Fusing

risk and nance

Complex
The increasing convergence of bank risk and nance functions should help dealers to improve capital allocation, pricing and compensation decisions. Clive Davidson examines how banks view this process and reports on some of the technological implications
organisational structures are de rigueur in todays banks, with various functions distributed across many divisions. Over time, these divisions have become increasingly separate, each requiring its own specialised expertise and customised systems to support its activities. Regulation initially exacerbated this trend, prompting banks to create separate groups with their own systems and calculations to meet their reporting responsibilities. In the past few years, however, the regulators and banks themselves have begun to realise that this separation has its drawbacks data and systems can be duplicated, while various business activities might not necessarily be aligned. Basel II takes steps to remedy this, encouraging centralisation of credit and other data, but it is just one factor inuencing a convergence of risk and nance, and the data and systems that support them. Eective risk management and regulatory compliance in the use of capital didnt always drive down the same road, says Adolfo Pajares Garca, internal controller of Grupo Santander in Madrid. But now Basel II links best practice risk management to the use of capital, closing the gap between economic and regulatory capital, and encouraging a convergence of risk and nance. The convergence occurs in the relationship between risk assets, the management of risk assets, and the capital needs they generate, he says, adding that the structure of the balance sheet must now be managed using risk as well as nancial criteria. Whereas before, banks may have conducted their [business] analysis in economic terms, which didnt necessarily mesh with regulatory requirements, now they are converging, he says. A key aspect of Basel II is the continuing alignment of a risk-based approach to regulatory and economic capital measurement and allocation, and the resultant risk and return measures and frameworks, says Sydney-based Mick Leonard, executive general manager of group risk management at the Commonwealth Bank of Australia. This brings the information needs of risk, nance and the business together. Prior to Basel II, South Africas Standard Bank used separate data sources for its calculations of risk and regulatory capital detailed transaction level data for the former and high-level aggregate nancial data for the latter. Basel II requirements lead to the convergence of detailed risk and nancial data, as both these components are now required for the more sophisticated regulatory capital calculations, says Johannesburgbased Annelie Schnaar-Campbell, director of group risk management and head of Basel II implementation at Standard Bank.
2006 Incisive Financial Publishing. All rights reserved. Used by permission. First published in Risk April 2006. risk.net

TECHNOLOGY

TECHNOLOGY

Completeness and validity of data is the number-one problem when you are doing integration to transactional systems Anthony Dragiotis, Bank of Piraeus

Philip Wessels, Johannesburg-based chief risk ocer of South Africas Nedbank Group, adds: Basel II requires banks to take a single view of the client, and all divisions of a bank dealing with the client should apply a common credit and capital rating. Therefore, there is a need for common databases, models and calculations. But Basel II is not the only regulation pushing banks towards a convergence of risk, nance and other functions. International accounting and nancial reporting standards, particularly IAS 39 and the US equivalent, FAS 133 which now come under the umbrella of the International Financial Reporting Standards (IFRS) are forcing banks to reect more of their risks in their balance sheets. [IAS 39/FAS 133] is encouraging banks to account for risk-related dynamics in nancial statements an area typically very distinct from enterprise risk management to reect a more accurate view of the balance sheet to the market, says Frank Weyns, general manager of Misys Almonde, the division of Londonbased Misys Banking Systems that supplies integrated risk, nance and asset and liability management (ALM) systems. IAS 39/FAS 133 allows for two methods of valuation fair value and amortised costs both of which are based on future cashows, says Willi Brammertz, chief technology ocer at Zurichbased Iris Integrated Risk Management. Meanwhile, expected future cashow is also the basis of risk calculations. A centralised engine that produces future cashows of all the transactions carried out by the bank could be used for various purposes, including market risk analysis, ALM, and hedge eectiveness or impairment (net book value compared with recovery value) calculations for IAS 39, says Anthony Dragiotis, Athensbased head of risk management at Bank of Piraeus, which is using

