1. Richard Robinson is director of market growth
at Omgeo, in which role he has global respon-
sibility for defining strategy and new oppor-
tunities within current and new service areas.
Richard applies his 16 years’ experience of
custody and brokerage operations and technol-
ogy to deliver solutions that support clients’
short and long-term business strategies. Under
his direction, global team members position
Omgeo as a strategic partner and solutions
provider in the post-trade process for those in
the hedge fund, investment management, cus-
tody, brokerage and fund administration sectors.
He holds a Bachelor of Science degree in
industrial management from Carnegie Mellon
University and a Master of Business Administra-
tion degree in organisational behaviour and in-
formation technology from New York University’s
Stern School of Business.
ABSTRACT
Risk management is not an issue that falls on
the shoulders of any single group, industry
sector or operational function. While there
remains a great deal of focus and agreement
surrounding needs and issues, in practice, firms
and individuals tend to focus on siloed, non-
holistic quick fixes; other industries seem to
have much more complex problems with which
to deal, but yet have jointly developed real,
long-lasting solutions. This paper examines the
factors that hold back the finance industry from
realising such solutions, and addresses what
needs to be done to tackle the risk issues that
are facing the industry of today and tomor-
row.
Keywords: risk management, opera-
tional efficiency, standards, inter-
operability, straight through processing
(STP), cost of a trade
INTRODUCTION
The financial industry, at its core, is a
business that revolves around exchanging
assets of some equated value between two
parties. To accomplish this objective, the
industry has evolved various roles that
handle a range of functions, as well as
having introduced a host of other parties
and roles to the basic transaction to enable
it actually to occur.
Yet, as simple as exchanging assets
between two parties may seem, the in-
dustry has no single way in which to
identify these assets, whether they are
cash, securities, contracts or some other
item that is deemed of value. The in-
dustry also has no single way in which
to identify the two parties to the ex-
change of these assets, not to mention the
numerous others that become involved in
one way or another during the course of
the process.
The simple fact is that, depending on
where one sits, one might be dealing with
The state of operational risk
management: An industry fighting itself?
Richard Robinson
Received (in revised form): 26th June, 2007
Omgeo LLC, 55 Water Street, 48th Floor, New York, NY 10041, USA;
Tel: ϩ1 212 855 1257; e-mail: richard.robinson@omgeo.com
Journal of Securities Operations & Custody Volume 1 Number 1
Page 64
Journal of Securities Operations
& Custody
Vol. 1 No. 1, pp. 64–77
᭧ Henry Stewart Publications,
1753-1802

2. Typically, the inefficiencies that get the
most attention reside in the front office.
The front office is usually the best funded,
most automated and most standardised
area of an institution. As a profit centre,
the front office demands the most atten-
tion and, many times, this is rightly so.
The middle and back offices are, how-
ever, often riddled with inefficiencies,
lacking information and standards, and
lacking funding with which to address the
needs technologically. Why is this so?
All of the efficiencies and standardisa-
tion for which the front office has paid
and worked so hard are chiefly specific to
that office, with little or no consideration
for processes outside of its walls, whether
internal or external to the company. Some
in the middle or back office may conse-
quently find it easy to paint the front
office as a monster, blinkers on eyes that
see nothing but money, wreaking havoc
and expecting its minions to pick up
the pieces. But the front office, too,
is a product of the industry’s own ef-
forts to find its way to efficiency. Before
the front offices standardised, it would
have been impossible to understand what
needed to happen in the back office to
create better efficiencies. Anyone would
be hard pressed to comprehend the details
of how the financial industry operates on
a day-to-day basis, beginning to end. The
sheer magnitude of work that goes into
the relatively simple concept of trading
an asset with another party can send
someone screaming to the hills. When
considering all of the data, transactions,
counterparties and individual personnel
involved, that the financial industry func-
tions at all on a day-to-day basis is amaz-
ing.
A debt is owed, then, to those in-
dividual practitioners who know their
individual functions so well that they have
somehow worked out how to keep the
process moving from the point at which
tickers, stock exchange daily official lists
(SEDOLs), identifiers issued by the Com-
mittee on Uniform Security Identification
Procedures (known as CUSIPs), interna-
tional securities identification numbers
(ISINs), Quick codes, Bloomberg IDs, or
any number of home-grown and in-
dividual vendor-created systems — and
that list relates only to the plain-vanilla
world of equity, which is commonly
praised as the automation success story.
