Assessing Operational Risk
May 8, 2005 | Boston, MA: The diverse firms that make up the fiercely competitive mortgage banking industry are united in a common mission to fulfill the American dream of homeownership. They share a common enemy as well, battling to fight what one Enterprise Rule Steward called “insidious rules and workflow errors,” that can send operational risk through the roof.
At the National Technology in Mortgage Banking Conference held recently in Orlando, senior level executives came together to explore the latest technology. In public sessions and one-on-one conversations, these professionals consistently identified operational risk as a top priority.
Operational risk — direct or indirect losses resulting from inadequate or failed internal processes, people and systems or from external events – is a fact of life for every company, in every industry. It may surface as human errors, process inefficiencies, fraud or even a company’s difficulty to respond quickly to hot new trends or opportunities. At the core, however, operational risk has its roots in business logic and process errors that are lurking within IT systems, policy manuals and minds of a company’s operations staff.
Business rules and workflow technology can offer relief by increasing process efficiency and systematically mitigating risk. In the banking industry, for instance, a typical application uses business rules and workflows to automate the manual processes used to resolve a single delinquency on an individual account. In addition increasing efficiency, the company has the added benefit of using business rules to check all existing accounts for similar problems and using workflow to take action to prevent future delinquencies.
The cost of errors
A recent study of enterprise businesses by the Delphi Group explored how errors in business requirements capture can impact operations and business performance. The majority of respondents cited significant problems gathering business requirements, with 69 percent calling it “difficult and painful” and 94 percent reporting their belief that their requirements are incomplete or wrong. To contain this risk, mortgage banks are looking to their risk management teams, led by the Chief Risk Officer, to go beyond their initial charter and become instrumental in providing services and solutions to problems at every level of the organization.
“The legal and regulatory environment practically mandates that all companies – big and small – develop a risk management strategy,” said David Matthews, Senior Vice President, CIO at Federal Home Loan Bank of Chicago. “Your new best friend ought to be the Chief Risk Officer.”
At ABN AMRO, operational risk is an imperative that cuts into all aspects of lending and banking activities, according to Vice Chairman Stanley Rhodes. The inability to effectively quantify and address operational risk contributes to a general lack of visibility into discrete transaction costs for lenders and a lack of clear communication of actual pricing and costs to consumers. ABN AMRO has been an early adopter of business rules and BPM technology and is leading the way with the Guaranteed One Fee Mortgage program which combines all lender and third party fees and delivers an upfront quote on a closing cost amount that’s guaranteed not to increase.
“There is no doubt that BPM and business rules will become widely adopted in mortgage banking due to the well documented and impressive contribution of this technology,” Rhodes said. “However, it may take a decade to use traditional training methods to bring the needed skill level into the corporation to make use of this technology. A smarter way to gain competitive advantage may be to leverage the existing analytical skill set of the risk management team.”
To succeed as champions however, the risk teams must have the right business-friendly technology and solutions on hand. An operational risk solution facilitates the identification and analysis of risk issues including compliance, quality and audit. After identifying and quantifying the risk, action can be taken to remediate risk with business driven application modules.
A business-driven application module closes the gap from conceptualizing a need to implementing a solution. It incorporates proven best practices for a particular process with business rules and allows each business operations team — not a software vendor or internal IT department — to easily customize those processes and business rules to fit the needs of the company.
Quantifying the benefits: A business rules case study
Freddie Mac is a giant in the mortgage banking industry, with one in six homebuyers in America benefiting from their lending programs. At a recent industry conference, Ed Albrigo, Freddie Mac’s Vice President – Change Management, presented a case study that quantifies the value of the business rules approach.
Recognizing that the policies drafted primarily by lawyers were ambiguous to the engineers tasked with developing the technology to support them, Freddie Mac launched an initiative to implement a full business rules approach to its mortgage processes. Business rules bring transparency to a policy and define the right action for each set of conditions. Business rules are easy to change, easy to understand and can manage the complexity in the real-world business today while meeting the needs of both business and IT.
To prove the value of business rules, Freddie Mac implemented their Home Possible Mortgage program using two separate and dedicated teams. One team modified the legacy system platform the traditional way, while the second team used a business rules approach.
The results, according to Brian Stucky, Freddie Mac’s Enterprise Rule Steward, were dramatic. The business rules team was able to implement the program:
- 5 times faster in terms of the man hours to complete the project
- 3 times faster in terms of the absolute time to complete the project
In addition, because the business rules team was not hampered by the need to use only those few employees with a specific legacy system expertise, they had greater flexibility in using available staff as needed.
Freddie Mac has not yet overcome what Stucky calls “the insidious business rules and workflow errors” that are inherent in both the traditional and business rules approach. Overcoming these errors today requires highly skilled experts and remains a barrier to business-friendly and business-driven solutions. As a technology and artificial intelligence expert and the architect behind Freddie Mac’s success, Stucky recognizes that to achieve the benefits of business rules and BPM enterprise-wide, Freddie Mac must focus on business-driven solutions that automatically check the business logic for errors.
The other faces of operational risk
Fraud is another area that is a concern for companies in every industry and rightly so.
“Nothing has changed. The game is exactly the same. In fact, technology has actually made it easier,” said Frank Abignale, author of Catch Me If You Can and a leading security expert who knowledge comes from his own experience as a forger and embezzler. “The only difference is that what I used to do in months people can now do in days and even less of the money lost by fraud is ever recovered.”
According to Abignale and other experts, to mitigate the risk of internal and external fraud, companies need to monitor data in real-time, make decisions quickly and enforce internal controls. Business driven applications require rules-based BPM technology at their foundation to be effective because they combine the business rules capabilities for matching patterns in customer behavior across multiple data sources, make automated decisions where appropriate and enforce controls such as separation of duties where needed. They also have built-in workflow to escalate issues for immediate action and resolution to prevent fraud. Equally important, identifying treacherous gaps in logic must be part of the early design process rather than quality control at the end so that systems can be rapidly changed and tested to keep up with the fast pace of fraud evolution.
That same thinking applies when it comes to capitalizing on hot new lending trends. According to Jason Marx, Senior Vice President of Operations at Franklin Financial Group, one of the faster growing lending areas is in sub-prime. Lending to consumers with not-so-perfect credit histories require business applications that have tighter controls, are easily adapted to change and can monitor and act in real-time to a change in a customer’s profile.
Increasing revenue with BPM
It’s important to note that rules-driven BPM is not only a cost saver but a revenue driver as well, according to David Anderson, Senior Vice President of E-commerce for GreenPoint Mortgage, who pointed out that an error at the closing table often stays with a customer much longer than great service delivered up until that point. For this reason, broker sales management is another hot area where business driven rules based applications are in high demand.
“As they say about the band, people only remember the first and last note,” he said. “That’s what people remember. Most loans are driven from the broker network and if broker’s customer is not satisfied, then next deal will go to a competitor.”
The drive toward rules-based BPM is coming just in time, according to John Robbins, Chairman and CEO of American Mortgage Network. Todays $8 trillion in mortgages are expected to increase three times over the next 15 years, with periods of feasts, like the recent refinancing boom, as well as famine. To be successful, mortgage bankers must optimize and automate their business processes and drive down operational risk at the same time. Fortunately, rules-based business-driven applications allow them to do both.
Caitlin Seele: firstname.lastname@example.org | (617) 530-1208