« About Satchidananda Sogala |
Main
| The Challenge of Choosing the Right Risk Technology »
January 28, 2008
Implementation Challenges in Risk Management
“Intentions are nothing except as realized” said Frank Raymond Leavis, the famous Cambridge don. This applies to risk management in full measure. The execution, like in most other things, is the key to successful risk management. The execution measured not only in terms of actions taken, (like the establishment of processes or implementation of technology systems and operationalization of governance procedures), but in terms of effectiveness of the regime in achieving higher risk-adjusted-returns on capital; increase in market share on account of finer rates and customer delight ; and lowering of the non performing assets through more accurate risk differentiation. In other words, in terms of improved overall performance of the bank.
All these assertions would have been trivial truisms if only the risk management in banks were achieving these obvious objectives at least substantially. The financial crises events in the recent past in different parts of the world evidence otherwise and provide some justification for looking at risk implementation issues again in some detail.
Let me begin by narrating a real incident. The other day I was speaking at one of the Risk Management seminars in Mumbai. In the same event, one of the chief risk officers of an important state - owned bank also spoke on the status of the Basel II implementation in his bank. He asserted that their bank had completed the implementation process and there was nothing more to be done particularly, in credit risk management. I was very much impressed, surprised and a little uncomfortable by this claim as most banks in India do not practice risk based pricing of their assets even today. Soon after this, I was invited to conduct a session on credit risk modeling to the credit officers of the self-same bank in their training institution. My interactions on this occasion laid bare the hollowness of the CRO’s claims. It turned out the rating of loan accounts was perfunctory and the rating reports were done under duress with scant regard to reality, mostly in the absence of accurate data and / or proper application of mind. Sure, the Risk Management department had received all the reports it ‘wanted’ and submitted the reports to the management and the regulator regarding the Basel II implementation. I thanked my stars that I was not a board member of this bank which got all the ‘required’ reports and was taking credit decisions based on misplaced certainty and confidence. Is it not better to know that we don’t know than to think we know when in fact, we don’t? “The security is mortal’s chiefest enemy!” (Macbeth).
This kind of experience is not solitary instance. Not long after this, the chief of Risk Management of another big Indian Bank mentioned to me that they have researched and implemented more than a dozen credit risk models in their bank. Needless to say, I was greatly impressed. However, on verification, I found that the bank, indeed, has a huge risk management department and sadly, their work was not resulting in the improvement of the performance to any measurable way. The bank was yet to differentiate between credit risks and was yet apply risk-based pricing them on the basis of tested and robust risk models. It seems to me, there is certain amount of vagueness and confusion and also hyping in the risk management implementation.
As such, in risk management implementation, there is a need to constantly focus on results rather than processes alone. After all, REALITY is more important in this case as in others, than FORMALITY! The key question to ask in the context of risk solutions implementation is the difference between the ‘form’ and the ‘essence’. Between the implementation of this or that software systems and the perceptible increase in the revenues and earnings and net worth.
What then are the implementation challenges? What are the possible resolutions? As I have been involved in the implementation in this part of the world, I will share some of my experiences. I propose to focus on some of the key implementation challenges in this area based on my own not inconsiderable experience in this regard. May I invite you all to contribute your insights and knowledge on this topic for common benefit of the risk community?
Posted by sssatchidananda at January 28, 2008 09:15 PM
Dear Dr. Satchi,
Good to see you blogging. you have raised the crucial issue of ultimately the risk management models are used in practice and how effectively. The essence of Basel II and risk management is that it is a journey, with all ingradients of dynamism embedded in it. The RMDs should constantly put the RM systems to test, to see their usability across business lines and refine them. While creating RM structure, one key component one should look for is the flexibility of the sofware /systems to handle new situations. Please keep blogging and contribute to make this forum interactive.
Sunando( sunandoroy@kpmg.com)
Posted by: Sunando Roy at January 29, 2008 02:06 AM
Dear Dr Satchidananda, You have highlit a very important point.
As a systems person, I see a lot of issues while implementing risk management systems at a bank. Happily, I have worked with some where this is well understood and since they are my clients, I can not mention them.
The principle reason behind systems failure (as in the recent well publicised case of Soc Gen), is that systems are not architected.
A proper Basel II implementation for a bank of any size needs to be architected, its implications understood and moving beyond standardised methods requires considerable thought and top management input for the same. In most implementations these are missing.
This begins at the RFP stage itself. RFPs need to highlight the architecture itself. Indeed, if I were to put out a RFP today, I will put out at least an E-R diagram and a process flow diagram. It does not matter if a specific report is not there. It matters if this report can never be produced.
Transaction systems differ from risk management systems. However, right from RFP stage, transaction systems seem to influence risk management systems, ignoring advancements in technology.
