March 2022
Enterprise Risk Adjusted Return Management in banks is still an evolving methodology. Siloed is a generic term and it should be understood in the context of business goals, corporate governance, synergy in business effort, organisation structure, customer focus, staff empowerment, resource productivity, enterprise architecture, data and communications.
Siloed risk management refers to the approach to managing risks in which the perceived dominating risk type of a financial contract drives the risk mitigation process. By taking an incremental approach to automating their growing business requirements, many banks are increasing the complexity of their operations.
In the years preceding the 2007-08 financial crisis, many of the failed banks were reporting higher than average NIM. The risks in their balance sheets were not visible. When the crisis stress tested their loan books, the weakness of their asset quality became evident. The implication of being driven by net interest margin (NIM) without risk adjustment, is that the banks are likely to end up with risky loan portfolios. The quality of the financial statement will be better when supervisors encourage banks to report their risk adjusted NIM.
“With market risk and credit risk, you could lose a fortune. With liquidity risk, you could lose the bank!” – Bruce McLean Forrest, UBS Group Treasury. His statement implies that a liquidity risk could quickly transform into a solvency risk. The function of a bank’s treasury is seeing a dramatic transformation. Enterprise liquidity management, dynamic asset liability management and balance sheet optimisation have become critical functions of a real-time treasury.
Siloed architecture should be understood in the context of the evolution of (i) banking (ii) technology and (iii) risk management. Basel’s recent recommendations on the Fundamental Review of the Trading Book, Interest Rate Risk in the Banking Book, Intraday Liquidity Management, Liquidity Coverage Ratio and Net Stable Funding ratio have a significant impact on data and enterprise architecture. These requirements make it imperative for a bank to take a holistic, enterprise view of their risk adjusted returns. It is an opportune moment for banks to transform their operations into an agile enterprise model that will allow them to stay relevant and competitive.
Single Enterprise Risk adjusted Return Measure
Banking industry is continuing with its efforts to find a suitable method for determining a composite risk measure that reflects enterprise risk. The challenges faced by the quantitative experts include (a) the aggregation of risk types with different liquidity horizons (b) the choice of multi-dimensional risk factors that represent the different risk types (c) the approach to defining a common dependence structure that provides the basis for a multi-period simulation of the enterprise risk model and (d) identification of variance risk reduction techniques for the simulation process.It is likely that within the next few years, there could be a consensus on a quantitative framework that provides a single measure for valuing enterprise risk.
Integrated Risk Management IRM). could also mean Integrated Risk “Measurement’. Presently, banking and risk modelling experts opine that the simple summation approach is erroneous, the variance–covariance approach is optimistic and conclude that using copulas for risk aggregation is the most acceptable approach for now.
Integrated Risk Management is flawed. May I draw your attention to the following points?
| Drivers of ERRM | The issue with integration |
|---|---|
| Architecture | The siloed architecture comprises a mix of non-compatible systems and data structures. It is hardwired and not interoperable. What can be integrated? |
| Technology | The siloed architecture has "bridged technologies" with data "handshakes". The approach in itself has several severe inherent risks. How can we define a methodology that is based on 'this integration'? |
| Events | Siloed Architecture do not leverage events, risk events (defensive) or opportunities (offensive). It is bandaided environment and in some cases, batch oriented. Event driven architecture is effective when data is sourced in real-time (data source) |
| Process | Process is a flow of activities that result in accomplishing a defined objective. There are risk management processes (defensive) and business driven processes (offensive). Processes can be integrated but that depends on Architecture and Technology. Integrating disparate systems using a middleware falls short of a Straight Through Processing capability. |
| People | Human Minds are creative, unstructured and complex. Developing a common goal and team spirit is the approach rather than 'integrating human skills". The objective should be having brilliant minds that understand the risk appetite and have the skill to leverage architecture, technology, process and data to Minimise Risk and Maximise Return. |
| Data | BCBS 239 is a step in the right direction. Enterprise VaR cannot be computed by adding the VaR of the risk types. Risk data has a lot of non-linear data that cannot be 'just aggregated'. In a siloed architecture that is also an issue of Time. Time of data capture and time at which it is processed is different and that is not accounted for in some Risk Models. |
The IRM approach does not delve include the following points:
- A re-definition of the risk culture of the bank;
- The need to re-structure the bank to enable an enterprise view and making the operating model data-centric for risk-return management;
- Enterprise Architecture (EA) re-vamp;
- Enterprise Data Management (EDM)
- Leverage knowledge management powered by analytics;
- Staff skills;
- Corporate governance, enterprise risk appetite governance, framework & statement; enterprise performance measurement;
- Alignment of KPIs Key Risk Indicators and KRIs Key Performance Indicators, at all levels;
- Enterprise cost management framework;
- Enterprise (FTP) Funds Transfer Pricing methodology;
- Enterprise liquidity management;
- Balance sheet optimisation.