riskpro from Iris for some reporting across IAS, risk and ALM. The calculation of expected cashow is the hardest part of building systems for IAS 39/FAS 133, as well as for risk management systems. Brammertz says that given the complexity of these functions, building more than one system to perform them makes little sense. While regulations may be pulling in the same direction, that does not mean there is an exact overlap in their requirements. Credit provisions [for losses] for Basel II work on the basis of total future expected losses, while IFRS credit provisioning only allows incurred events to be considered, says Standard Banks Schnaar-Campbell. But this will change, suggests Leonard at Commonwealth Bank. The requirements are at this time not necessarily aligned, but greater convergence should be expected over time to provide consistency and the standardisation of processes to achieve eciencies, he says. US corporate governance regulations in the shape of the Sarbanes-Oxley Act also contain prescriptions that will drive risk and nance closer together, many in the industry believe. And because SarbanesOxley applies to any company with securities listed or quoted in the US, many international banks are aected. A component of the Sarbanes-Oxley requirements is a focus on the measurement of the eectiveness of material nancial controls, while the eectiveness of internal controls is also a key component of operational risk under Basel II, says Leonard. Therefore, the design of an approach to address both the SarbanesOxley and Basel II requirements in an integrated fashion rather than on an individual basis leads to operational eciency, he says. Joe Hanssen, Charlotte-based senior vicepresident in the operational risk management group at North Carolina-based Wachovia, agrees there are several similarities between Basel II and Sarbanes-Oxley. Both eorts are enterprise-wide, assess the risks and controls of the organisation, require ongoing analysis and assessment, and demand board of director and executive oversight, he says. This leads to an approach where there is a consistent process with a common language for risk, maximisation in the use of information and integrated reporting.

Sarbanes-Oxley obliges auditors to check internal systems, says Iriss Brammertz. Where a bank has separate systems for risk, nance, ALM and so on, they are almost certain to dier to some degree in their calculations, and auditors will want to know why. Having one integrated system [for risk, nance and ALM] will reduce the cost of auditing drastically, he says. Another consequence of Sarbanes-Oxley is the increased need to justify decisions. This has particular relevance for valuation of transactions. Valuation is always built on expected future cashows, but expected also implies judgement, and there can be a thin line between judgement and manipulation and fraud, says Brammertz. Therefore, organisations need systems where they can demonstrate how expected future cashows are calculated, and maintain an audit trail of the calculations and all the assumptions that were made in performing them. A major advantage of converging functions such as risk, nance and ALM is in having centrally organised information that is well structured and contains transaction-level detail, says Dragiotis of Bank of Piraeus. Gathering, checking and repairing data is an enormous challenge for any kind of aggregation and analytical activity. Eliminating duplication of eort in this regard is clearly desirable. Completeness and validity of data is the number-one problem when you are doing integration of transactional systems, especially if you have to integrate data from various sources and systems of a group with international activities, says Dragiotis. Everything in risk and compliance begins with the data, says Andrew Aziz, vicepresident of market risk and buy-side solutions at Toronto-based risk management systems supplier Algorithmics. Collecting data to meet regulatory requirements is the bare minimum a bank must do. Extending it beyond that depends on what the bank wants to achieve for example, integrated data for economic capital calculations, he says. Like other banks, Grupo Santander is building common databases that will be used for risk and nance applications, as well as developing homogenous methods of calculation and models as part of its Basel II eorts, says Pajares Garca. Iris Brammertz believes homogeneity in calculations and models, as well as data, is essential if risk and nance are to be consistent. Since both functions rely on the calculation of expected cashows, and expected cashow is highly conditional

