Monthly Archives: June 2014

Archived Posts

June 29, 2014 by: James Bone Categories: Risk Management What Banks Can Learn from Other Industries About Risk and Compliance

by Brenda Boultwood | March 5, 2013 Many banks benchmark their risk and compliance practices against those of other banks. This makes sense and isn’t just a financial-sector phenomenon. But a great way of driving innovation and improving efficiency is to look beyond the banking world and towards other industries, such as manufacturing, energy, airlines, retail and hospitality.

There are a lot of lessons that banks can teach other industries, but at a time when the pressure to improve profitability is tremendous, other industries can offer banks tried and tested ways to improve costs, focus on high-quality earnings and enhance competitive differentiation.

Operational Risk Management

To energy companies, operational risks are a critical source of earnings volatility. This was clearly demonstrated in the 2010 Deepwater Horizon oil spill and tsunami-damaged Japanese nuclear power plant that caused widespread damage to the public as well as the profitability and reputation of the companies involved.

While operational risk in banks does not have the same kind of life-and-death implications, it is becoming an increasingly evident source of earnings volatility and reputational harm. High-profile incidents such as the Libor interest rate-fixing scandal and JPMorgan “London Whale” trading loss illustrate the point.

In this regard, banks would benefit from studying the operational risk management practices adopted by energy companies. Many energy companies have established a common operational risk management framework, mapping risks to business processes, creating centralized risk libraries and integrating risk assessments into decision making.

Loss Incident Data Management

Banks may already be tracking loss-event data. But how effectively is this data being integrated, analyzed and leveraged to support decisions in areas like employee training and the adequacy of insurance coverage?

Take customer complaints management. Airlines and hospitality companies focus on gathering complaint data across channels, identifying failure areas and prioritizing process improvements.

Many banks, on the other hand, still have some way to go in this area. In a world where Twitter and Facebook offer a platform for anyone with an opinion, it may not be wise to ignore social media as a rich data source. To mitigate these reputational risks, banks need to find ways to effectively capture customer complaints, analyze trends and leverage this data to shape strategy.

Supplier Governance

Brenda Boultwood

Many retail and consumer goods companies have also set up major consortiums to share supplier information. Fair Factories Clearinghouse, for instance, hosts a platform for multiple retail companies to collaborate on improving factory conditions in its supply chain.

Banks may decide to examine how some of these practices can be applied to their suppliers in critical banking processes such as billing, software development and infrastructure management. The need for effective supplier governance is becoming increasingly important, especially as regulatory bodies like the Federal Financial Institutions Examination Council begin to demand more data on vendor management and monitoring.

Risk and Control Metrics

At manufacturing companies, quality, control and risk metrics are closely linked to each other and to the corresponding manufacturing processes. These kinds of connections are not as common in banks because of their relatively large size and operational complexity. If banks were to map their processes to their risks, their risks to their associated controls and their controls to their control indicators, they would find many redundancies and irrelevancies.

Today, many local regulations, as well as Basel capital requirements mandate that banks link metrics to key risks, scenario analyses and loss events. This data is particularly important in optimizing operational risk capital requirements.

Some banks are going another step further and adopting manufacturing-focused, quality-control methodologies, including Six Sigma, just-in-time processes and Pareto models. Citibank, for instance, has successfully leveraged Six Sigma principles to reduce defects in operations, improve process time lines and increase customer satisfaction.

 

 

About the Author

Brenda Boultwood is vice president of industry solutions at MetricStream, a provider of enterprise wide governance, risk and compliance services.

http://www.rmmagazine.com/2013/03/05/what-banks-can-learn-from-other-industries-about-risk-and-compliance/

June 27, 2014 by: James Bone Categories: Risk Management The 3 Dimensions of Risk

stock-photo-19243582-traffic-trough-business-districtAsk ten risk managers to give you a definition of risk or risk management and you will get a variety of responses describing a range of theories, several varieties of frameworks from the simple to complex or detailed action steps one must take to deliver an effective program.

