If banks have to pay out for new computer systems in order to be compliant with the Basel II Accord, they may as well ensure they are spending strategically for the greater good of their business, too. Parveen Bansal reports.Lately there has been much discussion about the need to reduce operational costs. Legacy system replacement is one strategy being debated. Also high on the many banks’ agendas is the impact of the impending Basel II Accord on the operations of the business. Both core systems change and compliance present a great challenge for financial services institutions as both initiatives add to the pressure on IT budgets.
Many might consider simply extending the life of their legacy systems by wrapping with new technologies. But compliance requires investment in new systems or applications that have not previously existed, particularly to cope with some aspects of the Basel II Accord, such as operational risk. While many consider compliance a necessary evil, compliance could be considered as an opportunity – an opportunity for greater change in the systems of the business, thereby combining core systems spend and compliance spend for the greater good of the business
Best of both worlds
Organisations can create a balance by combining the impact of regulatory compliance with overall business improvements. Chris Gentle, research director at Deloitte Consulting in the UK, says: “There needs to be a change in the mindset of senior management in organisations so that they might consider compliance as a driver for improving the competitive edge of their business.”
This is in line with the message from the UK’s Financial Services Authority (FSA), which has reported the object of the Basel II Accord as being not only to improve capital adequacy, but also to improve the overall efficiency at an operational level. Given the archaic nature of many core systems and processes, this implies a change in the way business has been conducted and transactions processed. Core systems change and operational compliance are thus complementary.
The Basel II Accord for alignment of operational reserves with measurable risk will necessitate large-scale technology investments. Earlier in the year, US-based TowerGroup estimated that global 2003 IT spending on financial services technology would be $333.7bn, which represents an increase of 2.3% over 2002. Similarly, it is estimated that financial services institutions will spend more than $7bn on operational risk management technology in 2006.
“While profits were sorely challenged, global financial services firms have entered 2003 with an unambiguous focus on core business strategy and operational efficiency, and with a directive to align technology investments with both,” says Guillermo Kopp of TowerGroup.
Eyes on the bottom line
A recent survey conducted by US-based research organisation Financial Insights for Deloitte & Touche found that 88% of the 22 financial firms surveyed felt that operational efficiency was a far greater concern than technology needs. Among these 88%, 56% had it as the primary issue while 32% rated it a secondary concern. “The critical nature of operational efficiency is in line with the current state of the market, where companies are being forced to improve efficiencies in order to cut costs and improve the bottom line,” says Rhoda Woo, director and leader of Deloitte & Touche’s financial services industry trading and technology practice.
According to Mr Kopp: “Increased market volatility and business complexity have heightened institutional exposure in terms of credit and market risk and, most importantly, in the new field of operational risk. Here is where actual losses may dwarf the cost of Basel II increases in capital reserves.” Based on sample returns, TowerGroup estimates that operational losses could cost tens of billions of dollars annually across the industry.
“As banks ponder all the associated costs and revenue opportunities at stake, an enterprise-wide approach that aligns business operations, financial exposures, and risk management policies, processes and procedures with business strategies becomes unavoidable,” says Mr Kopp.
A TowerGroup research note called Basel II: Operational risk management strategies and FSI performance states that regulators are holding the highest decision-making management levels in banking companies, accountable for approving and implementing firm-wide strategies for operational risk. The report says that while a Basel II compliance deadline of 2006 may seem too distant and invite procrastination, banks should not underestimate the magnitude of the transformation required because many organisations are actively targeting holistic risk management solutions to reduce their exposure, capital requirements, and operational expense.
Operational risk
Operational risk is deemed high for multiline banks with complex and international operations that process large volumes of securities or payments transactions. Thus, large international banks should find clear benefits in adopting an advanced approach by reducing their regulatory capital requirements and mitigating losses.
It may be said that the Basel II Accord is more detrimental to the IT infrastructure than some other regulatory requirements, such as the Sarbanes-Oxley Act or the Patriot Act, which are more likely to require point solutions. Enterprise risk management, especially for operational risk, requires consolidating data from disparate products and technology systems across business lines in a more comprehensive and methodical manner.
Opportunity for review
Organisations should beware of a having a narrow focused approach to Basel II compliance. As Stephen Oxenbridge, managing director of Misys Asset Management, warns: “Focusing only on compliance can lead to organisations investing in short-term solutions ignoring long-term impacts.” He suggests that the need for compliance with Basel II should be used “as an opportunity to review where your organisation would like to be in the next five years, and then use this for selecting the suitable strategy for IT investment and change”.
