Irion takes part in the “Datamanager” February survey on "Executive Processes and Risk Management"

By Piero Bucci

Published on 15-02-2010 on Datamanager - English translation by Irion

Banks are increasingly paying attention to their executive processes optimization and to  the introduction of specific solutions for risk management, instruments which are at the very base of financial institution effectiveness

The main cause for the collapse of financial markets last year involving banks (Lehman Brothers and others) and some insurance companies, particularly in the United States, was the poor understanding of risk management coupled with a lack of vision. The most emblematic case is that of AIG, then the largest insurance company in the world, that, at some point, discovered that they had monetary liquidity for three days only. And this from a large insurance company, which it was believed should have been used to assess risk. From that moment the world's worst financial crisis since the fall of 1929 began. Even the "sub prime" and the complex derivatives issues occurred are in fact due to rough assessment and risk management.

The attention of the top management of finance has therefore focused on improving risk management processes and, more generally, processes management, which underpin the real effectiveness of a financial institution. Even the Italian system, which fortunately has not suffered as badly from the crisis, has set on improving executive processes. At last it was re-discovered the fact that a “culture of risk” is absolutely vital in finance and banking.

This is also the opinion of Ettorina Schiaffonati, Vice President of Financial Services - banking at Capgemini (www.capgemini.it): "wrong business decisions and the search for extra-yield at seemingly low risk in a context of payment schemes and incentives coupled only to the short-term performance and without an adequate consideration for risk and its impact on the income statement or the balance sheet are at the base of the huge losses incurred by many brokers during the crisis. "In this context Capgemini therefore considers that the development process must pursue directional flexibility and control of the business dynamics through three main axes of development.

"Risk management - continues Schiaffonati – is taking an increasingly central role within the executive processes. The risk manager is no longer a simple "controller" of risk levels and a "producer" of information for the benefit of the top management and the board, but is becoming an authoritative interlocutor actively involved in the processes of "strategic decision making". "The slow evolution, just begun, will necessarily materialize in the coming years through a more intense connection between strategic planning and risk management, the introduction of  risk & value based logics on business processes (risk-adjusted pricing objectives to business unit based on risk adjusted performance measurement, and so on) and the definition of mechanisms of remuneration and risk & capital driver incentive systems.

"The creation of an integrated framework and evolution of risk & value based management and risk management processes are based on a complex set of information whose level of quality and usability is an essential and a critical success factor," says the Capgemini representative. The centrality of information has transformed the reliability, completeness, comprehensiveness, availability of data in a strategic business objective to be pursued with perseverance and determination.

"We must therefore move beyond the Basel 2 regulatory framework - concluded Schiaffonati - aggregating and articulating, according to a structure, a wide range of information flows arising from internal and external sources more diverse and varied, over long time horizons, both functional and planned periodic analysis of a spot. "

"In a market characterized by instability and uncertainty, like that of the current business cycle, the capacity for risk governance is intended to be a key factor in banking organizations - highlights John Campani, credits product manager Cedacri (www. cedacri.it) -. This is especially true for small to medium size entities where the size factor does not allow to absorb the effects of an assessment not timely and / or approximate to the risks assumed. "

The modelling of risks and their management are therefore the central theme of management policies and strategies of all the banks, therefore, investment is likely to remain supported. There is also an increasingly important role of risk managers in the decisions of the board and this translates into a call for greater reliability and timeliness of analysis systems in support of decisions.

"A proper risk management - continued Campani - is and will increasingly be a strategic element for the generation of value and will require considerable investments for the implementation and updating of both operational and and executive processes of government. The choice of a reliable outsourcer with solutions aligned with the market best practice becomes essential to allow banking organizations to address medium-small investment. This also involves the implementation of systems of governance and risk measurement, necessary to compete in a market in which major groups have already made significant investments. "

Cedacri has long placed at the centre of its investment policies the theme of governance and risk management and is able to provide a comprehensive platform of solutions for risk management in line with best market practice and as a support for the development of strategies for risks detection and quantification and the implementation of operational models into business processes.

Growing risk management

According to the latest report of “ICT market scenario and trend for the banking sector“ developed by ABI Lab (the ABI Centre for Technologies Research  - www.abilab.it), we define as directional processes: "all processes of governance of the bank, who oversee company strategy and identify the guidelines that can direct the operation and reports to external entities and structures. Following the ABI Lab taxonomy the bank's executive processes are: management control, strategic planning, resource allocation and budgeting, management and risk assessment, internal controls, compliance, internal communication and external relations.

ABI Lab, which is the official voice of the Italian banking system, estimate the distribution of ICT expenditure for large areas based on data ABI-CIPA and allows to evaluate the impact of executive processes as 14.1% on the bank’s average spending for Ict. During 2009, the figure has risen by 38%, mainly attributable to the described activities.