Unformatted text descriptions remain the
primary method of identifying many
assets, from time deposits to Regulation S
securities.
On the party side, one might deal with
Depository Trust Company (DTC) IDs,
exchange codes, CREST IDs, bank iden-
tifier codes (BICs), Office of Foreign
Asset Control (OFAC) names, Dun &
Bradstreet (D&B) DUNS numbers, fund
IDs — and the list goes on.
If someone were to walk into an
automobile factory and attempt to build a
car by purchasing the various components
— tyres, doors, electrical switches, spark
plugs, windscreen wipers, etc. — without
the specific part number that every
company in the car business uses
(from original equipment manufacturers
(OEMs) to your local automotive store
and repair shop), he or she would not get
very far. And if he or she were to try to
order that part without sending the proper
identification code of the supplier, again,
that individual would not have much luck
in getting anyone to respond to his or her
request.
The part number and the supplier
identification is shared throughout the
automobile industry — regardless of
whether it is for OEM/manufacturer
purposes, a dealership request to the
manufacturer, a repair shop ordering from
a reseller, or a finance executive needing
a new wiper blade for his or her Mini
Cooper.
Robinson
Page 65

3. they get something to the point at which
they hand it off. But if one were to ask
those individuals, most would emphati-
cally agree that the system could work
better. The process might break under its
own weight at any time, because of the
massive inefficiencies created by focusing
efforts on siloed efficiencies within highly
specialised tasks rather than taking a holis-
tic approach.
There is no panacea and going into
problem solving believing in silver bul-
lets will only cause more grief as solu-
tions are put before understanding the
problems. The industry rumbles about
every few years, addressing Giovannini,
T ϩ 1, unifying exchanges, and so forth.
And although these are all important
endeavors, they are often addressed at a
high level, providing guiding principles
that leave practitioners squabbling about
semantics and execution theory.
It is consequently necessary to examine
a few critical questions and then to revisit
the larger issue of ‘what now?’ It is
essential to look at what straight through
processing (STP) truly is — in all of its
euphemisms over the years — and where
it really is breaking down. Industry
process must be examined, along with
how companies have drifted away from
understanding their core competencies.
What are standards doing? Might the
various standards organisations actually be
hurting the effort, through protracted turf
wars and vested interests? Finally, there
remains the problem that all must address
— costs and justifying mid and long-
term spending in a short-term returns
world.
After examining these pieces, perhaps
some conclusions might emerge to of-
fer the industry some sensible, actionable
tasks with which to bring it closer to
achieving the goals set out by, for ex-
ample, the Giovannini Group, regulators
and the industry itself.
‘STP’: THE THREE-LETTER WORD
STP is often used as a cause ce´le`bre: a
reason to spend millions of dollars on IT
projects, company restructurings, merging
and unmerging of operations staff silos,
and the embracing of every standard.
STP goes through fits and starts under
various monikers, such as ‘T ϩ 1’, ‘same-
day affirmation’ (SDA) and ‘operational
efficiency’. All of these have described
slightly different things: STP refers to a
discipline and process; T ϩ 1 was an end
goal in, and of, itself; SDA is almost an
early milepost in reaching the goal of
STP; and operational efficiency describes
a benefit. But all are centred on im-
plementing the core discipline of STP.
Wrapped up in the concept of STP
typically are the issues of operational ef-
ficiency, interoperability and operational
risk management. A 2006 Celent report1
indicated that one of the biggest issues
around STP was that ‘upstream systems are
not adequately capturing transaction detail, and
this is creating hazards for downstream process-
ing’.
The report was focused on STP in the
middle and back offices for European
post-trade processing, and asked the ques-
tion: ‘What are the common causes of a lack
of STP for equities?’ Figure 1 charts the
answers.
The issues relating to equities are
fairly consistent with those for fixed
income, foreign exchange (F/X) and
cash. Over-the-counter (OTC) deriva-
tives issues highlighted ‘complexity of
transactions’ and ‘lack of standards’ highly,
but fragmentation and inconsistent data
ranked the highest across all asset classes.
Most of this fragmentation and inconsis-
tency occurs between offices (front, middle
and back) and across silos of either region,
asset class, or even function (settlement,
corporate actions, accounting, etc). Yet the
industry continues to do itself a disservice
by speaking of ‘operational’ efficiency and
The state of operational risk management
Page 66

4. is that the front office, in being at the
forefront of automation and addressing
issues that allow it to operate efficiently,
has become a source of pain for the
industry that it must ultimately help to
address.