Institutions with higher levels of complexity due to their diverse products and locations or greater concentration of risk are advised to create real options to reduce exposures, losses and cost through more advanced approaches. Mr Kopp says: “Such an approach to risk mitigation would also entail business continuity, operational resilience, fraud detection, and other loss prevention capabilities.”
Banks must broach two questions. First, what level of attention is the compliance opportunity getting across the organisation? Is it considered just an IT issue or purely a business issue? Second, does the organisation have a firm grip on the current process environment and the change requirements? Many banks do not understand the workflow and few, if any, grasp the complexity of the various data sources and stores across the organisation. Mr Gentle of Deloitte Consulting advises organisations to pull together management infor-mation across the business so they can understand the risk profile of the whole organisation better.
Strategic behaviour
According to TowerGroup, savvy banking companies may turn Basel II and its new frontier of operational risk management into opportunities for bottom-line performance. From a traditional management perspective, a strategic selection of appropriate approaches to credit and operational risk may result in lower capital requirements, improved ratings and lower cost of funds. Banks may extend these benefits by introducing profound changes in the way their business operations are managed and run.
“Operational risk management needs to cut across the whole organisation; this is a holistic proposition and is similar to the way that IT works in the whole organisation,” says Mr Kopp.
Virginia Heyburn Garcia, senior analyst of financial services investments at TowerGroup, agrees: “Only compliance will not reduce operational costs. Operational risk compliance should drive operational efficiency throughout the bank.” The US Federal Reserve and Securities Exchange Commission have practically stopped short of issuing a mandate on operational resilience, she says.
While many institutions still look at Basel II with a mindset for basic compliance, others are actively pursuing a more advanced approach to risk management for competitive advantage and operational efficiency. Mr Kopp suggests that organisations that are exposed to even moderate levels of credit risk and operational complexity should benefit by extending their efforts beyond mere compliance and embracing more advanced Basel II risk management framework to improve their business performance.
Balancing activity
Research conducted by Fujitsu Services, the third largest IT services provider, together with the Institute of Financial Services in the UK earlier this year, found that 83% of IT managers perceive regulatory compliance as a major element of the increasing IT management costs. The findings suggest that organisations need to start making strategic architectural changes to balance investment in IT with greater control and improved data management.
The survey results highlight the need for improved channel communication between IT and business operations as key to promoting support for IT infrastructure projects that would allow greater systems flexibility, thereby enabling IT to play an active role in assisting business development.
There are several challenges to the compliance and business transformation game. “Due to the lack of convergence in business objectives between the IT department and business processes, IT managers can only prepare for such regulatory changes by ensuring their infrastructure is equipped for change and is flexible enough to cope with the new demands,” says the Fujitsu survey report, What’s in IT for me? It suggests that organisations that fail to embrace IT strategically may find their operational performance is severely handicapped.
Tom Roche, director of strategy and business development for the finance sector at Fujitsu Services, says: “IT departments need to adopt a strategy of clever spending that enables infrastructure projects to take place, creating greater agility within the organisation in responding to future business transformation needs.”
Ownership question
Unclear ownership of the compliance project within the organisation is a another problem. Ms Garcia notes that it is often to difficult to distinguish between pure IT spend and that which is fuelled by the need to comply. “Often the compliance budget is embedded in the various departmental IT budgets.” However, she says “If done correctly, the money spent for compliance should pay for itself in terms of the savings accrued as a result.”
Mr Kopp agrees. “Effective implementations of Basel II should avoid adding incremental overhead to an already complex operational burden. By simplifying processes and improving resilience up front, institutions may attain direct benefits while minimising the operational risk management implementation cost,” he says.
“To select an optimal strategy, banks should evaluate the combined effects of technology investments, reduction in regulatory capital requirements, and possible savings in operational efficiencies.”
As institutions simplify their business operations, they can reduce their Basel II implementation burden, while at the same time increasing their process robustness and operational efficiency, says Mr Kopp. TowerGroup suggests that, as most institutions have room for operational consolidation, there is a point at which the savings achieved through enterprise utilities exceed the technology cost. Thus, there is a sweet spot that blends Basel II and operational management benefits.
Institutions that combine Basel II benefits with other business and operational efficiencies should gain a competitive edge. As technology is a major facilitator of operational efficiency, financial services institutions cannot reasonably expect to achieve efficiency gains without investing in technology across the organisation. Ideally, investment in IT should be strategic and considered as investing in business transformation to allow both compliance and improved efficiency for a successful future rather than for compliance alone.
