Technology Strategy for Enterprise Risk Management

BI puts SAS in a unique position to lead the ERM space.

by Peyman Mestchian

The term "enterprise risk management" (ERM) gained prominence in the 1990s but remained ill-defined.

The corporate world, in the wake of high-profile financial scandals at BCCI, Long-Term Capital Management and Barings, was trying to understand these events and prevent a recurrence. The focus of ERM was primarily on what needed to be done, as opposed to how to do it.

High-profile catastrophes at Enron, American Investment Bank and Equitable Life followed, leading to more definition and standardization of risk management practices. There is a clear realization that the isolated treatment of uncertainties does not provide an adequate basis for analyzing the risk implications of business decisions. And finally, new regulations and international standards have resulted in corporate actions to implement ERM processes and systems.

It has taken more than a decade, but we are finally moving from the "what" to the "how." At the heart of this shift is the advancement in risk technology and the realization that ERM requires intensive data management and data analysis capabilities. A proliferation of risk technology solutions has created many additional questions about technology strategies. I have set out below what I believe to be the key ERM technology challenges and how SAS, as a leading provider, is experiencing success in this evolving marketplace.

Current state of risk technology
Many financial services firms have adopted risk management systems to comply with new accounting standards and banking regulations – such as Basel II, Sarbanes-Oxley, and anti-money laundering legislation – as well as internal governance requirements. Consequently, many organizations have piecemeal risk implementations and integration projects running in parallel.

Risk managers generally believe that there is a software package that can handle every regulatory compliance issue. The best-of-breed approach is a classic example of the perfect being the enemy of the good. Everyone pursues what they regard as the perfect solution from their limited perspective, adding up the ticks on the features checklist. For the enterprise as a whole, the inevitable result is a hemorrhaging of time and money on a succession of projects, which produces no resolution.

To deliver an enterprise view of risk that meets all stakeholders' requirements, you have to start with what various parties have in common, not what divides them: information. That means lifting data out of organizational and technological silos, cleaning it up and integrating it.

Recent studies by independent analysts and market observers have assessed the challenges and success factors of implementing risk management systems for various compliance projects. One such study is the Gartner Basel II Risk Management Application Software Magic Quadrant1¹ report.

According to the report, "leaders" are vendors that have a proven track record in Basel II vision and business investment, which indicates they are well positioned for the future. Leaders do not necessarily offer the best products for every customer project, but they do provide solutions that offer relatively low failure risk. Leaders in this market have paired advanced technology with broad offerings or have specific, rich functionality.

An earlier study by consultants Cap Gemini Ernst & Young², focusing on credit risk systems for Basel II, assessed leading risk technology vendors in terms of breadth of solution and ease of implementation. Another study on operational risk management systems by Chartis Research³ assessed vendors in terms of market-share potential and completeness of offering.

In all three reports, SAS is described as a leader in risk management.
 
Why is SAS a leader?
As validated by industry experts and numerous success stories with leading financial institutions, SAS' success in the Basel II technology space is due to its superior execution ability.

SAS has had a head start on most other risk technology vendors. The company's focus on business intelligence (BI) technology has allowed it to quickly develop capabilities that capitalize on the significant market opportunity in risk-based compliance for the financial services industry. Three decades of investment in and development of people, technology and intellectual property related to financial services, analytics and data management has established the foundations for success. To understand this further we need to consider the link between business intelligence and risk intelligence.

Effective business intelligence requires an integrated platform that spans the enterprise to deliver accurate, consolidated business information at the right time, to the right people, in the format they can best use. This needs to be supported by integrated functions and technologies that bring together data from multiple sources, including operational and transactional systems and multiple databases in different formats. The BI platform needs to provide appropriate interfaces and tools for users with profoundly different needs at all levels of the organization. It also needs advanced analytics offering predictive capabilities, such as forecasting, scenario-based simulations and data mining. SAS' strength in meeting these BI requirements is at the heart of its success in risk intelligence.

The future
Of course, it is possible to build an enterprise risk management system and infrastructure using applications from several risk technology, ERP and storage vendors specializing in specific areas. However, the costs of integration and associated change management and project risk make such initiatives unattractive. The business case for ERM withstands the "cost-benefit" test only if an organization can implement a fully integrated risk intelligence platform, drawing from existing data sources and working with complex and heterogeneous IT environments. The platform needs to cover the full spectrum of risks, bringing them together under a single governance umbrella.

The business benefits of an integrated risk technology platform are clear and compelling:
Removal of disputes about whose information is "correct" – resulting in full transparency and auditability of risk and finance data.

Reduced integration and maintenance costs, lowering total cost of ownership while increasing data quality.

Scalability to meet changing needs, irrespective of underlying technology, making it "future-proof."

A vision means nothing without execution, and SAS' experience of delivering and implementing BI software has positioned it as the dominant player in the risk technology marketplace. 

¹ Gartner Research, Magic Quadrant for Basel II Risk Management Application Software, 2005, by David Furlonger and Douglas McKibben, September 16, 2005. The Magic Quadrant is copyrighted September 2005 by Gartner, Inc. and is reused with permission. The Magic Quadrant is a graphical representation of a marketplace at and for a specific time period. It depicts Gartner's analysis of how certain vendors measure against criteria for that marketplace, as defined by Gartner. Gartner does not endorse any vendor, product or service depicted in the Magic Quadrant, and does not advise technology users to select only those vendors placed in the "Leaders" quadrant. The Magic Quadrant is intended solely as a research tool, and is not meant to be a specific guide to action. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. 

² Cap Gemini Ernst & Young, Base 2 Systems Survey, February 2004.

³ Chartis Research, Operation Risk Management Systems 2005, www.chartis-research.com .