It is time for organisations to accept that
simply because a cost is not registered
directly on the front-office books does
not mean that it does not exist. Front
offices, more than any other function,
should understand the domino effect of
economic savings. Although some are
coming around, most still turn a blind eye
to the pains of the middle and back office,
expecting them to search out the transac-
tion, asset and counterparty data that is
necessary to account for, process, settle,
reconcile and manage trades and positions
that have been initiated by the front
office.
The proper, efficient, error-free
management of transactions and positions
can only benefit the front office, giving it
more accurate, richer information with
which it can make decisions at a lower
ownership cost.
‘operational’ risk management, focusing
only on how the middle and back offices
have these issues to overcome — and, in
this way, it ignores that the real issue is
overall efficiency, and industry and institu-
tional risk management.
It is of little purpose to have highly
automated front offices that operate in an
environment of close to 100 per cent STP
and efficiency that must output to middle
and back offices that suffer from en-
vironments that will negatively impact on
that STP. Also, the industry needs to be
consistent and speak clearly about in-
ternal versus external efficiency and STP.
Even as institutions look toward a more
holistic view (driven, in large part, by
the consolidation of sell-side, buy-side
and custodian institutions under the same
umbrella organisation), driving internal
efficiencies to the detriment of counter-
parties’ processes is disingenuous.
THE INTERNAL VIEW
Again, from an internal perspective, it is
easy to pick on the front office; the irony
Figure 1: What are
the common causes
of a lack of STP for
equities?
Robinson
Page 67
Source: Celent survey, in conjunction with SmartStream

5. But cost savings that are not directly
tied to revenue generation rarely garner
interest — and this paradigm eliminates
any incentive for the front office to
provide any assistance to resolving middle
and back-office issues. If the actual cost of
generating income included middle and
back-office costs, and if it were quantifi-
able, it would more immediately be the
focus of attention.
Taking a different view, as clients push
down revenue by demanding lower
prices, the front office pressures the back
office and those down the transaction
chain also to lower costs. The missing key,
however, is that it must be a cooperative
effort between the front, middle and back
offices in order that it will have any
significant effect on shared costs.
IT spend in the middle and back offices
still lags (see Figure 2). Those projects that
do get focus are not addressing the top
identified issues.
The Celent report found that internal
systems fragmentation rated as the highest
cause for the lack of STP across asset
classes — but that less than 10 per cent of
projects are focused on this issue. Incon-
sistent data, another key issue toward STP
and efficiency, ranked even lower in terms
of project focus. But the industry con-
tinues to struggle with the first paradox —
that relating to efficiency: how can a cost
centre get approval to spend IT dollars to
enable STP and efficiency in a rapidly
changing environment of growing costs
that are caused by lack of IT spend and
inefficient processes?
Lately, there has been increased focus
on operational risk. Actual costs remain
fuzzy and unquantifiable. Because of the
lack of holistic knowledge of the end-to-
end processes that are involved in trading
assets with counterparties, billions — even
trillions — of dollars are lost in manual
exception processes that should be un-
necessary and which cannot be properly
quantified. We are left, then, with qualita-
tive arguments, which are accurate and
reasonable — even common sense — but
which remain qualitative and thus more
difficult to defend. Yet operational risk
and cost continue to rank as the highest
drivers of STP projects (see Figure 4).
Projects continue to focus on symptoms
and quick fixes (eliminating bottlenecks
and manual processes) rather than on the
cause of these problems — namely, data
Figure 2 How
much of your IT
budget is dedicated
to improving middle
and back-office
operations?
The state of operational risk management
Page 68
Source: Celent survey, in conjunction with SmartStream
0–25% of Budget
50% of
Respondents
76–100% of Budget
8% of Repondents
51–75% of Budget
17% of
Respondents
26–50% of Budget
25% of
Respondents

6. problem that the back office needs to
work out on its own.
In the 2006 Celent study, it was specifi-
cally noted that ‘upstream systems are not
adequately capturing transaction detail, and
[that] this is creating hazards for down-
stream processing’. In addressing risk issues,
managers should remember the old tech-
nology axiom: ‘garbage in, garbage out’.
If it does not pay proper attention to the
entire process in addressing efficiency, an
organisation will introduce unnecessary
risk into the system.
A Capco study2
found that operational
issues accounted for 50 per cent of hedge
fund failures and that understanding back-
office capabilities would make a big dif-
ference in preventing or avoiding these
failures.
