EWRM technology vendors are under increasing pressure to demonstrate the relevance of their sophisticated systems to financial institutions. But the rewards are there if they can carve out a new role for themselves. Clive Davidson reports

Enterprise-wide risk management (EWRM) is evolving in both concept and practice. For the past decade, technology suppliers have attempted to provide organisations with tools to quantify market risk, model credit exposures and manage limits.

But the theory and methods have not stood still. Some organisations are extending the concept of EWRM to embrace liquidity, collateral, operational and other risk types, while others are attempting to integrate risk and asset and liability management (ALM) or profit and loss (P&L) with market value and exposure analysis.

But how far can technology go in supporting these broadening definitions of risk? Are there universal underlying principles for all risks that technologists can use to create EWRM systems, or must today’s systems include separate modules for the various risk types? And should the concept of EWRM be extended, or is it now more important that risk technology can scale up to manage exploding trading volumes and provide real-time risk analysis for new e-commerce platforms?

Jacques Sauliere, ATSM: “The only methodology capable of simultaneously addressing the different risks is Monte Carlo”

Although there is no consensus on a definition of EWRM, risk technology specialists have generally been broadening the scope of their products. Some suppliers are doing this through acquisitions. For example, New York-based SunGard Trading and Risk Systems and Toronto-based Algorithmics have bought collateral management systems and credit exposure and limits management technology to add to their product portfolios – most recently, SunGard acquired the RXM (Risk Exposure Management) system from GE Information Systems, while Algorithmics acquired collateral management system supplier Sentry Financial Systems.

Others have been developing modules for themselves. London-based Lombard Risk Management has recently added netting and P&L modules to its FirmRisk system and is currently building a collateral management module. Clearly, the suppliers are moving on from their roots in providing tools for measuring market risk.

Today’s risk management systems should not only cover risk, but also return analysis, insists Willi Brammertz, managing director of Zurich-based Iris Integrated Risk Management, supplier of the RiskPro system. Risk management should be part of an analytical infrastructure that includes profitability, budgets, ALM and treasury, as well as risk and limits controls and risk-adjusted return on capital, he says.

EWRM should draw an overall picture of how a company’s operations can achieve profit targets by taking controllable risks, suggests Alex Tsigutkin, president of New York-based Axiom Software Laboratories. The focus of the technology should not be the specifics of risk methodologies, but should rather provide a framework that enables the control of all types of risks, along with limits management and portfolio performance measurement, he says.

Meanwhile, Francis Neirynck, marketing manager of Paris-based Reuters Risk Management, proposes that EWRM should not only look to analyse a firm’s market and credit risks, but should also play a role in reducing operational risks by supporting the integration of systems and straight-through processing of transactions. Reuters addresses this through an “open systems” approach, using technology standards and open interfaces to its systems, and by offering a suite of products that covers front, middle and back offices, he says. In October, the company opened its Reuters Integration Laboratory in London to develop, test and demonstrate the integration of its data, trading, risk and back-office systems.

Specific risk
Peter Davies, president of New York-based Askari, prefers to define EWRM in terms of covering all of a firm’s activities for a particular category of risk, say market or credit risk, rather than all the risks of the firm. For example, instead of credit risk management focusing only on trading, it should cover loans, investments, etc. “Most organisations do not have all risks being managed in one domain any lower than the group board and shareholder,” says Davies. “A single solution may force too many compromises and challenge too many organisational processes.”

The broadening definition of EWRM has led to a search for, if not underlying principles, at least common methods and technologies that can be applied across various risk types. “The only methodology capable of simultaneously addressing the different risks is Monte Carlo,” says Jacques Sauliere, head of marketing at Paris-based ATSM. “However, this method is time-consuming and too complex to provide a quick understanding of the risk pools.” Therefore, many banks prefer to treat each risk separately while using the same deal and position data, he says.

Tsigutkin says that while credit and market risk have common factors that can be used in calculations, operational, reputation and business-related risks are company-specific and difficult to standardise. But he suggests that portfolio performance provides a common ground for aggregation of various types of quantifiable risks.

Brammertz believes that some risk factors are so intertwined that they should not be separated. “Credit risk builds on the basis of market value,” he says. “Splitting market and credit risk is seen from this standpoint as very artificial.” If a risk management system is designed carefully, it can encompass many risk types within the same calculation processes, he says. For example, RiskPro first generates all events for each contract type, such as cashflows and interest rate adjustments, and then calculates the value, income and sensitivity for each contract at any point in time or any interval.

