After the storm: A new era for risk management in financial services
 

After the storm: A new era for risk management in financial services

on

  • 484 views

After the storm: a new era for risk management in financial services is an Economist Intelligence Unit report that explores the way in which risk management is changing at the world’s financial ...

After the storm: a new era for risk management in financial services is an Economist Intelligence Unit report that explores the way in which risk management is changing at the world’s financial institutions in response to the global financial and economic crisis. The report is sponsored by SAS. The author was Phil Davis and the editor was Rob Mitchell.

■ The Economist Intelligence Unit bears sole responsibility for the content of this report. Our editorial team executed the online survey, conducted the interviews and wrote the report. The findings and views expressed in this report do not necessarily reflect the views of the sponsor. Our research for this report drew on two main initiatives:

■ We conducted an online survey of 334 executives from around the world in March 2009. The survey included companies of a variety of sizes from the financial services industry. All respondents have a primary focus on risk management.

To supplement the survey results, the Economist Intelligence Unit conducted a programme of qualitative research, comprising a series of in-depth interviews with industry experts.

Statistics

Views

Total Views
484
Views on SlideShare
484
Embed Views
0

Actions

Likes
0
Downloads
13
Comments
0

0 Embeds 0

No embeds

Accessibility

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

After the storm: A new era for risk management in financial services After the storm: A new era for risk management in financial services Document Transcript