This translates into a significant rethinking of the organizational models and the growing role of risk management, resulting in its substantial increase in the budget. The potential of new the ICT technologies, in fact, place the bank in front of new interesting opportunities in this area. The dynamic process management and risk management adaptation prompts to go beyond the numbers representative of the results, plans and forecasts. To take decisions is essential to collect, analyze and evaluate all relevant information so that the management may have the relevant information, comprehensive and detailed to evaluate both the performance and the risk in the short and long term. Often, however, this information is scattered in different systems or, for the most part, are trapped in the form of unstructured data. Consequently it is not easy to obtain, at any given time, a complete picture of performance and the associated risks.

"The executive and risk management systems are positioned to grow because banks have to meet the individual risk and take into account the correlations between them for a holistic assessment of their overall exposure to risks related to their current business, but especially to the evolution of new business - highlights Anselmo Marmonti, risk solutions business development manager of SAS (www.sas.com / canada) -. I believe it is essential to use prediction engine that will permit the accurate estimation, for management purposes, of the indicators required by management to make strategic choices within a fixed time. "

The SAS Risk Intelligence suite provides an integrated framework with its data management capabilities for acquisition and organization of data from different sources and specific calculation engines for the evaluation and aggregation of risks under the Basel 2 rules, according to both internal models and regulatory compliance.

"Banca Popolare Emilia Romagna - concludes Marmonti - chose the SAS Credit Risk Management for calculating its regulatory capital against risks, to obtain a complete procedures traceability for awarding the rating to customers and to quantify the credit risk capabilities simulation and stress tests on possible worst case scenario. Furthermore, within the SAS framework the bank monitors the validity of the rating models implemented and internalized in the executive systems".

The executive and risk management systems optimization is fully consistent with the Basel 2 agreement. The second pillar, in fact, is a vital component to the capital and in comparison to the first one, it poses new challenges to the banking system not only in the measurement and aggregation of risks, but also in terms of planning and capital management. Of the three pillars (capital requirements, supervisory review, transparency of information), the second element is the most innovative from a management perspective, moving away from a traditional prescriptive approach to the supervision to adhere to an orientation with a strong content of management principles, especially for the strategic implications.

Integration and sharing

A recent survey conducted by IBM on the topic of risk management, which involved the CRO (Chief Risk Officer) and CFO (chief financial officer) of several major financial institutions worldwide, has identified the key relationships and potential areas for improvement in the relationship between "risk appetite" and the major risk factors related to the business management processes. The integration of data, the definition of operational procedures and the sharing of approaches and methods are considered the most significant areas for IBM.

Luisella Brambilla, Global Business Services leader FSS solution leader of IBM Italy (www-304.ibm.com/easyaccess/financeitaly/gclcontent /! / Gcl_xmlid = 61695), presents her point of view on this toipic:  "studies show that financial institutions are investing and will invest significantly in the area of risk management. Some key points raised are related to the integrated management of their risk. Mainly it is the scope of data management used in the evaluation, integration and the very quality of the data, prerequisite to a proper representation. "

Another key issue relates to the infrastructure, systems of information management, organization, and consequently to the technological structures that have been built in the past in silos according to the risk assessment to be collected (market, credit, operational ...). It is becoming more evident the need for an integrated view of risk (financial and operational) and then, over time, to reach a single vision at an enterprise-level, taking into account the risk as a whole.

"IBM with the help of the Enterprise Risk Management Maturity Model - ends Brambilla - is able to establish priorities for intervention in projects of Risk Transformation using assets and accelerators that make the transformation process more efficient." Globally, IBM has diverse experience in this field. It cooperated, for example, with ORX Consortium (Operational Risk Exchange Association), which is based in Zurich, to provide the technology platform, software and services and to develop a new methodology for collecting and managing data.

According to Alessandra Bertulli, competence center governance, Area Finance Solutions division of the Engineering Group (www.eng.it): "The financial landscape is constantly affected by phenomena that are accelerating and enhancing the development, profoundly altering strategies  as well as the competitive environment, with a renewed attention to dynamics and rules capable of practical support for the entire banking system. The financial crisis, the increasing regulatory complexity and organization, the constant search for efficiency and effectiveness, the new technologies, the strong expenditure restraint, the shift in customer behaviour, the arrival of new competitors from other markets, are all factors that pushed the players in the industry to radically rethink their approach to market. "

An approach that has seen the extension and strengthening of the role of the CFO in close relation to the CRO: a winning combination to interpret the changes and pursue new business models, where the technology (CIO) becomes an enabling factor, capable of managing the complexity, synchronizing the company with the market. The size of the credit risk measurement, the value created, the potential trades are increasingly intertwined.

