Risk Management:
Buy-Side Firms See Rising Focus on Risk
Control As Events Make Value Propositions Crystal Clear
Originally published February
1
“It’s more like implementing a culture and an
entire framework than just buying a system that will do the job,” says
Philippe Carrel, Executive Vice President at Reuters Trade and Risk
Management. “In five years, the risk manager will be someone with a lot
of power who will decide what are the key risk factors a firm should
monitor.”
That will be a major shift from decades past.
During the 1980s, 1990s and early 2000s, financial, product development,
marketing and client services managers have each dominated investment
organizations. Now the pendulum is swinging towards risk management
policies and compliance, not just the delivery of investment
performance. Industry observers contend it is very difficult for even
the best risk systems and managers to prevent anyone determined to
commit fraud, as allegedly happened in Société Générale’s newsmaking
$7.1 billion (4.82 billion euros) loss in January. But risk management
systems and policies prove useful in catching errors, and deliver value
beyond just being a necessity to meet regulatory or compliance
requirements.
“There are a lot of tools out there, but if you are not using them effectively, then they will fail you,” says Michael Thorfinnson, Chief Operating Officer and Chief Risk Officer of TD Asset Management. “The hurdle many buy-side firms face has been in making the investment in risk management projects and the teams to run them. The value proposition becomes crystal clear when someone has trading losses or errors.”
“I have a hard time believing that fraud wouldn’t be caught,” continues Thorfinnson. “We spend a lot of time ensuring that policies and procedures, checks and balances are all in place, with independent and separate reporting lines to make sure things are caught.”
Risk systems will advance beyond just calculating and reporting risk, and move to truly managing risk, according to Carrel. “I expect to see programs that will first assess all the risks, the potential vulnerabilities and gaps, whether we are looking at risk from the right point of view,” he says. “All of these will be implemented in such a way that people are much more accountable – they will assess themselves and empower themselves rather than just relying on process.”
The risk management improvements may first be seen
among custodians, according to Phillip Silitschanu, Senior Analyst at
consultancy Aite Group. “A lot of risk management software vendors are
moving heavily into the back-office area and we see a lot of
implementation there. Also, custodial banks realize that margins are
getting squeezed so much and markets are so touchy, that any advantage a
firm can get can make or break a custody deal,” he says. The loss at
Société Générale is a perfect example of how risk managers and their
technology platforms have to move beyond a metrics-measurement
mentality, because the trader involved did indeed hit all the correct
risk metrics, points out Silitschanu. “The mentality of risk management
is a little skewed if it’s viewed as a burden instead of something that
can be harnessed to improve a business operation,” he says.
Firms should be thinking about how to make correlations and link data sources to improve their risk management, according to Cubillas Ding, Senior Analyst at consultancy Celent. “Very few organizations have risk management infrastructures that can easily provide a coherent picture across the various types of risk,” he says. Most risk functions are classified into categories such as market, balance sheet, credit or operational risks, according to Ding. “Different risk systems used mean that data is captured quite separately. Then the question becomes getting the data out and comparing it across some of these risk silos. That’s not necessarily easy [with disparate systems]. A definition of data captured in one risk system may not be exactly the same as another.”
Firms should keep risk management systems separate from front-end operations, but also understand how economic conditions, risk factors and market scenarios that the front-end deals with can play out, suggests Ding. Those running risk management systems “need to have more interactions with front-end [colleagues] because they know the most about the market, where it is in terms of cycles or if there’s a bubble,” he says. Those running operations need to have market intelligence and understanding of the risks within markets traders and portfolio managers are active in. “With complex products, such as CDOs [collateralized debt obligations], the question is whether risk managers actually understand them and the models behind them,” adds Ding.
Any system can only be as good as what is fed into
it, says Rick Enfield, Business Owner for the Asset Control Plus product
at Asset Control, a data management solutions provider. “You need a
structured process in place to control flows of data within the
company,” he says. “The nirvana of some single reliable source for all
information is really not quite there yet.”
Firms have to be able to handle data with a
decentralized control structure, at least until the risk silos are
toppled, according to
Synergies in managing data for risk management and
analytics would be obtained by reducing errors, because the business
units most familiar with the type of data would be the ones handling it.
In five years, the immediacy and urgency of data for risk management
will be much greater, adds
As financial services institutions start integrating lines of business, they will share risk management information more, according to Guillermo Kopp, Executive Director and Global Research Fellow at consultancy TowerGroup, who cites improved risk management as a strategic response for a top business driver in 2008: economic, market and regulatory volatility. “Most of the effort in enterprise risk management involves data integration,” says Kopp. “Therefore, data governance, management and analytics play a key role in the strategic responses and technology initiatives.” Risk management will have to accommodate increasing complexity in financial services, explains Kopp. “Technology has to keep up, not just from a controls perspective, but also a business management perspective,” he says.
Large financial firms in general, and sell-side firms in particular, are better equipped with risk management systems, but buy-side firms have not had enough resources to improve their risk management operations, points out Luis Zea, Vice President of Marketing at Imagine Software, a trading systems provider. “The problem in these volatile markets is that without the proper systems infrastructure, how can managers be expected to react effectively to sudden intra-day market shifts?” says Zea. “Unless there’s proper system infrastructure, they can’t quickly identify risk in their exposures; much less capitalize on the opportunities that market volatility generates.”
Value-at-risk (VAR) analyses are useful for breaking down risk exposure for equities, volatilities, interest-rate securities, credit and foreign exchange, according to Zea. “To do that, you really need near or actual real-time performance,” he says. Yet VAR remains dependent on the quality of data, according to Jeffrey Green, Principal at Deloitte & Touche LLP. “Even having a VAR model, and not calibrating it or basing it on [correct] data, will turn out to be a very large shortcoming in these interests and the market in general,” he says. “Many market participants should have known better. It took some two or three weeks to even figure out what they owned in the subprime crisis. They didn’t have the controls or the data to get at it.”
Firms often think they already have adequate risk safeguards in place, according to Thorfinnson of TD Asset Management. “There’s an appetite for independent risk functions, reporting independent of portfolio managers in a buy-side firm,” he says. “It’s not perfect, but more firms will engage the concept of independent risk managers.”