  • After the stormA new era for risk management infinancial services Sponsored by SAS
  • After the storm: A new era for risk management in financial services About this research A fter the storm: a new era for risk management in financial services is an Economist Intelligence Unit report that explores the way in which risk management is changing at the world’s financial institutions in response to the global financial and economic crisis. The report is sponsored by SAS. The author was Phil Davis and the editor was Rob Mitchell. The Economist Intelligence Unit bears sole responsibility for the content of this report. Our editorial team executed the online survey, conducted the interviews and wrote the report. The findings and views expressed in this report do not necessarily reflect the views of the sponsor. Our research for this report drew on two main initiatives: l We conducted an online survey of 334 executives from around the world in March 2009. The survey included companies of a variety of sizes from the financial services industry. All respondents have a primary focus on risk management. l To supplement the survey results, the Economist Intelligence Unit conducted a programme of qualitative research, comprising a series of in-depth interviews with industry experts. We would like to thank the many people who helped with this research. June 2009 © The Economist Intelligence Unit Limited 2009
  • After the storm: A new era for risk management in financial services Executive summary A lmost two years since the financial crisis first emerged from the sub-prime mortgage business in the US, the repercussions continue to be felt. Despite unprecedented efforts by governments, central banks and regulators, the cost to the global economy of the failure of the financial system will be huge, and felt over an extremely long period. According to the latest Financial Stability Report from the International Monetary Fund, global bank losses are likely to exceed US$4.1 trillion. In their efforts to bail out the banking system and deal with wider economic pain, public debt for the G20 countries will mushroom to more than 100% of GDP in 2014. The way in which financial institutions identify, assess and manage risks continues to fall under intense scrutiny. The crisis has exposed the shortcomings of a whole host of risk techniques, and major soul-searching is now underway to ensure that the risk and controls functions in financial institutions will be more robust, authoritative and accountable in future. Regulators, too, are eyeing the risk capabilities of the industry carefully, and considering the systemic implications of certain approaches to manage risk more thoroughly. In March 2009, the Economist Intelligence Unit conducted a global survey on behalf of SAS to assess how risk management is changing in the world’s financial institutions. The survey attracted 334 participants from across the financial services industry. The report that follows presents the highlights of those survey findings along with related additional insights drawn from industry experts and commentators. Key findings from this research include the following: We are seeing an erosion of confidence and a retreat from risk. The survey reveals an industry that appears shell-shocked by the events of the past 18 months. There is limited confidence in the ability of financial institutions to increase revenues or profitability over the next year, while less than one-third of respondents say that they are seeing confidence returning to their business. This erosion of confidence is having a dramatic impact on the kind of business that financial institutions are willing to carry out, with a significant retreat to familiar, domestic business. More than two-thirds say that they expect a greater focus on domestic business over the next year, while less than one-third are increasing their focus on overseas developed markets, and just over one-third on emerging markets. © The Economist Intelligence Unit Limited 2009
  • After the storm: A new era for risk management in financial services Transparency is a common theme to proposed reforms. Asked about the initiatives that they thought would be most beneficial to the financial services industry, respondents pointed to greater disclosure of off-balance-sheet vehicles, stronger regulation of credit rating agencies, and the central clearing for over-the-counter derivatives as being three among the top four that have the greatest potential benefit. Although these are wide-ranging initiatives, there seems to be a common theme across all of them – namely, the requirement for greater transparency and disclosure to facilitate the more effective management of systemic risk issues. Reforms to risk management within institutions will be far-reaching and comprehensive. Just one- third of respondents think that the principles of risk management in financial services remain sound. In response to this, more than half of respondents say that they have conducted, or plan to conduct, a thorough overhaul of their risk management. Key areas of focus, according to respondents, are likely to be improvements to data quality and availability, the strengthening of risk governance, a move towards a firm-wide approach to risk, and the deeper integration of risk within the lines of business. Respondents say that the need for reform is being driven, in particular, by executive management, but regulators are also starting to apply the pressure. Culture, expertise and data are the weak points in companies’ risk management. Asked about the barriers to improving risk management in their organisation, respondents point to poor data quality, lack of expertise and a lack of risk culture among the broader business as being the most significant. This theme of a lack of understanding between the risk function and the business certainly seems to be significant. Asked about the areas where communication most needs improvement, respondents point to the channels between the risk function and lines of business as requiring most attention. Elsewhere, just 40% of respondents say that the importance of risk management is widely understood throughout the company, suggesting that more needs to be done to embed risk culture and risk thinking more deeply in the institution. Respondents lack confidence in the ability of supervisors to formulate the right response to the crisis. Just three in ten respondents are confident that policy-makers can formulate an effective response to the crisis. Regulators, in particular, are singled out as being a potential weak spot, with less than one-third rating their handling of the financial crisis as good or excellent (a lower proportion than for either central banks or governments). In terms of specific regulatory interventions, respondents are most confident in the ability of regulators to maintain overall stability of the financial system, with 53% expressing confidence here. Far lower proportions are confident in their ability to monitor credit ratings and prevent conflicts of interest (18%); secure the implementation of compensation policies that support long-term shareholder value (24%); or co-ordinate the work of regulators across borders (25%). © The Economist Intelligence Unit Limited 2009
  • After the storm: A new era for risk management in financial services How do you currently rate the prospects for your business in the following areas over the next year? Rate on a scale of 1 to 5, where 1=Significantly positive and 5=Significantly negative. (% respondents) 1 Significantly positive 2 3 4 5 Significantly negative Revenue growth 10 24 36 24 8 Profitability 9 24 35 25 7 Share price 5 16 47 26 6 Relations with customers 13 43 32 11 1 Relations with investors 7 35 40 14 4 Capital adequacy 15 36 32 15 3 The business environment for financial services No one working in the financial services sector will forget the near-collapse of the financial system in late 2008. Just as market participants during the oil shock of the early 1970s and the crash of 1987 were shaped by their experiences, so will be those who witnessed the stomach-turning events of last year. Since those momentous times, there have been intermittent signs of recovery in the world economy and predictions of doom have become fewer and less frequent. Nevertheless, confidence is a fragile creature. Financial services firms are still reeling from events and are mostly gloomy over the outlook for the next 12 months. In an Economist Intelligence Unit global survey of 334 financial services executives, just one third expect a positive outlook for revenues and profitability, while one quarter expect a positive outlook for their share price. One of the reasons for such pessimism is that globalisation, one of the key drivers of revenue for multinational firms, is now seen to be under pressure. Amid a breakdown in global systems and trade, there will be a much greater focus on domestic business, and 68% of market participants questioned say that they expect an increased focus on business in their home market. North American respondents, in particular, say they will be much more focused on domestic markets and much less on emerging markets than other regions. Alan Keir, global head of commercial banking at HSBC, notes that the lack of trust across borders has become evident in everyday business. “Open accounts are working less and less well and old-fashioned letters of credit [where the bank acts as an insurer] are coming back into fashion,” he says. This, of course, raises concerns about financial isolationism. Retrenchment to domestic markets is seen by many politicians and regulators as a way of containing risk, but in reality the opposite could well be true. The events of the early 1930s, when the adoption of restrictive trade policies exacerbated the Great Depression, are clear indicators of the dangers. Over the next year, what change do you expect to the geographical focus of your organisation? Please rate on a scale of 1 to 5, where 1=Significantly greater focus and 5=Significantly less focus. (% respondents) 1 Significantly greater focus 2 3 4 5 Significantly less focus Domestic market 35 32 26 5 2 Overseas developed markets 6 22 33 21 18 Overseas emerging markets 12 25 29 15 19 © The Economist Intelligence Unit Limited 2009
