As the effects of the global financial crisis and recession linger into 2012, effective risk measures will continue to be critical to survival. The unimaginable risk and control failures at UBS present a perfect case in point that risks will continue to come from all angles — from external market forces and changes; from the credit positions of customers, investments, and counterparties; from inconsistencies and failures in oversight and operations; from regulatory compliance blunders; from technology decisions.
To be effective, a risk management program requires not only sophisticated management and a playbook for flawless execution, but significant technology investments and fail-proof implementations.
Using a framework adopted from the Basel Accord, risk-technology spending across credit, market and operational risk domains, with just a few exceptions, is forecast to be between $54 and $60 billion in calendar year 2011. Looking into 2012, risk spending represents approximately 15% of global technology and services spending in the financial services sector.
Of course, technology investment is only part of the puzzle. In the case of UBS, what would be considered by some to be world class trade and compliance systems did not stop a run on the bank before $2 billion was lost.
But with the right oversight, culture and controls in place, risk management technology can help monitor and detect the risks that should be avoided. Some of the core drivers for risk technology spending in 2012 will include:
• Sovereign debt and tighter but uncertain regulation — Uncertain financial markets across the U.S. and Europe continue to place a huge premium on effective capital management. This fuels investments in credit and stress-testing capabilities, liquidity forecasting, data management, analytics and risk-reporting infrastructures and services. The ability to connect cash forecasts to liquidity scenarios to optimize the use of capital have quickly become table-stakes for corporate treasurers, CFOs, and asset liability committees.
Proposed regulations over derivatives will also create a new wave of risk spending for the capital markets industry in desk-level trading and exchanges, compliance reporting, clearing and settlement risk, counterparty risk management, and portfolio modeling.
• Governance and financial performance demands — In all markets, it is increasingly vital for firms to harness information to make actionable, optimized and timely decisions, keeping risks at anticipated and acceptable levels, and uncovering opportunities to stay ahead of the competition. Key to this success are a well-designed technology architecture, a suite of analytic applications for risk-aware decision making, and a commitment to raise the analytical orientation of the organization towards fact-based decision-making.
• Protecting critical infrastructure — The frequency and volume of breakdowns in critical infrastructure resulting from cyber-attacks is increasing dramatically. The advancement and adoption of newer technologies such as mobile devices, social networks, and cloud add to the risks of disruptions in financial infrastructure, due to either direct criminal activity or indirectly as a result of poor designs or implementations. There is also worry that under-investment in legacy infrastructures could expose firms to an increased number of outages.
• Increasing visibility and transparency — The data architectures that financial institutions deploy for running disparate operations are extremely complex, far-flung and in many cases cobbled together through many years of mergers and acquisitions. In addition, individual organizations have inconsistent methods and vague languages for understanding, assessing and visualizing aspects of their risk programs. These disparate operations and inconsistencies reduce the effectiveness of risk intelligence, and make key risk activities such as regulatory oversight extremely difficult, complex and costly. Spending will continue on enterprise risk systems that have more precise methods of describing risk functions and events, and reporting risk across organizational entities and to external parties, including counterparties and regulators.
Michael Versace is research director, Global Risk at IDC Financial Insights.
