Driving Business Evolution with Enterprise Risk Management

David Rogers, SAS - 2 May 2014

For many years enterprise risk management (ERM) was more of a concept than a reality, a visionary strategy that spanned every department within an organisation at every level. However, in recent years, ERM programmes have been indisputably implemented by organisations of all sizes, with treasury central to this process. This article asks what constitutes an effective ERM programme, and how does a company go about creating a solid risk framework with treasury now playing a vital role?

ERM is no longer aligned to an academic-based vision with only limited application in the real world. Investment in ERM infrastructure and analytics is now viewed as integral to the management decision process, especially in financial services firms. A successful bank must conduct stress testing and create a capital planning approach, integrating risk and financial data. While regulation plays a part in this change, it is only a fraction of what banks must do to remain profitable.

An ERM vision must have an IT infrastructure and risk culture that support cross-functional collaboration, such as the partnership of risk and finance. Collaboration requires understanding all portfolio risks and how to manage those risks to meet the long-term goals of the bank. While a chief financial officer (CFO) is responsible for balance sheet growth, the chief risk officer (CRO) is in charge of risk control objectives, such as minimising balance sheet risk and calibrating this with the bank’s risk appetite.

The CRO must also avoid balance sheet exposure at all times. For the treasury function, Basel III regulations demand comprehensive assessments that affect businesses. For example, banks may examine each instrument in terms of its contribution to the balance sheet, leverage, liquidity, profit and loss (P&L), regulatory and economic capital, and risk-adjusted profitability. Getting a holistic view for different portfolios from one place is both a big data and systems challenge for banks.

Re-examining Capital Planning

New approaches to capital planning have elevated the role of treasury beyond solvency and into strategic planning, helping banks evaluate long-term capital under forward-looking projections as well as stressed scenarios. Regulation has focused attention back on capital efficiency and allocating increasingly scarce capital to businesses that outperform on a risk-adjusted basis.

Data management and quality remain key challenges to the delivery of these new approaches. Specifically for asset liability management (ALM) and liquidity risk, data is necessary to maintain a comprehensive balance sheet. For a large bank, the balance sheet can comprise trillions of assets, where the data requirement for asset liability management is huge since analysis must be performed on all assets and liabilities.

The data challenge is obvious when integrating information from the risk side (for regulatory and economic capital) with the finance side (for financial statements, general ledger accounts, liquidity, Generally Accepted Accounting Principles and International Financial Reporting Standards (GAAP/IFRS) compliance).

Historically, these departments operated independently and had no business incentive to work together. But imperative regulations - such as balance sheet stress testing, IAS 39, IAS 9 and Dodd-Frank - are now motivating risk and finance groups to work together for compliance. An integrated view of risk and finance data conveys far more information than a disjointed view. Furthermore, banks can use that information for effective future strategic planning - the main goal when optimizing capital planning and management.

An ERM architecture must have the ability to process each data item required. The best practice is to establish automatic metadata management that tracks the lineage of all models, stress scenarios, and data outputs.

The goal for ERM is to calculate analyses only once and use the results in various applications. The planning systems evolve from pure recipients of data into new suppliers of data. Within a ‘data universe’, these systems must provide information of overriding interest (e.g., cash flow plans) as a central service. When implemented consistently, the result is an integrated bank control architecture with a single point of truth.

Stepping Up Stress Testing

Another powerful ERM tool is the increasing use of stress testing to help business executives gain enterprise and business unit level oversight.

Financial institutions (FIs) are implementing enterprise stress testing systems that can be used for various analyses and reporting. Stress testing a bank’s portfolio requires several dimensions. Macroeconomic factors must be linked to the portfolio’s loan performance (credit risk), liquidity profile and market risk. This is a difficult modeling exercise that banks were not previously required to do.

Since the development of Basel II stress testing has been hotly debated, and, in many instances, inadequately implemented. The topic is relevant both from a regulatory perspective and for the internal risk assessment in the context of the internal capital adequacy assessment process (ICAAP). The Capital Requirements Directive (CRD IV) consultations as the European implementation of Basel III have already addressed the existing shortcomings both in stress testing and back testing.

Stress tests represent only one form of simulation that highlights the effects of extremely negative developments. However, the simulation capability is important for applications that go far beyond this, especially for opportunity identification such as economic development planning and control. A simulation can, and should, make it possible to evaluate the effects of decisions.

In stress tests, simulating different environmental conditions (scenarios) requires the financial position of the bank to be investigated. Here, negative economic developments are simulated by means of risk parameters, to read potential portfolios. The goal is early detection of serious changes in the risk structure to estimate bank stability, especially in periods of crisis. For planning timely countermeasures, both the executive board and the supervisory board need to know and understand the risks.

To use stress tests continuously and regularly as a management tool, a process must transparently document the assumptions, models, and the results. The risk process must also be established across departments so that the entire bank’s risk can be determined, which influences the calculation of the risk-bearing capacity.

Benefits of ERM

ERM implementations attempt to develop an integrated method of approaching risk. This means integration of the different approaches to risks and solutions, as well as approaches to identify and manage risk effectively. ERM can provide firms with the means to decide how much uncertainty (risk) to accept while achieving growth, with new stress testing and capital planning capabilities playing an increasingly important role in senior management decision making.

The key to meeting ERM objectives is to develop a risk infrastructure to obtain and then maintain a holistic view of risk while dealing with ever-evolving data, complexity in measurement and timely management reporting. However, the reality for many firms is that following such an approach depends heavily on how the IT infrastructure has grown. An integrated view of risk and finance data conveys far more information than a disjointed view. Furthermore, banks can use that information for effective future strategic planning – the main goal when optimizing capital planning and management. Back to top