Expert Opinion

Management of risks: financial establishments must move away from controlling and towards anticipating

  • #Finance
  • #Management & Transformation

Financial establishments must adapt the management of their risks to the current market context and to the new regulatory requirements. More than ever, the effectiveness of the management of risks stands out as a major driver of performance. From now on, reporting systems must integrate a prospective dimension so as to become a tool assisting decision-making and to enable establishments to better anticipate risks and make their business model evolve as a result.


Financial establishments must today make their business model evolve and must adapt the management of their risks to the new regulatory context, such is the response of the national and international regulators to the succession of recent financial (subprimes, liquidity,...) and economic (sovereign debts,...) crises. All establishments have now made significant efforts to bolster their own funds and their liquidity reserves. Nevertheless, the risk-management systems in place do not entirely reflect the level of real risk and, above all, do not allow managers to have at their disposal all of the elements required to allow them to anticipate risk.

Optimise the current perception of risks thanks to on-time, accurate and salient reporting

In this ever more demanding context, the effectiveness of risk management stands out, however, as a major driver of the performance of the establishment, complementing the factors providing profitability.

To move towards this objective, the management of risks must first and foremost meet two challenges : fit in with the overall strategy of the establishment and reflect as truly as possible the risks inherent in the business.

Schematically speaking, establishments determine their appetite for risk on the basis of their strategic objectives, notably by fixing limits and tolerance thresholds (eg. concentration or own funds ratios) to be adhered to in the framework of regular business activities. This results in the establishment of an arsenal of monitoring indicators mesuring the divergence between the risk profile of the establishment and the limits and thresholds set.  Generated on a regular basis and presented in the form of dashboards, risk indicators feed into the reports intended for the management bodies such as the risk committee or the executive committee.

In fact, the reliability of this reporting constitutes a major operational issue. It is frequently observed that the indicators supplied to these bodies do not cover the entirety of the risks across all business activities and geographical zones. Moreover, the reporting systems do not generally ensure a consistent approach as between macro risk indicators (at the level of the establishment) and micro risk indicators, at the level of the portfolios and business activities. Consequently, the monitoring of the establishment's risk profile, viewed as the result of the strategy implemented, remains flawed.


Défine adequate risk indicators

An initial stage in the optimisation of risk management is to put the risk indicators in line with strategy, the difficulty being to ensure coherence between a micro-level vision and a vision which is aggregated for the decision-making bodies.

To this end, the Risk Department must work with the different parties involved (business lines, local entities, commitments committee, ...) in order to define the indicators, their grid and the calculation rules necessary to obtain an accurate and coherent vision of the risks run.

Put in place an effective reporting system

Once the indicators have been defined precisely, the second stage consists of ensuring that they are generated on a regular and reliable basis by putting in place an effective reporting system. Such a system is built on three foundations:

the identification of the source data at the grid level required for the calculation of the risk indicators ;

the managing of the quality of the source data in such a way as to ensure that it is as exhaustive, precise and available as one would wish ;

the feedback of the enhanced data and their centralisation in a dedicated warehouse where the calculations of indicators will be industrialised and stocked.

The data reflect the business of the establishment and constitute an essential asset, the value of which should be drawn out in the form of intelligent information, so as to facilitate decision-making and management. Thus, particular attention must be paid to the quality of the source data, as this dictates the effectiveness of the whole system. Experience shows that making local business units responsible for monitoring the quality of the data supplied is a good way to make the data progressively more reliable over time : it is by correcting the erroneous data in the local management systems that one avoids them spreading and errors being repeated.

For all that, the data must undergo fresh checks at the central level before they are able to be used in the calculation of the indicators. Moreover, the management of data rejections and anomalies must follow local / central organisational processes which are precisely defined and which lead to data governance rules being put in place.

In order to improve the reliability of the indicators, it is also essential that the source data used be consistent with accounting data. To achieve this objective, the establishments must define data collection processes which incorporate at least two levels of checking and of adjustment.

The first level of checking relies on the numerical data being recovered jointly with the accounting interface, this being an auditing approach which does not yet begin to draw a distinction between accounting flows and risk flows. These data are then enriched by data of a non-accounting nature, so as to obtain the entirety of the data necessary for risk reporting. A process to reconcile the general accounting data with the risk data rounds off the monitoring system by enabling the discrepancies to be calculated, visualised and corrected on the defined grid.

In terms of the technology, the heart of the reporting system is made up of a datawarehouse (and associated datamarts), the structure of which must be such as to allow the data to be aggregated, the indicators to be produced and the risks to be analysed from a multi-axis viewpoint. For example, it must be possible to examine receivables according to category of clientèle, economic sector, class of credit rating, product type etc.

The reporting of this data utilises two main types of complementary tools with different uses : decision-making platforms, with which financial establishments are generally equipped, and dynamic, discovery and self-service tools.

