Have risk managers been let down by big IT?

Have risk managers been let down by big IT?

Adrian, can you please tell the Risk Insights’ readers about yourself and your professional experience?


I help banks manage their multi-billion dollar risks and meet their regulatory obligations in the most effective way possible.  I do this by combining expertise on finance and technology.

After qualifying as a Chartered Accountant with PWC I worked on a series of risk and product control projects at HSBC Markets.  I then went on to financial services consulting with a big four consulting firm and built up a lot of practical experience.  For example: model validation for the first AAA derivative vehicle in London, Head of Operations for the EBRD, practical set up of the first Triparty repo in London.  I have also led countless risk management projects working with companies such as Deutsche Bank, Credit Suisse, Morgan Stanley, Barclays and many more.  As a result, I have a good idea of what it takes to make a risk management project successful and how to avoid the many pitfalls.

My latest challenge with Finsbury has been to address the very real problem of End User Computing, which is a major issue for most Financial institutions.


We are looking forward to you presenting at the Stress Testing Europe Summit where you will be focusing on use of IT by risk managers. Why do you feel this is a key talking point at the Summit?


You cannot do anything in risk management without using technology.  Any regulation or risk project has to address both which technology to use and how to deliver it.  However very often risk managers and IT professionals have conflicting views and objectives that can sometimes cause important projects to fail.

Risk managers are used to having to react really quickly either to crises or new regulation.   The last few years have seen an avalanche of new regulatory requirements with Stress Testing the biggest new challenge.  Most risk management teams have been successful in getting their stress tests completed, by doing whatever it took to get the job done.  Now they need to start creating a reliable and repeatable process.  This is the point where they will need to handover to IT. How they do that will determine whether or not their projects are successful.


Without giving too much away why do you feel that there is such a high failure rate with large scale risk IT projects?


It is no secret that the failure rate for risk technology projects is very high.  Failure can range from outright cancellation, radical de-scoping or failing to hit hard deadlines.

During the financial crisis many people were shocked by the weakness of bank risk management systems.  This is not just lack of investment, over many years’ banks had been trying and failing to implement effective risk aggregation.  These failures continue today.

Unless they learn the lessons from unsuccessful projects they are just going to repeat them and this time the regulators may be less forgiving.


How can stress testing professionals benefit from designing a practical project approach and IT architecture?


Inevitably most banks have run very tactical projects with the focus on just doing whatever it took to get the results.  Now regulators are asking more questions about the quality and auditability of the results and most banks want a reliable, repeatable and lower cost process.

This is just the moment when a number of banks will embark on the large strategic projects that will eventually fail.  They will fail because they will switch from approaches that have been successful onto the approaches that caused failure in the past.

I will be exploring these issues in the presentation.


How do you see the role of the Stress Testing professional changing over the next 6-12 months?


Most banks will be switching from tactical – must get it done – projects to strategic ones.  Stress Testing professions will be central to these projects.   It is important for the financial services industry that they get them right.