Financial firms need to establish a single view of risk and return in their organisations, a view aligned with business needs, that meets external requirements, and that is positioned to create value.

Financial institutions are facing a turning point in the management of risk. There are several factors in play. The size, shape and increasingly global reach of major players, coupled with consolidation and evolving product complexity, create a challenging backdrop.

External imperatives, driven most obviously by regulation but also from shareholder expectations and rating agency pressure, turn up the heat on finance and risk functions. This combination is placing serious pressures on financial institutions to change the way they manage risk across the organisation, and to drive for greater effectiveness and efficiency. “From compliance to performance” has become the mantra in the industry (see Fig 1).

Regulatory pressure has come from what is often referred to as ‘the perfect storm’ – the coincidence of Sarbanes-Oxley 404 requirements, Basel II for banks and corresponding regulation for insurers, and a welter of disparate initiatives from financial supervisors aimed at better accountability over regulated activities. As a result, many financial institutions typically have multiple frameworks in place for collecting essentially the same data, and insufficient clarity about who does what in relation to the management of risk in the organisation.

The price of inefficiency

This state of affairs creates considerable inefficiency, resentment in the business and operating units, and, worse, the potential for the ball to drop between two risk management stools.

The additional cost burden on regulated firms is significant. An independent report for the UK Financial Services Authority found that, on average, the incremental cost of regulation amounted to some 1.6% of non-regulatory operating costs. A study by AMR Research in 2005, Spending in an Age of Compliance, predicted the cost over the next five years would hit $80bn (€58bn) and the study put spending on Sarbanes-Oxley compliance alone in 2006 at $6bn, with compliance-related IT spending rising to $2bn.

Pressure from shareholders (increasingly represented by activist interests), rating agencies and others is driving for transparency – visible evidence of the quality of risk management, and of the accuracy and relevance of reported data.

Senior management dealing with these pressures are faced all too often with a quandary: is the organisation getting value from its risk management function, or is it under-performing and over-expensive (see Fig 2).

Need for re-evaluation

The time has come for a re-evaluation of the role, performance and organisation of risk management in financial institutions; in short, a new risk management agenda. The considerable investments in meeting regulatory requirements have triggered significant upgrades of banks’ risk management tool sets, but also increased the complexity of risk management organisations. At the same time, the development of new markets and products – such as structured retail products and complex credit derivatives to name a few – has made financial risks more easily transferable than ever, giving risk management a potentially new role to play in day-to-day as well as strategic business decisions.

The single view

The need is to look top-down at the organisation, mandate and expectation of the function, and bottom-up at the standard and application of good risk management principles. In the mix, regulatory requirements need to be analysed, and the underlying processes simplified. The net result is a single view of risk and return in the organisation, aligned with business needs, meeting external requirements, and positioned to add value to the management process.

Meeting these challenges and turning opportunities into real value will be a major task for banks and their risk management organisations. A single consistent framework will help financial institutions focus on value creation through lower cost, higher returns and fit-for-purpose management of risks.

Given the fragmented, siloed nature of risk management in many organisations, achieving a single view of risk and return is not necessarily easy. As Fig 3 suggests, it involves addressing three main aspects:

First, a value-oriented review of risk and return processes at the macro level. This embraces not just the issue of how to enhance risk management in the light of leading industry practice, but also how to best leverage existing core risk management capabilities to identify and evaluate value-creating opportunities as part of a company’s strategic business model. Furthermore, by finding ways of how to better align the risk management framework with specific business needs and potential new business opportunities, the risk function becomes an integrated ‘business partner’, with a clear focus on (shareholder) value generation.

Second, an efficiency-oriented review of risk management processes to decide what needs to be done at the micro level to simplify risk management. This initiative is one of the keys to the effective discharge of regulatory reporting obligations. The over-riding imperative should be a common approach to evaluating risk in the business, starting with a high level framework, and using a consistent approach to analysis as level of detail increases. Information can then be compiled in a consistent manner, and external reporting obligations can be met from a single, consistent source of risk management information. Given the current regulatory emphasis on operational risks, this is likely to be the area where most attention is required.

Third, a principles-oriented review of risk management. The application of standard risk management principles across the organisation is essential to developing a more effective and integrated risk management framework. It allows several issues to be addressed, including misalignment between risk management and business requirements (silo approach); lack of transparency of how a firm’s risk management framework compares with market standards; and mixed levels of risk management sophistication throughout the organisation.

By benchmarking against an agreed set of principles, and identifying gaps, action can be taken to standardise and align the quality of risk processes across the firm.

Superior returns

In evolving from compliance to performance, risk management is facing a wide array of opportunities throughout financial institution’s core business areas to become a true ‘value champion’. At the top of the house, the integration of risk in strategy formulation in capital management as well as in business planning and controlling can play a significant role in achieving superior returns on capital and lower earnings volatility. Other high-impact issues include better informed risk taking, such as through customer value modelling, integrated limit setting, risk-adjusted performance management, and higher process efficiencies through risk-based streamlining of processes (see Fig 4).