  • After the storm: A new era for risk management in financial services Trust in the rule-makers? A second reason why respondents may appear pessimistic about their future prospects could be that they generally lack confidence in the ability of regulators and governments to deal with the current situation. Indeed, just 29% believe that policy-makers can form an appropriate response to the crisis. Central banks are generally believed to have handled the crisis more creditably than governments or regulators. Only one in five respondents thinks that industry itself has handled the situation well. There is, however, very limited confidence in the ability of regulators to create a healthy, functioning rules-based system. One-quarter or fewer have confidence in the ability of regulators to co-ordinate their work across borders; put in place appropriate skills and expertise to keep pace with innovation in banking; monitor risks associated with the shadow banking system; monitor credit rating agencies; or mandate implementation of long-term oriented compensation policies. Alan Greenspan, former chairman of the US Federal Reserve, says such expectations are, in any case, not realistic. “The important lesson is that bank regulators cannot fully or accurately forecast whether, How would you rate the handling of the financial crisis by the following stakeholders? Rate on a scale of 1 to 5, where 1=Very good and 5=Very poor. (% respondents) 1 Very good 2 3 4 5 Very poor Central bank in your country/Eurozone region 9 34 31 22 4 Government in your country 7 28 28 27 10 Regulators in your country 7 25 30 24 14 Your industry sector 4 24 37 26 9 Your business 10 42 33 13 2 Your management team 15 46 27 9 4 Your risk management function 13 47 30 7 2 How confident are you in the ability of the regulators in the country in which you are based to carry out the following initiatives? Rate on a scale of 1 to 5, where 1=Very confident and 5=Not at all confident. (% respondents) 1 Very confident 2 3 4 5 Not at all confident Maintain overall stability of the financial system 14 39 28 15 4 Co-ordinate work of regulatory bodies across borders 4 21 38 27 9 Put in place sufficient skills and expertise to keep pace with innovation in the banking system 4 26 33 25 12 Restore trust in the banking system 9 34 37 17 3 Monitor risks associated with shadow banking system 5 23 32 28 12 Require implementation of compensation policies that support long-term shareholder value creation 3 21 36 28 12 Monitor credit rating agencies and prevent conflicts of interest 3 16 32 35 14 Mandate greater disclosure from hedge funds 4 25 34 23 14 Implement effective guidance on liquidity management 7 35 35 19 4 Ensure that off-balance sheet vehicles are reflected in minimum capital requirements 5 31 37 19 7 © The Economist Intelligence Unit Limited 2009
  • After the storm: A new era for risk management in financial services for example, sub-prime mortgages will turn toxic, or a particular tranche of a collateralised debt obligation will default, or even if the financial system will seize up,” he says. “A large fraction of such difficult forecasts will invariably be proved wrong.” Nevertheless, financial services firms do still put a great deal of trust and faith in rule-makers. More than half are confident in the ability of regulators to maintain the overall stability of the financial system, while 43% are confident in their ability to restore trust in the banking system. An over-arching faith in regulators and other government agencies should not, however, supplant a thorough re-appraisal of the mistakes of the past few years. Indeed, a great many firms are now questioning their actions and examining whether their whole approach was flawed or whether just a few key aspects of their approach to risk were founded on unsound principles. Have conventional risk measures failed? A highly sophisticated, globalised financial system has evolved over the past decade or so, with ever more participants using a proliferation of instruments and strategies. Despite the complicated nature of the system, the core belief persisted that the market knew best and where this proved not to be so, existing risk measures would over-ride instinct. But doubts have, unsurprisingly, crept in and many market participants and stakeholders believe that existing risk measures have failed to some degree. Certainly this is what the survey reveals: less than one-third thinks, for instance, that the principles of risk management in financial institutions remain sound. Peter Bernstein, founder of Peter L Bernstein Inc, an economic consultancy, says the doubts stem from the shocking events of the recent past. “Does history really tell us anything about what lies ahead? Relying on the long run for investment decisions is essentially relying on trend lines. But how certain can we be that trends are destiny? Trends bend. Trends break. Today, in fact, we have no idea where any trend lines might begin or end, or even whether any trend lines still exist.” Harvard professor identifies six risk errors Mr Bernstein, however, is principally referring to general market events. For individual companies and markets, it may well be possible to pinpoint specific issues where risk measures failed. In the March 2009 edition of Harvard Business Review, René Stulz, professor of banking and monetary economics at Ohio State University, identifies six ways in which risk has been mismanaged. First, he says, there has been an over-reliance on historical data. The calamitous fall in asset prices and demand was unimaginable to anyone basing their thinking on post-war performance alone. Second, narrow daily measures, such as value at risk—probably the single most important measure in financial services—have underestimated risks. The assumption behind a daily measure of risk is that action can be taken quickly (through an asset sale) to remove that exposure. But, as the current crisis has shown, this is impossible when markets seize up. Significantly, in the survey, one third of respondents think that tools such as VaR have been shown to be no longer fit for purpose. Investment funds have perhaps felt the effects of the failure of such risk measures most keenly. Permal, the New York-based fund of hedge funds group, with US$21bn in funds under management, © The Economist Intelligence Unit Limited 2009
  • After the storm: A new era for risk management in financial services says that some of its underlying funds were caught out. “VaR was widely estimated at 4-5% a month,” says Omar Kodmani, senior executive officer at Permal. ”This rose by factors of two and three in the fall of 2008, showing you can’t rely on absolute numbers. In other words, you can’t operate in a vacuum.” Third, according to Prof Stulz, knowable risks have been overlooked. Managers who work in silos may appreciate the risks to which they personally are exposed. But they may not see how risks being run elsewhere in the business could affect them too. It could be argued that credit risk – the risk measure most exposed by the devastation of CDO and CLO values – is a knowable risk that has been overlooked. For even though banks were buying and selling (and holding) billions of dollars of asset-backed instruments, there was little apparent will to assess the risks involved. The problem stems, in large part, from the time when banks started to sell their credit risk on to third-party investors. Until the summer of 2007, most investors, bankers and policy-makers assumed that this evolution represented progress that was beneficial for the economy. In April 2006, the International Monetary Fund said that the dispersion of credit risk “has helped to make the banking and overall financial system more resilient”. Bankers were happy to earn fees at almost every stage of the “slicing and dicing” chain and further benefited from regulators permitting them to make more loans. By early 2007, financial officers at the UK’s Northern Rock, for instance, estimated that they could extend three times more loans, per unit of capital, than five years earlier. But many of the new products were so specialised that they were never traded freely. An instrument known as “collateralised debt obligations of asset-backed securities” was a case in point. Instead of being traded, most were sold to banks’ off-balance-sheet entities such as structured investment vehicles (SIVs) or left on the books. It was in this sense that credit risk was effectively overlooked by many banks. Please indicate whether you agree or disagree with the following statements. (% respondents) Strongly agree Slightly agree Neither agree nor disagree Slightly disagree Strongly disagree The US government should never have repealed the Glass-Steagall Act 19 27 37 9 9 There needs to be a move away from the “originate-to-distribute” banking model and a return to old-fashioned, “buy and hold” banking 17 37 23 15 8 Regulators should intervene directly in compensation policies 12 25 16 22 25 The principles of risk management in financial services remain sound 8 25 25 30 13 The Basel II capital framework has been shown to be deficient 13 34 33 14 5 Risk measures such as VaR have been shown to be no longer fit for purpose 12 36 31 16 5 Not enough human judgment is being applied in risk management decisions 31 42 17 8 2 Risk management does not have sufficient authority in our organisation 16 30 24 18 11 Analytics have become too complex to assist in business decision making 12 35 28 19 5 Mark-to-market practices have exacerbated the financial crisis 26 34 20 12 8 It is not possible adequately to manage risk in financial services 4 18 20 29 29 We have relied too heavily on external providers for credit ratings 24 36 22 11 7 © The Economist Intelligence Unit Limited 2009