"We clearly perceive by the market - continues Bertulli - that the solution for financial institutions to equip themselves with management systems, where management and control of viability will be integrated with the management and control of risk in order to achieve efficient and measured value targets and allocation of capital, to support efficient and transparent commercial action and a new governance dimension. "

"The basic requirements - concludes Bertulli - are related to the ability to manage pricing models and custom controls, which reflect operations and strategies of each institution in an appropriate legislation and the latest methodologies and best practices in a modular design and architecture but integrated, in which it preserves the centrality of information assets and it can respond in full to the requirements of usability, speed, navigability, quality and incremental information and process. "

Data quality

Giorgio Zoppi, account manager responsible for “banche popolari” and consortium for Almaviva Finance (www.almavivaitalia.it) draws attention to the fact that "banks are increasingly looking at solutions for the integrated management processes, with different times and ways from those adopted just a few years ago. Data quality is, in fact, the key to a good directional system and risk management. "This means the adoption of a methodology, processes, and tools for monitoring and certification to enable tracking, monitoring and management of information before they are published both internally and externally.

"It is important - continues Zoppi – to put the stress on architecture, meaning the new set of technologies, tools, methods, processes which complement the already existing solutions to complete the necessary functional organizations coverage and, where appropriate, integrate it. Real examples are: the data quality system for the engines of credit rating and the system of risk management of second pillar (ICAAP - Internal Capital Adequacy Assessment Process), the Tableau de bord risks; system Enterprise Controlling Finance; a system that takes information from internal sources, and news provider on the Web, by means of "semantic enterprise", provides an assessment of the counterparties risk situation with whom we maintain working relationships enabling timely intervention should there be any criticality.

The same opinion is voiced by Alberto Scavino, CEO of Irion (www.irion.it): "The problems have been compounded by a poor quality control of the data managed. The crisis has further emphasized the need to base the development of information systems on a continuous information quality and accuracy control. With this in mind we are opening up interesting development opportunities to address in a strategic way these needs, which are key to the business and allowing full compliance with the new relevant legislation. "

"I think it is absolutely primary - says Scavino – to set the correct approach to data governance in order to ensure standardization, quality, traceability and transparency of the information involved in the executive processes and risk management. It is quite clear that is not any longer enough just to perform a single task, but also to monitor, document and test its compliance with rules and regulations. "

"Irion’s own experience has shown to us that the use of a uniform and integrated framework for data governance is a winner - concludes Scavino -. It’s very important that such a technology is able to access the information in whatever format they are available (including using external sources typical of the financial world, legacy systems and semi-structured data formats) and can provide an integrated view of such information in order to properly set the control and data management systems before using it in the executive processes. With such a framework you can activate a process of monitoring and measurement (including the appropriate KPI - Key performance indicator - and dashboards) with an automatic and always up to date documentation of both the individual process control sessions, significantly reducing the operational risks.

The ongoing development activities of the IrionDQ data management and data quality has met, in fact, a strong consistency with the real needs of banks both in Italy and abroad. Information timeliness and accuracy are in perspective the two key elements on which any strategy for data governance and risk management should be based.

Daniela Fabi, industry marketing manager – finance - Microsoft Italy (www.microsoft.com) concludes by illustrating two important best practices in line with what has been previously highlighted: "Bank of America, one of the most important financial institutions in the world - explains Fabi - offers consulting services through its 6100 branches and about 18,500 Atm points. For an articulated structure like that compliance and risk management become vital, as they occur in various national and international regulations. To comply with the operational risk of Basel 2, Bank of America decided to create a portal based on Microsoft Office SharePoint 2007, developed and implemented in just four months, which links the data on operational risks of 200 divisions. Lloyds TSB Group, a leading financial institution in the United Kingdom - Fabi goes on - has been confronted with the optimization of its IT infrastructure: this institute, in fact, was born in 1995 from the merger of Lloyds Bank, the TBS Group, Cheltenham and Gloucester, and Scottish Widows. In 2007 the company has combined data from all companies in the Teradata Enterprise Data Warehouse and wanted that to happen easily and according to tight deadlines to provide a market overview directly to their decision makers. The group Lloyds TSB Customer Value Management (CVM) has selected a solution based on Microsoft Business Intelligence tools for both the benefits in terms of cost and easy integration with the Teradata Warehouse and Microsoft Office Excel, already used by the customers. Tests have shown how the solution helps business users to get details on customers in advance in comparison to the previous manual system, in addition to allowing the VCM analysts more time to carry out extensive research. "

Effective process

In the competitive landscape that characterizes the banking system after the crisis, the key advantage is therefore being able to implement effective management and risk management processes based on the innovative ICT governance. The technological choices are not justified in itself, but in close relation to business management and risk. Both the search for an effective risk control and operational flexibility, are necessary conditions for transforming the fast succession of changes in a competitive advantage. The opportunity always lays, ultimately, on the ability to effectively combine the special expertise of business management with the use of the new technology tools offered by ICT.