Risk management for financial institutions: Compliance, Stress Testing and Risk Analytics

Risk management for financial institutions: Compliance, Stress Testing and Risk Analytics

Q1 – Could you provide a broad overview of how financial institutions (FIs) are tailoring their risk management and operational improvement operating models to reflect the current business landscape? What, in your opinion, are the most significant risks permeating this space? 

FIs have been focused on integrating the various elements that impact how they manage the business into a more cohesive framework, leveraging off the ability to meet both internal demands as well as external demands. This has required a detailed appraisal of existing infrastructure and processes as well as an assessment of how the firm can leverage new technologies. In order to meet the needs of current business environment, which can be characterised as a competitive landscape with significant headwinds for FIs to deal with, including regulatory pressure, declining margins and competitive threats, firms have been evaluating how to develop the optimal operating model to address all of these issues. The most significant risks to accomplishing this include lack of a data maintenance and validation strategy, poor strategic resource planning and inadequate infrastructure.

Q2 – With numerous regulatory demands and increasing risk and volatility impacting the financial environment, to what extent do FIs need to redesign their operating models to more effectively control costs and improve efficiency? 

Given the headline pressures on margins and the historically low level of loan impairment reserves, the lever that most FIs have turned to is tight cost management in order to maintain return on equity for the institution. Various banks are at different stages to the cost containment programme.

Q3 – How are new accounting standards such as IFRS9 credit impairments impacting the risk management departments within FIs? Are there organisational considerations that need to be addressed to balance risk/compliance and financial reporting? 

Risk and finance teams are compelled to work closely together in the future to address IFRS9, stress testing and other cross functional efforts. While there have not been material changes in organisational structure due to IFRS9, this may be on the table going forward. For stress testing, the ideal organisational structure does vary across organisations, as some house this effort in risk, finance or application lifecycle management, depending on the institution.

Q4 – What benefits can FIs gain from data analytics in their pursuit of new revenue opportunities and improved operational effectiveness on the one hand, and enhanced risk management and compliance on the other? 

Data analytics can be used in multiple capacities by FIs. For the front office, the ability to analyse and understand complex relationships linking client behaviour with both structured and unstructured data can lead to significant enhancement of customer relationship management. For the risk and compliance teams, the breadth of capability to look for fraud risk, projecting balance sheet and revenues in a modelling context, examining industry data and peer performance metrics can all be part of an extensive tool kit to add value to the firm’s control and oversight functions.

Q5 – What can FIs do to improve efficiency and reduce cost related to regulatory compliance? Can firms leverage any investments made in technology or resources for regulatory compliance in managing the day-to-day business and generating revenue? 

One tangible example is in stress testing, where regulatory compliance driven exercises leveraging newly implemented infrastructure solutions can help more efficiently allocate capital within a firm, and help improve the process around financial planning and budgeting which has traditionally been a high level approach developed by the business and finance functions. This will clearly vary across firms as stress testing is in different stages of development, but the most advanced firms have been able to embed stress testing principles and processes into a ‘business as usual’ context to help drive key business decisions.

Q6 – What are some of the key principles for risk data aggregation and risk reporting, which FIs should bear in mind? Have they made sufficient improvements in their data efforts – data quality, availability, coverage, and so on – to meet regulatory compliance requirements? What types of investments and improvements remain to fully address the key principles of BCBS 239? 

While this has been a key area of focus for most institutions, this is still in a relatively young stage of development. Acknowledging the regulatory requirements, the big question many firms face is how to develop a robust data strategy given that it should serve multiple stakeholders including clients, regulators and senior management.

Q7 – In your opinion, are the FIs that succeed in putting their ‘house in order’ more likely to avoid the kinds of risks that can cause major reputational damage? How important is it for FIs to embed a risk management culture across the organisation? 

The risk management culture issue is vital to a robust risk management programme and many firms have been focused a sound foundation for the second line of defense role. As far as risk management to deal with reputational type risk, I am afraid that this is in an infancy stage as reflected in some of the events that have hurt large banking institutions globally over the past few years, such as the Wells Fargo client account and Libor rigging. Most firms that have mature stress testing processes have found a way to pursue a more integrated approach to stress testing, with direct linkages to strategy, planning and risk appetite limit setting.

Q8 – What advice can you offer to FIs when it comes to restructuring their reporting frameworks and internal processes to improve risk management and governance? Is it fair to say that most FIs have yet to scratch the surface when it comes to establishing effective risk management frameworks via the use of risk analytics? 

There are many firms which have relatively well-developed risk analytics. However, the challenge is building an integrated framework across all risk and modelling areas, such as a common platform, process and system which can be leveraged for firm-wide needs. Firms have only scratched the surface in this regard.

Q9 – Looking ahead, what trends and developments do you expect to see in terms of how FIs manage the risks they face and increase their efficiency? What do you consider to be the biggest challenges facing FIs over the years to come? 

The biggest challenge is developing a modular operating model to handle multiple needs – both internal and external. On the internal front, management teams are under pressure to increase return on capital for shareholders and will need more multiple imputation and analysis to support dynamic decision making, including better competitive analytics. On the external front, requirements across stress testing, IFRS9, liquidity, capital planning and other demands will warrant the development of a multi-purpose modular infrastructure to support addressing all of these challenges going forward. The biggest challenge will be to develop an enterprise solution that addresses both sets of demands. Firms that succeed are likely going to have a stronger competitive advantage.