To get a better handle on their organizations' risk exposure, many firms are turning to enterprisewide risk management.
Traditionally, financial firms have categorized and managed the various risks inherent in their businesses in separate silos. But, as this approach proves inadequate, many firms are working to obtain a clearer picture of their exposure to all types of risk by implementing enterprisewide risk management systems.
Enterprisewide risk management is the ability to look at where risk lies across an organization and analyze and aggregate it in order to better understand how it can be mitigated. It's a concept that has been around for some time, but only now is getting the attention it deserves, according to Larry Tabb, CEO and founder of TABB Group, a Westborough, Mass.-based financial advisory firm.
One Risk Umbrella
In addition to centralizing risk management, firms also are examining new types of risk, Tabb notes. "We started out in the market risk area and migrated from liquid risk to credit risk," he says. "Now, we have moved into operational risk and are focused on trying to understand and quantify the operational challenges within an organization."
Along with adopting a broader view of what constitutes risk, financial services firms also are bringing the different aspects of risk management together under one risk infrastructure, to include market risk, credit risk, operational risk and compliance risk. "That's a major change," asserts Tabb. "Often, the different risk groups have been broken up into separate organizations within the business, so it's a good start" toward more-holistic risk management, he adds.
Boston-based global money management firm Putnam Investments began restructuring its risk systems more than two and a half years ago. The firm's decision to employ an enterprisewide risk management system was based on several factors, including its mandate to invest according to its customers' specified risk tolerances, as well as its need to manage the risks associated with a portfolio for optimal performance. "Risk management allows us to make sure we are true to the investment philosophy we have shared with our customers, and it has allowed us to optimally manage the portfolio by finding the best investment opportunities compatible with the risk limits associated with each portfolio," says Philippe Bibi, chief technology officer at Putnam.
According to Bibi, the limitations of the firm's legacy risk management platform were a major factor in Putnam's decision to implement a new, enterprisewide platform. The legacy solution didn't scale very well - it couldn't deal with large volumes of portfolios and benchmarks, he relates. Further, it wasn't able to provide timely results to support business decisions, and it couldn't cover all the asset classes in which Putnam invests. "The asset classes we cover now are much richer than two and a half years ago," Bibi relates. "So we decided we had to really start from the ground up and rebuild our whole risk infrastructure."
Out With the Old
Rather than try to update its old technology, Putnam instead invested in a new system, which has been up and running since July 2004. Bibi says the in-house developed system runs on Linux and has an in-memory database in order to minimize the time it takes to retrieve and process data. Additional security types can be added easily whenever necessary, he adds.
"This new system can deal with all asset classes simultaneously," says Maurizio Ferconi, head of financial engineering at Putnam. "It is designed with service-oriented architecture and is highly scalable, due to the implementation of a grid computing architecture."
The system also provides Putnam with improved disaster recovery abilities. Its intrinsic ability to be fault-tolerant and self-healing is the key, according to Bibi. "This is important because of the fact that the risk modeling is an intrinsic part of portfolio construction, and the portfolio construction is happening intraday," he explains.
According to Bibi, enterprisewide risk management has allowed Putnam to marry the way it manages a portfolio with the way it analyzes returns. "That is why having a single risk engine is really important - you don't want to manage your portfolio on a certain risk basis and then on a close of business basis look at your performance attributions using a different risk engine," he stresses.
Many financial firms also increasingly are adopting more cross-asset trading applications, notes Cubillas Ding, senior analyst in Celent's securities and investments practice. "The applications for trading are becoming more integrated because they cover different asset classes," he says. "This helps support an integrated risk management approach that cuts across multiple asset classes, multiple lines of business and geographies."
This also has implications in terms of the standardization of different practices among different offices, such as the use of data integration, Ding notes. "Before this, the data could just be at a department level or a business unit level," he says. "Whereas by taking an enterprise risk approach, you need it to be more or less centralized in some way or another where data is transparent across the organization."
Putnam has accomplished this by building a reporting infrastructure that creates a flexible and customizable risk report. "The system produces a standard report that all the portfolio managers and CIOs can look at, and, at the same time, it allows single users to create customized reports, all using the same risk engine," Putnam's Ferconi says. It also improves security by managing data entitlements to ensure that there is no data sharing where there shouldn't be.
Regulation Helps Drive Holistic Efforts
One of the main driving forces behind the trend of financial firms adopting an enterprisewide approach to risk management has been the regulatory changes that have taken place in the market during the last few years. "The regulators themselves are taking a risk-based approach and are asking firms to adopt a risk management framework that cuts across market, credit and operational risk," says Celent's Ding.
In fact, given the slew of corporate scandals that have come out over the past few years, investors now are starting to put a premium on companies that can demonstrate good corporate governance practices within their organizations. "Rating agencies ... are putting a certain degree of emphasis on how good the management team is in terms of governing practices within the business, and are aligning their credit rating accordingly," notes Ding.
Investors also are putting a premium on data security. On the heels of several highly publicized customer data breaches, data security has become a major risk concern for most financial institutions.
One way that Putnam has addressed the issue is by custom building an application that allows data to be separated so that it can be stored and accessed only by users of the particular group to which it pertains. From a regulatory standpoint, data changes always are tracked. "In this way, the whole portfolio management life cycle is provided with all the appropriate measures for tracking modifications and offering the ability to reproduce results," Putnam's Ferconi explains.
With the increased focus on enterprisewide risk management, many chief risk officers are being given a larger say in their organizations' risk profiles and broad positions, notes Celent's Ding. "It's been happening for a while," he says. "But with the whole increasing awareness of risk management coming into play, a lot of the senior officers handling risk are getting more responsibility in this area."
On The Net