This is similar to Algorithmics’ Mark-to-Future approach, which uses scenarios that can encompass multiple risk factors to forecast the value of portfolios over time (Risk July 2000, page 40). Other suppliers, such as Askari and North Carolina-based SAS Institute, also look at how the value of portfolios evolves over time. Brammertz claims that RiskPro is designed in such as way that it incorporates ALM modelling in the same framework as risk management.

Expanding scope
But although the suppliers now offer some common methods for integrating risk types, the theoretical understanding and practices for dealing with the various risks are at markedly different stages of development. Many in the industry agree that market risk is largely solved in terms of theory and technology, although within the limitations of the quality and availability of the data. The concepts of credit risk are also well understood, although the technology is not as advanced. Davies suggests that there are, however, some significant exceptions that are not yet well covered, such as private equity, real estate and exploration funds. And more work needs to be done on integrating market and credit risk in systems, as well as extending the scope of systems to include other factors.

Willi Brammertz, Iris: “E-banking must also be controlled”

“The challenge seems to be about consolidating credit risk and market risk, as well as capital markets and corporate lending, on the same system,” says Sauliere. He also believes that there is insufficient consensus on how to manage operational risk for it to be successfully tackled by technology. The recent demise of specialist supplier Operational Risk, which failed to raise funding to survive, appears to confirm that there is not yet a widespread confidence in quantitative approaches to managing operational risk. Few EWRM systems suppliers offer dedicated operational risk management modules – Algorithmics’ WatchDog is one of the exceptions. There are also differences of opinion about how well current systems help with liquidity risk. “I think liquidity risk is the big bear in the woods that emerges every time there is a crisis – and we all act surprised,” says Davies.

The degree to which suppliers are broadening their concept of EWRM is demonstrated by the German software giant SAP (see box, page 20) and
Lombard. The latter’s FirmRisk system features, in addition to value-at-risk, credit exposure and limit calculators, a set of modules that go beyond the traditional risk management coverage to handle netting, collateral management and P&L analysis.

The FirmRisk netting module makes netting information more readily available to traders and risk managers and automatically links trades with their netting factors, Lombard says. Firms can then use this information to manage exposures on a net basis. The collateral module captures the collateral information related to trades and provides mechanisms for its revaluation and tracking through the lifecycle of trades. With its P&L analysis module, Lombard has aimed to provide intra-day reporting for traders and risk managers, giving them the ability to view P&L in terms of individual risk factors.

But EWRM suppliers face other challenges besides how to broaden their systems. One of the most pressing is how to cope with trading volumes that are increasing exponentially in some markets, such as equities and foreign exchange, as more business is being concentrated in fewer trading houses. “There is a technical challenge as volumes put into risk management systems increase dramatically. We have to address the scalability issue,” says Neirynck.

Today’s technology makes it possible to support the EWRM of 2 million financial contracts without compromise and within reasonable costs, says Brammertz. For larger banks, which can have around 10 million contracts, either some compromises have to be made in terms of aggregation of calculations, or they have to make substantial investment in hardware. “If there is no limit in hardware cost, there is no limit to EWRM,” he says.

The move to component-based distributed architectures improves the scalability of systems by enabling firms to parcel out computation to multiple processors and to add hardware incrementally to support increasing volumes. Algorithmics, Lombard and London-based Kronos Software are among those that have adopted this approach.

Testing the scalability of trading and risk management technology in an e-commerce context is one of the main purposes of Reuters’ Integration Laboratory. It aims to create “a bank in microcosm”, where customers and third-party suppliers can install their applications and test them with Reuters’ systems, says its director Rupert Brown, a former head of equity and fixed-income infrastructure at BNP-Paribas. The lab, which is connected to the internet for remote use by Reuters’ global staff, has 70 processing and database servers, multiple client machines and the TIB and Triarch data and messaging backbones. Brown says that while the internet has provided the connectivity for e-commerce, it is now up to technology suppliers to test and demonstrate the interoperability and scalability of their systems to meet the demands of online trading.

In addition to the challenge of volume, EWRM, which was centre stage for many banks during the late 1990s, is having to accommodate e-commerce. “Banks are focusing right now on e-commerce and risk management is less important than before,” says Sauliere. Brammertz agrees that electronic trading and business projects has “diverted minds” from risk. But suppliers believe that this is a passing phase.

