Enterprise Risk Management: Getting Holistic

The recent financial crisis has demonstrated that securities firms need to change the way they approach risk, needing now to consider a wider variety of economic scenarios and to evaluate risk in an enterprise-wide holistic way.
To date, most securities firms have focused on segments of risk, said Richard Thornton, a manager with the London-based PA Consulting Group, including risk adjusted return on capital, risk adjusted return on risk-adjusted capital and return on equity.
“However, the credit crunch has highlighted that these approached do not work under stress conditions and fail to take into account internal systemic risks and correlation risk across portfolios,” he said. “They also generally fail to address funding and liquidity risks and their impact across the group.”
Despite an abundance of limited solutions, and risk dashboards, there aren’t yet any true enterprise risk management systems on the market, said Jim Deloach, managing director at risk consultancy Protiviti in Menlo Park, Calif.
Such a solution would integrate credit, market, and operational risk – including compliance and regulatory risks.
However, a number of risk management vendors such as DFA Capital Management and Algorithmics, are attempting put together a holistic view of the risks in a company, starting with the addition of tools that better model the risk a company may be facing across its business lines as well as the risk they may face from shifts in various economic sectors.
“Enterprise risk management technology has always been – in theory – supposed to be an enterprise-wide proposition and the concept has always been to have risk analytics tools that encompass all the operations of an organizations,” said Chris Suchar EVP of North American operations at Purchase, N.Y.-based financial analysis software firm DFA Capital Management. “But the reality has been in many cases, while there were good risk analytic tools in some areas, with respect to some aspects of the risk profile, they have not truly been enterprise-wide in many organizations, even today.”

Assessing The Risk Market

It is not that the technology was bad, but that it was not deployed completely enough, said Suchar. It’s that the models were not truly enterprisewide. Only parts of the enterprise or only certain risk factors were modeled.
The big challenge, he said, is making sure that the data is mapped correctly and the assumptions are consistent across different models. “And that is a significant undertaking,” Suchar said.
“The biggest blind spot was the lack of understanding of exposure to a downturn in the housing market,” he said. “A lot of it stemmed from analytics systems that assumed that house prices could not go down, or at least could not go down globally for any significant amount of time in a dramatic fashion. If you do not even anticipate that kind of global macro scenario then all the fancy technology downstream of that won’t do you any good.”
Many financial institutions, including brokerages, suffered from this blind spot, he said.
The solution is to have more robust models of economic and market risk factors.
“Those tools do exist,” he added. “These are ‘what if’ tools that project a wide range of possible future economic environments, to give you a full picture of what the risk profile really is of the macro economy at large.”
DFA, for example, offers the GEMS economic scenario generator tool, both as a separate piece of software, and as part of its Advise risk management platform, which can generate thousands of different economic scenarios to test a company’s resilience against.
According to DFA, GEMS can simulate changes in a number of markets – including bonds, currencies, equities, real estate, and interest rates – as well as macro-economic changes in inflation, unemployment, and GDP. These scenarios would be run against a model of company operations in order to show how the company would perform, said Suchar.
Firms using the software can quantify the likelihood, the extent and the root causes of potential problems – and then make sure that the enterprise risk management system is geared up to detect these problems early enough to mitigate them.
“From our perspective, 2008 was not a ‘black swan’,” said Suchar. “It was certainly extreme and severe but most of what happened in 2008 and 2009 has happened before. It was precedented. You just need to have a clear-eyed view of the historical record.”
Algorithmics, a Toronto-based risk management software vendor, also offers scenario planning tools to its risk management customers.
“People want to be able to understand the assumptions underlying value at risk more transparently, by doing more systematic analysis and stress testing and scenario analysis,” said Andrew Aziz, the company’s executive VP of risk solutions.
The company’s Algo Risk product covers both market and operational risks, he said. It allows companies to do “what if analysis” and includes scenario generation.
“One of the things we found very useful was to do a real-time walkthrough of our portfolio,” said Stephen Wilson, COO at Cannizaro, a Hong Kong-based hedge fund and Algorithmcs customer.
For example, the company can see what would happen if markets went down and credit spreads went up, he said. The system can also to be used to track not only the effects of market changes, but internal changes as well. “We not only want to measure the risk of the portfolio and existing positions, but also to have the ability to analyze the impact on portfolio risk of new investment strategies,” he said.

Still A Long Road

Despite the advances being made by some vendors, a true enterprisewide risk management systems seems a way off.
“There are some vendors in the marketplace that are trying to do this, but in most cases this is a journey that is far from being completed,” said Protiviti’s Deloach.
The securities industry in particular is focused on market risk and not looking as hard at other risks in their business, he said.
But even if the systems were there, that wouldn’t necessarily solve the problems exposed by the recent financial crisis, he added.
“Some people think the crisis is due to poor risk management, but culture is very important,” he said. “No matter how effective the risk management infrastructure, no matter how effective it is, all it can do is review, inform, advise, monitor, measure and perhaps control but it can’t initiate and make decisions. While risk management isn’t blameless, someone pushes on the accelerator and the car does not go on its own.”
Having senior management invested in the risk oversight function is important to making sure that the risk systems are used property.
At some firms, such as interagency broker BGC Partners, spun off from Cantor Fitzgerald in 2004, there’s a senior risk manager looking at the risk systems, according to Bernie Weinstein, a senior managing director at the firm.
But even risk managers have to answer to the head of the firm – and there is pressure to make short-term revenues.
“Historically, at many firms, there has been a tug-of-war between the risk managers and the trading desks and the risk managers have not always prevailed,” Weinstein said. “The money spinners threaten to walk.”

Read full article at Information Management. Article originally appeared in Securities Industry News, which has since closed down.