IDC Financial Insights Community > FinTech Industry Perspectives

How Do You Define Enterprise Risk Management? (2 Comments)

Thu, 08 Jul 2010 17:03:58 +0000

Entry

Recent discussions with colleagues and industry professionals reveal that Enterprise Risk Management (ERM) is a term that is thrown around in many different arenas with many different interpretations. The intent of this blog entry is to place my definition of ERM into the mix and then invite community members to weigh in based on their opinion and experience.

All businesses exist to provide value to shareholders. Whether they manufacture goods, provide services, or enable business activities by providing funding, stakeholder return is the primary objective. Shareholder value can be either tangible or intangible. I think of tangible shareholder value as a financial return whereas an intangible return might be a valued service such as with a non-profit serving a common good.

ERM is all about managing risks that threaten an enterprise's overall purpose. It is a holistic view of risk to the business model. In most businesses, the greatest enterprise risk is the inability to provide shareholder value. The management of enterprise risk encompasses a pragmatic understanding of what the organization's business objectives are as well as what potential threats exist to those business objectives at various levels of detail. Each threat to a business objective can be thought of in terms of the probability of its occurrence and the severity of its financial impact. From there, the managing of enterprise risk attempts to put business tools and processes in place to mitigate these risks and monitor ongoing activity to assure that the "risk controls" are working. So, ERM is the use of a risk management process of understanding objectives, analyzing threats, implementing controls and then monitoring results with the overall business model of the organization.

ERM is multidimensional. Risks to the organization come in many forms. Some high level categorical risks would include financial risks, market risks and operational risks. Financial risks are pertinent to how the organization uses capital to operate. Market risks are external to the organization and are connected to how the business model operates relative to outside market and competitive conditions. Once you have considered how an organization uses capital and the markets it operates within, all other activities can be considered operational. Operational risk includes all business processes that involve people, rules and technology. Effective ERM requires an understanding of the various types of risk that can plague an organization.

ERM in most organizations is a very complex set of puzzles, but is not completely mysterious. There are many differentiated software and services solutions in the market today that enable firms to look at many aspects of risk. These views can be very detailed or ultimately aggregated into a firm wide exposure value. Dashboards are very popular because they take extremely complex analyses and processes and make them usable by managers. What do you think about when someone says "ERM"? Log in, and weigh in, opinions welcome!

Image

Keywords

ERM, Enterprise Risk Management, Risk Managment

EMEA Core Banking Deals in 2009 show a change in the market

Wed, 30 Jun 2010 08:40:42 +0000

Entry by Trevor LaFleche

Entry

We have just released Part 1 of our annual EMEA core banking deal review for 2009. The results are not surprising, it was not an easy year for vendors to get banks to sign on the doted line. However, what is clear from this year's results is that the EMEA marketplace for traditional core banking systems has changed. The previous trend for more packaged and complete banking systems and capabilities appropriate for tiers 1 and 4 institutions has reversed in favor of a more modular and component-based replacement cycle. It was also great to see that as predicted in our 2008 review, results for 2009 mostly originated from the Middle Eastern banks and in particular be driven by Islamic Banking deals. The tally of deals by region shows 35% of deals coming from the region, both from generic core system vendors and specialist regional players. Now more than ever vendors must tailor their roadmap to cater for two significant trends: Geographic Requirements and Architectural Readiness.

Best Practices: 2009 EMEA Core Banking Deal Part I: The New Dynamic
Rachel Hunt, Trevor LaFleche
June, 2010 - Doc # FIBA04S

Systematic Risk – Recognizing, understanding and mitigating the un-diversifiable

Thu, 17 Jun 2010 14:12:33 +0000

Entry by Dana Wiklund

Entry

This past spring, I surveyed a variety of tier 1 and tier 2 senior risk officers on a number of enterprise risk topics. Some of the most interesting discussions during that survey were around systemic and systematic risk and how senior risk officers are dealing with the impacts of both on their institutions and portfolios. According to our survey, 58% of risk officers are concerned about heightened levels of systematic risk over the next 12 months.