  • After the storm: A new era for risk management in financial services Fourth, concealed risks have been overlooked. Incentives have proved particularly dangerous in this regard. Some traders and lenders may have enjoyed taking risky decisions that, in the short term, appeared to be working out well for their organisations. But they had no incentive to report any downside risk. Nassim Taleb, professor of risk engineering at New York University and the author of The Black Swan: The Impact of the Highly Improbable, explains the conflict. “Take two bankers. The first is conservative and produces one annual dollar of sound returns, with no risk of blow-up. The second looks no less conservative, but makes US$2 by making complicated transactions that produce a steady income, but are bound to blow up on occasion, losing everything. While the first banker might end up out of business, under competitive strains, the second is going to do a lot better for himself.” Prof Taleb says this mismatch between the bonus payment frequency (typically, one year) and the time to blow up (about five to 20 years) is the cause of the accumulation of positions that hide risk by betting massively against small odds. Fifth, there has been a failure to communicate effectively. It is dangerous, says Prof Stulz, when risk managers are so expert in their field that they lose the ability to explain in simple terms what they are doing. The board may develop a false sense of security by failing to appreciate the complexity of the risks being managed. Finally, risks have not been managed in real time. Organisations have to be able to monitor fast- changing markets and, where necessary, respond to them without delay. Yet rapid and sophisticated responses are not necessarily an answer in themselves. Just under half of respondents (47%) think that analytics have become too complex to assist in decision-making, while almost seven in ten think that not enough human judgment has been applied in risk management. Charles Beach, regulation and compliance partner at PricewaterhouseCoopers, says that while quantitative risk measures remain an important part of the equation, a balanced and more forward- looking approach, including the use of scenario-based assessments, should be developed to ensure that assumptions embedded in risk measures are continually challenged. “As the appetite for more aggressive risk-taking begins to return to the banking industry, those firms that have truly embedded risk management into the fabric of business decisions will garner a clear competitive advantage,” he explains. From the setting of strategy and risk appetite through to the execution and response to the changing risk profile, the terms “risk management” and “management” should be considered synonymous, he argues. Regulators ignored key risk types While few traditional measures have fallen completely out of favour, there is broad agreement that regulation has been highly deficient. Six out of ten respondents, for instance, agree that mark-to- market accounting practices have made the crisis worse. Meanwhile, just under a half of respondents (47%) think that the Basel framework has been shown to be deficient. What should be taken into account, however, is that Pillar 2 of the framework, which deals with the regulatory response to the rules on capital adequacy, had yet to be fully implemented when the crisis struck. Moreover, any assumption of its deficiency should be balanced against the variation in interpretation among domestic regulators of the framework. © The Economist Intelligence Unit Limited 2009
  • After the storm: A new era for risk management in financial services Robert Mark, a board member at the US-based Professional Risk Managers’ International Association and chief executive of Black Diamond Risk, agrees. He says that the Basel framework ignored funding liquidity, which essentially led to the downfall of Bear Stearns. “Basel looked at market, credit and operational risk, but not at the controls on funding liquidity,” says Mr Mark. This encouraged many institutions to ignore this risk, or assign it a low priority. Mr Kodmani, for one, says some hedge funds “fell short” on liquidity risk management. “There were no bids for a lot of instruments and the bid-offer spreads were meaningless. This meant the estimated value of portfolios did not work.” Typically, banks have put risk into three buckets: market, credit and operational. This suggests that liquidity is not generally considered to be a separate risk. But other risk types have also been largely overlooked in financial services. Steve Fowler, chief executive of the Institute of Risk Management, says that traditional banking risk measures are wrong-headed. “Operational risk, for a start, is an invented term,” he says. “It is seen as ‘everything apart from market and credit risk’ and therefore doesn’t really matter.” He argues that strategic risk is the key issue, whatever the industry. “In other industries, they look at business objectives and strategies and align risks to those objectives. Bankers need to talk in those terms too. Maybe there needs to be more cross-fertilisation between banks and other industries.” Others argue that flexibility, rather than trying to identify the precise risk measure, is the critical issue. BankWest, the Perth-based bank that was bought by Commonwealth Bank of Australia last year, says there are no “right” or “wrong” models. “The important thing is to keep updating the models to reflect greater understanding,” says Ed Bradley, head of strategic risk analytics. “We monitor the performance of our models on a monthly basis. If the model deteriorates in predictive power, we recalibrate or rebuild the model.” Over-reliance on rating agencies Just as regulators are condemned for their lack of foresight, so ratings agencies are singled out for criticism. More than six out of ten respondents think that they have relied too heavily on external sources for ratings. Some have posited that the problem lies in the fact that rating agencies were never genuinely independent, but are essentially an arm of the same government that wished to see the expansion of home ownership. “Given that government-approved rating agencies were protected from free competition, they would not want to create political waves by rocking the mortgage boat, engendering a potential loss of their protected profits,” says US economist Stan Liebowitz. Given that these conflicts of interest were well publicised, perhaps market participants ought to have been more wary. “Too few firms performed due diligence of their own,” says Mr Mark. “There was certainly an over-reliance on them.” They should be just one of many inputs, he argues. Financial institutions acknowledge the need for risk reform A series of influential papers from 2008 highlight areas of complacency with regard to risk management in many firms and product areas. The Senior Supervisors Group, Financial Stability Forum, Institute of International Finance and Basel Committee all pointed to deficiencies in many financial institutions’ risk management practices. © The Economist Intelligence Unit Limited 2009
  • After the storm: A new era for risk management in financial services How would you rate the performance of your institution over the past year across the following categories of risk management? Rate on a scale of 1 to 5, where 1=Very effective and 5=Not at all effective. (% respondents) 1 Very effective 2 3 4 5 Not at all effective Not applicable Credit risk 18 36 26 11 7 2 Market risk 11 36 28 16 8 2 Operational risk 11 41 31 14 2 1 Regulatory risk (eg, risk of non-compliance) 21 41 27 8 21 Economic capital 13 37 28 13 3 5 Modelling risk (risk of bad models) 8 26 38 17 5 7 Liquidity risk 20 40 22 12 4 2 Fraud 19 35 28 10 4 4 Solvency risk 22 36 27 6 4 5 Underwriting/actuarial risk 10 25 30 10 2 22 Ability to aggregate risk at firm-wide level 9 29 35 19 6 3 Market participants themselves tend to agree with the criticism. Asked about the performance of their institution across risk categories, more than half think they are effective at managing regulatory risk, credit risk, liquidity risk, fraud and solvency risk. But they admit that their biggest weaknesses are in modelling risk and the ability to aggregate risks at a firm-wide level. Pressure to improve risk management comes most forcefully – by a significant margin – from executive management, which has realised that inadequate risk measures from this point onwards could be fatal to their companies. Many are keen to bolster their capabilities. GRS, a consultancy, forecasts that, by the end of 2009, half of financial services companies will have a risk professional on the board, compared with only 12% in July 2008. Mr Beach says that this is critical, since effective risk management starts with strategy. “Although aggressive risk-taking is currently out of favour, it will remain essential to value creation,” he explains. “Explicit definition of the firm’s risk appetite is a fundamental part of developing an effective strategy. How risk appetite is then cascaded into risk limits and risk-adjusted performance measurement is equally important to ensure that front-office decision-making is truly linked to strategy. Responsibility for risk management must lie primarily with the business, not over-relying on the risk function.” Others argue that firms must go further than strong board representation. Mr Fowler says that while bank chief executives are no longer worried about losing their jobs for not taking enough risk and not keeping up with competitors, little will change. One alternative, he says, could be shareholder structures, one in which voting rights are conferred to long-term holders of equity only. “This group would have more influence on policy and is likely to have a longer-term view,” he says. One thing is sure: tackling risk issues will be a high priority for the foreseeable future. The aspect of risk management that is likely to attract the most investment over the next 12 months is processes and10 © The Economist Intelligence Unit Limited 2009
