United States: Winning In The New Risk Environment - Banking And Securities Outlook

When John Hadley invented the sextant, could he have foreseen the development of the global positioning system?

Likely not.

When we look back at the near-collapse of the financial system in 2008, is it possible we will see the beginning of an era when banks have the tools and infrastructure in place to measure, monitor, and manage customer and transactional data and total exposures across legal entities, business units, locations, and product lines?

Is it likely that financial institutions will put in place a better enterprise-wide approach to data management and governance that can "peer through" the walls of operating silos to identify emerging patterns of risk that span their legal and operating structures, both domestically and internationally?

We hope so.

As we move toward that future, regulators, investors, and governing boards have begun to ask, how can banks move toward that likelihood?

• How can large banks better understand the combined exposures that they face?
• How can these organizations better understand the total risk concentrated in the customers and counterparties of their various legal entities?
• How can these entitles better understand the totality of their exposure around the world by country, by business unit, and by product line?
• How can these organizations better respond to new and ad-hoc regulatory requests? In some cases it is difficult for these organizations to replicate existing reports that were created based on prior requests.

Too many silos

The answers lie, in large part, to the historically segregated approach that large financial institutions have followed to managing data.

The scale of some global organizations has been so great that they decided, over time, to manage their businesses by breaking things into smaller units. Some established a variety of legal entities either to meet local laws and regulations or for tax planning reasons when expanding their presence around the world. Many adopted a portfolio approach to running their businesses, giving senior management of the lines of business the autonomy to compete more nimbly in the marketplace.

Generally speaking, banks have been able to aggregate some of their data so that senior corporate management had the ability to understand how the lines of business were operating. But systems were not sufficient to aggregate data across the organization, which would have allowed them to measure and manage their risk on global, consolidated, and legal-entity levels. This would have helped banks to identify concentrations arising through common exposures or sensitivity to common shocks, and analyze the key linkages and exposures across their individual firms as well as in the system.

Regulators, investors, and governing boards are demanding more from systemically significant banks.¹ This is especially true in banks that have newly configured boards of directors and/or new risk committees. There also is emerging discussion that will put requirements on growing discussion that would require large banks to create "living wills" or plans that would facilitate their orderly resolution should they fail.

A new risk environment

The model that segregates data by silo needs to change. Large banks must consider reversing their perspective and taking a top-down approach that values data as a strategic enterprise asset that must be actively managed, monitored, and maintained to support the broader goals of the organization.

Going forward, regulators, investors, and governing boards will likely expect banks to focus not only on the consolidated risk of the firm, but also on the risk that is taking place in multiple legal jurisdictions, business units, and product lines – while understanding the interrelationships of risk between and among all of these categories.

With expectations changing in the new risk management environment, banks will likely play by a different set of rules:

• An evolving demand by the global regulatory community and boards to improve IT systems capture data may lead to improvements in risk identification, monitoring, and management.
• Quality data will be required for monitoring systemic risk and for implementing a new regulatory macro approach to supervision.
• There will likely be an increased focus not just on the consolidated risk of the firm, but also on risk in the legal, contractual and business relationships among the firm and its subsidiaries that cut across all the locations and jurisdictions.
• Large banks may need to consider how to complete their inventory of legal entities, correlate them to business lines, and how to provide a great deal of granularity on credit exposures, funding, on-pledge collateral, available lines of credit, cash flow, earnings, capital, and other metrics.
• They will also likely have to provide very detailed data to regulators on liquidity and the profile of assets and liabilities, down to lease agreements and documentation that is available in the organization.
• Finally, banks will need to consider developing a fully integrated risk-management framework that not only assesses market and liquidity risks within the firm, but also provides the ability for a firm to know its exposures such as the risk it faces through major counterparties.

This is a transformational approach to data risk management, one that will require a massive shift in risk culture, not to mention a serious realignment of priorities for IT investment.

With expectations changing in the new risk management environment, "winners" quickly understand the necessary investments, governance, architecture, and cultural changes needed to fulfill expectations.

Organizations may wish to perform an assessment to define the specific data and information needs of the organization. Subsequently, a plan should be developed to achieve the desired end state. (See chart below.)

Gaining competitive advantage

Banks that obtain a high level of granularity of risk measures through improved infrastructure may gain a competitive advantage as the industry continues to consolidate.

Large and even midsized banks with complex organizational structures may enjoy an advantage over their competitors by adopting an enterprise view of data management. Potential benefits of such an approach could include:

• Reduced infrastructure and human resources costs for the finance and risk management functions achieved through greater operational productivity and a more efficient and lower-cost technology.

• Higher return on equity resulting from improved capital management, active portfolio management, risk-adjusted profitability management, and risk-based pricing of business transactions.
• Enhanced ability to respond faster and with greater accuracy to increased regulatory information requests. As new reporting requests are made and information is sought by bank regulators in their supervisory assessments, greater confidence can be achieved that the information presented meets high standards for reliability, coherence, and representativeness.
• More opportunities for banks that qualify as "wellmanaged" to participate in regulator-facilitated business combinations. Regulators have more confidence in banks that can provide more timely, accurate, and comprehensive reports than in those that cannot provide such data.

Moreover, banks that take an enterprise-wide approach to data may be in a better position to cross-sell products to various segments of their customer base, both retail and commercial, because they will have a comprehensive view of information across all of their legal entities, business units, locations, and product lines.

Perhaps this compelling business opportunity, even more than the regulatory push resulting from the failures of the past few years, will provide large banks with the justification they need to begin the difficult, but necessary, process of tearing down the walls that separate their information assets and building an enterprise-wide system that is long overdue.

Implementing the data imperative: What might it take to win

Footnotes

1. 1See the Senior Supervisors Group's report, "Risk Management Lessons from the Global Banking Crisis of 2008, October 21, 2009" at .

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.