What you won’t get is a consensus or absolute agreement on what risk is or how best to manage it.  Humans have dealt with risk for millennia but unlike the laws of physics risk is personal and experienced differently by everyone.  This is exactly why we can’t agree on what risk is or how best to manage the diversity of risks each of us deals with in our business or daily lives.

The challenge we face is that risk and the practice of risk management is seldom addressed on a 3 dimensional level.  The vast majority of risk management programs have achieved some level success on what I call the first and second dimensions of risk.  Yet to achieve sustainable success risk managers must add a 3rd dimension to their risk programs.  What are the 3 dimensions of risk and why is it so hard to master a 3 dimensional risk program?

1st Dimension of Risk

Without much exception, risk professionals start with an assessment of risk.  These risk assessments are derived from either a qualitative or quantitative analysis that helps inform the organization of the threats to achieving its goals.  Therefore, data, or the information derived from producing data about the risks facing an organization is the 1st dimension of risk.

Some organizations have robust systems in place to capture and analyze an increasingly large and complex set of data about the risks in their firm.  Many call such a database a risk registry, loss database or some other proprietary term used to denote the warehouse of stored information.

Since I have already noted that some level of success has been achieved at this level of risk management I will not spend more time discussing the merits or challenges of building the first dimension of risk.  For those who have spent time developing their programs you are well aware of the time and resources spent to achieve even a modicum of success however you define it.  For those who have not the time or resources to develop this first step in the 3 dimensions of risk there are alternative ways to get started.

What I will say is that, in general, the process of capturing and analyzing data is imperfect therefore some level of professional skepticism must be exercised when forming an opinion or coming to a conclusion about the information produced in this phase of your program.

Suffice it to say that the probability distribution of outcomes of any risky event takes time to develop and any point in time observation is made with incomplete information.

2nd Dimension of Risk

The 2nd dimension of risk is the process of deciding what actions to take or avoid based on the findings in the first phase.  Many risk professionals call this process risk mitigation and some have come up with very sophisticated ways to minimize the impact a risk event has on their organization.  Again, there are too many diverse examples of how this has been achieved but I am sure you have examples of success stories describing an operations or technical challenge you have overcome.

As mentioned earlier, given that the 1st dimension of risk is imperfect we are left with what many call residual risks.  These residual risks are created because we either need more precise information or we may lack the ability to fully address these risks because of time, resources or know how.    Residual risks are also called “uncertainty” and represent lost opportunity or threats to an organization if left dormant without some plan to better understand them over time.

Organizations use a variety of programs including Six Sigma, Lean Management, or other processes to address the risks and inefficiencies discovered during this phase of their risk management program.  Again, it becomes obvious that a great many resources are expended putting programs in place to address this 2nd dimension of risk for those firms that have made it this far.

Yet, something is still missing!  Given all of the time, resources and effort spent many organizations still lack confidence in their risk programs.   Regulatory fines, organizational missteps, and technical failures litter the news daily because of this missing component, the 3rd dimension.

3rd Dimension of Risk

The 3rd dimension of risk requires the least amount of investment and has the ability to actually achieve a return on investment many times greater than the costs expended in dimensions one and/or two.  Before I tell you what the 3rd dimension of risk is let me describe what it “feels” like to operate at this level of risk management.

Firms that have begun to operate on a 3-dimensional level of risk have incorporated what they know about dimensions 1 and 2 and have empowered front-line management to address their risks and reward quantifiable outcomes in operational efficiency, safety, and reductions in impacts to organizational objectives.  Divisional budgets would also include risk reduction line items and earmarks for understanding residual risks not yet addressed.

3-dimensional firms have strategically aligned front office goals and objectives with middle and back office capability.  3-dimensional strategic alignment means that high standards of performance are set and expected based on ethical execution of these objectives and in partnership with respective support functions.  These firms are constantly calibrating the speed at which they operate taking appropriate risks along the way.

What is the 3rd dimension of risk?  Decision-making under uncertain conditions, or sometimes called, Behavior Systems.  Recent research suggests that 95% of risk failures occur because of bad behavior or poorly informed decision making.  This fact suggests that even the most successful risk management programs are spending 90% or more of their resources on 5% of the problem.  The other 10% is spent on remediation after a risk failure has occurred.  Very little, if any, time or resources is devoted to Behavior Systems.

