Risk management: Total cost of ownership

Significant, sustainable cost savings are now possible in the new world of integrated, enterprisewide risk management 

Risk types overlap noticeably and since the different categories of risk now converge more readily than before, it is more and more difficult – and expensive – to continue the isolated treatment of single risk types in various risk silos. A good example of convergence is a credit default swap (CDS). A CDS is created and valued based on a company’s debt, but the price fluctuates during a single trading day, so the market risk and credit risk intersect. This example illustrates the fact that financial institutions are no longer simply originating deals and holding assets. Additionally, the linkage between counterparty default and liquidity risk has become more obvious. Today, those new risks are being packaged and traded in the financial markets, resulting in even greater complexity. For financial institutions, this complexity requires greater speed, more flexibility and keener governance – all facilitated by a robust and scalable technology environment.

As risks evolve, and in order to keep up with new instruments, assumptions, business strategies and models, and changing regulatory requirements - a winning risk management strategy will require banks and financial organizations to: identify all areas of risk, recognize those areas of greatest threat, determine how they interact, and utilize the most flexible technologies and processes to mitigate risk.

Breaking the risk silos 
Risk management is usually viewed as four distinct areas: credit risk, market risk, operational risk, and asset-liability. But today, there is an increasing realization within the financial services industry that the traditional, silo-based approach to managing risk adds little value to the organization when compared to the enormous cost of maintaining the silos. When times were good and financial markets were up - it was a bit like “a million here, a million there.” The silo-based approach increases the cost of system purchase and implementation, consulting, upgrading and ongoing maintenance. And, the costs grew year by year. Of course, the investment and purchase price for risk management solutions and services were only the beginning; the real money was still ahead in the life-cycle costs associated with running risk silos. This is called the total cost of ownership (TCO).

The time has come for CEOs, CROs and CIOs to rethink the current pattern of spending and investing. And industry analysts agree. Bart Narter, Senior Vice President of Celent, an international financial services strategy consultancy, was quoted in November 2008 as saying, "The financial crisis means that banks around the world must get more from their software providers and are demanding full solutions from a single contact.”

Rather than pour all of the money into expensive life support and maintenance for an aging and cumbersome risk management architecture, why not set a little aside for a hedge on a brighter future? Provide an incubator fund that nurtures a new breed of transparent risk management, taking its cue from modern technology to significantly reduce costs, while being more flexible and closer to risk management customers – both internal and external – and setting new standards for innovation.

In the past, risk management projects required at least one to two years, were very costly because of the time commitment, and carried challenges caused by business, internal political and human resource changes during that time period. Today, those challenges may cause change requests, which result in frustrations, further delays and costs before a project’s completion. For banks, insurers and financial services providers that may be deploying a number of separate risk systems to cover the siloed risk types, the TCO view favors enterprise risk management (ERM) systems like - SAS^® Risk Management for Banking or SAS Risk Management for Insurance - over a mixture of risk systems. This ERM framework provides sustainable reductions in both capital and operating expenses.

Based on the success of SAS Credit Risk Management for Banking, the drivers for the next generation of SAS industry risk offerings will include the ability to deliver an integrated and scalable risk management solution. That is, a solution that allows customers to deploy across specific workflow risk applications, including areas such as asset and liability management, fair value, market risk management, credit risk management and integrated risk-based capital assessments (like economic capital calculations). SAS Risk Management for Banking is an integrated, configurable solution that supports current market requirements for risk management applications as well as providing a platform to handle future requirements. Plus, the solution’s functionality includes risk assessment, risk monitoring, modeling, stress testing, risk aggregation and allocation, and reporting. SAS Risk Management for Banking is a complete ERM solution for risk areas that include Basel II, market risk, operational risk, economic capital, asset liability management and liquidity risk. Coupled with market-leading SAS data management capabilities - and the unique SAS knowledge and expertise in analytics and statistics gained over the past three decades – SAS Risk Management for Banking is an outstanding, end-to-end ERM solution for leading-edge risk management technology.

From a capital and operating expenditures point of view, the implementation, day-to-day operation and upgrades and maintenance of diverse risk systems require a great deal of expense. Dealing with the shortcomings of this complex landscape means overcoming:

• Various end-of-day time behaviors.
• Different data models in each system.
• No common data management.
• Different relational databases.
• Risk figures calculated in each risk silo that rarely relate or match, causing error-prone manual data processing.

How a TCO view could change the view on risk management
A complete TCO analysis is not readily available because of the existing diversity of risk management systems in the various risk silos. A TCO analysis in risk management would help banks, insurers and financial services providers identify the true cost of their risk systems before they invest further. It would help them identify the shortcomings of their current system.

