Report casts doubt on how capably firms assess enterprise risk

28 June 2017 Consultancy.uk

A new report exploring the role of chief risk officers in managing risks has shown the majority of executives merely regard risk management should be value driven – with only 18% employing risk strategies to harness drive returns. Most companies surveyed felt relatively well positioned in terms of risk management, however, given the current global economic, technological and political environment, this might be a sign of complacency.

The world is in a period of key uncertainty, with a range of global existential risks on the horizon from potentially seismic changes in technology and culture. Aside from the potential upheaval of climate change, routinely put on the back-burner by governments in favour of short-term profitability – technology in particular represents a key existential danger for the human race, with advancing genetic engineering technologies set to create considerable ethical conundrums that currently have little to regulate them, while artificial intelligence, with little discussion of long-term risk, is being leading to an uncritical arms race between competing developers. Meanwhile these demographic changes could result in growing risks for growing population-centres, who could see knock-on effects hit food or water supplies they depend upon.

In a new report from accounting and consulting firm Deloitte, the authors explore how companies across the globe are managing their risks in the face of the rise of new technologies, customer behaviours and globalisation. Utilising responses from the C-Suite, although it excludes Chief Risk Officers, the paper aims to create a more “objective, external view of not only risk strategy but also of the risk management function itself.”

Risk management as value driver

Examining survey data gathered in partnership with Forbes Insights, Deloitte’s analysed the opinions of 300 global senior stakeholders to better understand the role played by key executive stakeholders in risk and risk management, what risks are being considered in the current environment, and in how far risk and reward are being taken together.

What they found was that there were considerable divergences between the belief that risk management should drive value creation (82% of respondents) and the belief that risks instead should be actively harnessed to drive returns, at (a mere 18% comparatively). 49% of the executives not actively harnessing risks to drive returns said that they are taking steps to do so – with a further 20% saying they see the benefit of value-driven focus, but have yet to take any steps – while 13% said they believe the purpose or risk management is only to prevent losses.

In which areas is your risk management delivering value

In terms of the area in which risk management is delivering value, according to respondents, ‘improving customer loyalty’, takes the number one spot at 38% in the current climate and 34% in the near future. ‘Increasing operational resilience’ comes in second currently, although it drops past fifth in the near future. ‘identifying and exploiting new business opportunities’ takes third spot (on 30%), and is set to fall to fourth (25%) in the near future.

Other areas in which risk management is appearing to be delivering value include ‘exploiting the power of new technologies’ and ‘improving cost-effectiveness’, at 23% and 21% currently, although they are set to rise to 24% and 28% respectively in the near future.

Over-confidence

When it comes to risk taking behaviour, 82% of respondents claimed they were taking the right amount of risks, while the ability of being able to balance risk and reward was cited by 21% of companies as “well above average”, and by 39% as “above average”. 73% of companies said that their risk management programmes support their ability to develop and execute business strategy, with 82% stating higher levels of confidence that their risk management activities were optimising outcomes across the enterprise.

Where does risk have the greatest impact on your busienss strategy

Deloitte also noted however that, while companies proclaim themselves to be relatively up-to-date on their risk taking behaviour, the current economic, technological and consumer environment mean businesses may in fact be overly confident about their risk management strategies. Only half of companies surveyed used sophisticated risk analytics (15% always; 36% usually) when making strategic business decisions, partially due to organisations lacking skills needed to understand and analyse any data gathered. The document states this failure to incorporate such essential tools “cast doubt on just how capably firms are assessing their risk profiles and optimizing their opportunities.”

The study further identified which risks are the biggest issues on current business agendas, as well as predicting what priorities will be in three years’ time. Sustainability/CSR takes the number one spot, at 34%, although it drops to second in three years time. Innovation/disruption is currently second, although it is set to fall to third in three year. Legislative/regulatory risks take the number three spot, although it too is set to fall over the coming three years. M&A comes third equal, but falls out of the top three within the next three years. The areas of least risk are geopolitical, at 9%, and brand reputation at 7%.

How do CROs spend their time today

Deloitte’s analysis found that respondents expect their CROs to change their behaviour in a number of ways – with strategy set to become increasingly important.

As it stands, around 27% of the CROs time is spent on strategy, 27% on operations, 26% on stewardship and 21% as a catalyst. This is, accord to the respondents, set to shift heavily in favour of strategy, at 58% of total time spent, while operations and as a catalyst are set to fall to 8% and 11% respectively. Stewardship remains relatively stable at 8% of their respective time.

