1. Interview of the Year
2 www.finance-monthly.com
Email: andrew.smart@stratexsystems.com | Web: www.stratexsystems.com
software which adds no business value while
the risk management function spends all its
time capturing and managing risk data without
having time to generate meaningful analysis
and insight for decision-making.
In addition to having the wrong conceptual
approach, a lot of operational risk management
technology has poor, unfamiliar user interfaces
with inflexible data structures or data
structures which are incomplete or have in-
built limitations. This means that in a more
dynamic risk environment, these tools put a
straightjacket on the business and encourage
the growth of ad hoc spreadsheet or other
systems to emerge. This significantly reduces
the ability of firms to use risk management
to change and generate insights for decision-
making in a dynamic, changing regulatory
environment where significant growth
opportunities are emerging.
Another key issue that is often seen in
operational risk management technology
solutions is the lack of flexibility in reporting.
A common complaint is “we enter a lot of
management software tools now find that they
have four main challenges:
1. Working with operational risk management
tools designed for the risk team, not the
business;
2. Difficulties in making changes to the
system to reflect changes in the business
environment;
3. Focusing on data capture; and
4. Establishing and sustaining a risk aware
culture when the operational risk manage-
ment software is not ‘fit for purpose’.
It is not uncommon for many firms to have
invested in operational risk management
technology (often a number of years ago) that
was designed for the operational risk team to
manage risk, rather than designed to enable
the business to manage risk as part of its
day-to-day job. This has the effect of limiting
the business value of all risk management
activities: the business become frustrated and
disengaged in the risk management process
because they have to deploy user-unfriendly
In March 2014, Finance Monthly caught up with Andrew Smart, CEO and Founder at
StratexSystems,totalktohimaboutoperationalriskmanagementframeworkandtechnology.
This is what he told us
n the wake of the credit crunch, many
firms rushed to improve their operational
risk management framework and
technology under pressure from their
regulators. As the first green shoots
of economic growth blossom, however,
firms should ask themselves: does our risk
technology support our business strategy?
For many firms, the primary driver of their
operational risk agenda has been the need
to meet the demands of regulators, which
have become more intensive and intrusive
in the wake of the credit crunch. Often the
need to respond to ever increasing regulatory
demands has meant that the crucial emphasis
on enabling and supporting the execution
of business strategy has been lacking. As
the economic environment improves and as
the regulatory emphasis on Conduct Risk
increases, firms need to ensure that their
operational risk management framework and
technology is aligned to, and supportive of, the
delivery of business objectives.
In our experience, many firms that have
implemented traditional operational risk
I
RISK MANAGEMENT
ANDREW SMART
STRATEX SYSTEMS
2. 3
Interview of the Year
data into the system but we cannot seem to
get any information back out”. This focus on
data capture and lack of emphasis (or time)
on reporting, analytics and the generation of
decision-making insight reinforces the view
that risk management is a layer of bureaucracy
which adds little or no business value.
All of these limitations converge to discourage
business engagement in the operational
risk management process, meaning that
the operational risk management agenda
is not aligned to the business strategy and
certainly does not support the execution of
the business strategy. Perhaps, however, the
most important impact of inflexible, rigorous,
traditional operational risk management tools
is that they do not support the emergence
of an organisational culture that embeds
risk management into day-to-day decision-
making. Additionally, few things kill a ‘risk-
aware’ culture faster than the inability of the
operational risk management technology
to provide management information that
is relevant and timely to business decision-
makers. This is particularly true when the
risk environment changes and the technology
prevents the risk framework from being rapidly
adapted to reflect the new environment.
This lack of flexibility and lack of business
focus is particularly damaging given the shift
in regulatory approach, especially with the
creation of the FCA and its Conduct Risk
agenda: moving away from a prescriptive,
rulebook based approach to regulation to one
which emphasises judgement, business model,
practices and culture.
“This philosophical change is important
because in our experience, when things go
significantly wrong in a firm within our remit,
it is not because it hasn’t complied with a set
of narrow regulatory rules, but because there
is a fundamental flaw in the business model,
in the culture or its business practices.” Clive
Adamson, Director of Supervision, FCA,
November 2013.
