After selecting the desired staff, we have to install the technical elements of risk management. It has to be emphasised that IT supports the business and not the other way around. The business department should not go out alone to shop for the “best” risk management system; neither
should the IT department.
Financial risk management has to rely on specialised software. There are relatively small firms that usually work with a limited number of clients. An extra customer won can make a difference between boom and bust. Sales overcommitment can take over the aims of delivering the most suitable product for the client at the best price. This sales scramble can lead to excessive promises.
Value-added systems rely upon the supplier’s understanding of the business in that situation, the implementation of adequate security procedures and good quality staff. The business functionality inherent within the risk management system may prove unsuitable for the specific bank or fund. You can buy technology and marketing hype instead of system utility. We can take a subjective view of technology for the sake of demonstration.
Finding the “best” risk management system
Searching for the “best” risk management system and service delivery constitutes a major project in itself. This is known as the ITT (invitation to tender) process where we follow a rigid methodology to get the best for us. It is likely that a more suitable product and service can be obtained at a better price once we have gone through all ITT steps.
The invitation to tender (ITT) process
If you consider creating critical risk management functions within your company, you have two general choices:
Build in-house, or
Buy from an outside party.
Build
This dictates that your company has the adequate internal resources and scale to undertake such a major task. With Basel II, this is further complicated by the small pool of talent able to handle compliance and technical issues for market, credit and operational risk. Given the extreme novelty of the Basel II “Three Pillars”, we will probably face a medium-term shortage of able personnel to understand and implement the new regulations.
Specialised risk management has a dearth of skills available. Thus, the company is committed to having the business skills in-house for understanding the risk management issues, and outsourcing the technical skills for implementing the new system. This entails getting the cocktail of talent right, i.e. combining financial skills, risk management, change management, project control, mathematical and IT systems experience.
Buy
It is more probable that you do not have all or enough of all the resources to carry out this large project. “Buying in” is the preferred option when companies do not want to “reinvent the wheel”. Some external personnel will handle part of the risk management, some the IT side. This can range from specific technical tasks that require specialist advice, to wholesale design and implementation of the entire system.
There are security issues at stake here because few banks and funds wish an external party to know their finances and risk management status. Confidentiality clauses are written into contracts, and “Chinese walls” emerge to promise non-disclosure of sensitive data to another client. The trust works both ways and it behoves a client to provide accurate data to the system supplier. It is likely that the project size and risk management complexity will force a combination of build and buy-in, with most companies preferring the buy-in route. Once inviting risk management firms to design and install the business solution, some methodology must be used to select the most suitable suitor. It is crucial to select the best long-term business solution provider, not just for Basel II, but quite possibly for Basel III and all the follow-on work. We have often gone into banks and fund managers and seen the client allied to the wrong business solutions provider. The ITT is a bidding process that is worth conducting carefully.

Tags: , , , ,