Lastly, no system is as strong as the human being behind it.
I have some experience in implementing systems and will send you reasonable data on ALM and market risk, credit risk systems from an implementation perspective, without revealing client names.
It is a timely and burning issue and I am grateful that you have brought this up.
Posted by: Prahlad D N at January 31, 2008 02:19 AM
I fully agree with your views on the hollow claims being made by some of the banks as regards their readiness to implement Basel II accord. In fact they are not aware of the accord fully. The state-owned banks are yet to develop requisite MIS and data warehouse which is first step for adoption of the Basel norms. Credit risk rating for all exposures, either through external agencies or internal rating models is yet to stabilise in most of the banks in India, particularly Public sector banks. Risk Based pricing is totally a new cocept for all most all these banks. These banks rely more on FORMALITY than REALITY, as rightly observed by you, mainly due to IGNORANCE. Will you please highlight implementation challenges faced by banks in emerging economies, for the benifit of all the members ?
Posted by: M V Mallya at February 1, 2008 04:09 AM
I fully concur with the views of Dr.Sachi. I quote his line "After all, REALITY is more important in this case as in others, than FORMALITY!". Most of the banks are interested only in compliance with the directives of RBI and not fully aware of the intricacies in the risk models and the advantages to the banks in the form of lower amount of NPA. All the top brass in banks should undergo a training on the utility of the Basel II implementation.
Posted by: S.Murali at February 10, 2008 07:00 AM
Hi! Thanks for the thought provoking insights into what is happening in the risk world of Banking.
The two incidents narrated by you, are real and reflect what is happening not only in India but, post sub-prime in the developed world too.
Often risk models block thinking rationale and become rigid structures to which the supplicants offer prayer to save them.
The people who created the models and the people who introduced the models become victims of their own creation/introduction and prefer to turn a Nelson's eye when the models do not perform.
Another issue which I have observed is, statisticians and mathematicians who evolve the models are extremely smart and normally brush aside people who dare to share their misgivings.
A simple rule which I have seen which works is - reject something which you do not understand, the risk is lesser. But, fascination with complex models with slick presentations carry the day in many of the board rooms.
This does not mean models are not useful, they are. Only issue is - keep them open to change and do not lose the subective judgemental call. I have seen growth opportunities being given a go by because of a ultra conservative RO or models being tweaked to accommodate subjective decision making.
Well the problems of implementation could be seen as -
i. Culture.
ii. Cost
iii. Competence
iv. Commitment
v. Clarity
vi. Continuous change
vii. Technology
viii. MIS - real time
ix. Complexity
x. Regulator driven vis-a-vis self driven
xi. Fashion and one upmanship
xii. Consultants and Gurus
To end, these are just my thoughts, willing to be corrected.
Raghavendra C G
Posted by: Raghavendra at February 13, 2008 02:29 AM
First of all, the preparedness of the banks to Basel II compliance is still underway and the even the strongest european banks where technology,data availability is in place and capital requirement directive is also in force, the final stage of compliance is yet to take place.
The banks are modelling their PD/LGD which is the key (linear variable) in riskweight calculation for AIRB.Selection of models and the parameters are really challenging the banks
The technological challenges include consistency in data from both exposures and facilities
1. Multiple systems pump the data from various source systems from different locations and making them to Basel2 compliant data is the main task - so data mapping is one of the requirement
2. All the counterparties should be identified by their local identifiers and Global identifier. This global id will link the various exposures/claims of a particular counterparty and will calculate the correct risk weight. Many systems do lack populating this global ids
3. Equally the pd/Lgds of guarantors should be captured to assess the correct risk weight. The guarantors details are either insufficiently available or inadequately processed. Applying proper internal rating of counterparties /obligors, mapping them to the respective pds will result in correct rw.Non availability of internal rating to the obligor will result in application of higher rw.
4. Assigning the counterparty to the correct exposure class (like banks,sov, corp,MDB) is again challenging. For example, African development bank is classified as bank instead of mdb resulting in 20% rw instead of 0%)
5.Capturing the details of eligible financial collateral and their respective rating and validating them.
5.Provisioning of bad and doubtful assets has not been fully captured by the basel2 system resulting in wrong rw.
6.Assigning correct risk weight on Purchased receivables of corporates due to lack of data
7.Retail assets need adequate/continuous monitoring during processing as it involves large volume of data, details of collateral, and in respect of mortgage loans, LTV and valuation etc.
8.Reconciliation of the reports to be submitted to the regulators for accuracy and tallied with source data. This will give clear picture to the regulators so that risk management processes are in place and should not give scope for the regulator to force the bank either to go for standardised approach where higher riskweights are applied or penalty for non-compliance
Posted by: mala venkatakrishna at February 24, 2008 08:55 AM
Post a comment
