| Risk management: Data integration is key for a successful strategy |
Back |
| Meaningful integrated risk data allows for the examination of potential losses through such angles as product line, risk category, or line of business Christopher Hamilton writes. However, a survey of 193 senior financial executives showed that the cost of new systems, lack of data standards and cultural resistance create major impediments to integrating data, and thus implementing robust risk management regimes. |
Companies have ventured into enterprise wide risk management in hopes that an integrated view of their increasingly complex world will better equip them to set strategy, pursue growth and meet expanding regulatory mandates. In reality, however, efforts toward enterprise wide risk management have delivered less and been more difficult thann hoped. A major reason for this, according to findings from a BearingPoint, Inc. survey conducted in cooperation with the Economist Intelligence Unit, is a surprising lack of data integration and data standards to provide a foundation for risk management and financial transparency. As a result, most financial institutions believe their current governance is not capable of addressing both risk and transparency requirements. Unless institutions address data issues first, they will be restricted in their ability to grow organically or through mergers and acquisitions.
Data integration, or data convergence, is not easily achieved, of course. In most institutions, data historically have flowed into largely unconnected silos. Organisations that have grown through mergers and acquisitions face the task of bringing order to perhaps hundreds of data marts and data warehouses around the world, often containing inconsistent, less than accurate information.
According to the BearingPoint/ Economist Intelligence Unit global survey of 193 senior financial executives, the cost of new systems, lack of data standards and cultural resistance create major impediments to integrating data. Compounding the problem is a traditionally reactionary mode of operation, one that pits the priorities of operating management against those of risk management.
While some in the financial services industry still advocate enterprise wide risk management, many participants are now focusing more on how to untangle their data labyrinths and deal with specific imperatives, especially around data collection and management, privacy and financial reporting. If they cannot get a handle on these issues, their growth strategy is likely to suffer. But integrating risk data presents technical and cultural challenges that financial services firms must address in a pragmatic and iterative way. To succeed, they need to align governance, technology, people, and processes. They must acknowledge and leave room for the federation of regional, business and other silos, while driving data integration to benefit the enterprise.
This will require building bridges between business lines and technologists. But even if these franchises work together successfully, senior management must give risk the priority it deserves and help drive integrationmaking talent and money available, and giving priority to data-solutions projectsto leverage the full benefits of integrated data as a strategic asset.
Still, in areas like operational risk, “there are basic definitional issues” that epitomize the data challenges for financial services firms, notes Suzanne Labarge of CRO Royal Bank of Canada in the survey’s related white paper. For example, not all institutions define and categorize operational losses in the same way. While the out-of-pocket cost of a compliance breakdown may fit fairly neatly into the operational risk bucket, the cost of fixing the problemfrom internal audit costs to legal costsis not so cleanly classified. Institutions may also apply different definitions over time. If banks merge, the definitional problems multiply.
Tackling definitions was key to redesigning JPMorgan Chase’s risk technology. ‘We started very broadly and very simply with something as basic as definitions,’ says Donald McCree, credit risk manager at JPMorgan Chase in the survey’s related white paper. ‘What is exposure? What is risk?
How do we want to define it? How do we want to be more consistent? How do we develop a common language across the entirety of the firm?’
‘But underneath that, we are building a system to capture much more completely the underlying characteristics of risk. That means much more sophistication around maturities, optionality of prepayments, covenants and other protections so, a much broader ability to capture the data.’
McCree points to staying focused as a primary element of success. It is essential to remain true to the strategic objective of all these endeavors: ensuring that all the data in the central data repository are consistent.
Without consistency, the data cannot form the basis of strategic management discussions. Meaningful integrated risk data allow for the examination of potential losses through such angles as product line, risk category, or line of business.
Four key steps toward better risk data are:
Rationalise responsibilities especially for operational risk, where governance is immature: Appoint individuals at the line level, but make sure the organizational structure and incentives are in place to encourage cooperation while accommodating the push and pull between business lines and corporate. Reconsider how risk groups should be combined, or dovetailed best to handle ubiquitous but growing risks, like IT security.
Rationalise existing risk project portfolios: Multiple data sets are common. Capital calculations for, say, Basel II and Sarbanes-Oxley should be the same, yet the two are often handled in isolation. Compliance-driven projects (e.g., anti-money-laundering or IAS rules) draw on dozens or hundreds of data sources. Clarify what books and records exist and gauge the standard of internal controls. Until this is done, financial reporting risk will be high, costs cannot be cut and processes will be inefficient.
Conduct a data quality assessment: Financial services institutions are awash in unstructured data, and data continue to proliferate in custom programs and on desktops, with end users opting for their spreadsheet or application of choice. Create a framework for data quality and management of structured data and move on to tackling the unstructured data.
Converge data collection: This move pays huge dividends in process efficiency and reduced costs, but it is important to evaluate the impact. For example, make sure that decommissioning or outsourcing certain activities does not undermine key controls.
The above suggestions are tactical goals associated with data and should not obviate the need to drive this as a parallel effort to that of building a far-reaching strategic risk vision that is articulated by senior management and permeates the entire organisation. Only such an overarching vision and consistent risk appetite can provide the context in which vital training, development and culture change can see effective execution. |
Christopher Hamilton is a senior vice president with BearingPoint, Inc. The views and opinions are those of the author and do not necessarily represent the views and opinions of BearingPoint, Inc
|
| Article appeared in the May 2004 issue.
|
|