  • After the storm: A new era for risk management in financial services policy. These types of incremental investment, however, are distinct from developing new approaches, which requires a great deal of thought, research and determination to really implement change. New ideas and approaches to key risks Given the weaknesses of some existing risk systems, there is likely to be less reliance in the future on off-the-shelf solutions, received wisdom and box-ticking behaviour in general. Many institutions have signalled that they are prepared to be radical and that they are even ready to welcome a substantial increase in regulation. The survey findings reveal, for instance, that just under half of respondents think that the US should not have repealed the Glass-Steagall Act, which separated commercial from investment banking. Michael Lafferty, chairman of the International Retail Banking Council, believes that they are on the right track. “Politicians and regulators may come to realise that far too much attention has been given to salvaging the failed universal bank model and not enough to finding a better retail banking model for the future,” he says. “That model should be the stand-alone and highly disciplined retail bank.” Surprisingly, one-third even believes that regulators should intervene in compensation policy. However, Mr Greenspan is cautious about micro-management by regulators, arguing that regulators should allow the market to work, not impede or second-guess it. “In my experience, what supervision and examination can do is set and enforce capital and collateral requirements and other rules that are preventative and do not require anticipating an uncertain future.” Regulatory body sets out key issues l Take into account the technical limitations of risk metrics, models and techniques, such as VaR. Mr Fowler agrees that constant attempts to measure everything The Institute of International Finance report summarises the key are doomed to failure. The logical conclusion of the process, he elements that firms should incorporate into their risk management says, is to arrive at a single number – an exercise which would be practices: meaningless. “Not everything that has value can be measured and l Ensure that risk management does not rely on a single risk not everything that can be measured has value,” he explains. “How methodology and analyse group-wide risks on an aggregate basis. can you numerically measure the long-term viability of a firm?” Mr Beach agrees that developing an integrated view of risk l Ensure that the appropriate governance structure that has across all risk types is essential. “A major challenge is to build a been adopted and is actually implemented in managing day-to- comprehensive, joined-up perspective of the bank’s risk profile day business. across risk classes, products, counterparties and different Rating agencies are beginning to focus more on the quality of dimensions of the portfolio such as geography and industry a firm’s enterprise risk management practices. For example, in sector. Risk information flows should be improved. Risk reports 2008, Standard & Poor’s now reviews the quality of enterprise risk provided to the board and senior management need to be capable management as a new component in its reviews of credit ratings. of focusing on the firm’s current key risk issues rather than Performing classical siloed risk management will only qualify as providing a torrent of data which cannot realistically be digested “adequate” in the new S&P model. and used as a basis for effective decision-making.” Risk reporting Mr Mark says the agencies would undoubtedly have had AIG should be embedded into day-to-day management reports in mind when they changed their methodology. “It was the AIG rather than provided as a separate stream, he argues. Primary Financial Products area that created significant problems for AIG,” responsibility for this should lie with the business, supported by he says. “They were the ones who wrote all the CDSs. The other parts the risk function. of AIG were essentially working well.”11 © The Economist Intelligence Unit Limited 2009
  • After the storm: A new era for risk management in financial services Indeed, there are indications that regulators and policymakers, despite the political furore and public anger, are not likely to intrude on company structures or compensation models. The key issues, according to the Financial Stability Forum of national and international financial regulators, revolve around the integration of risks, the measurement of risk (four out of ten in the survey, incidentally, say they practice insufficient stress testing) and the lack of constant challenges to accepted methods in light of changing market conditions. A new template for rating instruments? There are signs that the existing model for rating agencies could be starting to change. Independent rating agencies, such as Egan-Jones, are starting to penetrate the market as the inherent conflict of interest in the traditional model – where issuers pay for ratings and the agencies are rewarded on volume – is called into question. There are several drivers for a shift towards ratings paid for by investors rather than issuers, says Sean Egan, founding principal of Egan-Jones. First, the Securities and Exchange Commission now officially sanctions independent agencies, conferring credibility to companies like Egan-Jones. Second, US Congress may soon debate a bill that would hold rating agencies liable for misleading ratings due to problems with the models. Next, a series of whistleblowers have claimed that they were fired or demoted after refusing to raise a rating or expressing doubts over one. Finally, fiduciaries may be at risk if they rely on conflicted agents. Mr Egan points to the potential competitive edge that banks and other investors can gain from independent ratings. “Our ratings on Lehman Brothers were three to four notches below the big three agencies just before it collapsed. Any money market fund using our rating would have known not to hold Lehman commercial paper at that time.” Transparency is the key to all progress Many of the initiatives that respondents think would be most effective are related to transparency – for example, greater transparency in off-balance sheet vehicles and interventions around valuation are believed to be potentially effective. But what does transparency actually mean? For Mr Mark, transparency means a firm having easy-to-understand policies and then communicating them clearly. “It is important to identify and disclose the biggest risks that the business faces,” he says. “It could be the top 50 and the board focuses on the top ten of these. The management committee perhaps focuses on the top 20. If something goes wrong, at least people will be smarter and wiser about the risks they are taking and can do more next time.” Every strategy should have a projected measure of risk and return, he says, and then a firm can measure risk-adjusted performance. In addition, every mathematical model that can impact financials should have an independent group reviewing it. “If a strategy has been developed on the trading floor, it should have independent eyes to sign it off,” he adds. In this sense, transparency is a prerequisite for good governance. And good governance is about quality of management. Perhaps the only way for an outsider or a stakeholder to distinguish between firms with good or poor risk management is by the quality of their people. “If an organisation has less12 © The Economist Intelligence Unit Limited 2009
  • After the storm: A new era for risk management in financial services Which of the following proposed reforms do you think will be most beneficial to the financial services industry? Select up to three. (% respondents) Greater disclosure of off-balance-sheet vehicles 34 Stronger regulation of credit rating agencies 31 Caps on leverage 29 Central clearing for over-the-counter derivatives 28 Expansion of regulatory oversight to other areas of financial services not currently regulated 25 Enhanced valuation processes for complex or illiquid assets 24 Increases to required capital reserves 23 Liquidity cushions 23 Enhanced disclosure around valuations 22 Reform of compensation systems (eg, bonus payment structures) 20 Greater clarity about where regulatory responsibilities lie 16 Supervisory colleges of cross-border regulators 10 Other, please specify 5 qualified and less well paid people with poorer career paths in the risk function than somewhere else, then I would certainly trust it less,” says Mr Mark. The risk function demands “a voice” For measures to be effective, the risk function must be allowed to have a significant voice in the organisation. At present, just under half of respondents think that risk management does not have sufficient authority in their organisation. This is, in part, a reflection of the personality types that tend to populate risk functions. Risk management recruitment consultants say that HR departments are asking them for candidates with stronger interpersonal skills who would have the courage and the influence to stand up to bullish colleagues. “It’s a problem, because people are either very good at numbers or they’re very good with people and to get someone with both is not easy,” says Dean Spencer from Barclays Simpson, a recruitment consultancy. However, Mr Fowler argues that the function’s role within the business is as important as the type of people employed to discharge it. Its role should be to embed risk, he says, making sure that every individual has personal objectives linked to risk. This has rarely been the case in the past. “In banking, the risk function takes prime responsibility for dealing with risk, rather than for embedding risk management throughout the business and this surely can’t be a sensible approach. The key is risk awareness and creating a risk culture, not letting a single function deal with it as if it were a business line in itself.” Implementing change – the process has already begun Some institutions have already established working groups – sometimes at board level – and have been13 © The Economist Intelligence Unit Limited 2009