My approach is to define systemic risk as risk to the global banking system. As systemic risk rises, the global banking system develops higher levels of inter-bank risk aversion and lower levels of liquidity as spreads on financial instruments begin to rise. This is what we saw at the height of the financial crisis. I think of systematic risk as the risk that the external global business environment places upon a financial institution. Economic cycles present systematic risk as well as geo-political unrest in various regions around the world. As we sit here in June of 2010, one could say that the oil disaster in the Gulf of Mexico is a systematic risk event for financial institutions that lend to the petroleum industry as well as consumers and businesses in the gulf region. Some forms of systematic risk can be hedged with insurance instruments or business diversification, but for the most part it is very difficult to insulate a business model from systematic risk events. Given these facts, what are some of the issues that risk managers and financial technology providers should be considering when thinking about systematic risk events?

For risk professionals, the most common systematic risk events are swings in macroeconomic business cycles. An example of systematic risk would be a rapid onset of a regional or national economic expansion. Not having the data, systems, people or policies aligned to take advantage of a lending environment able to build new customer relationships, or to expand current relationships through cross or up sell programs, results in lost opportunities. One way to respond to this type of systematic risk is to make an institution’s decision support technologies more flexible. The ability to implement credit policy changes quickly, along with the alignment of data and analytics to evaluate the risk trends of new and existing customers, enables institutions to rapidly fuel a decision process. When the economic tide turns against a business model, having the ability to dynamically analyze collection efforts and develop and evaluate strategies around communicating with customers can raise a bank in a distressed customer's payment pecking order. Many times human capital is the "X" factor in responding to systematic risk events. All the data and analytical systems can be in place, but if an organization cannot effectively move through risk process cycles of knowing its business objectives, identifying the risks to them, putting mitigations in place and then monitoring those risks effectively, it will be treading water in a rip tide. The message is that systems and people are equally important.

Financial and risk technologies available to the industry are not stagnating, but getting better all the time. The advances we see are in the ability to analyze very large datasets in a fast and flexible manner without the need for specialized programming skill-sets on the part of risk analysts. Risk dashboards are also getting better and as financial technologies move into hosted or cloud computing environment, they will become more usable by risk managers. The challenge for financial technology vendors continues to be driving solutions that are faster and more advanced from an analytical perspective, but easier for people at different levels of the organization to utilize. Another advancing science in enterprise risk management are applications that enable institutions to document and measure disparate risks within the organization and their interconnectivity. Understanding how an external systematic risk influences various aspects of the business model enhances the risk toolset.

A majority of risk managers are concerned about those events which are external to their banks and almost impossible to hedge against. However, survey data indicates banks are investing in data, analytics and tools to enable transparency that will allow them to see external risk events and react to them more quickly and efficiently.

[The report containing survey findings is available for purchase here: Best Practices: 2010 Survey of Senior Risk Managers — Technology Implications for Vendors in a New Risk Management Environment, Document # FIN223915, June 2010.]

Read the press release here.

Image

Keywords

risk management, risk,

MasterCard Opens Up Its Payment APIs

Thu, 10 Jun 2010 20:09:33 +0000

Entry by Aaron McPherson

Entry

On May 25, 2010, MasterCard announced that it would be opening up its payments technologies to developers via open APIs (Application Programming Interfaces). This echoes similar initiatives by PayPal and Amazon. Left unclear, however, is exactly what this means. Unlike PayPal, whose X development platform is the most appropriate comparison, MasterCard does not operate its own payment system, instead relying on financial institutions and other third parties (like, ironically, PayPal) to provide the customer-facing components.

However, MasterCard does have a surprisingly large stable of software and services that might be incorporated into other products. For example, its MoneySend person-to-person money transfer system has already been released as an app for the iPhone and iPad, and it is not hard to see how it could be embedded in other apps (not on Apple, though, which maintains strict control over payments on its devices). It has reference data that could be used to find ATMs, track rewards points, and generate fraud scores.

