Operational risk

Increasing costs and risks associated with running multiple trading and risk management systems have meant a single platform for all asset classes has become the Holy Grail for banks and financial institutions. But many of the longer established players are weighed down by legacy systems and daunted by the sheer scale and expense of any project to streamline or replace these bolted-together edifices. Phil Wang, VP Product Management at OpenLink, argues that banks continue to ignore the need to streamline at their peril.

Operational Risk Management (ORM) has become a key priority for all financial institutions and the ever-increasing complexity of financial instruments means the issue will remain central for the foreseeable future. Recent news from the financial sector has amply demonstrated the impact that lax ORM can have on an organization’s reputation, credit-worthiness, net income and capital management – further underscoring the need for robust ORM systems. Operational Risk, Inc. maintains that since 1980, financial institutions have lost more than $200 billion due to operational risk.

Solutions to help manage operational risk, according to Risk Glossary, include avoiding certain risks, accepting others, but attempting to mitigate their consequences, or simply accepting some risks as part of doing business. According to research conducted by Wharton, these kinds of risks include:

Operational risk due to transaction failures;

Criminal risk due to internal and external fraud (e.g. rogue trading);

Legal risk due to failure to comply with changes in the regulatory environment.

Employee training, close management oversight, segregation of duties, and the capitalization of risks are specific techniques to help minimize operational risk.

A successful risk management program will rely on:

• Senior management’s commitment to avoid infrastructure failures, fraud and legal and regulatory risks (e.g., fines);
• Full support and participation of the IT team for data collection, data tracking and the support of a robust internal risk-control system;
• Competence of the risk assessment team, which must have the expertise to apply the risk assessment methodology to a specific site and system, to identify mission critical risks and provide cost-effective safeguards that meet the needs of the organization;
• Awareness and cooperation of members of the user community, who must follow procedures and comply with the implemented controls to safeguard their organization.

Relatively young companies and financial institutions in emerging markets such as the Middle East, the Asia-Pacific region and Latin America, are now looking to install ORM systems for the first time, and are able to introduce broadly integrated systems for trading and risk management.

But most large and long-established financial institutions are burdened with a plethora of trading and risk management systems, making ORM less watertight than it ideally could be. This has resulted from a vertical desk-by-desk approach, where each trading desk has gone for a best of breed system with little company-wide oversight. Additionally, specialist vendor solutions often offer a quick-fix and rapid time to market, while internal builds have been bolted on specifically to serve a particular need.

Once a multiplicity of systems is in place, replacing the entire setup becomes a monumental task that is often avoided leaving in place legacy systems where they are simply papered over with an interface connecting the many and various systems.

But methodical risk management requires comprehensive planning, organization and monitoring and this is best achieved by streamlining the number of systems in use by one organization.

Under Basel II, internationally active financial institutions are required to protect themselves against operational risk. Risk categories, as delineated by the Basel Committee on Banking Supervision, include internal fraud, external fraud, business practices, damage to physical assets, business disruption and systems failure, and process management.

In fact, since the collapse of Enron in 2002 and the subsequent introduction of a tighter financial regulatory framework in the U.S. under Sarbanes-Oxley, Forrester Research has found that there are 115 vendors that focus on governance, risk and compliance to handle risk management projects. There is a clear need for an integrated, cross-market Information Technology (IT) environment that delivers the scalability and flexibility needed to accurately navigate today's quickly changing markets with powerful analytics, real-time capability, and broad asset class coverage, transparency and security, efficiency, and forward looking technology.

Historically, when long-established banks have developed systems internally they have not had these concepts in mind. But the financial services industry is now actively striving to consolidate multiple asset trading systems onto a single platform, where risk can be managed more effectively.

At the same time, huge arrays of new cross-asset instruments and hybrid products have been rolled out over the past 5-10 years. But, attempting to introduce a flexible system to manage cross-asset structured products can be extremely tough if the system is not designed to support cross-asset trading from the outset.

For example, extending a swaps system to an equity-linked structured product with some kind of credit provision built in would be impossible without a multi-asset class infrastructure in place. For this reason, sales of cross-asset systems are steadily increasing.

What is required is a product that spans all asset classes and is fully integrated with middle and back office functionality – from front office risk management and profit and loss reporting to confirmation, settlement, reconciliation, payment and accounting. Increasingly, vendors are offering this complete front-to-back office functionality for cross-asset trading. It has become a reality.

Multiple systems and interfaces mean that aggregating exposures across the various systems requires further integration between systems, either to a risk management system or a data warehouse. In addition, risk and the use of proxies to represent exposures lead to a less effective view of the bank’s position. When proxies are used, some of the exposures are obfuscated.

A true cross-asset system is one where there is no loss of information due to interfaces, proxies or dumbing down of the data for aggregation purposes. Multiple systems make banks less effective from a ‘hike and hedge’ perspective, where each desk is hedging its own exposures or separate internal desks are created with the sole purpose of aggregating trades and hedges. But the introduction of a single trading and risk management system will give overall net exposure, credit and market exposure and make hedging and other tasks, such as cash management, far easier and more efficient.

In OpenLink’s experience, both large tier-one banks and smaller banks are striving to achieve cross-asset trading and are making some progress in this area. Understandably, the larger banks are tending to favour a more incremental approach. For example, rather than simply going after the best-of-breed every time they select a new system, they are attempting instead to extend existing systems or keep to a roster of preferred vendors.

“Markets are favouring systems that have cross-market coverage and are fully integrated across the front-middle-and-back office. Many legacy systems cannot meet this requirement. As a result, more vendors offer a complete suite of functionality across asset classes,” says Mr. Wang.

“Financial institutions have a growing need for an integrated, flexible, and adaptable software solution that can be the technology solution of choice across a variety of desks and functions. In recognizing this need our system offers a straight-though-processing (STP) environment that supports the entire transaction life cycle for the widest product coverage available.”

According to Chartis Research, the 2011 worldwide ORM market is expected to reach $1.55 billion dollars. Part of this market growth is due to the replacement of first-generation ORM solutions as well as markets that previously did not employ ORM and a greater investment as businesses view ORM as a strategy and an integral daily part of doing business. Companies that have implemented ORM practices are already seeing big results through improving their processes, technology and business practices, as recognized by Operations Research Management Science. Companies are proactively cultivating an awareness culture that will continue to grow by leaps and bounds, as ORM becomes a best practice mantra.

Streamlining systems doesn’t simply mitigate operational risk. It can also lead to significant gains in efficiency. Mr. Wang recalls that the introduction of an ORM system for one client enabled one bank to reallocate 30% of its back office staff to other tasks, reduce time to confirm a trade by 90%, reduce paperwork by 80% – since fewer reports needed to be printed off – and simplify the staff training process, as the staff only had to be trained on a single system.

R isk will always be with us. A number of standard safeguards will help ensure that potential liabilities are minimized. Ultimately, however, operational risk can most effectively be minimized through the increased transparency that single systems will provide.