The 3rd dimension of risk is ignored because most firms erroneously assume that there is little that can be done about the behavior or decision-making of its employees or rogue senior management.

While no firm can afford to micro-manage the decision making of every employee all firms can think about how to help their employees make the right decision.

3-dimensional firms make thoughtful investments in smart systems that anticipate behavior.

These systems include compensation schemes, sales incentives, bonus and merit, recognition, as well as appropriate reprimands for bad behavior.  Smart systems go well beyond compensation and rewards and include technology barriers, how departments collaborate, hiring practice, skills development, and other holistic approaches.

Additionally, everyone is encouraged to solve problems at their level of the organization including the most challenging problem of management execution.

The missing link in most organizations is the assumption that one group is responsible for risk management.  3-dimensional firms understand that risk is shared across the firm and success depends on the behavior of the entire organization.

Changing and/or challenging corporate culture maybe the hardest part of reaching the 3rd dimension of risk management but it may be the most rewarding with more sustainable outcomes.

by: James Bone Categories: Risk Management Risk Information Technology market in financial services will account for 18.2% of overall IT spending by 2018

free_244054  computer key boardIDC Financial Insights Predicts Worldwide Risk Information Technologies and Service Market to Grow to $97.3 billion by 2018
09 May 2014

FRAMINGHAM, Mass., May 9, 2014IDC Financial Insights today published a new report, Worldwide IT Spending 2013-2018, Risk IT Spending Guide 1H2014 (Doc #FI248372), which forecasts the worldwide risk information technologies and services (RITS) market will grow to $79.2 billion in 2015 and $97.3 billion by 2018. The compound annual growth rate (CAGR) for the forecast period has increased over previous forecasts to 7.2%.

IDC’s newest forecast confirms that the strategies and investments to industrialize risk management continue to remain critical as policymakers and Chief Risk Officers (CROs) absorb the regulatory and business environment changes that will ultimately serve as the underpinnings for future financial operations. IDC further stresses that risk management and regulatory compliance investments will not be a safe haven from the demand for financial performance and operational efficiency. In fact, demands today call for risk investments to contribute more to financial performance and to the efficient operation of the institution.

Key highlights of the report include:

  • As a percentage of total IT spending, which is forecast to crest $530 billion by 2018, the RITS market in financial services will account for an average of 17.1% of overall IT spending in 2015 and growing to 18.2% of total spending by 2018, as risk management technologies, services, and solutions continue to participate in a growing market that is core to business strategies across the banking, capital markets, and insurance sectors.
  • Of the seven submarkets included in this forecast, those with the highest growth rates are Compliance and Internal Controls, Credit Risk, and Information/Cyber Security.
  • The Capital Markets sector of the financial services market has the greatest percentage of overall IT spending allocated to risk information technology and services. For 2015, the percentage of overall IT spending dedicated to risk information technology and services in the Capital Markets sector is 22.2%, growing to 24.2%, which is representative of in-sector regulatory compliance and IT modernization trends.

According to Michael Versace, Global Research Director, IDC Financial Insights and author of the report, “Growth in risk management investments continues to lead all functional areas in terms of dollars allocated to hardware, software, and services that run the financial markets. With growth continuing to increase, firms must place their risk functions squarely in the middle of IT optimization initiatives and require them to work across compliance, treasury, finance, operations, product, and IT disciplines and towards universal data management and integration standards, system capabilities, talent and metrics that improve risk-based decision making at a line of business and enterprise level.”

For additional information about this report or to arrange a one-on-one briefing with Michael Versace, please contact Sarah Murray at 781-378-2674 or sarah@attunecommunications.com. Reports are available to qualified members of the media. For information on purchasing reports, contact insights@idc.com; reporters should email sarah@attunecommunications.com.

