Banks that avoid common mistakes in implementing risk-based management can deliver shareholder returns of up to 10 percent greater than their peers, write Eddie Niestat and Christian Nelissen of PA Consulting Group.
Attracted by the significant potential benefits of an enterprise-wide approach to risk management, some banks have already started to develop and implement, enterprise-wide risk management (EWRM) frameworks and many more are thinking about doing so.
By integrating risk management within and across risk types, across business lines, and into the operational and strategic management of the bank, EWRM offers numerous potential benefits including more accurate pricing, improved corporate strategy, and reduced losses and provisions.
Unfortunately, most of the early attempts to develop EWRM frameworks have failed at various points along the development path after the conceptual stage, from business case preparation through development to implementation.
From extensive experience working with clients to develop risk management solutions, PA Consulting Group has been able to categorise the primary sources of failure into ‘the seven deadly sins’ of EWRM:
1. Greed
Many EWRM projects have failed to even get started where the project sponsors have sought approval for a bigger project with a larger budget than the bank was prepared to spend on a single risk management project, particularly in the existing market environment and when the bank typically also faced potentially significant expenditures to become Basel-compliant.
It is tempting (and understandable) to see the development of an EWRM framework as a single ‘solution’ with significant benefits being delivered once everything is in place. Unfortunately, such an approach typically results in a large project with a big budget and large, but hard-to-quantify offsetting benefits that are delivered towards the end of the project. By delaying the actual or perceived delivery of benefits, this approach also runs the risk of not building sufficient organisational momentum to see it through.
PA’s experience is that EWRM development projects can and should be broken down into a series of more tangible components, each with its own business case and associated benefits, and each earning approval on its own merits. For example, one element might be a project to standardise and map across multiple credit risk systems, which would deliver benefits in terms of improved risk management decisions on its own and would also be a critical early development element of an overall EWRM framework.
This approach also ensures that the project rapidly and regularly delivers Value, thereby ensuring that the bank does not lose patience in waiting for results.
2. Envy
A number of banks have been lured into the trap of selecting an EWRM solution that has worked well somewhere else, assuming the large benefits achieved by that institution will be transferable.
Such banks are typically focused (by systems vendors and/or consultants with vested interests in the outcome) on the similarities of the respective situations rather than on the all-important differences.
These banks have then discovered to their dismay that simply selecting an EWRM approach that has worked at another bank is no guarantee of success because there is no single ‘one size fits all’ EWRM solution.
Each bank has a unique set of goals, constraints and existing conditions and, as a result, what is best practice at one bank may well prove a failure at another.
In one example, a risk management software package that worked well in a bank with a highly centralised and strong risk management function delivered a poor outcome in another bank with a less centralised risk management function that was looking to further decentralise risk over time.
Every bank needs to select an approach to EWRM that will work within its environmental constraints and one that is consistent with its current risk management (and therefore corporate) strategy.
3. Pride
Some EWRM projects have failed because their project sponsors have been so convinced of the self-evident, compelling arguments in favour of EWRM that they have not sold the project and its benefits to the organisation. These projects usually fall apart somewhere between development and implementation as the project, which may have had nodding approval of all parties, starts to make demands of stakeholders external to the project who then fail to deliver or participate as required.
At one bank, the risk management team felt confident that that their project would be a success because they had resolved the technical issues surrounding managing the bank’s risk appetite. However, because of their confidence, they had put little time into making their case to key managers who were critical to success and they were thus disappointed to find that the process was ignored by management who could not see the value of completing yet another component in the annual planning process.
Because the ultimate objective of any EWRM framework must be to integrate risk into the operational and strategic management of the bank, it is essential to have engagement from a range of stakeholders throughout the organisation. This point is reiterated by PA research (see Figure 1), which indicates that over two-thirds of banks believe stakeholder engagement to be the most significant factor in the successful implementation of risk-based management.
Figure 1: Key success factors in implementing risk-based management
Source: PA Consulting Group -Analysis of responses to a survey of the global top 1000 banks on risk management practices, 2001/2
4. Gluttony
Business and technology are rapidly evolving and a bank’s existing systems and processes are often well behind where they might be. As a result there is a usually a long list of risk-related ‘wish list’ projects (both in the businesses and in the risk management functions) that, unless project sponsors are careful, will end up overwhelming the organisation’s EWRM appetite.