THE EXTERNAL VIEW
Driving internal efficiencies across an
enterprise would seem to be a rather easy
task when considered in the context
and systems fragmentation — because of
this industry’s lack of ability actually to
quantify the costs of these underlying
problems. One might even argue that the
main cause of systems fragmentation is the
lack of properly managed and standardised
data. But quantifying this argument be-
comes an almost futile task, because of the
widespread effect that this single core
issue has across seemingly unrelated sys-
tems and processes.
An issue such as multi-listed securities,
for example, has far-reaching implications,
including: currency exchange risk when
making trading decisions; settlement con-
cerns; corporate action implications; pric-
ing; risk exposure; exchange risk, etc. If
an organisation fails to take into con-
sideration the breadth of these issues,
instituting only a quick fix to push trades
through existing systems, efficiency may
go up in one trackable regard, while that
‘solution’ effectively increases risk and
decreases overall efficiency. Issues such as
this are, however, typically viewed as a
Figure 3 For asset
management firms,
what are the
specific issues that
STP projects are
tackling?
Robinson
Page 69
Source: Celent survey, in conjunction with SmartStream

7. of greater challenges. The control of
processes, budget and technology, and the
direction of personnel is, at least theoreti-
cally, the responsibility of a single senior
management. But just as achieving ef-
ficiency must be a joint effort between
front, middle and back offices, senior
management also must look to include
clients and service providers down the
transaction chain.
Driving efficiencies across the industry,
then, becomes a much more chal-
lenging task, facing the difficulties of
asking companies to cooperate with
competitors, challenging beliefs about
who should shoulder what burden in
various processes, and the overall lack of
guiding control and authority to mandate
that change actually occurs after tacit
agreement has been voluntarily reached
among institutions.
Herein we approach the second
paradox: how can a firm drive external,
industry-wide efficiency and STP without
being internally efficient? And if that firm
is internally efficient without considera-
tion for the external factors, then how can
it avoid adversely affecting industry-wide
STP?
These questions lead us to consider in-
dustry processes and a company’s core
competencies. Again, we can look to the
front office, not for blame or vilification,
but for example. One thing that the front
office has done well is to marry the tasks of
internal STP (albeit limited to its silo) to the
need for it to be externally connected.
Perhaps the obvious reason for this is
that the core of the front office’s business
involves interacting with counterparties:
hence the higher focus on creating
exchanges of all types, as well as standards
and processes that enable the efficient
processing of front-office communica-
tion between institutions. In addition,
front offices understand their core com-
petencies. They typically do not create, or
focus on creating, massive internal in-
frastructures or proprietary processes and
standards within the context of the
business of trading (we have already
examined that they have, however, done
just that for dealing with downstream
processes).
Figure 4 What is
the relative
importance of the
following to driving
STP projects in the
organisation?
The state of operational risk management
Page 70
Source: Celent survey, in conjunction with SmartStream

8. It is true that industry players do come
together at times and work towards
creating some shared processes — but
only when the pressures have become so
great that there is no other alternative.
The Depository Trust and Clearing Cor-
poration (DTCC), Continuous Linked
Settlement Services (CLS) and SWIFT are
all great examples of industry-funded
organisations that operate shared processes
on behalf of participants, the majority as
not-for-profit organisations. Yet, even as
firms within the industry support these
infrastructures, these same participants
look for ways in which to tear them
down.
These firms encouraged affirmations
and confirmations to reduce trade failure,
which costs the industry dearly in terms of
time and related fails. Now, as the markets
have become more efficient, the industry
questions why it needs to pay for those
affirmations and confirmations. It needed
a mechanism to net and clear, on a rolling
basis, the trillions of cash amounts
transferred between institutions to reduce
risks and to open up liquidity, so it funded
a central netting service — but now those
funding firms complain of its costs and
look for ways in which to net transactions
before getting to the netting service. The
firms fund efforts to create messages and
best practices for those messages, as
well as for secure transmission over a
global network with guaranteed delivery;
then, as individual institutions, we create
proprietary links, and give discounts to
counterparties and clients that use those
proprietary messaging protocols and links
instead of the shared network.
Additionally, institutions continue to
insist on operating and investing in
tactical internal solutions, instead of
putting in the extra work and time up
front for an industry-shared strategic
solution that will provide long-term
savings and better risk management.
