Manage Risk, Don’t Suppress It
July 31, 2005 | Boston, MA: At the recent 32nd Annual Securities Industry Association Operations Conference, hot topics for attendees were regulatory issues, increased transparency, greater volumes, cost pressures, new product development and enhanced services to clients. However, the overwhelming focus on achieving compliance has led to a disturbing trend within corporations. According to Tim Lind, director of securities and investments and senior analyst for Tower Group, “the top macro industry driver today is industry scandals leading to regulatory scrutiny.”
Due to the recent scandals, risk management to some is equivalent to risk suppression. In the drive to meet the zero tolerance demands of new regulatory decrees, organizations and vendors may actually lose focus on the business of serving customers.
Why? Because risk management and compliance are entirely different beasts that just happen to be joined at the hip. Compliance is a good and important goal, but effective risk management is the heart of business success. Low risk equals low returns and high risk can mean high returns and good businesspeople know how to strike the right balance to hit their targets. When corporations strive to eliminate risk in the name of compliance, they drive a stake into the heart of their business operations.
In the fast-moving securities industry, where the value of an organization can change daily, managing risk is absolutely essential. Securities firms tend to be at the front of the adoption curve for new risk management ideas and technologies. The lessons learned here can be applied to businesses in any industry.
Shifting responsibility and accountability to the frontline
Operational risk management is incorporated into the weekly senior executive meeting at Morgan Stanley & Co., according to John Wagner, director of client and technology services. It is a critical part of addressing the operational issues that affect department heads, regional directors, line managers, supervisors and analyst levels, he indicated.
As was discussed in this space last month, companies in many industries have discovered the need to develop a risk plan that combines a top-down with a bottom-up approach, to allow employees at the operations level to contribute to senior management planning. New business rules, workflow, collaboration and risk dashboard technologies are enabling that type of collaboration, bridging gaps that exist between people and systems and between levels within the organization. The article is available here.
Now many securities firms are leading the way to involving employees down to the line supervisors to participate in the creation and execution of risk plans. They believe – and rightfully so – that these operations people have valuable knowledge and the ability to contribute to the development of the risk plan if given the opportunity. These are the individuals who work with the business rules and policies. They are the ones whose actions allow the business to function.
“This shift in responsibility is definitely happening, although the progress in some companies is faster than in others,” said the senior vice president of operations at a large U.S. financial services firm. “The level of authority of decision making is part of an organization’s corporate culture. The result is that those companies that are able to push accountability down to the operations supervisor level are achieving the greatest returns from business agility in reacting to regulatory compliance and market changes in a way that benefits the customer.”
The policy and the process is the business
The old saying “time is money” definitely applies to the securities industry. Consider, for instance, corporate actions. Multiple departments within the organization such as operations and sales get information from multiple sources such as custodian banks and information services like Bloomberg that must be quickly analyzed and evaluated for impact to clients and to the company. Based on that analysis, fast decisions must be made about existing portfolio holdings and investment strategy. The right decision can mean positive returns for clients and good revenue for the company; a lack of a timely decision can have a far-reaching negative impact including class action suits and lost market opportunity.
Many organizations recognize that selecting rules-driven BPM engines, BAM technology and user interface technology enables agility as these technologies have moved into the mainstream. For example, The Depository Trust & Clearing Corporation (DTCC), the world’s largest securities depository and a clearinghouse for trading settlement; and processor of most broker-to-broker equity, corporate and municipal bond trades in the US has adopted a business rules and workflow approach to corporate actions, according to Lori-Ann Trezza, Vice President of DTCC.
The devil is in the details
The challenge is to bring all that real-time information together in a coherent, non-technical format that allows line supervisors to act within the limits and controls established by senior management. Technology can be instrumental in making this possible; however the main issue actually goes far beyond to embrace both the industry business segment and the company’s unique business needs. This includes process specific rules and workflow, process specific message format libraries for parsing engines and process specific key performance indicators and key risk indicators for business activity monitoring (BAM). These process specific business capabilities like fraud, corporate actions, breakpoint management are separate issues from the underlying technology but factor in as equally important.
The answer lies in separating the management of the business capabilities from the underlying infrastructure and enabling business to directly manage the business logic that provides these capabilities. This approach solves the technology problem but brings risk management up to the forefront as this new flexibility and freedom needs controls and performance monitoring to produce results.
Using a top-down and bottom-up approach, a company can create a solid risk plan that includes controls, limits or thresholds that require senior management approval at appropriate levels. This gives employees the flexibility to make decisions, based upon their knowledge, experience and capabilities.
“The focus in companies today is sometimes reactive in solving production issues related to compliance. However, the same resources can be applied to solve the operations compliance issues and proactively contribute to top line performance,” says the head of North America prime brokerage operations for a wealth management company. For example, in the corporate actions area, notification that a company within an investment portfolio makes an acquisition and new shares pending board and regulatory approval is announced. Back-office vendor systems today are not agile and are focused on the production compliance impact of dealing with the new shares. They do not take into consideration the front office needs to analyze portfolio holdings and have the intelligence in their systems leverage the same information to also provide recommendations to front line portfolio managers on actions to benefit or mitigate impact to their client.
Risk management enables agility
Technology becomes a solution only when it enables smart front line staff to make decisions and when the associated data, policies and procedures are defined and managed by the operation team. Risk management can allow supervisors to use their intelligence and hands-on experience to take risks within the corporate governance parameters set by senior management to achieve board of director objectives. In doing so, it can eliminate the bogged down decision-making that occurs when people are tied to outdated policies and provide a safe framework where managers and specialists can operate on their instincts which are sometimes needed without taking on the associated unacceptable risks.
Technology allows individuals to actually interact with the policies and rollup changes to senior management for approval. But to be effective, this participation needs to be at the “street” level of activity. As the most directly involved with the day-to-day operations, who knows better that what works on paper doesn’t always work in practice?
For instance, measuring ratio of trade breaks to volume may seem like an objective measurement of business health. However, challenges to the back office operations may not be transparent to senior management as the operations folks know that existing business processes are not always so scalable with rapid growth.
The bottom line: manage risk, don’t suppress it
Risk management is the key to getting results. Instead of focusing on risk suppression, companies should incorporate business-enabling initiatives that give the frontline the business agility it needs while still maintaining control and a feedback loop to senior management on performance.
Editor’s note: Some names and company associations are withheld in accordance with Securities Industry Association guidelines.
Caitlin Seele: firstname.lastname@example.org | (617) 530-1208