To satisfy exam pressure, you need a risk narrative
The right tools provide both data and a narrative to satisfy regulators
Ellen Carney, senior analyst with Forrester Research, says that big system integrators such as Accenture, Capgemini, and SunGard are rushing to the aid of the biggest banks to get a better handle on their risk picture. â–
When it comes to demonstrating regulatory fitness, it’s not enough for risk analysts to toil with black boxes to create some kind of risk-posture report.
Examiners are pushing for more in the way of stress-testing capabilities and analysis that explains, in clear terms, the impact of the slings, arrows, and outrageous fortunes faced by banks.
Until now, banks that used analytics to assess a product or channel performance may have had a decent sense of risk tied to a piece of the business, but tended to be far less able to define how any given part (of an investment, loan, or strategy) affected the whole institution, notes Daniel Moloney, president and cofounder of SwiftKnowledge, an analytics firm based in Eden Prairie, Minn.
It’s a matter of context and perspective that can also handle the unlikely or improbable crisis. Even enterprise risk management solutions, despite their name, aren’t necessarily able to add everything up to a relatable story, consultants told ABA BJ. Something more automated, something more sanity-producing—is called for.
Rodney Nelsestuen, senior research director, Financial Strategies and IT Investments at Needham, Mass.-based TowerGroup, says he’s having conversations with community bankers that “don’t want to look stupid” during examinations.
Moloney relates that, in recent months, he’s been contacted by board members and senior executives at community banks who have been told by regulators that they will need to conduct more-advanced stress tests.
He says the SwiftKnowledge solution will give bankers more information—on profitability, cashflows, capital adequacy, and other details—than can be obtained by manually working around the limitations of core-processing reports.
As a vendor, one could argue, Moloney has an agenda. Yet other risk experts agree that a more holistic perspective will be required and with it, examiners will need a risk story. “The risk profile has to have a narrative that senior management can act on,” says Henry Ristuccia, a New York City-based partner at Deloitte & Touche. “And it will always be changing, so there needs to be some connection between transactional systems and daily operations. There needs to be a mix of top down and bottom up assessments.”
Doug McGregor, CEO, WebEquity Solutions, Omaha, Neb., says every risk story needs proof, but a review of the community banking segment generally shows that data analysis is very manual and very limited.
“It was clear to me that many banks didn’t have a handle on their data,” says McGregor. “There wasn’t any way for senior management to trace the performance of a single loan and see how it affected the entire loan portfolio.”
That prompted WebEquity to introduce a risk management dashboard for the lending portfolio last month.
Leadership plus better solutions
Certainly, among some Wall Street players, a failure of leadership, not a lack of systems, were largely to blame for the financial blow-up. Ristuccia believes that behavioral change—certainly more frank discussion of risk appetite—guided by a more intuitive generation of solutions may be the only way toward engineering true resiliency.
But such a profile is easier to talk about in the abstract than to produce, given banks’ stovepiped operations.
For big banks, creating a narrative may require adding another layer of technology into the risk infrastructure, that may include:
1. Governance risk management and compliance reporting tools from vendors such as SAP or Oracle.
2. Risk intelligence from vendors such as Bwise or Progress Software.
3. Enterprise risk management framework solutions.
4. Niche applications that assess risk of fraud or otherwise monitor risk related to payments.
5. Systems that, in effect, address key aspects of operational risk by monitoring IT system uptime and other key metrics.
The electronic version of this article available at: http://www.nxtbook.com/nxtbooks/sb/ababj0410/index.php?startid=28