In 2004, as the keynote speaker at
SIBOS, Heidi Miller of JPMorgan Chase
asked:
Why are these businesses so expen-
sive to run? Why [are] the operations
so decentralised and so hard to con-
solidate? Why [are] so many of their
IT platforms ‘non-interoperable’ and
‘non-reusable’? Shouldn’t these transac-
tions be handled electronically over
one seamless global infrastructure?3
She went on to note that:
... customers cannot understand why
an overnight delivery service can tell
them exactly where a package is from
the second it leaves their premises to
the moment it arrives at its destination,
but banks can’t tell them exactly where
a cross-border payment is as it moves
through the process.
Finally, Miller stated that:
... as an industry we support far too
many redundant infrastructures and
networks, too many proprietary stand-
ards, too many middle-ware platforms,
too many legacy systems and too many
products that should have been swept
into the dustbin years ago.
The reality is that, despite the advances that
have been made, this is still a relatively
immature industry. And the fact that it
revolves around money — rather than, for
example, the less liquid types of asset in
which manufacturing industries deal —
causes more apprehension about giving up
control and cooperating with ‘the enemy’
(whether that is a competitor, counterparty,
service provider or vendor) to save money.
In this industry, saving money, in and of
itself, sometimes seems to be looked upon
as a core competency.
Robinson
Page 71

9. Cooperating in creating and supporting
shared processes benefits not only the
industry as a whole, but also individual
firms.
Analyse the technology and resource
spend on maintaining a proprietary inter-
face or format. Include the need to map
standard formats and protocols, the need
to revise and support multiple versions,
the costs for integrating industry changes,
such as derivatives support, and of staying
in sync with data, industry and regulatory
changes. Include the separate expertise
needed to support clients using those
proprietary formats and interfaces.
Now, ask this question: is the firm a
technology or communications company,
or is it a financial firm? Why is it
creating technology infrastructure and
private communication networks when
these things are readily available (and most
likely already supported and paid for)?
Why not leverage investments in industry
standard processes, instead of diluting
their value and driving up internal costs
and risks unnecessarily — especially when
these are industry-funded not-for-profit
utilities over which the firm has some
level of influence and on the governance
boards of which the firm has representa-
tion?
Would it not make sense to adopt an
industry standard for shared processes,
data definition and messaging, and put
those additional dollars to work in internal
process improvement, thereby adding real
value for clients, reducing total cost of
ownership and reducing multiple risks
related to distractions to core business?
Where is the risk management in operat-
ing businesses in which a firm does not
have expertise?
As Miller noted: ‘We seem to be much
better at creating new infrastructures than we
are at getting rid of old ones.’ Why can this
industry — as individuals; as firms —
not align behind standards, standard and
shared processes, and those organisations
that support these efforts?
ARE STANDARDS PART OF THE
PROBLEM?
The first simple answer is that standards
organisations are part of the problem. Far
from providing clear solutions to the
needs of the financial community, the
various standards groups that exist have
one critical flaw: lack of clarity of scope.
Many standards bodies in the financial
world appear to want to be the single,
overarching standard; no standard seems
content to perform its purpose and to do
only that well. Each organisation acts
almost as if it were a for-profit organisa-
tion that needs to grow and expand, as if
it has an obligation to fulfil a manifest
destiny.
The industry has already voiced an
understanding that creating one ‘gold
standard’ would be impossible. While
there will never be one single standardised
messaging format, integrated standards
help to achieve the efficiency for which
so many strive. Having multiple compet-
ing standards does nothing but encourage
the proliferation of proprietary protocols,
inhibiting the creation of shared services
that are one of the keys to increasing the
overall efficiency of the market and, by
association, the individual institutions
therein.
Standards organisations and associate or-
ganisations that are proponents of specific
formats — whether data, or messaging, or
otherwise — need to define their scope
and then commit to that scope. If ques-
tions arise, these organisations must work
together to agree on a single path forward
— because there is no financial reward in
one standard succeeding over the other.
There is only a negative financial impact
on the industry and individual organisa-
tions when multiple solutions are pushed
The state of operational risk management
Page 72

10. Some of this ties to the not-for-
profit organisations connected to these
standards: SWIFT and FIX Protocol
Ltd (FPL). Because they are industry-
funded not-for-profits, however, more
effort needs to be made by their disparate
memberships to coordinate rather than
compete. They seem to be subject to the
same infrastructure phenomenon that
Miller called out in her speech.
In some ways, these organisations and
others have stood up and agreed, in
principle, to work together — but they
are also driven by their constituencies,
which are driven by real business needs
that require solutions sooner rather than
later, leveraging existing investments to
that end. It remains to be seen whether
one group will abandon an existing mes-
sage, stop support and remove it from the
standard, endorsing an existing solution
rather than pursuing its own protocol
expansion.