About IDC Financial Insights

IDC Financial Insights assists financial service businesses and IT leaders, as well as the suppliers who serve them, in making more effective technology decisions by providing accurate, timely, and insightful fact-based research and consulting services. Staffed by senior analysts with decades of industry experience, our global research analyzes and advises on business and technology issues facing the banking, insurance, and securities and investments industries. International Data Corporation (IDC) is the premier global provider of market intelligence, advisory services, and events for the information technology market. IDC is a subsidiary of IDG, the world’s leading technology, media, research, and events company. For more information, please visit www.idc.com/financial, email info@idc-fi.com, or call 508-620-5533. Visit the IDC Financial Insights Community at http://idc-community.com/financial.

June 25, 2014 by: James Bone Categories: Risk Management The Biology of Risk by Jonathon Coates

One of the new advances in risk management is the development of research on how little we understand decision making under uncertainty and the dynamics of risk taking.   The “Biology of Risk” is worth taking time to read to better understand what happens below the surface of risk taking. 

John Coates is a research fellow at Cambridge who traded derivatives for Goldman Sachs and ran a desk for Deutsche Bank.  John’s piece focuses on the connection of the body and mind as he explores the powerful impact one emotion, the stress response, has on Wall Street traders.  A well-written and researched piece!

SIX years after the financial meltdown there is once again talk about market bubbles. Are stocks succumbing to exuberance? Is real estate? We thought we had exorcised these demons. It is therefore with something close to despair that we ask: What is it about risk taking that so eludes our understanding, and our control?

Part of the problem is that we tend to view financial risk taking as a purely intellectual activity. But this view is incomplete. Risk is more than an intellectual puzzle” it is a profoundly physical experience, and it involves your body. Risk by its very nature threatens to hurt you, so when confronted by it your body and brain, under the influence of the stress response, unite as a single functioning unit. This occurs in athletes and soldiers, and it occurs as well in traders and people investing from home. The state of your body predicts your appetite for financial risk just as it predicts an athlete’s performance.

If we understand how a person’s body influences risk taking, we can learn how to better manage risk takers. We can also recognize that mistakes governments have made have contributed to excessive risk taking.

Consider the most important risk manager of them all, the Federal Reserve.  Over the past 20 years, the Fed has pioneered a new technique of influencing Wall Street. Where before the Fed shrouded its activities in secrecy, it now informs the street in as clear terms as possible of what it intends to do with short-term interest rates, and when. Janet L. Yellen, the chairwoman of the Fed, declared this new transparency, called forward guidance, a revolution; Ben S. Bernanke, her predecessor, claimed it reduced uncertainty and calmed the markets. But does it really calm the markets? Or has eliminating uncertainty in policy spread complacency among the financial community and actually helped inflate market bubbles?

We get a fascinating answer to these questions if we turn from economics and look into the biology of risk taking.

ONE biological mechanism, the stress response, exerts an especially powerful influence on risk taking. We live with stress daily, especially at work, yet few people truly understand what it is. Most of us tend to believe that stress is largely a psychological phenomenon, a state of being upset because something nasty has happened. But if you want to understand stress you must disabuse yourself of that view. The stress response is largely physical: It is your body priming itself for impending movement.

As such, most stress is not, well, stressful. For example, when you walk to the coffee room at work, your muscles need fuel, so the stress hormones adrenaline and cortisol recruit glucose from your liver and muscles; you need oxygen to burn this fuel, so your breathing increases ever so slightly; and you need to deliver this fuel and oxygen to cells throughout your body, so your heart gently speeds up and blood pressure increases. This suite of physical reactions forms the core of the stress response, and, as you can see, there is nothing nasty about it at all.

Far from it. Many forms of stress, like playing sports, trading the markets, even watching an action movie, are highly enjoyable. In moderate amounts, we get a rush from stress, we thrive on risk taking. In fact, the stress response is such a healthy part of our lives that we should stop calling it stress at all and call it, say, the challenge response.

This mechanism hums along, anticipating challenges, keeping us alive, and it usually does so without breaking the surface of consciousness. We take in information nonstop and our brain silently, behind the scenes, figures out what movement might be needed and then prepares our body. Many neuroscientists now believe our brain is designed primarily to plan and execute movement, that every piece of information we take in, every thought we think, comes coupled with some pattern of physical arousal. We do not process information as a computer does, dispassionately; we react to it physically. For humans, there is no pure thought of the kind glorified by Plato, Descartes and classical economics.