Alex Tsigutkin, Axiom: Software vendors should concentrate on converting their systems to active enterprise-level systems

An integral e-role
“There is a view that e-commerce has somehow hijacked the time and budget of institutions,” says Neirynck. “However, it is becoming clear that risk management is an integral part of e-commerce, so the need for EWRM systems has increased.” At its integration laboratory, Reuters is demonstrating how firms can integrate its Kondor+ pricing and position-keeping and KVar+ risk management systems with its electronic trading, order routing and other e-commerce processes.

Sauliere suggests that the migrations to e-commerce will improve risk management, “since the trade information is electronic in its origin and can thus be integrated into EWRM more easily than before”. Brammertz agrees: “E-banking must also be controlled.” In spite of the shift of the spotlight away from EWRM, the inherent risks in e-commerce activities has resulted in more enquiries from potential customers, he claims.

So where do EWRM systems suppliers go from here? There is a growing view that the concept of EWRM has to move on from an isolated middle-office analytical process to something more engaged. “The competition among the suppliers should be about how soon and well they can convert their passive risk management systems to active enterprise-level management systems,” says Tsigutkin.

SAP rises to EWRM challenge

Jens-Peter Jensen, SAP: “We focus on the architecture rather than the engine” Whereas the specialised risk management technology suppliers have steadily moved outwards from market risk analytics to a wider definition of risk management, SAP has approached EWRM from the opposite direction. Based in Walldorf, Germany, SAP pioneered the concept of an integrated suite of corporate business applications that could share data and provide unified and comprehensive management information. Its SAP Banking suite includes modules for strategic planning, financial accounting, cost and management control and is used by many institutions, particularly medium-sized banks in Europe and the Asia-Pacific region. It is in this enterprise management suite that SAP has located its risk management functionality. Risk control is a component of the Bank Analyzer module of SAP Banking. The module also includes limits management, profit and loss analysis, asset and liability management, accounting and regulatory reporting. These mostly operate off a central database that includes trading and non-trading data, such as loans. The advantage of this approach is the consistency of the data and its analysis, says Jens-Peter Jensen, SAP’s banking products manager. “But we recognise that risk management has some different requirements from the other areas,” he says. For example, risk managers want intra-day information, whereas bank managers might only want profit & loss calculations monthly. Therefore, SAP is developing a dedicated risk server that will provide real-time calculations for market risk and credit limits. “However, our approach is to focus on the architecture rather than on the risk engine,” says Jensen. In a SAP implementation, customers could use an engine from a risk specialist if they wished, he says. Risk Analyzer includes mark-to-market and value-at-risk calculations, credit default risk and credit exposure measurement and limits. The architecture allows banks to combine the results of these and other risk calculations with those of Profit Analyzer, which calculates profitability by product, customer or other category to support strategic decision-making. HypoVereinsbank is replacing some of its risk management components from specialised suppliers with the SAP suite. The bank required an open architecture into which it could plug its own applications, such as credit risk models, but which would also provide a consistent and scalable set of core applications that could support its global expansion, says Jensen. In a phased programme, the bank is implementing a country risk management module first, due to go live early next year. “In the last few years, banks have worked on elaborating a comprehensive controlling concept for all types of risk. In the future, methodological enhancements will remain necessary. However, the task of integrating the measurement systems in the bank’s management processes may be even more challenging,” says Jensen.

Client-sensitive
Davies says that there is pressure from customers to move in this direction. “We look at clients’ markets and ask them what they need,” he says. “The answer is often not about risk but about other things: profitability, client reporting, broad and deep management information, tying together financial and management information, etc. We call these systems enterprise risk management systems but they are really large financial MIS [management information system] solutions that integrate economic value.” Askari’s customers want the ability to aggregate information at the enterprise level. They want advanced analytics including, but not exclusively, risks, as well as high-quality reporting, he says.

It is about making the results of EWRM systems more accessible and more actionable outside of the risk management cadre, says Davies. “In significant ways, the risk managers are the very people who do not need [the results of EWRM systems],” he says. Good risk management is part of good management. And if a firm’s clients have good risk management then it has less risk. So it is in the interests of all firms that EWRM is widely available to all. The move to providing risk analytics online, through an application service provider, is a positive step in this direction.

Today’s EWRM systems are vastly more sophisticated than the market risk calculators that introduced the technology to financial institutions. As the industry continues to explore how to balance risk against return in the era of e-commerce, technology suppliers will be under increasing pressure to demonstrate the relevance of their systems to the management of risk. If they succeed, EWRM systems could come to play a central role in firms’ activities.

Back to Top or Back to Enterprise-wide Risk Management Contents

Click here for a printer friendly version of this article