To date, both organisations seem to
make stuttered process in working to-
gether. The industry view that the or-
ganisations try to take is often hampered
by vocal members that continue to in-
sist not only on the support of mes-
sages in overlapping spaces of pre-trade,
trade and post-trade, but also on the
continued expansion and competition in
these spaces. This is not unique to these
organisations, but is representative of a
recurring issue among most industry or-
ganisations.
Standards organisations need to meet
together and to define, specifically and
clearly, where each group operates. While
there may be agreement with some
fundamentals among standards leadership,
there remains extensive confusion in the
industry. The industry needs clear deci-
sions that do not preserve the status quo,
but instead provide crisp delineation
between the various standards’ scope and
remit. More attention needs to be paid to
forward and some fail. As an industry,
financial products are not based on in-
dividual formats and the industry’s finan-
cial stake in standards is based purely
on the ability of the standard to meet
the desired function. The costs associated
with these kinds of battles are an unneces-
sary drain on the industry’s resources.
The most visible confusion between
standards may be between Financial
Information Exchange (FIX) and Interna-
tional Organization for Standardization
(ISO) formats. This conflict ties back into
the fight between front and back offices.
FIX was born out of the need for front
offices to communicate with each other
for the trading of assets between sell-side
firms. ISO formats, in contrast, addressed
the needs of buy-side firms to communi-
cate with their custodians, as well as with
their dealers — traditionally located in the
middle and back offices. Even member-
ship in the various standards groups clearly
illustrates this dichotomy, with individuals
from the same institutions attending the
various groups, based on the function
they perform: it is unlikely that a trader or
other front-office professional would be
found at an International Securities As-
sociation for Institutional Trade Com-
munication (ISITC) conference.
This lack of coordination between the
front and middle or back offices within
institutions may be one of the primary
causes of the continued confusion about
the purpose, mission and scope of these
individual standards. Both FIX and ISO
increasingly muddy the waters by offering
competing messaging in the pre-trade,
allocation and post-trade spaces, mostly in
response to the demands of their mem-
bership. Also, they have introduced mes-
saging that is redundant in many standard
shared processes for which solutions
already existed — from settlement in-
structions and confirmation processes, to
market data and asset class coverage.
Robinson
Page 73

11. mapping out the various spaces in which
the industry can agree that a particular
standard should be used, by asset type and
process (trade, post-trade, etc).
The truth is that there are significant
firms that have a vested interest in par-
ticular standards. People have volunteered
years of their lives to standards, not to
mention the investment of companies in
the infrastructure to support one standard
or another. Often, individuals from the
same company sit on opposite sides of the
fence in promoting competing standards
— even completely separate infrastruc-
tures — within an organisation.
The industry speaks loftily of har-
monisation and interoperability. Such
well-crafted terms, however, hide the
underlying meaning to which the industry
needs to return; standards organisations,
their members, and the companies that
promote and support them need to put an
end to the turf wars and vested interests.
Harmonisation and interoperability does
not mean that multiple standards exist
side-by-side, performing the same exact
function. It should mean instead that
standards exist for specific purposes. And
when moving from one purpose to the
next, handing off from one process to the
next, those standards should be able
seamlessly to support STP.
Standards seem to suffer the same issues
of being disconnected from core com-
petencies and of leveraging existing in-
dustry-standard infrastructure. For each
new format, each organisation looks to
create private communication networks
to provide messaging and support. This
again illustrates the appearance of stand-
ards organisations being unwilling to
work together for the benefit of the
industry, because it would force them to
address the issue of competing messages
across standards that serve the same
purpose.
Vendors and industry utilities also need
to recognise this problem. Increasingly,
vendors and utilities have begun to add
support for the use of these standards —
from FIX to Financial products Markup
Language (FpML) — as primary formats
in their products through the use of
proprietary means. This is a good thing:
FIX, ISO, Extensible Business Reporting
Language (XBRL), FpML and other
standards are all very important to the
continued operation and growth of the
financial industry. But if standards or-
ganisations continue to support the crea-
tion of networks outside established
industry processes and to compete in
overlapping areas, they will be acting in a
way that is counterproductive to their
primary mission.