Our challenge response, and especially its main hormone cortisol (produced by the adrenal glands) is particularly active when we are exposed to novelty and uncertainty. If a person is subjected to something mildly unpleasant, like bursts of white noise, but these are delivered at regular intervals, they may leave cortisol levels unaffected. But if the timing of the noise changes and it is delivered randomly, meaning it cannot be predicted, then cortisol levels rise significantly.

Uncertainty over the timing of something unpleasant often causes a greater challenge response than the unpleasant thing itself. Sometimes it is more stressful not knowing when or if you are going to be fired than actually being fired. Why? Because the challenge response, like any good defense mechanism, anticipates; it is a metabolic preparation for the unknown.

You may now have an inkling of just how central this biology is to the financial world. Traders are immersed in novelty and uncertainty the moment they step onto a trading floor. Here they encounter an information-rich environment like none other. Every event in the world, every piece of news, flows nonstop onto the floor, showing up on news feeds and market prices, blinking and disappearing. News by its very nature is novel, adds volatility to the market and puts us into a state of vigilance and arousal.

I observed this remarkable call and echo between news and body when, after running a trading desk on Wall Street for 13 years, I returned to the University of Cambridge and began researching the neuroscience of trading.

How the Fed Tried to Rein in Volatility

FED FUNDS RATE

The Federal Reserve largely reined in volatility of short-term interest rates starting in the mid 90's but instead of calming the markets, it made crashes in the 20 years after 1994 longer and more severe than in the previous 20.

 Sources: Federal Reserve Bank of St. Louis; Standard & Poor’s

In one of my studies, conducted with 17 traders on a trading floor in London, we found that their cortisol levels rose 68 percent over an eight-day period as volatility increased. Subsequent, as yet unpublished, studies suggest to us that this cortisol response to volatility is common in the financial community. A question then arose: Does this cortisol response affect a person’s risk taking? In a follow-up study, my colleagues from the department of medicine pharmacologically raised the cortisol levels of a group of 36 volunteers by a similar 69 percent over eight days. We gauged their risk appetite by means of a computerized gambling task. The results, published recently in the Proceedings of the National Academy of Sciences, showed that the volunteer’s appetite for risk fell 44 percent.

Most models in economics and finance assume that risk preferences are a stable trait, much like your height. But this assumption, as our studies suggest, is misleading. Humans are designed with shifting risk preferences. They are an integral part of our response to stress, or challenge.

When opportunities abound, a potent cocktail of dopamine a neurotransmitter operating along the pleasure pathways of the brain” and testosterone encourages us to expand our risk taking, a physical transformation I refer to as the hour between dog and wolf.  One such opportunity is a brief spike in market volatility, for this presents a chance to make money. But if volatility rises for a long period, the prolonged uncertainty leads us to subconsciously conclude that we no longer understand what is happening and then cortisol scales back our risk taking. In this way our risk taking calibrates to the amount of uncertainty and threat in the environment.

Under conditions of extreme volatility, such as a crisis, traders, investors and indeed whole companies can freeze up in risk aversion, and this helps push a bear market into a crash. Unfortunately, this risk aversion occurs at just the wrong time, for these crises are precisely when markets offer the most attractive opportunities, and when the economy most needs people to take risks. The real challenge for Wall Street, I now believe, is not so much fear and greed as it is these silent and large shifts in risk appetite.

I consult regularly with risk managers who must grapple with unstable risk taking throughout their organizations. Most of them are not aware that the source of the problem lurks deep in our bodies. Their attempts to manage risk are therefore comparable to firefighters spraying water at the tips of flames.

THE Fed, however, through its control of policy uncertainty, has in its hands a powerful tool for influencing risk takers. But by trying to be more transparent, it has relinquished this control.