Using the FCA as an example, it makes
clear that it does not and will not provide a
detailed description of how firms should go
about meeting their regulatory requirements.
About StratexSystems
StratexSystems is the only software company in the world to provide an
integrated, Risk-based Performance solution powered by Microsoft’s
SharePoint platform.
The company’s StratexPoint technology is an integrated Strategy Execution
and Risk Management solution. The solution is comprehensive in nature but
modular in deployment, delivering a high ROI, high user adoption and high
levels of assurance to your Board and Regulator(s) that you are operating
within appetite.
Instead, they want to see firms ‘doing the right
things’.
At StratexSystems we have developed a
technology solution, StratexPoint, which
was designed to embed operational risk
management into business strategy, making
risk appetite a central consideration and
control mechanism for firms as they execute
strategy on a continuous, day-to-day basis.
This focus on business outcomes, from
the business model, business strategy and
operational level enables firms to develop an
approach to operational risk management
which is business enabling, focused on creating
business value rather than a regulatory-centric
approach focused on ticking regulatory boxes.
3. Interview of the Year
4 www.finance-monthly.com
RISK MANAGEMENT IN 2015
Andrew Smart, CEO and Founder at StratexSystems, tells us more about product refinements for
StratexPoint, a Big Data product launch, and the risk of apportioning blame at an individual level
are reflected in regulation and management decision-
making to some extent. However, I would query
whether fundamental questions related to strategy
execution, risk management, risk appetite, conduct
and culture have been learnt, and embedded within
the industry.
What other trends to you predict for
2015 and beyond?
The emerging requirements around the senior
manager regime shows that the direction of travel
is towards assigning responsibility to individuals
within firms and there is clearly a desire to be able to
apportion blame at the individual level.
This poses a challenge not only for the risk
management professionals, but also has implications
from a personal performance management
perspective. Firms are going to have to be more
considered and robust in aligning their personal
performance management practices with overall
enterprise performance, and enterprise risk
management practices.
to shareholders. Often, but not always, these twin
objectives are in conflict because of a silo approach to
risk management; one that focuses on implementing
risk management to comply rather than to protect and
create value.
What new developments will we see in
operational risk management technology
in 2015?
Leveraging Big Data/Big Visualisation capabilities
should be a consideration for all operational risk
vendors, as should mobile. However, as many firms
are still grappling with previous generation ORM
software,whichlacksaconceptuallysounddatamodel,
robust dashboard and reporting capabilities and
does nothing to embed a culture of accountabilities,
I suspect many firms will end 2015 as they started
it, frustrated by their risk management systems and
spending too much time manually manipulating data
in spreadsheets rather than applying their analytical
skills to generating business and risk insights from
their data.
The Bank of England carried out its first
‘Stress Test’ at the end of 2014. In terms
of risk management, are we in a better
shape than in 2008? And what lessons
have we learnt?
Certainly some lessons have been learnt and these
What new products or services have you
rolled out or do you plan to roll out in
2015?
In 2015 we will be enhancing the Policy Management,
Attestation and Risk Event Reporting capabilities of
the solution, StratexPoint. From a mobile perspective
we will be enhancing our offerings for iPad, Windows
Tablets and Smartphones.
We also have an exciting Big Data/Big Analytics
service which we are developing in conjunction with
Innovate UK, formerly the Technology Strategy
Board.
Best practice libraries around Cyber Risk, Conduct
Risk and Compliance Management are also in the
development pipeline for the second half of the year.
How have companies changed their
risk strategies in wake of the somewhat
improved economic fortunes of 2014?
There is some evidence that companies are looking
to leverage their investment in risk management
infrastructure to drive growth. However, with the
volume of regulatory change, the main focus is
responding to regulation.
How have new regulations in the finance
sector impacted risk management?
New regulation is certainly a major driver behind a
number of risk management initiatives, specifically
around the Conduct Risk agenda of the FCA. This is
not always positive and some firms are exhibiting the
wrong behaviours to meet the letter of the regulation
rather than the sprint.
What new challenges will the industry see
in 2015 and how can risk management
help mitigate risk?
The challenge for the industry in 2015 is to balance
the demands of increased regulation while also
trying to growth their business and deliver value