It wasn't long ago that risk management implied VaR (value at risk) and ERM (enterprise risk management). Today, however, in an age of Sarbanes-Oxley, The USA Patriot Act, software viruses, spyware, physical security and transit bombs, financial markets risk has a completely new meaning. These challenges drastically change the way firms think, quantify, plan and manage risk. No longer are risk management teams composed of quants, data managers and financial modelers; they now include CPAs, lawyers, continuity planners, data and technology architects, and folks with guns. Egad!
But, whether we like it or not, compliance, continuity, and data and physical security will be the business and enterprise technology issues of the next decade or more. These issues will be at play when algorithmic trading, transaction cost analysis and financial market consolidation are well beyond recent memory. However, before firms begin to reinvest in their continuity plans, they first should reevaluate their enterprise risk profile.
Firms need to look at risk holistically. They need to look at all of the risks that affect their businesses, from traditional business risks (the loss of a customer, product or business line); to financial risks (market and credit); to operational, personnel, compliance, regulatory, data, technology and infrastructure risks.
To accomplish this, firms need a good plan. Supported by the corner office, firms need people from across all aspects of the organization to determine risks and probabilities, and ascertain the business, monetary and reputational damage associated with a failure. These risks need to be prioritized, and plans need to be developed for the most likely risks. Even with an unlimited budget, this is difficult, as not only do the risks continue to become more sophisticated and complex, but the priorities and likelihood of risks also change quickly.
The role of the chief risk office in managing this process is paramount. CROs need both budget and clout to obtain and reallocate resources, and insure operational stability and business continuity.
Competition, margin compression and the quest for shareholder value place an emphasis on being quick to market, flexible and lean. However, continuity plans, regulatory regimes, compliance mandates, and backup operations and technology counter these mandates. How can firms be flexible when they need extra resources and added operational infrastructure as backup? How can firms be quick to market if every "i" and "t" needs to be analyzed by compliance, lawyers and accountants?
Unfortunately, there is no easy answer. There isn't even a spending benchmark. Is 7 percent of expenses enough? Is 15 percent? For firms outside a major financial center, a smaller budget may be acceptable. However, for one on Wall Street or in London, the smaller budget may not suffice. Each organization has different challenges and demands depending upon their business mix, infrastructure composition, technology architecture, physical location, risk tolerance, profit margin and board direction.
The one certainty is that the problem is not going away. Geopolitical uncertainty is not decreasing, compliance burdens are not relaxing, technology is becoming more complex and the Web is providing a hacker's holiday for anyone with an inclination and an Internet connection.
As these events conspire against us, we need to work together to close technology holes, manage risks and mobilize the industry to prepare for virtually anything - plan for the worst and hope for the best. As London learned in July and we all learned in downtown New York four years ago, it doesn't take much to turn a sunny day into a major catastrophe. Unfortunately, in this day and age, we must be prepared for anything.
Larry Tabb is founder and CEO of Westborough, Mass.-based Tabb Group, a financial markets strategic advisory firm. [email protected]Larry Tabb is the founder and CEO of TABB Group, the financial markets' research and strategic advisory firm focused exclusively on capital markets. Founded in 2003 and based on the interview-based research methodology of "first-person knowledge" he developed, TABB Group ... View Full Bio