Although this is a problem for any large project, it is a particular problem for EWRM projects as the systems, processes, and people involved are so widespread that the project must reach into almost every part of the bank.
The EWRM project at one bank evolved into a project to fix the bank’s data warehouse, update the economic capital framework, and change the way pricing was undertaken in the corporate bank. Ultimately (and not surprisingly), this project failed to deliver on all of these objectives.
What is required, therefore, is a strong but pragmatic focus on the scope of the EWRM project, simultaneously managing the scope of, and relationship with, any related Basel projects and any ongoing or planned IT or business projects in the business units. It will always make sense to include some non-EWRM activity in the scope of an EWRM project, particularly where a little extra work delivers incrementally greater benefits, however the project scope must be tightly controlled so as to keep it from being held hostage to special interests.
5. Lust
With some EWRM projects, risk managers have fallen in love with the outputs and reports that an EWRM framework will deliver and, in doing so, overlooked the hard work required to address significant gaps in data availability and reliability. As a result, these projects have been terminated before they have been properly completed and thereby delivered a sub-optimal outcome.
The idea of pull (rather than push) risk reporting with drill-down capability is appealing to many risk managers who still receive circa-1980’s-style risk reports, albeit now in an electronic format. It is not surprising, therefore, that a number of EWRM projects have been sold on the basis of the potential improvements in the depth and breadth of reporting offered and in the way in which those reports can be delivered.
What is often overlooked or under-estimated is the amount of effort required to source data from across a number of risk systems. PA research indicates that banks believe that the quality and availability of risk data is one of the key impediments to the development of effective risk-based management (see Figure 2). As a result, projects have foundered as undue focus is put on the development of sexy reports at the expense of the ‘heavy lifting’ of getting the data issues and the underlying algorithms for calculation and allocation sorted out.
Figure 2: Obstacles to implementing risk-based management
Source: PA Consulting Group - Analysis of responses to a survey of the global top 1000 banks on risk management practices, 2001/2
6. Wrath
In some cases, frustrations with the number of disparate risk systems that will need to be integrated to deliver an EWRM framework can also lead to ‘throwing the baby out with the bathwater’; that is, replacing all of these existing systems with a new system that is the ‘state of the art’.
Banks that have adopted this approach have found that while it avoids the issues associated with existing systems, it often leads to far greater problems in implementing the replacement system. As these banks have discovered, their risk systems are often significantly more integrated than expected into their other business systems, and therefore harder to replace.
PA experience, supported by research, also demonstrates that the real differentiator of performance is not the sophistication of a bank’s risk systems but the extent to which these systems are used in the management of the bank. This means that banks should focus on working with the existing systems and thinking carefully before opting to replace them.
7. Sloth
With risk managers reporting that one of the greatest impediments to implementing risk- based management is a shortage of skilled and experienced resources, it is no surprise that external support is often used to close the knowledge gap.
Banks that do not make the effort to form integrated teams with their consultants to ensure that skill/knowledge transfer and ownership issues are addressed during an EWRM project find themselves left with models, systems, and processes that cannot be maintained or developed further.
The result of such an approach is that a project seems successful in the short term, but in the long-term it fails as it cannot adapt and grow with the organisation as no one understands it well enough to modify it.
The potential fault here can lie with the consultants and/or the bank; consultants sometimes look to fill every role on a project when a mix of bank and consulting staff would be better, while banks sometimes struggle to find or free up the right staff to second to the project.
Virtuous EWRM
With so many banks now working on or thinking about EWRM, the industry is clearly convinced that there are significant benefits to be achieved. This is supported by PA’s own research, which shows that banks that fully implement risk-based management can deliver shareholder returns of up to 10% per annum greater than their peers (see Figure 3).
Figure 3: Use of risk tools to make business decisions
Source: PA Consulting Group - Analysis of responses to a survey of the global top 1000 banks on risk management practices, 2001/2
Clearly some banks are already benefiting from an enterprise-wide approach to risk management. In PA’s experience, capturing these returns requires a careful and virtuous approach that avoids the seven deadly sins of EWRM.