Unfortunately, MasterCard is not saying much at this point, and seems to be pursuing a "build it and they will come" strategy. So we will have to see how much actual activity this generates. One risk is that issuers and acquirers come to see it as a threat to their competitiveness, but post-IPO the banks have less influence over what MasterCard does. However, MasterCard and Visa are locked in a fierce battle for the debit card market, so MasterCard will probably be reluctant to antagonize the banks (perhaps accounting for the lack of details). This may inhibit the opening up of the MasterCard platform so such an extent that it misses the opportunity. Nevertheless, this is another indicator that payments are coming to the cloud, and fast.

Mobile Payments vs. Mobile Banking – An important distinction (2 Comments)

Tue, 11 May 2010 15:03:27 +0000

Entry by Trevor LaFleche

Entry

There is a lot of buzz about all things mobile these days and we all have to thank Apple for igniting the mobile market and bringing a better device to market than what was previously available. The problem with all this media interest is several market nuances get lost in the rush to cover an emerging story. Many people believe mobile banking and mobile payments are the same thing. Fortunately they are not. One is relatively easy and the other more complex. My belief is that one will take the market by storm, the other will remain elusive for years to come.

There is a fundamental difference between mobile banking and mobile payments. Software vendors and banks can ignore this difference at their peril. Taking a moment to look at the differences between these services is very important. As a starter let's define what we mean by mobile banking and mobile payments.

Mobile Banking is use of a wireless device connected to the internet (or secure interbank network) to conduct banking transactions. This can include the use of a regular internet browser to access banking functionality or a dedicated phone application. Functionality included in mobile banking is the checking of account balances and statements as well as initiating defined transactions such as inter-account transfers and push payments. SMS Banking is the use of SMS text based services to conduct standard banking enquiry functions such as balance enquiries, transaction notifications and mini-statements.

Mobile Payment – A mobile payment is a payment that is conducted by presenting a wirelessly provisioned secure token (i.e. NFC enabled mobile phone) to a contactless Point of Sale (POS) terminal. This can either be authorized online or offline depending on the value and market clearing models available. SMS Payment – Instructing a payment of a third party via a SMS message. For simplicity payments service using Unstructured Supplementary Service Data (USSD) are included as SMS payments.

Mobile banking is primarily a channel via which people can access information about their bank accounts. Isn't this why the majority of customers call their bank intraday? While there may be transactions conducted via mobile banking the convenience is primarily about information access. Also the nature of transactions conducted are very different across the globe. No one in Poland needs a remote cheque deposit iPhone app as they have the US.

Mobile Payments on the other hand are an order of magnitude more complex. For a remotely provisioned secure token acquired payment we will be waiting a significant period of time for the retail infrastructure. There will be further development of closed SMS payment networks in developing countries that rely on GSMA technologies that will need to be re-tooled when new classes of mobile devices roll out. This is -- not every mobile device will necessarily have a SIM card.

Mobile banking will success because there is a significant community of banked people that simply need an additional channel to access information. This community might be large enough to help make the additional infrastructure worth paying for. This is a crutial point. Will mobile banking be cost effective as an additional non-revenue generating channel?

In developed countries mobile payments will require significant infrastructure and alignment across multiple industries including banking, handset manufacturers, retailers, telecom operators and a myriad of equipment vendors. The creation of a positive business case across all these actors will be an unlikely event.

Banks and vendors should concentrate on reducing the cost of providing access to account information on a mobile devices in Western Europe. Mobile payments are still the preserve of economies that have underdeveloped retail payment capabilities.

Read the related press release here.

Experian Vision 2010: Of Risk Management Puzzles and Mysteries...

Mon, 10 May 2010 13:54:16 +0000

Entry by Dana Wiklund

Entry

For over 20 years Experian has been hosting an annual conference focused on credit risk issues that financial institutions face with consumer and commercial credit. Experian does an excellent job of staying focused on providing intellectual property that their customers and interested industry professionals can take back and apply in their spheres of influence. This year’s event featured three diverse keynote speakers covering areas of business philosophy, economics and leadership as well as over 80 breakout sessions on risk and business topics. Malcom Gladwell focused on the themes of puzzles and mysteries and the role of information. For me, puzzles and mysteries have a strong correlation to risk management and how we approach data and technology.