  • After the storm: A new era for risk management in financial services Which of the following statements best describes your organisation’s current status with the review of its risk management in response to recent market events? (% respondents) We have already conducted a thorough overhaul of our risk management 32 We intend to conduct a thorough overhaul of our risk management, but have not yet completed it 21 We have made some minor changes to our risk management 27 We intend to make some minor changes to our risk management, but have not yet completed them 12 We do not intend to make any changes to our risk management 5 We are waiting to see how the market develops before deciding whether to review our risk management 3 considering new and revitalised risk management ideas for some time. Others, meanwhile, are waiting to see how markets in general and their market in particular will evolve. More than half of respondents say that their firm has either completed or intends to complete a thorough overhaul of its risk management post-crisis. Respondents from Asia-Pacific are most likely to have already conducted a thorough overhaul of risk management. Liquidity – closing the black hole The most common initiatives being taken to strengthen liquidity risk management – the black hole that was only discovered from the middle of 2007 onwards – are increasing liquidity buffers, strengthening information systems and improving co-ordination between the treasury function and lines of business. Permal, for one, has strengthened its approach to liquidity. It has upgraded liquidity risks and put them on a par with market risk. It has imposed new standards and checklists, partly in response to investor demand. “Requests for liquidity reports have escalated,” says Mr Kodmani. “Investors want to know how quickly we can get out of hedge funds.” Permal has instituted guidelines on how much of its What steps is your organisation taking to improve its management of liquidity risk? Please select all that apply. (% respondents) Increasing liquidity buffers 48 Strengthening information systems 45 Improving co-ordination between treasury function and lines of business 44 Strengthening contingency funding plans 38 Strengthening liquidity stress testing capabilities 37 Conducting independent review of internal policies 31 Strengthening management of intra-day liquidity risks 26 Improving management of foreign currency flows 23 Other, please specify 3 We are not taking any steps at present 5 Dont know/Not applicable 814 © The Economist Intelligence Unit Limited 2009
  • After the storm: A new era for risk management in financial services portfolio it can liquidate over one, three, six and 12 months. On the other hand, Permal is not adjusting its market models. It says that drawdowns in the last quarter of 2008 were in line with expectations posited by its head of risk and within tolerance levels, given strong performance over the long term. It is, though, looking more carefully at the operations and infrastructure of its underlying portfolio funds. “We always had requirements regarding operational monitoring of managers, who their counterparties are, the number of counterparties, the custodian and so on,” says Mr Kodmani. However, the checklist has been extended to all managers following the collapse of Lehman Brothers and the disintegration of the Madoff empire. “We are now both comprehensive and proactive, updating all files regularly.” Firms get stressed – and target more stringent testing Respondents to the survey pointed to stress-testing as a particular area of weakness in their processes. The solutions that they are working on to improve in this area include increasing the severity of scenarios used, greater involvement of senior management and strengthening the link with decision-making. Mr Mark says stress-testing is a common area of failure. “Superficial stress testing is not sufficient. It really has to be done in a smart way.” He typically runs eight stress tests when working with clients. Some are hypothetical and some are based on known scenarios. “In the hypothetical tests, I create a group of individuals from a company and they meet every two weeks. They consider what happens if energy prices rises, if interest rates fall, if forex moves. We look at the possible effects on strategic reserves, assets, strategies and so on. BankWest, on the other hand, says that meaningful stress testing was always a facet of the risk process but only in the past few months has it received more visibility. “In an extended benign environment, to go to senior executives and ask them to consider a scenario where the property Which of the following steps is your organisation taking to strengthen stress testing? Please select all that apply. (% respondents) Increasing severity of scenarios used 48 Increasing involvement of senior management in stress testing 39 Introducing or increasing frequency of ad hoc stress testing 36 Strengthening link between stress testing and decision-making 36 Increasing use of hypothetical scenarios 35 Increasing investment in data and IT infrastructure to enhance risk information 27 Introducing or increasing use of scenarios that take a firm-wide perspective 25 Introducing or increasing frequency of reverse stress testing (ie, working back from a plausible outcome) 19 Other, please specify 1 We are not taking any steps at present 10 Don’t know/Not applicable 1215 © The Economist Intelligence Unit Limited 2009
  • After the storm: A new era for risk management in financial services Over the next year, what do you expect to be the three key areas of focus in the management of risk in your organisation? Select up to three. (% respondents) Improving data quality and availability 41 Improving governance of risk 33 Developing “firm-wide” approach to risk 29 Embedding risk management within lines of business 28 Better and more sophisticated analytics 27 Improving communication and understanding between risk function and lines of business 24 Strengthening technology infrastructure 24 Linking risk management more closely with corporate performance 22 Building risk expertise at management level 19 Regulatory compliance (eg, with Basel II or Solvency II) 11 Recruiting experienced risk professionals 8 Training of existing risk professionals 8 Other, please specify 2 market drops 25% is a tough ask,” says Mr Bradley. “Now everyone is interested.” So for BankWest, overhauling risk management has applied less to systems and more to communication and integration of the systems into the strategic framework. Data quality and availability are also being addressed by a large number of respondents to the survey. Some have seen that this is a key issue for many years, although few can have known that they were preparing for a financial downturn where data quality suddenly became a precious commodity. BankWest, for instance, has been investing heavily to improve its data quality since 2001, when meeting Basel requirements was recognised as a key performance indicator. At that time, it established a committee to monitor and improve data. “The impacts of this initiative are simple, yet critical from a risk perspective,” says Mr Bradley. The bank is rolling out a project, for example, to input data just once and have it populate the whole system, while the system also rejects illogical inputs stemming from human error. Sometimes, meaningful change is little more than tightening up existing risk measures. BankWest says that it always discouraged 100% mortgage lending to retail customers, but occasionally waived requirements. This is now proscribed. Obstacles to the new risk environment Respondents to the survey consider the biggest barriers to improving risk management to be insufficient quality of data, lack of risk culture in the organisation and a lack of risk expertise. Paul Strebel, the Sandoz Family Foundation Professor, says that lack of expertise is a recurring issue. “Boards dominated by professional board members, CEOs and former CEOs of other companies have failed dismally. They bring no industry expertise to the table, have little of their own wealth at stake,16 © The Economist Intelligence Unit Limited 2009
  • After the storm: A new era for risk management in financial services What are the three main barriers to improving risk management in your organisation? Select up to three. (% respondents) Insufficient quality of data 40 Lack of expertise 32 Lack of risk culture among broader business 31 Inadequate systems 30 Poor communication across organisational silos 30 Lack of investment 20 Insufficient data 17 Lack of authority for risk management 16 Lack of support among senior executives 14 Insufficient risk representation at senior management level 11 Insufficient risk representation at non-executive board level 7 Other, please specify 2 are too easily identify with the CEO/chairperson and go along with an increasing concentration of power at the top. At the financial institutions with the biggest losses, the lack of industry expertise on the board was almost always associated with a dominant CEO and/or chairperson.” Meanwhile, John Legrand, managing director of Europe, Middle East and Asia Pacific at Eagle Investment Systems, says that data, or lack of it, is the over-riding reason why risk systems fail to fulfil their purpose. “One of the significant reasons for executives’ lack of insight into their business, and their failure to understand the risks to which they were exposed, is the absence of a cohesive data management strategy.” He notes that when Lehman Brothers filed for bankruptcy in September, it took some buy-side firms weeks to establish their exposure. “But those firms with a centralised data management system integrated with their accounting system(s) were able to determine their exposure in a matter of hours.” He argues that there is a tendency for firms to think that, just by implementing a risk or performance system, they are gaining control and visibility. However, this is not the case if they fail to have control over the data that feeds these systems. One reason for this gap is that data management does not always make it to the top of the pile in terms of funding for new technology. “Unfortunately, it is typically a crisis situation that causes firms to reassess their current strategies and look for ways to improve quality and prepare for other unforeseen obstacles,” says Mr Legrand.17 © The Economist Intelligence Unit Limited 2009