Standards are held up as an example of
how to reduce operational risk. They are
praised for how they can be leveraged to
bring disparate data sources together for
better information analysis, and for how
they help to eliminate manual processing
and errors, ranging from the many seman-
tic definitions of ‘end-of-day price’ to the
complex modelling of an OTC deriva-
tives product. Unless standards and their
supporters truly begin to cooperate with
each other and with industry utilities, they
are going to be a constant source of risk,
confusion and unnecessary cost.
‘SHOW ME THE MONEY’
All of these issues come down to an
argument of costs. The single biggest issue
is that the quantitative identification of
costs is hard to come by. Because of
dependencies throughout the post-trade
process, the cost of a failed trade has yet
to be accurately and precisely identified.
Fulcrum Research published a report4
that
failed ‘domestic’ trades cost US$250 while
cross-border trades run to US$500. Yet
even these figures are averages, unable to
capture fully the risk elements involved.
The state of operational risk management
Page 74

12. often proves their undoing when firms
look to reduce their costs and see clearly
a housekeeping function that they think
they might eliminate. The small details
often fail to get factored into the cost
analysis. Eliminating a shared process
means introducing many processes and
responsibilities that are typically not core
competencies: management of a private
network; administrative responsibilities for
the network; support and bilateral agree-
ments; additional (if not wholly separate)
technology and operations support func-
tions; and the continuous, year-by-year
ongoing support of a proprietary solution.
This is in contrast to that original process,
the costs of which were shared across
multiple parties, theoretically leading to
the lowest overall cost.
The concept of risk mitigation needs to
be somehow quantified. The difficulty is
that real risks include such divergent types
ranging from minor losses due to currency
exposure, to the potential failing of an
entire company due to overexposure, loss
of investor confidence or regulatory inter-
vention.
A CALL FOR ACTION
In 2003, the Group of Thirty (G30)
published its Plan for Action5
, which
highlighted 20 areas that the industry
needed to address. In a follow-up review
in 20066
the G30 indicated that it was:
... heartened by the significant progress
that has been achieved on many of the
G30’s recommendations during the last
three years. But the Committee notes
that a great deal remains to be done if
the full efficiency gains of a truly global
clearing and settlement system are to be
achieved, while mitigating risk and en-
suring sound governance. The G30
urges those involved to maintain their
commitment to the goals laid out in
There are many factors that contribute
to the difficulty of quantification. First,
and most obvious, are the immediate,
realised costs of regulatory fines, cash
overdrafts and interest. Then there are the
slightly intangible, but still identifiable,
opportunity costs of dependent trades that
failed (turnarounds, for example) and the
costs of resubmitting a delivery order.
There are still more factors to consider,
as the following questions demonstrate:
• Which staff members were involved in
resolving the fail and why did it fail?
• How many staff were involved at the
custodian? How many at the sub-
custodian? At the investment manager?
The broker? Perhaps even at the
depository?
• How many calls and e-mails were made
or sent?
• How much time did staff spend re-
searching the error to work out who
made the mistake?
• Was the fail due to a technological or
data error, which required the involve-
ment of technical staff to adjust a feed,
fix a bug or update a table?
• What was the opportunity cost of all of
these people’s time and in terms of
the added value they might have con-
tributed? (In only time spent, if five
average members of staff spend an hour
of their time, the salaried cost is already
US$500 before even considering actual
market costs.)
• What is the risk exposure during this
period — from point-of-trade execu-
tion, through failure, to resolution?
What are the repercussions?
• What is the cost to the industry, as a
whole, rather than only that to the
individual organisations involved?
Shared processes provide much more
transparency into these issues, at a readily
identifiable cost, but this transparency
Robinson
Page 75

13. 2003 and to the national, regional, and
global efforts designed to achieve those
goals.
That effort is now being taken up by
Information Systems Security Association
(ISSA) as a risk exercise.
But this throws a new standards body
into the mix — and one that approaches
the day-to-day issues from a risk perspec-
tive rather than from the viewpoint of a
business practitioner. Whether this will
advance discussions faster or not remains
to be seen, but it does heighten the need
for the various standards organisations to
coordinate their efforts and clearly under-
stand, agree to and support each other’s
various mandates. To date, this shift of
perspective seems to have derailed for-
ward progress.
The issues that the industry faces are by
no means simple to address and resolve.
Just as the industry is able to operate on
a day-to-day basis purely through the
individual contribution of professionals
who excel at keeping the machine
moving, it is in the hands of those
individuals that the future will rest. Each
must understand the upstream and down-
stream implications of what they do; each
must begin to take these factors into
account when pursuing a new solution or
system change, and take action and
responsibility in not pursuing the easy
path.
