Keeping Up With Real-Time Risk: New Solutions Needed
December 15, 2008
Now that regulators across the globe are both overseers and indirect owners of financial institutions, they will need risk management tools to better inform their new principal shareholder--the taxpayer. They will find that there is currently a lack of meaningful ways to do this, despite the fact that these institutions have long functioned as shareholder-owned, regulated and externally audited entities.
Financial institutions' risk management approaches are constructed around business units organized within a hierarchy of accountability. Accountability is accomplished by managing the automated systems and human processes operating on supposedly trusted data that support the firms' internal controls, transfer pricing schemes, unit costing models and performance attribution systems. When synchronized through management reporting systems they provide the prerequisites for a risk culture that can be monitored and managed, rewarding employees for meeting profitability targets within the parameters of the firm's appetite for risk.
However, such a firm-wide risk appetite--prescribed by regulation, defined by the board and supervised by management--has failed us. In recent testimony before Congress, Alan Greenspan acknowledged that he incorrectly assumed managers of financial firms were aligning their risk appetite to their shareholders' interests. What he did not say was that executives had aligned their appetite for risk to their own individual interests and that risk and accountability controls failed regulators.
The typical controls--retrospectively auditing firms once per year, or reviewing their internal controls at a point in time--were never up to the task of monitoring risk exposure in real time. Nor, more importantly, were they capable of doing so when executive compensation is tied to annual profitability performance without adjusting for long-term risk. The problem--the inability to measure and control risk exposures--is caused by the lack of transparency within these businesses due to their siloed organizational structures, the pervasiveness of faulty data, and the misaligned incentives for individual reward that fail to balance risk and return with short-term self-interest and long-term stakeholder goals.
Data Difficulties at Root
The failure to aggregate basic data across vast enterprises is at the root of the failure to monitor risk at the same time that risks are being taken. If there is to be a solution, financial systems' data identity elements--the building blocks of all financial products--must be standardized and categorized. These components represent 70 percent of the data elements that define financial instruments, counterparties, valuation and market prices, and other reference information.
When included in a transaction, non-standardized data elements that are incorrectly sourced or identified have the potential to cause losses due to processing exceptions or trade failures. Improperly retrieving a description for a security in order to access its internal code causes transactions to be misidentified. Huge additional costs are incurred by firms in employing a vast array of people, processes and systems for reconciliation and work-around activities. And a vast infrastructure of payment and settlement facilities are needed to match separately sourced transactional data to control the errors that occur from mismatched identity and attribute elements.
U.S. Treasury Secretary Henry Paulson, in the department's March proposal for a regulatory overhaul, identified payment and settlement systems as among the more important systemic risks that lack coordinated regulation. Relying on such automated systems without a common data language means that transaction details cannot be aggregated in a meaningful or timely way, settled seamlessly, or monitored effectively by regulators and company management for real-time risk exposure.