Forward guidance was introduced in the early 2000s. But the process of making monetary policy more transparent was in fact begun by Alan Greenspan back in the early 1990s. Before that time the Fed, especially under Paul A. Volcker, operated in secrecy. Fed chairmen did not announce rate changes, and they felt no need to explain themselves, leaving Wall Street highly uncertain about what was coming next. Furthermore, changes in interest rates were highly volatile: When Mr. Volcker raised rates, he might first raise them, cut them a few weeks later, and then raise again, so the tightening proceeded in a zigzag. Traders were put on edge, vigilant, never complacent about their positions so long as Mr. Volcker lurked in the shadows. Street wisdom has it that you don't fight the Fed, and no one tangled with that bruiser.

Under Mr. Greenspan, the Fed became less intimidating and more transparent. Beginning in 1994 the Fed committed to changing fed funds only at its scheduled meetings (except in emergencies); it announced these changes at fixed times; and it communicated its easing or tightening bias. Mr. Greenspan notoriously spoke in riddles, but his actions had no such ambiguity. Mr. Bernanke reduced uncertainty even further: Forward guidance detailed the Feds plans.

Under both chairmen fed funds became far less erratic. Whereas Mr. Volcker changed rates in a volatile fashion, up one week down the next, Mr. Greenspan and Mr. Bernanke raised them in regular steps. Between 2004 and 2006, rates rose .25 percent at every Fed meeting, without fail... tick, tick, tick. As a result of this more gradualist Fed, volatility in fed funds fell after 1994 by as much as 60 percent.

In a speech to the Cato Institute in 2007, Mr. Bernanke claimed that minimizing uncertainty in policy ensured that asset prices would respond certain ways that further the central bank's policy objectives. But evidence suggests that quite the opposite has occurred.

Cycles of bubble and crash have always existed, but in the 20 years after 1994, they became more severe and longer lasting than in the previous 20 years. For example, the bear markets following the Nifty Fifty crash in the mid-70s and Black Monday of 1987 had an average loss of about 40 percent and lasted 240 days; while the dot-com and credit crises lost on average about 52 percent and lasted over 430 days. Moreover, if you rank the largest one-day percentage moves in the market over this 40-year period, 76 percent of the largest gains and losses occurred after 1994.

I suspect the trends in fed funds and stocks were related. As uncertainty in fed funds declined, one of the most powerful brakes on excessive risk taking in stocks was released.

During their tenures, in response to surging stock and housing markets, both Mr. Greenspan and Mr. Bernanke embarked on campaigns of tightening, but the metronome-like ticking of their rate increases was so soothing it failed to dampen exuberance.

There are times when the Fed does need to calm the markets. After the credit crisis, it did just that. But when the economy and market are strong, as they were during the dot-com and housing bubbles, what, pray tell, is the point of calming the markets? Of raising rates in a predictable fashion? If you think the markets are complacent, then unnerve them. Over the past 20 years the Fed may have perfected the art of reassuring the markets, but it has lost the power to scare. And that means stock markets more easily overshoot, and then collapse.

The Fed could dampen this cycle. It has, in interest rate policy, not one tool but two: the level of rates and the uncertainty of rates. Given the sensitivity of risk preferences to uncertainty, the Fed could use policy uncertainty and a higher volatility of funds to selectively target risk taking in the financial community. People running factories or coffee shops or drilling wells might not even notice. And that means the Fed could keep the level of rates lower than otherwise to stimulate the economy.

IT may seem counterintuitive to use uncertainty to quell volatility. But a small amount of uncertainty surrounding short-term interest rates may act much like a vaccine immunizing the stock market against bubbles. More generally, if we view humans as embodied brains instead of disembodied minds, we can see that the risk-taking pathologies found in traders also lead chief executives, trial lawyers, oil executives and others to swing from excessive and ill-conceived risks to petrified risk aversion. It will also teach us to manage these risk takers, much as sport physiologists manage athletes, to stabilize their risk taking and to lower stress.

And that possibility opens up exciting vistas of human performance.

John Coates is a research fellow at Cambridge who traded derivatives for Goldman Sachs and ran a desk for Deutsche Bank. He is the author of The Hour Between Dog and Wolf: How Risk Taking Transforms Us, Body and Mind.

A version of this op-ed appears in print on June 8, 2014, on page SR1 of the New York edition with the headline: The Biology of Risk.