the amount of capital you need is based on amount of risk you have," says Nakada. "Banks, wanting a good return on capital, need a robust way to link capital requirements to risk, like using strategic capital management tools. Banks are kind of between a rock and a hard place-they don't want to get whacked by regulators, but they want to manage their capital better to improve business conditions."
Nakada's point is that it's difficult for most banks to tie their regulatory and business operations together. It's tough to implement such a strategy and the effort may induce sticker shock as well. "The challenge," he says, "is that it's extremely hard for banks to implement their own risk/capital IT infrastructures. The top 100 banks in the world have implemented some sort of risk capital safeguards, but they have deep pockets and good resources. Even then, it takes them years to implement and costs millions annually to maintain the risk management systems."
A bevy of risk management vendors are hard at work developing sophisticated financial risk management applications.
Algorithmic's Dembo calls the next-generation bank risk management applications "single risk engines" because they'll consolidate disparate risk management features into a single package. "The bank of the future will be organized around a risk engine capable of measuring and monitoring all trades and resulting risk measures," he declares in his recent white paper.
Dembo adds that advances in computing speed and power will continue to produce new opportunities for increased mathematical modeling capacity. This, in turn, will lead to the rapid introduction of new financial products directed specifically to client needs.