Heather McKenzie reports on the factors forcing financial companies to place regulatory compliance in the risk management sphere.

Regulators are driving the risk management agenda, according to a survey on risk management published by Pricewaterhouse- Coopers (PwC) in March. Two-thirds of those surveyed cited regulatory pressures as the main driver of change in their risk management priorities over the past three years. Survey respondents said their organisations’ risk management functions were the most effective at ensuring regulatory compliance.

Based on interviews with executives from 420 financial institutions in the Americas, Asia and Europe, the survey found a tendency among respondents for successful risk management to be defined in regulatory terms. This should not be surprising, given the raft of regulations and recommendations that have come banks’ way in the past few years.

Basel II, Solvency II for insurers and Ucits III for asset managers were cited by PwC as the main regulatory drivers, while the Markets in Financial Instruments Directive (MiFID) is another major regulatory concern for financial institutions.

The right management

“Regulation is a big driver in the risk world; bigger than some people realised,” says Richard Smith, partner, financial services at PwC. “The investment made to get the industry to a level of sophistication around risk management has been significant. The financial industry now has greater transparency, better metrics, better capital management and improved quantitative tools. Now it has to get the management right and embed risk management with business processes.”

Mr Smith says the traditional boundaries between finance, risk and compliance are breaking down. “We are seeing some banks starting to think about changing the shape of risk by moving away from separate credit, market and operational risk teams.

“This model no longer reflects the business, which is all about effective capital risk allocation and risk/reward. The key is how to make risk management a more effective and strategic tool for the financial institution.”

The relationship between risk and regulation was cited as long ago as May 2004, when Jaime Caruana, then governor of the Bank of Spain and chairman of the Basel Committee on Banking Supervision, addressed the 31st General Assembly of the Geneva Association, a representative body of the insurance sector. He said: “Supervisors must ensure that the regulatory system encourages banks, securities firms and insurance companies to be capable of managing their risks today and be ready to respond to new challenges tomorrow.

“Risk management and the supervisory system cannot and should not evolve independently of each other. On the contrary, supervisory agencies and financial services providers are currently working in tandem to develop a ‘virtuous circle’ in risk management and supervision.

“Evolution in risk management and the reform of financial supervision should complement and reinforce each other, and the progress in each area will be influenced by the work under way globally to revise accounting guidelines.”

Risk and compliance

Bill Nosal, managing director, compliance solutions at the enterprise solutions group of software developer SunGard, agrees that risk and compliance go “hand in hand”. He says financial organisations are changing their reporting structures to deal with the convergence between operational risk and compliance in particular.

“Many large organisations are organised so that the chief compliance officer has a line relationship to the chief risk officer. This is very telling because, until now, compliance has been in its own cul-de-sac in the legal department. It is now being controlled by or pushed into reporting to the risk group,” he says.

Mr Nosal says US regulators are revisiting compliance and want to introduce more principles-based regulations, which are prevalent in Europe. The merger of the New York Stock Exchange and Euronext should drive further discussions along these lines, he says.

“Financial industry players would like to see the same values among the different jurisdictions in which they operate. Those institutions that report to multiple regulators would certainly support global, common principles for risk regulation,” he says

Not everyone is convinced of the close relationship between risk and compliance. For example, Andrew Liegel, senior research analyst, risk management at US-based industry analysts Financial Insights, says in the US, in particular, risk management is a function that falls under the chief financial officer’s remit, while compliance comes under the remit of the legal department. “Risk and compliance do work very closely together. They are not strangers to each other, but they do have different functions,” he says.

Pressure on technology

Whether or not risk and compliance go hand in hand, it is certain that the risk management function has become ever more complex and is under increasing regulatory scrutiny. The strictures of Basel II and MiFID, for example, have placed enormous pressures on financial institutions’ technology.

