The unrelenting waves of bad news coming out of the financial services industry these days all seem to wash ashore at the same place -- on the desk of the CFO and his compliance team. Financial risk management just isn't what it used to be. Or rather, the risks themselves have moved so significantly in the past 10 years that banks have not managed to keep up (except, perhaps, the whiz kids at Goldman).
Time for a change, or as Steve Husk of FRSGlobal suggests in his new blog, banks need to decide whether they want to be Southampton FC or Real Madrid (really!). It's time for a two-dot-oh look at risk management.
In my view 3 main factors have contributed to an exponential increase in the scope and complexity of risk. First came an acceleration of innovation in financial instruments, with investment banks churning out weekly new spins on the securitisation concept to ensure they had something to sell to clients, something to trade in and out of to generate fees, and -- in many cases -- something for their prop trading desks to buy. The sophistication of these products have come a long way from Bowie bonds to a finely-graded slice of sub-prime mortgage risk.
Second, the entrance of new market participants, including hedge funds, corporate treasurers and commodities offices, the banks' own SIVs, and -- finally -- consumers egged on by retail bank 'consultants', created greater liquidity but also volatility in the market. The behaviour of many of these market participants was not predictable and their reaction in a crisis untested.
Third, capital moves at higher speed through many more jurisdictions today than ever before. There is no such thing as a domestic or European or American capital market today. The effects of US subprime mortgage defaults are being felt in every corner of the globe, much to the surprise, no doubt, of the poor souls who are actually defaulting.
And yet the risk management approach used by most banks is based on legislative concepts that were developed decades ago, in a simpler world of capital offsetting measurable liabilities on balance sheets (Basel I, Basel II). The IT systems on which these risk management processes run tend to be local financial accounting systems, perhaps even instrument- or business line- specific, with little integration with the global exposures of the bank.
Now that banks know their real exposure is much greater than previously thought, and with the threat of increasing regulation if they don't find a way to regulate themselves, it's time to dust off those formerly Utopian plans to develop a single view of risk within the bank.
For both banks and corporates the era of keeping multiple sets of books is drawing to a close. There is simply too much risk in not having a single, accurate, reportable view of the financial position. The board will want to see the same report as the regulator is reviewing. And when the regulator calls, the CFO wants to make sure his reporting is fully transparent and auditable.
It's no longer good enough to delegate local regulatory reporting to country managers. Regulators from different countries are talking to each other and are likely to exchange information and continue to harmonise their requirements. For a bank operating across the world, this means local financial reporting needs to be in synch. For the CFO, it means reducing risk of local error, while increasing global visibility of the numbers.
So while general IT spending by banks will likely tail off this year, spending on compliance processes and risk management will continue, benefting firms like Riskmetrics (which is going public today), Algorithmics, and FRSGlobal (disclosure: Kennet company). It is likely to take banks years to consolidate their financial systems and arrive at a single, global view of risk and an ability to report on it. The good news is that this is more a process problem than a technology problem. Recent technical innovations, including all that Web 2.0 stuff, make it notionally easier than ever. Time to get started.