As of this blog writing, let us consider some breaking events that carry significant risk implications. Recent events of the Greek Debt Crisis, BP Gulf of Mexico oil “leak”, the Eyjafjallajokull volcano, the freakish NYSE Dow Jones fluctuations and recent mine disasters in the U.S. and Russia.

According to Gladwell a puzzle is an unknown problem that can be solved with incremental amounts of information. In contrast, a mystery is a problem whereby there could be immense amounts of information but the correct connections between data points to answer the problem are elusive. It seems that the most challenging risk events are those which are mysteries. Technology has enabled risk practitioners to amass incredible amounts of data and process that data with quantum leaps in speed. The Greek Debt crisis seems like a puzzle of government deficits and spending, but it becomes more mysterious with the unknown reactions of global markets and regional politics. Oil and coal exploration has become an advanced science with billions of dollars invested in research, infrastructure and risk mitigation, but the behavior of methane gas seems to remain a mystery with catastrophic consequences. Volcanoes being one of nature’s most spectacular mysteries will remain as such and cause us to stand by and marvel whether we like them or not. The recent massive stock market fluctuations are proof that our trading systems have hidden, mysterious systemic risk associated with them. Companies with stable fundamentals can see their equity values decimated in seconds due to algorithmic trading and interconnections between exchanges that are mysterious, not puzzling.

Connecting risk puzzles and mysteries to financial services and technology, I believe that it is important for both end users and technology vendors to ask themselves the following question. In addition to the puzzle that I am analyzing or programming a solution to solve for, what possible mysteries might exist within the context of the problem? An elongated question on credit risk might be what will be the impact of several million gallons of spilled oil on higher energy prices twelve months hence? Further, what is the subsequent financial impact on my customers’ ability to pay? The shorter route to analyzing those questions might be to stress test my originations or account management assumptions on what I think are predictable puzzles, with impacts from an unpredictable mystery. I advocate continuous advancement in the development of methodologies to predict and connect patterns of behavior, we need the methods that stretch our ability to reason and make connections. The realm that is well within our control is to look at our data models pragmatically; one of the keys to attacking risk mysteries is to have very well organized data sources.

And for the record, Eyjafjallajokull is pronounced as “ay-yah-FYAH'-plah-yer-kuh-duhl” according to the Associated Press. Any attempt to roll this off the tip of your tongue carries with it a certain amount of risk!

Image

Keywords

risk management, risk,

Commonwealth Bank of Australia, Bank of America, and Deutsche Bank Alliance (3 Comments)

Wed, 28 Apr 2010 20:19:46 +0000

Entry by Jeanne Capachin

Entry

Bank of America, Commonwealth Bank of Australia, and Deutsche Bank today announced formation of a technology buying alliance which they see as a way to reduce their infrastructure costs and forge ahead into cloud computing. What these banks are really fighting against are the hefty maintenance fees their technology suppliers are assessing. They believe that by joining together, they can force a change in procurement practices and move to more shared or even open source solutions when they make sense.

So far, it has been the voice of Michael Harte, Commonwealth Bank of Australia CIO that has been providing commentary on the initiative, and he’s ready for battle. Clearly, he is frustrated with his IT suppliers, interpreting their slow embrace of innovation and cloud delivery as proof of their dependence on current revenue structures. We at IDC Financial Insights have predicted that the transition away from fixed computing revenues to more flexible pricing will be difficult for some suppliers. Many software providers in the financial services industry have had to start the transition already, as their clients migrate away from installed software to software as a service consumption. We have also observed that financial institutions have notoriously sought out customized solutions to problems that could often have been solved with more off-the-shelf solutions. With the financial crisis and tremendous compression on revenues, banks are now being forced to review their cost structure. Embracing an increased off-the-shelf approach is a necessary prerequisite for these banks and it sounds like, at least in theory, they are ready. For this to really work however, these large banks need to identify those areas where utilities and standard solutions are appropriate. This has been the stumbling block for many initiatives in the past, but we do have evidence that it can work with successful initiatives such as Viewpointe, ATM and card networks, iPSL, and credit scoring.