  • After the storm: A new era for risk management in financial services Conclusion I t is often only in times of crisis that genuine change does occur. Change is not merely desirable now, it is critical to firms’ survival and their ability to compete in a marketplace that will inevitably become more rules-based and hence more complicated. The best firms with the brightest people embrace change. They will adapt and prosper in the new environment. As we have noted in this report, confidence is currently low, and a lack of trust exists alongside a lack of self-confidence. There is a great deal of hand-wringing currently taking place in the industry, and soul-searching questions are now being asked. It is clear that some firms are asking themselves whether everything that they previously believed to be right, is actually wrong. On closer examination it is evident that many of their risk processes were sensible, and even sophisticated, but sometimes poorly executed. At the same time, there have been some inexcusable omissions, such as the lack of focus on liquidity and a dearth of processes around compensation. But those who argue that we are fighting a losing battle and that it is impossible to adequately measure risk are probably not going to prosper in the years to come. The truth is, firms need to improve what they do, not abandon their principles. They are increasingly recognising the need for new ideas and approaches. They should strike while the iron is hot, and before old and inadequate ways become embedded again. Many firms have started the long haul already and are revamping, replacing and recalibrating systems and processes, despite the difficulties that cultural change confers. Successful firms know that the answer to the big question of the past several months is not to take risk off the table. Without taking clever, calculated, controlled risks, no firm can be successful. Risk, in the final analysis, is not a function within a firm, it is the firm.18 © The Economist Intelligence Unit Limited 2009
  • Appendix After the storm:Survey results A new era for risk management in financial services Appendix: Survey results In spring 2009, the Economist Intelligence Unit conducted a survey of 334 senior risk professionals from the financial services industry. Our sincere thanks go to all who took part in the survey. Please note that not all answers add up to 100%, because of rounding or because respondents were able to provide multiple answers to some questions. How do you currently rate the prospects for your business in the following areas over the next year? Rate on a scale of 1 to 5, where 1=Significantly positive and 5=Significantly negative. (% respondents) 1 Significantly positive 2 3 4 5 Significantly negative Revenue growth 10 24 36 24 8 Profitability 9 24 35 25 7 Share price 5 16 47 26 6 Relations with customers 13 43 32 11 1 Relations with investors 7 35 40 14 4 Capital adequacy 15 36 32 15 3 Over the next year, what change do you expect to the geographical focus of your organisation? Please rate on a scale of 1 to 5, where 1=Significantly greater focus and 5=Significantly less focus. (% respondents) 1 Significantly greater focus 2 3 4 5 Significantly less focus Domestic market 35 32 26 5 2 Overseas developed markets 6 22 33 21 18 Overseas emerging markets 12 25 29 15 19 Please indicate whether you agree or disagree with the following statements. (% respondents) Strongly agree Slightly agree Neither agree nor disagree Slightly disagree Strongly disagree We expect business conditions to improve within the next 12 months 10 40 18 21 12 We have outperformed our peers during the financial crisis 27 29 23 14 7 We are seeing confidence returning within our business 7 24 31 29 8 We are seeing confidence returning to our investor base 5 21 36 29 10 We are seeing confidence returning to our customer base 5 26 30 31 9 We are confident that policy-makers can formulate an appropriate response to the credit crisis 6 23 29 30 1219 © The Economist Intelligence Unit Limited 2009
  • Appendix After the storm:Survey results A new era for risk management in financial services How would you rate the handling of the financial crisis by the following stakeholders? Rate on a scale of 1 to 5, where 1=Very good and 5=Very poor. (% respondents) 1 Very good 2 3 4 5 Very poor Central bank in your country/Eurozone region 9 34 31 22 4 Government in your country 7 28 28 27 10 Regulators in your country 7 25 30 24 14 Your industry sector 4 24 37 26 9 Your business 10 42 33 13 2 Your management team 15 46 27 9 4 Your risk management function 13 47 30 7 2 Which of the following proposed reforms do you think will be most beneficial to the financial services industry? Select up to three. (% respondents) Greater disclosure of off-balance-sheet vehicles 34 Stronger regulation of credit rating agencies 31 Caps on leverage 29 Central clearing for over-the-counter derivatives 28 Expansion of regulatory oversight to other areas of financial services not currently regulated 25 Enhanced valuation processes for complex or illiquid assets 24 Increases to required capital reserves 23 Liquidity cushions 23 Enhanced disclosure around valuations 22 Reform of compensation systems (eg, bonus payment structures) 20 Greater clarity about where regulatory responsibilities lie 16 Supervisory colleges of cross-border regulators 10 Other, please specify 520 © The Economist Intelligence Unit Limited 2009
  • Appendix After the storm:Survey results A new era for risk management in financial services How confident are you in the ability of the regulators in the country in which you are based to carry out the following initiatives? Rate on a scale of 1 to 5, where 1=Very confident and 5=Not at all confident. (% respondents) 1 Very confident 2 3 4 5 Not at all confident Maintain overall stability of the financial system 14 39 28 15 4 Co-ordinate work of regulatory bodies across borders 4 21 38 27 9 Put in place sufficient skills and expertise to keep pace with innovation in the banking system 4 26 33 25 12 Restore trust in the banking system 9 34 37 17 3 Monitor risks associated with shadow banking system 5 23 32 28 12 Require implementation of compensation policies that support long-term shareholder value creation 3 21 36 28 12 Monitor credit rating agencies and prevent conflicts of interest 3 16 32 35 14 Mandate greater disclosure from hedge funds 4 25 34 23 14 Implement effective guidance on liquidity management 7 35 35 19 4 Ensure that off-balance sheet vehicles are reflected in minimum capital requirements 5 31 37 19 7 Which of the following statements best describes your organisation’s current status with the review of its risk management in response to recent market events? (% respondents) We have already conducted a thorough overhaul of our risk management 32 We intend to conduct a thorough overhaul of our risk management, but have not yet completed it 21 We have made some minor changes to our risk management 27 We intend to make some minor changes to our risk management, but have not yet completed them 12 We do not intend to make any changes to our risk management 5 We are waiting to see how the market develops before deciding whether to review our risk management 321 © The Economist Intelligence Unit Limited 2009
  • Appendix After the storm:Survey results A new era for risk management in financial services Please rate the following issues in terms of the challenge they pose to your business. Please rate on a scale of 1 to 5, where 1=Significant challenge and 5=Not a significant challenge. (% respondents) 1 Significant challenge 2 3 4 5 Not a significant challenge Not applicable Credit risk 35 31 17 5 10 3 Market risk 28 39 19 8 51 Operational risk 14 28 35 15 8 Regulatory risk (eg, risk of non-compliance) 12 23 29 22 13 1 Economic capital 10 25 33 17 10 4 Modelling risk (risk of bad models) 12 22 29 20 9 8 Liquidity risk 21 28 24 14 12 2 Fraud 7 21 22 28 19 3 Solvency risk 8 17 22 21 27 5 Underwriting/actuarial risk 9 14 18 22 16 21 Ability to aggregate risk at firm-wide level 11 29 25 21 12 2 How would you rate the performance of your institution over the past year across the following categories of risk management? Rate on a scale of 1 to 5, where 1=Very effective and 5=Not at all effective. (% respondents) 1 Very effective 2 3 4 5 Not at all effective Not applicable Credit risk 18 36 26 11 7 2 Market risk 11 36 28 16 8 2 Operational risk 11 41 31 14 2 1 Regulatory risk (eg, risk of non-compliance) 21 41 27 8 21 Economic capital 13 37 28 13 3 5 Modelling risk (risk of bad models) 8 26 38 17 5 7 Liquidity risk 20 40 22 12 4 2 Fraud 19 35 28 10 4 4 Solvency risk 22 36 27 6 4 5 Underwriting/actuarial risk 10 25 30 10 2 22 Ability to aggregate risk at firm-wide level 9 29 35 19 6 322 © The Economist Intelligence Unit Limited 2009