Also, a TCO analysis would help organizations evaluate what they actually pay to operate their risk management systems in terms of hard costs for hardware, software, services, and service-level agreements, as well as costs such as personnel time, downtime, maintenance, upgrades and enhancements. SAS and other industry experts estimate that data management and data cleansing costs, which are mandatory prerequisites to all further tasks (including risk calculation, modeling and archiving, still consume 70 percent of the risk management TCO. That leaves only 30 percent of the total cost of ownership for setup, operation, support, maintenance and upgrades of the current risk systems.

This ratio of capital to operating expenses has grown tremendously as the amount of data needed to support both risk and performance calculations have grown. This ratio will continue to grow for banks with updates to directives like Basel II or Sarbanes-Oxley, and for insurers with directives like Solvency II. The current, estimated daily global growth of digital information is 15 petabytes. In areas like Basel II, it is already a common practice for larger institutions to manage terabytes of data.

Risk departments are growing in size and importance in today’s business. A proper TCO analysis before deployment can help identify where costs can be streamlined and reduced sustainably. Additionally, since risk management is evolving from a pure, ex-post controlling discipline to a more ex-ante bank steering discipline, a TCO analysis will help build the case to move the organization toward a strategy that combines risk management with performance management for a more strategic discipline. This demands better integrated technologies and solutions, such as ERM, to provide better process-efficiency in risk management. It’s a win-win situation for all involved parties to move toward an ERM-driven organization.

Example of TCO reductions in the area of market risk
Here, an example of how savings could be achieved by deploying ERM in the area of market risk. In order to replace a mature, expensive black-box risk engine, it is important to know that SAS does not need a separate relational database like other risk engines. This reduces the costs to run and maintain the overall market risk engine. Also, the data model in SAS Risk Management for Banking supports the various risk types simultaneously, so there is no need for cost- and time-consuming reconciliation of disparate risk figures born by the current use of different data models. This also takes out another large cost factor in the current cost equation.

With this, SAS fulfills two prerequisites of modern risk management: In order to reduce complexity, all risk calculations should be based and reside on the same data model, as well as on the same database.

In addition, SAS needs significantly fewer processors (up to 70 percent) on servers compared to existing risk engines. This eliminates another big cost block – both during the investment phase and later in day-to-day operations. Also, the end-of-day processes need a shorter window compared to other market risk engines. This means that banks could release more capital in Far East trading when those markets open because the end-of-day processes are already finished at the European bank headquarters. On a 10-year horizon, the savings on this could be worth a couple of million dollars US.

Conclusion
Banks and financial services organizations will evolve and switch to an enterprisewide view of all operations, rather than stay with the siloed approach to risk management that also contributed to the current crisis. This means applying technology at a business level rather than in isolation. As such, banks and financial services organizations need to review processes and systems that can streamline administration and help achieve operational excellence. Having an enterprisewide risk management system in place, coupled with proven and flexible data management, will make banks and financial services organizations less dependent on people, reducing the risk of human fallibility as well as increasing transparency and auditability.

As the scalability, flexibility and reliability of end-to-end ERM solutions continue to increase, the motivation for moving from the current mixture of various risk systems is becoming stronger. The decision often can be viewed as a trade-off, with the cost and risk of migration toward an ERM landscape on one side, and ongoing operational costs and lack of flexibility to operate their current, disparate risk management systems on the other side.

SAS and other industry experts estimate that data management and data cleansing costs, which are mandatory prerequisites to all further tasks (including risk calculation, modeling and archiving, still consume 70 percent of the risk management TCO. That leaves only 30 percent of the total cost of ownership for setup, operation, support, maintenance and upgrades of the current risk systems.

In addition to a much lower TCO, one of the biggest advantages of moving to an ERM comes from increased application agility and flexibility across the various risk types: credit, market, operational liquidity and asset-liability management. A modern ERM risk platform - like SAS Risk Management for Banking or SAS Risk Management for Insurance - enables banks, insurers and financial services providers to deliver new capabilities faster and at a significantly lower cost than risk silos operating on diverse, legacy risk management systems.

The savings can be tremendous and free valuable resources for greater innovation and a competitive advantage. Organizations should look for turning points in their environments, such as impending upgrades or initiatives like Basel II or Solvency II, as logical times to make a change. Also consider evolutionary strategies, which can lower risk by gradually decreasing the dependence on proprietary risk management systems by moving out a few aged risk systems at a time.

Lutz Schiermeyer is the EMEA Banking Risk Business Development Manager for the SAS Global Risk Practice in Frankfurt, Germany. Lutz.schiermeyer@sas.com