Now the gauntlet has been laid at the feet of the largest technology providers. According to Harte, "We are not dependent on large software providers and therefore we don't have to pay those terrible fees that... deliver no particular value. We are going to rely much less on packaged software and we are going to be able to buy services in a much more commoditized … manner."

Sounds like fighting words to me.

Cloud, SaaS, PaaS: Transitioning to On-Demand (13 Comments)

Fri, 18 Dec 2009 21:19:34 +0000

Entry by Jeanne Capachin

Entry

We are at the beginning of a sea change in how businesses can consume technology. With software as a service and cloud computing there is much greater flexibility in the way financial institutions can purchase technology.

One of the big advantages is the ability to pay as you go, and theoretically, an ability to switch out technology solutions more easily as they age or business requirements change. This video blog provides some definitions to help clarify the terminology around on demand. And once we all understand the terms, then we can really start a dialog. There are many opinions about whether our industry is ready for cloud - with disagreements right here within the four walls of Financial Insights as a matter of fact. Our thinking is evolving as we talk to bankers and technologists, and we'd love to continue the discussion here in the blogosphere. One of the big open questions is about security issues, and then there's the basic questions about TCO - when is it really cheaper to go in-house rather than continue to rent? Got any more questions, or even answers? Let me know - either here, or get in touch with me directly if you prefer a less public venue.

Keywords

cloud, paas, saas, banking, fintech

File

cloud video blog for publishing.WMV (12.1MB)

Video

Flash Content requires JavaScript to be enabled and the Flash player to be installed.

RIMS 2010 Conference Recap

Wed, 28 Apr 2010 18:53:07 +0000

Entry by Dana Wiklund

Entry

This week, a cacophony of risk management professionals descended on Boston for the annual Risk and Insurance Management Societies (RIMS) annual conference. As global economies begin to dig themselves out from the recession, a recent finding from my survey of senior risk managers shows that 56% of respondents are concerned about increased levels of global systematic risk during the next 12 months. While this survey shows several areas of elevated risk awareness, nearly 5,000 RIMS attendees and over 400 solutions exhibitors are evidence that risk management across disciplines is a prime focus.

The RIMS conference drew a very wide range of risk professionals representing financial services (including insurance), retail, manufacturing, energy, and the public sector. The glue that binds risk management across such diverse entities is the notion that within a business context, it is more important than ever to be able to identify business objectives and threats in order to implement effective controls and monitoring. With urgency around the risk discipline, most sessions were well attended with robust question and answer sessions. With two very different risk events unfolding recently (the mining disaster in West Virginia and the Senate hearings on Goldman Sachs), I found the breakout session on reputation risk particularly applicable. According to a study presented in the session, 65% of a company’s market value can be put at risk due to a reputation risk event.

With so many solution providers present, the connection between technology and enterprise risk management (ERM) was completely visible. We at IDC Financial Insights have espoused that at the core of ERM is attention to data and how information on governance, risk analytics and compliance is stored and usefully aggregated. An array of new technologies was also evident that went beyond just the storing of risk related data, but also enabling data to be aggregated with a purpose of driving risk assessments and decisions. The ability to connect disparate risk assessments within an enterprise and provide a holistic enterprise view is a leading technological capability.

Another RIMS theme echoed by Gary Loveman, CEO of Harrah’s Entertainment in his keynote address, is that knowing your customers and understanding their behaviors through robust analytics accomplishes two things:

The reduction in potential risk events
Being able to drive higher revenue yields

The point of risk management and analytics being a value driver was certainly evident.