  • Appendix After the storm:Survey results A new era for risk management in financial services What steps is your organisation taking to improve its management of liquidity risk? Please select all that apply. (% respondents) Increasing liquidity buffers 48 Strengthening information systems 45 Improving co-ordination between treasury function and lines of business 44 Strengthening contingency funding plans 38 Strengthening liquidity stress testing capabilities 37 Conducting independent review of internal policies 31 Strengthening management of intra-day liquidity risks 26 Improving management of foreign currency flows 23 Other, please specify 3 We are not taking any steps at present 5 Dont know/Not applicable 8 Which of the following steps is your organisation taking to strengthen stress testing? Please select all that apply. (% respondents) Increasing severity of scenarios used 48 Increasing involvement of senior management in stress testing 39 Introducing or increasing frequency of ad hoc stress testing 36 Strengthening link between stress testing and decision-making 36 Increasing use of hypothetical scenarios 35 Increasing investment in data and IT infrastructure to enhance risk information 27 Introducing or increasing use of scenarios that take a firm-wide perspective 25 Introducing or increasing frequency of reverse stress testing (ie, working back from a plausible outcome) 19 Other, please specify 1 We are not taking any steps at present 10 Don’t know/Not applicable 1223 © The Economist Intelligence Unit Limited 2009
  • Appendix After the storm:Survey results A new era for risk management in financial services Over the next year, what do you expect to be the three key areas of focus in the management of risk in your organisation? Select up to three. (% respondents) Improving data quality and availability 41 Improving governance of risk 33 Developing “firm-wide” approach to risk 29 Embedding risk management within lines of business 28 Better and more sophisticated analytics 27 Improving communication and understanding between risk function and lines of business 24 Strengthening technology infrastructure 24 Linking risk management more closely with corporate performance 22 Building risk expertise at management level 19 Regulatory compliance (eg, with Basel II or Solvency II) 11 Recruiting experienced risk professionals 8 Training of existing risk professionals 8 Other, please specify 2 What are the three main barriers to improving risk management in your organisation? Select up to three. (% respondents) Insufficient quality of data 40 Lack of expertise 32 Lack of risk culture among broader business 31 Inadequate systems 30 Poor communication across organisational silos 30 Lack of investment 20 Insufficient data 17 Lack of authority for risk management 16 Lack of support among senior executives 14 Insufficient risk representation at senior management level 11 Insufficient risk representation at non-executive board level 7 Other, please specify 224 © The Economist Intelligence Unit Limited 2009
  • Appendix After the storm:Survey results A new era for risk management in financial services Between which of the following functions do you think that communication most needs improvement in your organisation? (% respondents) Risk function and lines of business 47 Risk function and executive management 21 Risk function and finance function 8 Risk function and non-executive board 5 Risk function and treasury function 5 Within risk function (ie, between credit risk managers, market risk managers and operational risk managers) 12 Other, please specify 2 Which of the following statements applies to your Which one of the following stakeholders is currently exerting organisation’s risk management over the past year? greatest pressure on your organisation to improve risk Please select all that apply. management? (% respondents) (% respondents) We have not done enough to manage risk across organisational silos Executive management 41 38 We have not carried out sufficient stress testing Regulators 40 20 We have not done enough to aggregate risk at a firm-wide level Investors 33 9 We have lacked technical risk expertise at a senior level in organisation Non-executive directors 31 6 We have relied too heavily on external ratings Governments 23 6 We have relied too heavily on risk models Customers 22 5 We have relied too heavily on risk measures such as VaR Central banks 20 4 We have lacked technical expertise in the risk function Rating agencies 17 3 We have not used credit scoring and other models in the past Other, please specify 13 2 No one is currently exerting pressure 8 Which one of the following statements best describes your company’s approach to enterprise risk management (ERM)? (% respondents) We have an ERM strategy that is well-formulated across the business and fully implemented 16 We have an ERM strategy that is well-formulated across the business, with a clear timetable for implementation 12 We have an ERM strategy in place but it is not well communicated across the business or between departments 26 We have an ERM strategy in place but it is not a fully developed concept and there is no clear timetable for implementation 18 We don’t have an ERM strategy in place but we plan to introduce one in the short-term 11 We have no plans to introduce an ERM strategy 8 Dont know/Not applicable 1025 © The Economist Intelligence Unit Limited 2009
  • Appendix After the storm:Survey results A new era for risk management in financial services In which one area of risk will your business invest the most in the next 12 months? (% respondents) Internal risk management, methodology, processes, policy and organisation 19 Credit risk management 16 Operational risk management 13 Integrated risk management 10 Risk data infrastructure 9 Liquidity risk management 9 Asset and liability management 6 Business intelligence 6 Market risk management 5 Underwriting/actuarial risk 2 Anti money-laundering 1 Fraud 1 Other, please specify 1 Which one of the following best describes the level of understanding of risk management within your business? (% respondents) The importance of risk management is widely understood throughout the company 40 There is limited understanding but we are providing training to all employees to improve this 35 There is little understanding of risk management among employees other than those whose primary function is risk management 2526 © The Economist Intelligence Unit Limited 2009
  • Appendix After the storm:Survey results A new era for risk management in financial services Please indicate whether you agree or disagree with the following statements. (% respondents) Strongly agree Slightly agree Neither agree nor disagree Slightly disagree Strongly disagree The US government should never have repealed the Glass-Steagall Act 19 27 37 9 9 There needs to be a move away from the “originate-to-distribute” banking model and a return to old-fashioned, “buy and hold” banking 17 37 23 15 8 Regulators should intervene directly in compensation policies 12 25 16 22 25 The principles of risk management in financial services remain sound 8 25 25 30 13 The Basel II capital framework has been shown to be deficient 13 34 33 14 5 Risk measures such as VaR have been shown to be no longer fit for purpose 12 36 31 16 5 Not enough human judgment is being applied in risk management decisions 31 42 17 8 2 Risk management does not have sufficient authority in our organisation 16 30 24 18 11 Analytics have become too complex to assist in business decision making 12 35 28 19 5 Mark-to-market practices have exacerbated the financial crisis 26 34 20 12 8 It is not possible adequately to manage risk in financial services 4 18 20 29 29 We have relied too heavily on external providers for credit ratings 24 36 22 11 7 About the respondents In which region are you personally based? Which of the following best describes your title? (% respondents) (% respondents) Board member 5 CEO/President/Managing director North America 26 16 Asia-Pacific 26 CFO/Treasurer/Comptroller 8 Western Europe 24 CIO/Technology director Middle East and Africa 11 3 Other C-level executive Eastern Europe 8 10 Latin America 5 SVP/VP/Director 25 Head of Business Unit 6 Head of Department 11 Manager 12 Other 527 © The Economist Intelligence Unit Limited 2009
  • Appendix After the storm:Survey results A new era for risk management in financial services In which sub sector of financial services does your What is your main functional role? organisation operate? Select all that apply. (% respondents) (% respondents) Business line Retail banking 18 26 Group risk management Corporate banking 16 26 Finance Asset management/custodian 16 22 Credit risk management Investment banking 12 21 Operational risk management Private banking/wealth management 8 21 Market risk management Capital markets 7 20 Compliance Broker/dealer 4 16 Internal audit Trading 4 14 Treasury Life insurance 2 13 Other, please specify Mutual fund 11 10 Investment consulting 9 Private equity/venture capital What are your organisations global assets in US dollars? 9 (% respondents) Real estate/leasing 8 Under $1bn Property and casualty insurance 21 7 $1bn to $9.9bn Hedge fund 17 6 $10bn to $24.9bn Pension fund trustee 10 6 $25bn to $49.9bn Reinsurance 7 6 $50bn to $99.9bn Stock exchange/trading system 7 4 $100bn to $149.9bn Other, please specify 5 9 $150bn to $199.9bn 4 $200bn to $249.9bn 4 Over $250bn 2628 © The Economist Intelligence Unit Limited 2009
  • Whilst every effort has been taken to verify theaccuracy of this information, neither The EconomistIntelligence Unit Ltd. nor the sponsor of this report canaccept any responsibility or liability for reliance by anyperson on this white paper or any of the information,opinions or conclusions set out in the white paper.Cover image - © Photodisc/Getty Images
  • LONDON26 Red Lion SquareLondonWC1R 4HQUnited KingdomTel: (44.20) 7576 8000Fax: (44.20) 7576 8476E-mail: london@eiu.comNEW YORK111 West 57th StreetNew YorkNY 10019United StatesTel: (1.212) 554 0600Fax: (1.212) 586 1181/2E-mail: newyork@eiu.comHONG KONG6001, Central Plaza18 Harbour RoadWanchaiHong KongTel: (852) 2585 3888Fax: (852) 2802 7638E-mail: hongkong@eiu.com