After selecting the desired staff, we have to install the technical elements of risk management. It has to be emphasised that IT supports the business and not the other way around. The business department should not go out alone to shop for the “best” risk management system; neither
should the IT department.
Financial risk management has to rely on specialised software. There are relatively small firms that usually work with a limited number of clients. An extra customer won can make a difference between boom and bust. Sales overcommitment can take over the aims of delivering the most suitable product for the client at the best price. This sales scramble can lead to excessive promises.
Value-added systems rely upon the supplier’s understanding of the business in that situation, the implementation of adequate security procedures and good quality staff. The business functionality inherent within the risk management system may prove unsuitable for the specific bank or fund. You can buy technology and marketing hype instead of system utility. We can take a subjective view of technology for the sake of demonstration.
Finding the “best” risk management system
Searching for the “best” risk management system and service delivery constitutes a major project in itself. This is known as the ITT (invitation to tender) process where we follow a rigid methodology to get the best for us. It is likely that a more suitable product and service can be obtained at a better price once we have gone through all ITT steps.
The invitation to tender (ITT) process
If you consider creating critical risk management functions within your company, you have two general choices:
Build in-house, or
Buy from an outside party.
Build
This dictates that your company has the adequate internal resources and scale to undertake such a major task. With Basel II, this is further complicated by the small pool of talent able to handle compliance and technical issues for market, credit and operational risk. Given the extreme novelty of the Basel II “Three Pillars”, we will probably face a medium-term shortage of able personnel to understand and implement the new regulations.
Specialised risk management has a dearth of skills available. Thus, the company is committed to having the business skills in-house for understanding the risk management issues, and outsourcing the technical skills for implementing the new system. This entails getting the cocktail of talent right, i.e. combining financial skills, risk management, change management, project control, mathematical and IT systems experience.
Buy
It is more probable that you do not have all or enough of all the resources to carry out this large project. “Buying in” is the preferred option when companies do not want to “reinvent the wheel”. Some external personnel will handle part of the risk management, some the IT side. This can range from specific technical tasks that require specialist advice, to wholesale design and implementation of the entire system.
There are security issues at stake here because few banks and funds wish an external party to know their finances and risk management status. Confidentiality clauses are written into contracts, and “Chinese walls” emerge to promise non-disclosure of sensitive data to another client. The trust works both ways and it behoves a client to provide accurate data to the system supplier. It is likely that the project size and risk management complexity will force a combination of build and buy-in, with most companies preferring the buy-in route. Once inviting risk management firms to design and install the business solution, some methodology must be used to select the most suitable suitor. It is crucial to select the best long-term business solution provider, not just for Basel II, but quite possibly for Basel III and all the follow-on work. We have often gone into banks and fund managers and seen the client allied to the wrong business solutions provider. The ITT is a bidding process that is worth conducting carefully.
Archive for category Risk
RISK PRIORITISATION
May 29
The fundamental flaws of system design in the financial company must be addressed before technology. Errors can come about from undertaking a too short review and analysis of the company needs before quoting the price for the contract. The immediate need is to establish a coherent risk management strategy, rather than a hotch-potch buying of fashionable technologies and top names. It requires a plan and a project methodology.
What we find when designing dealing environments for banks and funds is that risk management and IT initiatives can be conducted piece-meal. The may be happy to pay $5 million for a group of star-traders properly kitted out with the latest technology. They are reluctant to shell out $500 000 for a risk management system that backs up best-of-breed redesigned business procedures.11 Fixing the problem after the risk event occurs can cost hundreds of times more than prevention.
A clear prioritisation with coordinated goal setting is required for mapping and management of the risk areas and technologies. A risk map of designated business operations areas coded red, amber and green can demonstrate the project priorities. These can be input into the user’s needs analysis for creating the design specifications in the “user system requirements” (URS).
Giving the go-ahead
Bringing the changes required for the desired risk management processes will be an arduous task in itself. We deal with so different groups of people, crossing departmental boundaries. All these introduce something novel into the company, and change management skills will be needed to bring these new business processes to fruition. Definition of performance criteria, underperformance penalties and budgeting is likely to be contentious. Securing support from the directors will be a prerequisite for getting most large-scale projects off the ground.
Various representatives from the major departments and stakeholders involved are invited to sit in a Delphi group to offer their views on the investment project. Sometimes there are consultants brought in to present an impartial opinion of the corporate project risk map.