EA,EDM The revamp of EA and EDM are structural changes to the bank’s business and technical architecture. Banks should not take a band-aided approach to EA and EDM. The management should decide on making an investment in transforming its operating human capital and enterprise infrastructure. Evolving risk management requirements for FRTB, IRRBB and enterprise liquidity management make it imperative for banks to transform their business model. The key to success is to build and strengthen capabilities in a flexible environment.
Points on liquidity and balance sheet should be understood in the background of intraday liquidity, LCR Liquidity Coverage Ratio and NSFR Net Stable Funding Ratio requirements.
Basel’s recent recommendations on the Fundamental Review of the Trading Book (FRTB), Interest Rate Risk in the Banking Book (IRRBB), Intraday Liquidity Management, Liquidity Coverage Ratio (LCR) and Net Stable Funding ratio (NSFR) have a significant impact on data and enterprise architecture. These requirements make it imperative for a bank to take a holistic, enterprise view of their risk adjusted returns. It is an opportune moment for banks to transform their operations into an agile enterprise model that will allow them to stay relevant and competitive.
The following are very useful theories and concepts for transforming a siloed operating model into an enterprise risk adjusted return model:
- the Theory of Complexity
- the Theory of Constraints and
- the Laws of Simplicity
There are the 3 articles on each of the above in the Knowledge Hub.
The Table below provide a comparison of the ERRM approach and the loosely used term IRM approach.
| Current approach to ERM | BankERRM.org | |
|---|---|---|
| Objective | To obtain a view of enterprise risk through integration of system and risk data aggregation | Making the maximisation of Risk Adjusted Returns the work culture; Customer, Data & Event Centric approach to business. |
| Scope | Measure at a high level the Enterprise Risk by aggregating the VaR of the different risk types; Risk Data Aggregation using data warehousing concepts, broadly consistent with BCBS 239 | Optimise portfolios and the balance sheet; Dynamic methodologies e.g. Hedging, VaR, Liquidity Management. Correlation; Risk Adjusted Net Interest Margin; Liquidity Adjusted Market Risk VaR; Liquidity Adjusted Credit Risk VaR; Focus on Tail end events. Enterprise Data Management provides Single View of the Truth; supports Intra-day liquidity, FRTB, IRRBB requirements. |
| Method | Integration of systems and risk data aggregation | Enterprise Goals and Enterprise Risk Appetite Framework. Work & Risk cultures changes; Organisation structure; Loosely coupled, interoperable Enterprise Architecture; Data Taxonomy and Enterprise Data Management; Continuous Process and data improvements; Usage of technologies that maximise Return on Investment e.g. Virtualisation, In-memory computing, Data as a Service. |
Too Big to Fail, Too Big to Jail; ‘Bail out the corrupt, incompetent banks’
The best risk management methods, models and systems can prove to be inadequate for an aggressive risk culture. This applies to Global-SIBs and domestic SIBs (systemically important banks) i.e Too Big to Jail, Too big to Fail’.
In corrupt countries, large banks that are known for their aggressive risk taking (some even launder money for oligarchs) have been included in the SIB list. This does not augur well for the economy and the people.
- 2021 List of Global Systemically Important Banks (G-SIBs)
https://www.fsb.org/wp-content/uploads/P231121.pdf - How Do U.S. Global Systemically Important Banks Lower Their Capital Surcharges
https://www.federalreserve.gov/econres/notes/feds-notes/how-do-us-global-systemically-important-banks-lower-their-capital-surcharges-20200131.htm - Global systemically important banks: assessment methodology and the additional loss absorbency requirement
https://www.bis.org/bcbs/gsib/
Solvency Risk
This is a common endgame for banks that fail to manage their liquidity risk. The cowboy-bank has nowhere to move: d7 and f7 are guarded by the White’s King; d8 and f8 are guarded by the e7 pawn which cannot be captured.
Banks are attempting to transform into knowledge driven enterprises to deliver sustained business growth and profits. Data environments are no longer insular systems that are contained within corporate perimeters. A bank’s enterprise data model is connected to a larger data ecosystem that comprise the systems of the supervisor, the markets, clearing houses, partners, customers and other stakeholders. Risk adjusted returns is now about unlocking value in data and leveraging actionable intelligence to make strategic, operational and tactical decisions in a dynamic and competitive environment.
The International Monetary Fund report on The Financial Crisis and Information Gaps, October 29, 2009 stated: “Indeed, the recent crisis has reaffirmed an old lesson—good data and good analysis are the lifeblood of effective surveillance and policy responses at both the national and international levels.”
The title of Andreas A. Jobst’s Working Paper WP/07/230 is “Operational Risk—The Sting is Still in the Tail but the Poison Depends on the Dose.”
A bank of the future should build the capabilities explained in www.BankERRM.org and www.PBORM.org to manage the sting and the poison. The focus of PBORM is on banking operations and operational risk management. It is a sub-set of the details in BankERRM.
Kannan Subramanian R
March 2022