The banking industry has traditionally relied on regulators to determine how risk should be managed – but times have changed, and changed dramatically. Tapan Agarwal – Risk Product Council Chair, iGTB – discusses the weight of responsibility now placed on banks, and the key factors required for a robust risk management strategy
From the earliest days of established business activity, industries of all kinds have had the same fundamental two-tier composition, comprised of market participants – whose focus is naturally on commercial success, seeking to generate growth and wealth – and rule-makers and regulators, whose goal is to adequately police such activity, defining its boundaries to uphold contemporary principles.
In the medieval City of London, for example, guilds and livery companies had the power to enforce regulations around labour conditions and industry standards, to protect industry practitioners, customers and the wider economy. In the centuries since, this responsibility now lies with entities such as the Financial Conduct Authority, tasked with safeguarding and maintaining the integrity of UK financial markets. But today, for the first time, we are seeing a pivotal swing in where this "safeguarding" responsibility sits – a shift that is particularly clear in the financial sector.
A brave new world
Consider the approach previously adopted by regulating bodies such as the Canadian Office of the Superintendent of Financial Institutions (OSFI) and the Australian Prudential Regulation Authority (APRA). In the late 1990s and early 2000s, such authorities pursued risk-based approaches to regulation, creating structure in the form of the OSFI Act and APRA's PAIRS and SOARS frameworks. Such bodies, initiatives and guidelines shaped financial markets and held the greatest influence over the level, nature and mitigation of risk found within these markets.
But this all changed in 2008 – a landmark year that saw Kosovo declare independence from Serbia, Mumbai rocked by terror attacks, the cancellation of the Dakar Rally due to growing political tension and severe unrest in the aftermath of Benazir Bhutto's assassination. Against this already turbulent backdrop came the global financial crisis, affecting economies in every corner of the globe, turning financial markets on their head and making volatility and uncertainty the "new normal".
With so much changing – and so quickly – it became impossible for regulators to identify, understand and combat risk on their own. With this realisation, the approach to risk management itself has changed with the onus shifting firmly onto banks.
The buck stops here
Certainly, there has been a clear shift from risk-based regulation (where regulators have lead the charge in managing risk), to regulation-based risk management – where such bodies continue to play a vital role in anticipating, managing and mitigating against risk, but where the prime responsibility now lies with banks.
This shift has come hand-in-hand with the industry gaining a better understanding (learnt the hard way, alas) of risk itself; both its many different forms and the holistic approach required to adequately forecast and manage its impact. It is now clear that mere compliance with regulation is no longer sufficient. Regulations cannot adapt quickly enough to changing conditions and new types of risk (for example, the fast evolution of cybercrime), and only banks hold the key to quickly identifying and immediately addressing risk in their own business environments.
Best practice makes perfect
So what does this actually entail? Without a doubt, banks – already subjected to a variety of market pressures – face a large task in designing and implementing resources (systems, people and processes included) to effectively manage their respective risk profiles – internally, as well as with regards to counterparties, geographies and markets. Furthermore, this all needs to be achieved while simultaneously complying with broader industry guidelines and governance, and ensuring risk management techniques are integrated into business strategies in a manner that minimises the impact on commercial success.
If banks are to succeed in this environment – successfully shouldering the responsibility of managing risk – then they must instil best practice throughout their organisations and infrastructure, with any robust risk management strategy ultimately hinging on three key factors.
First and foremost, banks must ensure they are positioned to quickly respond to risk scenarios with well-informed decisions. This requires strong data management – removing data silos to eliminate data duplication, inconsistency and incompatibility, and avoid the time wasted on first-step aggregation and reconciliation. A fast response requires immediate access to quality data, giving more time for risk analysis and business decisions.
Of course, even the wisest decisions fall to the wayside if banks don't also have the capability to immediately communicate and implement their chosen course of action. This leads to the second factor; the need for a highly flexible, digitised system – one that also makes it possible to readily provide risk-related reports to regulatory bodies no matter the nature or structure of their request.
That said, infrastructural capabilities cannot tackle risk unless those using them adopt the right attitude – understanding their greater responsibility in today's environment. Certainly, banks of all shapes and sizes need to become much more proactive (irrespective of regulatory demands) in anticipating risk – knowing exactly who their high-risk clients or counterparties are and the nature of that risk. And this goes well beyond the compliance department – risk-awareness and proactive behaviour should be ingrained throughout the organisation.
With so much at stake – from the loss of hard-earned reputations and clients, to sizable fines and penalties – it is time that banks took risk management into their own hands. No easy task, of course, but with the right strategy and technology in place, banks are ideally placed to form the vanguard of this industry.