Regulation may be the main driver behind most efforts to improve global limit management but financial institutions who focus solely on compliance are missing the opportunity to improve their firm’s bottom line. Marcus Cree, Risk Specialist at Misys, explores.
Julia: Misys and PRMIA jointly recently released the results of a survey which highlighted a growing need for global risk limits management. What is the main driver behind internal initiatives to improve global limit management for firms today?
Marcus: There are two main drivers behind the increase of the globalisation of limit management. The first is on a regulatory basis as there are more and more controls being specified in terms of exposure against external counterparties and there are official limits being put on those larger counterparties in just about every regime. The second driver is the strategic perspective in that improved limit management has certain business benefits. This is because the more you globalise and have single limits which are shared across, the closer you get to being able to put out general directives concerning the direction of the business.
Unfortunately, when requirements or changes are regulatory mandated they tend to be done in isolation and the implementation of the risk limits can become a tick-box exercise. In fact, our research shows that the majority of banks can only leverage 25- 50% of all regulatory budget towards enhancing their own internal risk management. That’s a missed opportunity because there’s a lot of upside on the table such as making a firm more risk centric in general and improved monitoring of defaults, internal ratings on exposures, and managing the business according to that data. It is much easier to do risk monitoring from a global limit management perspective than it is from a more silo basis.
Julia: When speaking to firms about how they view their own limit management capabilities, were there any surprising trends that you spotted in this survey?
Marcus: I think what is surprising is that the regulations are viewed as an administrative overhead rather than a definite boon to the business. When you look at the percentages, I expected it to be a minority that would say ‘it’s an admin overhead with little business benefit’ but it was a much greater number than should really be the case.
I think one of the trends that we’re seeing is the fact that risk in and of itself is still not central in the strategic planning. Many firms will say that it’s an aim (and I’m sure that it is), but there are overriding priorities that are preventing the strategic requirement for risk being put in the centre of a business decision becoming the main driver.
Julia: So why are firms not including risk management as part of wider strategic plans?
Marcus: Obviously a lot of it is best guess, because most people in the market will say that risk is key to what they do, but I think that’s sort of an expected response in 2015, given what’s happened in recent years with the financial crisis and new regulation. The truth though is that for firms and their business planning to be risk-centric they need to think beyond regulatory compliance and need to consciously put a huge amount of emphasis on getting the risk results. That push shouldn’t come from IT but from the core business because clearly risk management and limit management is a pragmatic way to influence the day-to-day tactics and the overall strategy. Risk decisions have to be based on the right data and that should become an imperative within the organisation.
Julia: Do you think that firms will be making changes to support regulatory compliance solely? Or are many also looking to make these changes to improve limit oversight and risk management practices?
Marcus: This is really the core question and an interesting one. In my view every time a decision in a financial firm is made, it’s a risk management decision. Unfortunately, from a nomenclature perspective, risk management appears to be this group that sits separately and tells senior management and the rest of the world what risks are being taken in a kind of a post-event way. What makes it difficult is that regulatory rules are being introduced which have wide reaching requirements on counterparty and liquidity management and thus require on a practical basis, a good level of data aggregation, but many firms just view this from a compliance perspective that as long as the procedures are put together somehow it’s fine.
If you take a wider view and look at BCBS Rules 239 and 294 which specifies the guidance about how financial institutions should be setting up systems to put risk at the centre or risk management to make processes robust, then that limit oversight should become a natural function of that. There also needs to be better communication between the risk department and senior management about what they want their risk appetite to be. Specifically, firms should be able to set those limits as a way of expressing risk appetite, possibly with minimums as well as maximums, and those limits should be understandable and actionable by the people in the front office who actually have to make the decisions.
Julia: What are the long-term implications of this structure that you’ve just described where it’s more compliance-focused and compliant-only response to making limit management changes? Are there negative impacts to the firm where it misses the opportunity to improve the procedures overall to support risk management practices?
Marcus: From a firm’s perspective, focusing on tick-boxes for compliance is definitely a huge missed opportunity, because if one can take this area of oversight and transform it into one which takes a risk-based view of how and who to do business with as well as the overall kind of buffers and Tier 1 capital you want to put on the funding block is an incredible business advantage if you can get that tied together.
For a Tier 1 firm, then it’s entirely understandable that this is a far easier thing to discuss than it is to implement. But for raft of smaller firms who don’t have dozens of input systems, then just by knowing exactly where they are and what they want strategically will put them in a position of relative strength. It is a huge advantage.
Julia: What is the biggest operational challenge that firms face in terms of improving their enterprise information to support more effective limits monitoring and management?
Marcus: I’d say the main challenges are the current setup of the organisation. If they’re not designed on common platforms, databases and structures, it becomes quite difficult to combine a net-down and get a good view of what is what. What we’re really talking about there is the quality and aggregation of the data. There are many mechanisms to clean that data and thought has to be put into the technology behind the aggregation from several different database storages, results and trade repositories. Also, processes need to be robust because firms need to run calculations quite quickly, because if the data is going to be meaningful it has to be intraday, if not real time. And so while there are a lot of operational and technological challenges, it all comes down to data quality, both external and internal.
Julia: My final question is what recommendations would you offer to risk management readers as to how they should take their practices beyond compliance and improve limit management going forward?
Marcus: Overall, my advice would be for firms to take a step back and adopt a holistic and strategic view. To get to this strategic view, firms should ask questions around what decisions need to be made, how these can decisions be expressed at a Board level and what would that actively look like? Also, firms should focus how can risk management transform the way the business works, and will this particular project (in this case we’re talking about limits) be instrumental in taking the next step where a decision is needed and made, or is all the work a dead end that I have to just put in place?
As long as a firm can clearly see how it’s transformative and enables a risk conversation from the top of the shop to the bottom, then there is a clear understanding of how decisions are made. This could involve perhaps looking at different technologies and ways of aggregating data, rather than just what’s the quickest and cheapest way of doing this. If that quickest and cheapest way doesn’t push me towards the final transformative goal then the firm is probably looking at the wrong solution.
Organisations like Misys have been offering this risk data aggregation solution for a long time, rather than just saying let’s solve this as if nothing exists before, and build it up. The best way forward is to look at the kind of technology that can reuse what is already working at risk calculation and data storage level without duplicating processes or data, and then quickly aggregate the data to make it meaningful and useful throughout the day to satisfy compliance requirements and boost business profitability.
The Misys Survey on Global Limits Management
Related recorded webinar on BCBS 239