There is no single person or organisa-
tion that will ultimately solve the issues
facing the industry. Senior managers must
make sure that their organisations set
priorities correctly and reward staff for
holistic approaches. Metrics must equate
costs against overall risk and efficiencies,
not only those relating to the immediate
beneficiary. The financial industry must
work towards creating and standardising
those metrics. Until all market participants
understand these, there will remain room
for institutions to turn a blind eye, to
make excuses or abdicate responsibility.
And this includes companies that do
not operate in a cross-border environ-
ment. At some point on the chain, one of
the clients of such a company or one
of its service providers will operate in
a cross-border environment, and so the
unique processes and data standards of
each marketplace will affect that company.
Those claiming that they should not need
to conform because they trade only in the
USA in US equities, for example, need to
recognise that they are living in a global
community.
By the same token, firms need to find
their own focus — ie to identify those
shared processes and eliminate duplication
in-house. Organisations need to support
those institutions that support the industry.
With the proper metrics and more
transparency, these industry utilities’ costs
and benefits can be properly evaluated
and can better flex to accommodate
change. Industry players need to remem-
ber that they fund these not-for-profit
institutions, and have a say in their
management and direction, and should
utilise their representation instead of
undermining the benefits that the institu-
tions provide to the industry.
What this industry does not seem to
have grasped is something that is readily
apparent within others: how to co-
operate effectively for the benefit of
all while maintaining competitive ad-
vantages. Perhaps too many of the
competitive advantages relied upon are
individual solutions to global issues rather
than true areas of value that illustrate
expertise in what should be the industry’s
core competencies. The industry, then,
needs to learn to act proactively, without
regulatory pressure.
Regulation does, however, play an im-
portant role in the entire process. Without
Federal Reserve (FR) targets for deriva-
The state of operational risk management
Page 76

14. aside their vested interests, to agree on
and make the difficult decisions, and to
stick by them as a community. One
should remember that the game theory of
John Nash and his contemporaries posits
that the best responses for all players are
those that are in accordance with one
another. By collectively working towards
the common goal and giving up one’s
own vested interests, each individual will
gain the most in the end. There is no
better example in our industry of this than
how true collective support of standards,
shared processes and STP would sig-
nificantly decrease the risks and costs
in the financial world, in general, and
for individual institutions more than any
other effort we might undertake inde-
pendently.
REFERENCES
(1) Celent: ‘European Post-Trade Processing:
STP in the Back and Middle Office: A
Review of STP Trends at European
Banks and Asset Management Firms’,
October 2006.
(2) As in Finance Asia article available at
http://www.financeasia.com/print.aspx?
(3) Moore, H. (2004) SIBOS Conference,
October.
(4) Fulcrum Research: ‘Survey of European
Institutional Sentiment Towards Current
Issues in European Trading Systems’,
September 2002.
(5) Group of Thirty: Global Clearing and
Settlement — A Plan of Action, January
2003.
(6) Group of Thirty: Global Clearing and
Settlement: Final Monoring Report, May
2006.
tives confirmations and endorsement of
the Deriv/SERV solution, it is easy to
postulate that the progress seen in that
sector in the USA would not have been
realised. At the same time, regulation —
from the US Sarbanes-Oxley Act of 2002
(SOX), to the EU’s MiFID, to the US
Patriot Act of 2001 — comes about with
good intentions but, many times, with
unrealistic goals and costly, unnecessary
proscriptive requirements. Most regulators
tend to shy away from the FR’s style
of non-binding ‘nudges’ or outright en-
dorsements of a shared process that would
benefit the industry. Without such paren-
tal guidance, the industry tends to prefer
to act in the role of unruly child. Then,
suddenly, punishment comes in the form
of over-restrictive, overarching regulation
that potentially harms the industry more
than it helps.
Formal regulation in this way comes
reactively, trying to address a problem that
has already occurred and that, typically,
is very hard to change quickly when
needed. Regulators, by partnering with
key industry practitioners, can help to
provide informal support and guidance
towards achieving critical mass in industry
processes and standards, without the need
for proscriptive, costly regulation.
If one thing is clear, the industry needs
to stop debating and planning, and begin
acting. The Giovannini Group, G30 and
a host of others have done their service to
the industry by pushing to give it the
structure for change. Standards organisa-
tions have matured and begun to craft the
tools needed for change. It is up to the
individuals now to begin to act, to put
Robinson
Page 77