Can we fix Risk Management? Yes, we can.

Since 2009, banks have been scrutinized microscopically about their resilience to a wide range of risks. This is hardly surprising, given the post-Global Financial Crisis (GFC) realization of interconnectedness between systemic risk and the financial services industry, particularly so-called globally Systemically Important Financial Institutions (SIFIs).

From the top-down, supervisors and regulators hammer good practice, often through multiple uncoordinated regulations. The Basel-derived Fundamental Review of the Trading Book (FRTB) is one such topical regulation close to the heart of compliance officers at Globally Systemically Important Banks (GSIBs). It’s true that supervisors and regulators could do a better job harmonizing their regulations, across geographies and functions.

But that should not be an excuse. From the bottom up, there are challenges too. While institutions take risk extremely seriously, risk management processes need to be updated. Many financial risk systems we see, speaking frankly as an organization that deals with risk in safety critical industries as well as those in finance, are close to broken. Why?

First, legacy systems, dating from the developer-laden, pre-GFC BritPop Nineties and Boy Band Noughties, impede innovation in Taylor Swift’s 2016. They are liable to “technical debt”. Organizations struggle to manage their tech debt “interest” as demands on the system increase, leading to an entropic cycle of increasing maintenance and reducing functional improvement.

Second, despite the best efforts of top-down regulation to enforce silo reduction, cultural and organizational obstacles stand in the way. Take the stress testing cycle, whether CCAR, EBA or other. Organizations struggle to muster their resources to address four to six month scenario to report timelines. Calculating and aggregating risk valuations across different asset classes and departments, often applying different methodologies in each, can result in densely populated data spreadsheets (or similar) passing from person to person, department to department. Processes may not be understood; or – worse – obfuscated through a pretence to fully understand.  

Now, the financial services industry is complex and rightly thrives on complexity – that’s how it fosters wealth creation in the real economy. The industry can manage complexity in risk better, but not by patching together systems with additional spreadsheets and tools of often unknown origin. It can work towards a harmonized architecture/platform which manages, models and reports risk whatever the department and job role, whether a chief risk officer, risk modeller, developer or front office representative. It should be able to deal too with the uncoordinated barrage from regulators and supervisors.

In software terms, this is realizable. It has been realized in non-financial organizations. Look at the automotive industry. Building an automated safety-first model to production process, with validation and verification, has increased vehicle reliability, assurance and environmental protection, as well as unleashing the vehicle design creativity resulting in multiple new features at reduced cost, and significantly improving the driver experience.

Financial services can and should strive to do the same. It is quite possible for risk, projection and valuation models to be built, customized and improved, rapidly, consistently and in coordination. It is also quite possible to implement while minimizing technical debt, applying good development processes that in turn foster continuous system improvement. It is quite possible too for those models to be made available to whoever needs them, whether ardent researcher, FATCA-liable executive or prospective customer.

However, this requires cultural change. Established bureaucracies need to be, at worst crushed, at best reformed. Cries of “we’ve always done it this way” should be challenged. Financial institutions must seek to reduce complexity where complexity adds nothing, both in communication and in model development.

So can we fix it? Yes we can. Many financial institutions are following a good path. Financial institutions should aspire to a single system with reduced operational, model and legal risks, servicing multiple disconnected supervisory regimes, in turn improving productivity through risk-aware development.