48

Risk April 2006

Joe Hanssen, Wachovia

(depending mainly on market conditions and counterparty quality), it requires that all systems use the same nancial contract parameters, market conditions and counterparty facts, and calculate the expected cashows in the same way or, more preferable, a single system does it once for all purposes. Models must also be consistent. In pricing most nancial contracts, the underlying model is clear and hardly disputed anymore, says Brammertz. With instruments such as exotic options, however, there is still discussion as to the best models to use. In such cases, a controlled inconsistency is possible, but even here the more consistency the better, he says. In addition to sharing data and using consistent calculations and models, there are advantages to be had in establishing a common language for discussing risk across risk management and nance, says Wachovias Hanssen. The impact of [operational risk management] assessment activities on our business management and process owners will be lessened if information is commonly understood, shared and leveraged by risk and nance, he says. A common language about risk management, including standard controls and assessment criteria, can lead to operational eciency, remediation of control weaknesses and greater reliability of controls, he says. Those banks that have a vision of a more holistic approach to their business are attempting, as far as possible within the deadlines, to take a strategic approach to meeting regulatory requirements such as those of Basel II. And they are attempting to develop databases and applications that will produce the numbers and reports required by the authorities as a by-product of analysing and calculating the information the bank needs to pursue its business. Standard Bank has structured its Basel II solutions to ensure optimal long-term

benets for risk, nance and business management, and steered away from tactical solutions as far as possible, says Schnaar-Campbell. Th is means the applications that perform calculations for regulatory and economic capital and risk management, as well as those that generate reports for regulators, management, risk and audit committees, all use common sources of data and common risk parameters, such as probabilities of default of borrowers, loss given default and exposure at default. Wachovias Hanssen says: Viewing risk and nance together results in a better overall picture of risk within the institution or an individual business. The bank has developed an operational risk management approach that tries to take a holistic view of risk that includes nance, vendor risk, technology and human resources. This approach enables us to build organisational consensus around what risks to assess, leading to a consistent understanding of key risks and controls across the company, he says. Wachovia has developed a common technology platform for risk measurement and control assessments with the aim of achieving consistency and integration. It also achieves signicant cost savings. The infrastructure costs of building and supporting separate platforms across a large company can be very expensive, he says. Basel II and other regulations might encourage the centralisation and standardisation of data and calculations, but they do not necessarily lead to a convergence of functions, say some banks. In our view Basel II encourages the opposite [of convergence], says Wessels. Basel II requires a clear focus on credit, market and operational risk management, and an independent risk function to monitor the management of these risks. The same applies to capital management that is managed by group nance but monitored by group risk. If nance and risk are combined, the

independent risk-monitoring function as required by Basel II will not be aected. Organisational models for the nance and risk functions in banks vary from those where there is clear separation between the functions structurally, to others where they both report to a single head of nance and risk but are still two separate streams, says Leonard. Commonwealth Bank operates a group executive nance and risk management function with separate streams one for nance and the other for risk but work closely together where there is commonality of issues, says Leonard. The model works well, and is expected to be the way forward in the foreseeable future. I dont see any further convergence in a structural sense, he says. Suppliers of systems that provide for an integration of risk, nance and ALM functions report that third- and fourth-tier banks are, in many ways, making the most progress on convergence. With less in the way of entrenched IT infrastructures, and with clear cost and eciency benets to be had, a number of smaller banks are implementing integrated technology even though they might still be debating internally how much to converge practices and responsibilities. Meanwhile, many larger institutions see convergence as a strategic goal, even if the complexity of their organisations and systems infrastructures and the pressing deadlines of current regulations make the goal a challenge, says Algorithmics Aziz. Institutions with a grand vision [of convergence] see compliance today as one step in a longer journey. Even though their aim is that [regulatory] compliance becomes a by-product of enterprise risk management, pragmatic considerations dictate that for now these are separate projects. But the signs are that further down the road all boundaries between capital, enterprise risk management, ALM and corporate nance will disappear, says Aziz.

A key aspect of Basel II is the continuing alignment of a risk-based approach to regulatory and economic capital measurement and allocation, and the resultant risk and return measures and frameworks. This brings the information needs of risk, nance and the business together
Mick Leonard, Commonwealth Bank of Australia

risk.net