Risk Management:

Buy-Side Firms See Rising Focus on Risk Control As Events Make Value Propositions Crystal Clear

Originally published February 18, 2008 

NEW YORK — The ongoing transformation and improvement of risk management platforms and analytics will continue to play out for as long as five to 10 years. As it progresses, it has started to compel a deeper focus on both IT and organizational structures. Even before the most recent crises and market incidents brought risk issues to the fore, interest in implementing the most up-to-date risk management systems and processes was already on the rise. 

“It’s more like implementing a culture and an entire framework than just buying a system that will do the job,” says Philippe Carrel, Executive Vice President at Reuters Trade and Risk Management. “In five years, the risk manager will be someone with a lot of power who will decide what are the key risk factors a firm should monitor.” 

That will be a major shift from decades past. During the 1980s, 1990s and early 2000s, financial, product development, marketing and client services managers have each dominated investment organizations. Now the pendulum is swinging towards risk management policies and compliance, not just the delivery of investment performance. Industry observers contend it is very difficult for even the best risk systems and managers to prevent anyone determined to commit fraud, as allegedly happened in Société Générale’s newsmaking $7.1 billion (4.82 billion euros) loss in January. But risk management systems and policies prove useful in catching errors, and deliver value beyond just being a necessity to meet regulatory or compliance requirements. 

“There are a lot of tools out there, but if you are not using them effectively, then they will fail you,” says Michael Thorfinnson, Chief Operating Officer and Chief Risk Officer of TD Asset Management. “The hurdle many buy-side firms face has been in making the investment in risk management projects and the teams to run them. The value proposition becomes crystal clear when someone has trading losses or errors.”

“I have a hard time believing that fraud wouldn’t be caught,” continues Thorfinnson. “We spend a lot of time ensuring that policies and procedures, checks and balances are all in place, with independent and separate reporting lines to make sure things are caught.”

Risk systems will advance beyond just calculating and reporting risk, and move to truly managing risk, according to Carrel. “I expect to see programs that will first assess all the risks, the potential vulnerabilities and gaps, whether we are looking at risk from the right point of view,” he says. “All of these will be implemented in such a way that people are much more accountable – they will assess themselves and empower themselves rather than just relying on process.”

The risk management improvements may first be seen among custodians, according to Phillip Silitschanu, Senior Analyst at consultancy Aite Group. “A lot of risk management software vendors are moving heavily into the back-office area and we see a lot of implementation there. Also, custodial banks realize that margins are getting squeezed so much and markets are so touchy, that any advantage a firm can get can make or break a custody deal,” he says. The loss at Société Générale is a perfect example of how risk managers and their technology platforms have to move beyond a metrics-measurement mentality, because the trader involved did indeed hit all the correct risk metrics, points out Silitschanu. “The mentality of risk management is a little skewed if it’s viewed as a burden instead of something that can be harnessed to improve a business operation,” he says. 

Firms should be thinking about how to make correlations and link data sources to improve their risk management, according to Cubillas Ding, Senior Analyst at consultancy Celent. “Very few organizations have risk management infrastructures that can easily provide a coherent picture across the various types of risk,” he says. Most risk functions are classified into categories such as market, balance sheet, credit or operational risks, according to Ding. “Different risk systems used mean that data is captured quite separately. Then the question becomes getting the data out and comparing it across some of these risk silos. That’s not necessarily easy [with disparate systems]. A definition of data captured in one risk system may not be exactly the same as another.”

Firms should keep risk management systems separate from front-end operations, but also understand how economic conditions, risk factors and market scenarios that the front-end deals with can play out, suggests Ding. Those running risk management systems “need to have more interactions with front-end [colleagues] because they know the most about the market, where it is in terms of cycles or if there’s a bubble,” he says. Those running operations need to have market intelligence and understanding of the risks within markets traders and portfolio managers are active in. “With complex products, such as CDOs [collateralized debt obligations], the question is whether risk managers actually understand them and the models behind them,” adds Ding.

Any system can only be as good as what is fed into it, says Rick Enfield, Business Owner for the Asset Control Plus product at Asset Control, a data management solutions provider. “You need a structured process in place to control flows of data within the company,” he says. “The nirvana of some single reliable source for all information is really not quite there yet.” 

Firms have to be able to handle data with a decentralized control structure, at least until the risk silos are toppled, according to Enfield. “You don’t just have one data management group within an organization and that’s it,” he says. “The business units — that have the business knowledge to augment the data and control the information they need — can put a control environment in place that other business units in an organization can benefit from. The risk people concerned about counterparty exposure would be on top of the counterparty exposure. The settlement people dealing with the same instrument, who have settlement risk, would augment settlement data. It all flows through a settlement mechanism that then gets pushed out through systems that need the information.”

Synergies in managing data for risk management and analytics would be obtained by reducing errors, because the business units most familiar with the type of data would be the ones handling it. In five years, the immediacy and urgency of data for risk management will be much greater, adds Enfield. 

As financial services institutions start integrating lines of business, they will share risk management information more, according to Guillermo Kopp, Executive Director and Global Research Fellow at consultancy TowerGroup, who cites improved risk management as a strategic response for a top business driver in 2008: economic, market and regulatory volatility. “Most of the effort in enterprise risk management involves data integration,” says Kopp. “Therefore, data governance, management and analytics play a key role in the strategic responses and technology initiatives.” Risk management will have to accommodate increasing complexity in financial services, explains Kopp. “Technology has to keep up, not just from a controls perspective, but also a business management perspective,” he says.

Large financial firms in general, and sell-side firms in particular, are better equipped with risk management systems, but buy-side firms have not had enough resources to improve their risk management operations, points out Luis Zea, Vice President of Marketing at Imagine Software, a trading systems provider. “The problem in these volatile markets is that without the proper systems infrastructure, how can managers be expected to react effectively to sudden intra-day market shifts?” says Zea. “Unless there’s proper system infrastructure, they can’t quickly identify risk in their exposures; much less capitalize on the opportunities that market volatility generates.”

Value-at-risk (VAR) analyses are useful for breaking down risk exposure for equities, volatilities, interest-rate securities, credit and foreign exchange, according to Zea. “To do that, you really need near or actual real-time performance,” he says. Yet VAR remains dependent on the quality of data, according to Jeffrey Green, Principal at Deloitte & Touche LLP. “Even having a VAR model, and not calibrating it or basing it on [correct] data, will turn out to be a very large shortcoming in these interests and the market in general,” he says. “Many market participants should have known better. It took some two or three weeks to even figure out what they owned in the subprime crisis. They didn’t have the controls or the data to get at it.”

Firms often think they already have adequate risk safeguards in place, according to Thorfinnson of TD Asset Management. “There’s an appetite for independent risk functions, reporting independent of portfolio managers in a buy-side firm,” he says. “It’s not perfect, but more firms will engage the concept of independent risk managers.”



Questions or comments? Get in touch with us at info@globalinv.com

© 2005-2009 Investment Media Inc.