From my perspective, the RIMS 2010 conference highlighted that although there are different aspects to risk management in each industry; at its core risk management is a connected science with a common theme of protecting the underlying business models. Next year RIMS 2011 will convene in the post Olympic glow of Vancouver, BC. My recommendation for risk professionals is that it is a worthwhile event where you can gain some valuable insights no matter what your specific risk discipline is. My wish for the RIMS team is that additional value for the conference can be provided by adding dimensions of risk sophistication and business versus quantitative angles to the agenda framework which is fueled by dozens of breakout sessions. This will help attendees navigate and further customize their experiences.

Did you attend RIMS 2010? Let me know your thoughts…

Image

Keywords

risk management, risk,

2010 1Q US Bank Failures Recap: Higher Numbers,Lower Impact

Mon, 12 Apr 2010 17:55:42 +0000

Entry by Marc DeCastro

Entry

The first quarter of 2010 is behind us, and it was a busy month for the FDIC shutting down 41 institutions. This was down from 45 in the last quarter of 2009, and 49 in the third quarter of last year - but almost double the number of failed banks in the first quarter of 2009 The cost of these failures however does appear to be stabilizing as:

This is the fourth quarter in a row the cost ratio has either decreased or stayed the same. The cost ratio is determined simply by taking the cost of the failure to the FDIC and dividing it by the amount of insured deposits. This provides a simple way of determining in the aggregate if the health of the failing institutions is getting better or worse.

The FDIC fund was reported to have a balance of NEGATIVE $20.9 billion dollars as of December 31st, 2009. Additionally, the estimated cost of failures in the first quarter will drain that amount by another $6.4 billion. The FDIC, however, has three years worth of premiums that they received from banks which will be recognized each quarter. This means that even though the FDIC is showing a negative balance, that it does in fact have the funds to handle failures.

Finally, the largest failure in the first quarter was an institution with $3.6 billion in assets. This is a significant drop from the $12 billion - $25 billion failures seen in the previous three quarters.

The concern now is for the large pipeline of troubled institutions, which is over 10% of all remaining banks as of the last quarter of 2009. Will the economic recovery being experienced come soon enough or have they already taken a bite of the poisoned apple? Delinquencies on mortgages continue to rise, foreclosures may be back on the increase, first time home buyers credit is set to expire and more and more people are underwater even though home prices have stabilized or are beginning to appreciate in some metro markets. Will this be a dead cat bounce in home values, an expression used mostly to describe a short rally for a stock before another drop in value? Let's hope not.

What then does this ultimately mean for the financial services industry and those who sell into it? At IDC Financial Insights, we continue to believe that bank failures will slow later in 2010 as the economy continues to recover. In fact, we have heard of some financial institutions actually taking on significant new IT projects and ramping up the hiring of IT personnel that had been let go during the crisis. It may be too early to feel anything more than slightly positive about these trends, but after the darkness of the last 18 months we will take what we can get. Login to the IDC Financial Insights community where you can get a graphic of these data points and also provide your feedback.

Image

Keywords

FDIC BANK FAILURES 2010, FINTECH SPENDING, BANKS, CREDIT UNIONS, TECHNOLOGY PROJECTS

IDC Financial Insights Community > FinTech Industry Perspectives

How Do You Define Enterprise Risk Management? (2 Comments)

Entry

More

Image

Keywords

EMEA Core Banking Deals in 2009 show a change in the market

Entry

More

Systematic Risk – Recognizing, understanding and mitigating the un-diversifiable

Entry

More

Image

Keywords

MasterCard Opens Up Its Payment APIs

Entry

More

Mobile Payments vs. Mobile Banking – An important distinction (2 Comments)

Entry

More

Experian Vision 2010: Of Risk Management Puzzles and Mysteries...

Entry

More

Image

Keywords

Commonwealth Bank of Australia, Bank of America, and Deutsche Bank Alliance (3 Comments)

Entry

More

Cloud, SaaS, PaaS: Transitioning to On-Demand (13 Comments)

Entry

More

Keywords

File

Video

RIMS 2010 Conference Recap

Entry

More

Image

Keywords

2010 1Q US Bank Failures Recap: Higher Numbers,Lower Impact

Entry

Image

Keywords