Profile

More news on

×

An 8-step framework for banks to prepare for FRTB changes

02 April 2019 Consultancy.uk

With FRTB expected to come into force in 2022, it is critical that banks implementing necessary changes remain on track for their compliance timelines. Whether a company is aiming for the mandatory Standardised Approach (SA) or the voluntary Internal Models Approach (IMA), the programs often represent a significant investment, requiring process, systems and cultural change. 

Drawing from its experience in helping banks meet the milestone set in their compliance timelines, Capco – a management and technology consultancy for the financial services industry – has developed an eight-point prioritisation framework for FRTB preparation and implementation. Natasha Leigh Giles, a Managing Principal at the consultancy, outlines the main dimensions of the framework: 

Prioritisation framework for FRTB

1. Front office operating model

For those who have already implemented the Volcker rule, the desks are well defined with monitoring and governance frameworks. However, for companies that have not been required to adhere to the U.S. regulation, there may be additional work involved in implementing desk-level controls as required under FRTB. The trading desk structure is especially important for banks planning to implement IMA, as this regime is applied at the desk level and requires that the full flow of the selected desk is able to pass the IMA requirements (including the modelability test for the risk factors). Key business decisions may be required if a desk trades complex products that are more aligned for SA treatment. 

2. Product scope

In order to reach the IMA status, products are required to be supported with additional data sets including historical market and reference data as well as risk factor pricing evidence. The opportunity for 2019 lies in refining the assessment on the feasibility of each product type to ensure a clear scope is agreed for the IMA environment. If the challenges are too complex or costly to overcome, such as access to historical market data, availability of price verification for the risk factors or significant enhancements to support computational capacities, then these products should be scoped out of the IMA program as soon as possible in order to save time and effort on continuing analysis. 

3. Client & trading activities

There is no need to wait until the FRTB implementation timeframe to undertake a holistic review of client and trading profitability – including the capital impacts. For example, running training and awareness campaigns within the front office can help the traders to understand the impacts of their activities and encourage changes in the way that they trade. By considering this holistically as a business and operational change, it can help keep the focus and resources on the primary (profitable) business in preparation for the compliance deadline. 

4. Internal controls

Methodology, reporting, auditability, and process governance for internal controls also need to be monitored in detail. We recommend having clearly defined processes accompanied by effective training across front-to-back office. For some banks, it will be beneficial to audit existing capital adequacy processes to ensure that findings are highlighted in advance of the implementation timeline and the appropriate focus is achieved within senior management.

5. Data & metrics

Financial institutions need to consider their overarching governance and ongoing management for the data (including ownership, quality control, golden source storage solutions, etc.) and the ongoing control framework for ensuring the data remains accurate and relevant for capital adequacy modeling. If there has not been a data lineage exercise already applied, this is a great opportunity to deliver business benefit, even in 2019. By creating agreed definitions, preferred sources, ownership and workflows for managing data quality, the benefits of more accurate data can already be applied to existing capital calculation models. 

Framework for FRTB

6. Model management & validation framework

In preparation for the FRTB regime, an opportunity for 2019 is to understand if there are gaps or control concerns to manage immediately. Model enhancements across SA and IMA will need to be productionized for output accuracy and refinement, however, these need to be maintained alongside existing Basel 2.5 BAU models and other concurrent changes e.g. LIBOR Transition. Business process optimization, testing environments and automation tools, documentation and model validation can all be reviewed for immediate benefits and prepare the process for a smooth implementation of the future FRTB models. 

7. Technology platform & testing environments

With regards to technology planning, the opportunity in 2019 is focusing on gaining agreement of the front-to-back FRTB future state architecture including the use of vendors as applicable. By ensuring a disciplined focus upon design and solution definition across all requirements, it provides a clear baseline for implementation planning and scheduling. Establishing a technology architecture which allows for FRTB data feeds, model enhancements, control definitions and accurate capital calculation outputs will provide the program with essential data and metrics needed for decision making. 

8. Leverging synergies

Once a baseline plan has been established, it is possible to identify synergies across other programs – such as the SA-CCR (Standardized Approach for Counterparty Credit Risk) or the IMM (Internal Models Methodology) – that could deliver overlapping benefits at reduced effort. Understanding requirements, defining the future state architecture, and implementing the change in a complex environment requires a mix of strategic principles and program management. Therefore, we consider it an opportunity for 2019 to take a centralized approach for data lineage and requirements gathering as this would be beneficial for optimizing capital costs across both the market and credit risk environment.

Conclusion

By considering each topic strategically in 2019, benefits such as data quality enhancements, strengthened internal controls and flexible test environments will not only bring immediate business value, but also set a solid foundation for a comprehensive FRTB implementation in the years to come. 

For more information on Capco’s model and the its approach in helping banks plan for FRTB, download the full whitepaper on the firm’s website.