“Technology underpins all of the regulatory change we are seeing,” says Mr Smith. “Accessibility to and the flexibility of data has been a challenge for organisations wanting to comply with Basel II. Data must be brought together, to be capable of being drilled down into and must enable effective reporting. That is the biggest challenge the industry has had.”

There is still a great deal of work to be done on how data “meshes”, says Mr Liegel. “Basel II has been a big data cleansing exercise. When you have a piece of data, you need to know where it comes from and how it is correlated with other pieces of data within a client or portfolio holding,” he says. “[The work] is about changing a lot of the data. Under Basel II, if data is not clean, or is missing something, it could force the financial institution to pay too much capital or not enough.”

Data warehousing, extraction and analysis are the three important aspects of risk management, says Mr Liegel, and there is no shortage of vendors with offerings.

The PwC survey found that, although there is no shortage of risk-related data circulating in financial institutions, often there is considerable doubt over its quality or utility. The survey report said: “Survey respondents were equivocal about how valuable the data they receive is, as a tool for managing their businesses. Risk managers must therefore enter into a closer dialogue with executives outside the risk function to ensure that the data they gather is accurate, and useful for them to create value as well as ward off risks.”

Driving data centres

Terry Quigley, head of financial services sector at London-based Colt Telecommunications, says there is “an extraordinary focus” on data centres among financial institutions. Colt operates 14 data centres, two of which it took online in the past year. “The attention on data centres is being driven by a number of factors, one of which is regulation. MiFID stipulates that financial institutions must retain all the trade data to prove best execution for more than five years. The requirement for data centres is going through the roof.”

In November last year, Colt won a €60m, 10-year contract to provide a dedicated managed data centre facility for Fidelity International. At the time, Lakh Jemmett, UK managing director of Colt, said managed services were the fastest growing part of the company’s business.

Mr Quigley says the operation of data centres is an area that is ideal for outsourcing. “Some applications will never be outsourced – I cannot see an investment bank asking anyone else to manage its trading applications, for example. But operating the servers for order execution and data feeds is not a core competence and there is no reason not to outsource it.”

Much of the discussion in which SunGard’s clients are involved is about how to get at information in a more cost-effective way, Mr Nosal says. “Compliance and risk is driving many firms to look at enterprise-wide data management. To manage data effectively is key to enterprise risk management.”

Many firms have silos of information and disparate data models that do not interact. Mr Nosal says the ideal approach to the problem is to draw together all of the information using business process management, case management and reporting tools and present it as a “dashboard”. Pulling compliance and risk applications together in this way will enable senior management to see in real time, what is happening across the enterprise, he says.

Cross enterprise synergies

It is an approach with which PwC would agree. In its survey, PwC cites operational efficiency as an area that requires stronger focus.

Fernando de la Mora, a partner specialising in risk management in financial services at the company’s New York office, says firms have paid too little attention to seeking out synergies between departments on risk and control processes. Much of this is because regulators focus on a particular business or regulation and insist on certain steps being taken. Only later do companies realise that, because their compliance functions also concentrate on specific areas of the business, the institution as a whole has collected duplicate sets of data, sometimes several times over, using different tools or standards.

“One of the best things that has happened recently in risk management is that the culture of compliance has been established in organisations,” says Mr Nosal. “Heads of trading, sales and branch managers have been given increasing compliance responsibility. If you put risk and compliance together, you will have a more effective organisation. As long as you are equipping your risk managers and business supervisors with the tools and technologies they need to do their compliance and risk jobs, you will be in good shape.”

PLEASE ENTER YOUR DETAILS TO WATCH THIS VIDEO

All fields are mandatory

The Banker is a service from the Financial Times. The Financial Times Ltd takes your privacy seriously.

Choose how you want us to contact you.

Invites and Offers from The Banker

Receive exclusive personalised event invitations, carefully curated offers and promotions from The Banker



For more information about how we use your data, please refer to our privacy and cookie policies.

Terms and conditions

Join our community

The Banker on Twitter