It is up to the banks’ senior management to decide which one of these potential initiatives will be most beneficial for their particular organisation and business model. However, each financial institution will be sure to have a close look at what returns it could derive from the significant investments it has made into risk management over the past few years.

In the context of these new challenges for risk management, a single view of risk and return can help businesses identify the potential additional value that exists in their risk management framework – for example, by identifying gaps versus leading industry practice, by making optimal use of existing core risk management capabilities (both for their strategic business model and for new business opportunities) and by adjusting their risk management framework to their specific business needs.

Single view savings

Looking at value potentials on the cost side alone, our experience suggests companies who already find themselves with established, but fragmented, risk management organisations would expect to save some 10% or more of their compliance costs by taking a single view of risk and return. Companies less well advanced have the opportunity to start their journey with a single view of risk and return, and could save as much as 30% of the costs they would otherwise have incurred.

Exciting times

Looking to the future, these are exciting and positive times for risk management as it embraces its new strategic agenda. In particular, there are four key areas where significant value can be added (see Fig 5):

First, the integrated management of risk, return and capital, which helps to create the environment for active capital management and performance management based on economic value. In its turn, this can bring immediate benefits in terms of superior returns, the efficient satisfaction of stakeholder expectations, earnings stability and reputation management.

Second, the realignment of risk from compliance towards value, which can introduce efficiencies and drive the introduction of systems and processes aimed at sustained value optimisation.

Third, the introduction of next generation risk capabilities, which enables economic capital and risk aggregation as well as active portfolio management – bringing with it improved balance sheet utilisation, more disciplined risk pricing and competitive advantage through the ability to manage novel, or more complex, risks.

And fourth, leveraging advances in risk into business applications, which means more efficient, risk-based business processes, better risk decisions (including pricing) and more effective risk-based incentive and target setting.

An organisation’s competitive and financial performance – and even its long-term future – may be determined by how well it addresses these four issues. But none of this can happen without the consistent under-pinning that results from a single view of risk and return.

MAXIMISING VALUE CREATION: ACTIVE CREDIT PORTFOLIO MANAGEMENT

Increasingly, financial institutions are asking themselves whether their current risk management set-up is appropriate to maximise value creation, both from their current business model and from new business opportunities.

With internal risk measurement tools becoming more and more sophisticated, and capital markets offering various ways to take on or dispose of individual financial risks, financial services companies are facing strategic and tactical options regarding which risks they keep in their books and which ones they transfer to the market – options that they often did not have in the past.

One of the more prominent examples of this development is the rapid evolution of credit risk measurement techniques in combination with a continuing market growth of both standardised, liquid credit risk transfer instruments (such as indexed credit default swaps) as well as new, innovative products (such as loan credit default swaps).

This enables institutions to implement both a more active approach towards the management of credit risks (‘buy and manage’ versus ‘buy and hold’) as well as a better internal tracking of value generating activities by stripping out credit risk margins from other profit and loss components.

Acting on these new opportunities, such as by implementing an active credit portfolio management function, promises great rewards for financial institutions. Potential benefits include lower economic capital requirements, higher transparency on value creation and better pricing – all of which promotes a higher flexibility in managing both risks and returns.

In this sense, active credit portfolio management, which has been around for some time but is gaining wider appeal, is a good example of why risk management in the traditional sense is only part of the equation. By embedding and leveraging risk management capabilities into a business, such as by inducing a single view on risk and return, existing skills are helping firms to realise the value creation potential of their business.

CREATING OPPURTUNITY OUT OF COMPLEXITY

Financial firms are struggling with issues resulting from:

  • The duplication of regulatory requirements from local and global authorities.

 

  • The impact of legacy mergers and acquisitions.

 

  • A siloed approach to managing business and risk management resulting in overlapping requirements processes and controls.

 

  • An increase in the number of legal entities and related regulatory reporting and tax risks.

 

  • Growing dependence on third-party financial modelling software and home-grown spreadsheets.

 

  • Profitability pressures.

Great potential for value creation – with a focus on cost efficiencies – therefore lies in eliminating the complexity and duplication which rapid development of new organisational structures has brought in its wake.

For more information please contact:

Michael J Conover,Principal advisory, KPMG in the US,tel: +1 212 872 6402e-mail: mconover@kpmg.com

Volker Thier,Partner, financial risk management,KPMG in Germany,tel: +49 69 9587 2679e-mail: vthier@kpmg.com

Nigel Harman,Partner, financial risk management,KPMG in the UK,tel: +44 (0) 20 7311 5291e-mail: nigel.harman@kpmg.co.uk

PLEASE ENTER YOUR DETAILS TO WATCH THIS VIDEO

All fields are mandatory

The Banker is a service from the Financial Times. The Financial Times Ltd takes your privacy seriously.

Choose how you want us to contact you.

Invites and Offers from The Banker

Receive exclusive personalised event invitations, carefully curated offers and promotions from The Banker



For more information about how we use your data, please refer to our privacy and cookie policies.

Terms and conditions

Join our community

The Banker on Twitter