20/20 vision of risk
Banks must act now to gain a holistic view of risk
By Laura Hutton, Director of Banking Solutions – Fraud and Financial Crime, SAS
During the bull markets of the 1990s and early 2000s, trading floors grew rapidly while back- office and risk functions were left struggling to keep up. The post-crisis financial sector couldn’t look more different, with compliance, visibility of risk and speed of access to information top of the agenda.
As a result, many banks are realizing the controls put in place to detect trader error, indiscipline and fraud are inadequate. Most are based on simple, rules-based key risk indicators (KRIs), which are only applied at transaction or event level, such as the booking and cancelation of a trade, irregular logins, or failure to take annual leave.
While all of these behaviors may indicate a trader trying to conceal a position, they are also frequently triggered as part of ‘business as usual’. With risk officers receiving upwards of 15 reports a day (often in the form of Excel spreadsheets and each relating to different KRIs), how can they begin to understand which triggers indicate true risk and which are just ‘noise’?
This cloudy view of risk is compounded by the siloed nature of the control systems and groups that generate and manage these KRIs. For example, existing systems cannot automatically cross-reference across control areas such as HR, operational risk, credit risk and IT or, indeed, look at activity across products or over the course of weeks, months or years.
Yet well-practiced rogue traders can go to great lengths to avoid detection, spreading their activities across multiple products, portfolios and systems. Joining up the dots to reveal complex patterns of behavior that differentiate genuine risk from everyday occurrences is, therefore, like looking for the proverbial needle in a haystack – more down to luck than judgment.
In addition, while banks hold vast quantities of data, it is not always in the best shape. Often, data labels are inconsistent and trade-level information is missing or incorrect. This can lead to increased noise, with lots of alerts being triggered unnecessarily; for example, because counterparty reference data is out of date.
Room for improvement
Since the huge losses of rogue traders such as Société Générale’s Jérôme Kerviel and UBS’s Kweku Adoboli have been exposed, banks are increasingly realizing this siloed and reactive approach is not up to scratch.
In addition, many banks are focused on improving data quality, believing this to be the first step to an effective risk-detection system. While data quality is fundamental to good insight, a data quality improvement program could take banks 10 years or more to complete, meaning another decade of low visibility and high risk.
Banks need a system that can use advanced methods to accurately detect risk while overcoming the challenges associated with poor data quality and ‘noise’ generated by existing control systems. A best-of-breed approach to improving risk management is a virtuous circle of data-driven detection and exploration, with a focus on enabling banks to ingest, calculate, explore and prioritize data in a timely manner.
Detection: Looking up through the data
Data-driven risk-detection creates a holistic, single view of risk and prioritizes high-risk entities – traders, desks, books, behaviors – for further investigation. There are three key stages to this approach:
Ingest the data
Multiple data sources – from the front and back offices, risk functions, HR, IT and across the organization – should be ingested to create a single view. There needs to be flexibility to enable new data sources to be easily integrated over time. At this stage, banks can also use sophisticated methods to identify data quality issues.
Create a holistic view
Once data sources are ingested, a single control framework can be created that links all existing KRIs and trade information together. Through this, new KRIs can be developed and deployed as needed. Information can then be viewed at entity level – for example, by trader, product, desk or book – over any given period of time.
Apply sophisticated analytics and build an aggregated picture of risk
The final piece of the puzzle is to apply a range of detection techniques to build an aggregated picture of risk. Techniques such as peer group and outlier analytics can be used to reduce noise by understanding what normal trading behavior looks like. Furthermore, data linking can be applied to identify and understand relationships between entities in the data, such as traders’ relationships with their books, counterparties and with each other
Exploration and understanding: Looking down through the data
Analytics cannot be applied blindly; it is imperative to combine business knowledge and understanding with analytical methods. This hybrid method offers the optimum solution, enabling a bank to find both known and unknown risks. While data- driven detection of behaviors known to be risky is essential, it is equally important to be able to quickly and easily drill down through the data, explore key areas of risk that have not previously been considered and then investigate further.
Using in-memory processing and data visualization, best-of-breed technologies give users the power to ask questions on the fly, with no reliance on IT. Millions of lines of data can be analyzed in seconds, with the results presented in a user-friendly and highly visual way.
With the regulators piling increasing pressure on the banks to gain better control of the trading floor and wipe out bad practice, the existing controls simply will not suffice. For many in the investment community, the prospect of taking a completely new approach is a daunting one. But a staggered approach – plugging holes with new KRIs and focusing predominantly on data quality issues – leaves banks vulnerable and blind to the true face of their risk.
With the threat of financial crime and the risk of human error never far away, along with increasing regulatory scrutiny and capital requirements, time is of the essence to put effective risk detection processes in place. Banks must therefore move quickly to gain a holistic view of their data to truly understand and manage operational risk, before they suffer financial and reputational losses.
Find out how capital markets firms can turn an investment in must-have regulatory-compliance technologies into an opportunity to drive business improvements.