The decision-making platforms most often serve to generate the periodic, standardised reporting intended for the different committees or for the regulators. At that stage, the reporting process must be defined precisely and must determine how the different tasks (eg. preparation of tables, drafting of analyses, ...) link together and follow on from eachother, so as to be apt to ensure a reliable output and dissemination of reporting within the required timeframes and to avoid the proliferation of redundant reporting. It is also essential to define clearly the roles and responsibilities of each person involved (eg. administrator, individual responsible for preparing the reporting, person in charge of validating and analysing it, ...).

The discovery and self-service tools, which are more flexible and reactive, enable one to analyse data on the fly, for example, so as to understand how a specific indicator changes over a given period and within a given parameter. They can be made directly available to middle-management, notably in order to manage urgent or crisis situations, provide ad hoc analyses,... Being very flexible, they allow business-line users to take ownership of the data and to undertake the complementary analyses they require.

Incorporate a prospective dimension into risk reporting so as to enhance predictive capabilities

Making the reporting system more effective constitutes the foundation on which establishments can build so as to take the optimisation of risk management further forward. At that stage of the process it is all about incorporating a prospective dimension into reporting, by acquiring the simulation capabilities necessary to anticipate future changes in the risk profile.

Establishments have recourse to two main types of simulation : ad hoc sensitivity studies and resistance tests, or stress tests.

Sensitivity studies are "what-if"-type simulations concerning one or more portfolios and relating to specific risks. They typically involve accentuating a risk factor so as to see how a portfolio of transactions reacts. On a bond portfolio, one observes, for example, how changes in interest rates impact upon the value of the portfolio. One thereby assesses the potential losses that can be brought about by a sharp or persistent change in rates. By way of another example, on a portfolio of receivables, one can simulate an increase in the probabilities of defaults and the impact on provisions.

Stress tests, which are more complicated to perform, rely on economic scenarios which combine several shock  factors. They can relate to one area of activity or to the entire business of the establishment, as is the case for the regulatory stress tests imposed by the different regulators (eg. the EBA - European Banking Authority). By way of illustration, a scenario predicting a drop in GDP in the OECD countries must be interpreted country by country (identifying the impact on household income, the unemployment rate, etc.), then applied to the establishment's different risk factors.

The main objectives behind sensitivity studies and stress tests are to set, or test, exposure limits and thresholds and possibly to change them, to revise liquidity management policies or policies regarding the adequacy of capital in relation to risk profile, to re-assess the appetite for risk, to respond to questions from management (for example, faced with a crisis) or to challenge business development strategies, meet regulatory requirements, etc.

Create a simulation environment devised for decision-making

Defining scenarios, translating them into risk factors, simulating those risks for different portfolios and calculating the corresponding indicators (provisions, economic losses on a portfolio of market transactions...) is a complex task. Thus, an establishment which has previously optimised its risk reporting system - by putting in place a central datawarehouse with quality data covering the entirety of its business activities at the appropriate grid level and possessing the capacity to aggregate data on a multi-axis basis and to generate indicators - will have the advantage of being able to use this base of real data for the stress tests and the entirety of its simulations.

To complete its simulation system, the financial establishment will have to construct a centralised base of scenarios, fed, on the one hand, by market data, scenarios broken down by business activity (credit, markets, liquidity...) in conjunction with what the risk managers of the business units already do, and, on the other hand, hypotheses about the business of the establishment (profitability forecast portfolio by portfolio, ratio of own funds, target credit ratings...) defined in conjunction with Management Controlling's forecasts and objectives. The results of the translation of the scenarios into impacts on risk factors will also be stored in this base, as well as the accentuated risk parameters.  

By drawing upon these two databases, the central datawarehouse and the scenarios base, the establishment will be able to calculate a simulated version of the risk indicators and integrate them more easily into the periodic risk reporting. The fact that the establishment uses the same source data, the same calculation formulae but with the accentuated parameters from the scenarios base thereby allows it to obtain a prospective vision which is consistent with the real vision, and the possibility of comparing the real figures and the simulated figures immediately, in order to take decisions.

Anticipate changes in the business model

By making it possible to identify, quantify and correlate risks which, up until now, were treated in silos, an optimised management system provides top management with the means to better assess the current risk profile of the establishment and an ability to anticipate difficulties. It thereby becomes possible to adapt the business model, but no longer in reaction to the past, rather in light of anticipated risks, this being an undeniable factor contributing to strategic agility.

It's now that this is at stake

Despite the current uncertainties regarding the modes of remuneration for these different products and services, it is essential that asset managers undertake as of now the adaptations and investments required by Solvency II. If they do not do so, they risk losing a share of the institutional investor market which, for some of them, represents a very significant part of their business. 
Setting the right scale for the investments to be undertaken in the months and years to come, in terms of technologies and skills, fundamentally depends on the dialogue that they will be capable of establishing with their main insurer clients in order to take stock of their expectations precisely. By undertaking this thought process as of now in a collaborative mode, asset managers have the unique opportunity of packaging a high-value-added product and service offering which will satisfy their existing clients and reinforce their ability to develop.

About the authors

 Philippe Deniau, Partner at Keyrus Management and in charge of the Banking / Insurance sector, has more than 20 years' operational or consulting experience in the finance sector. In addition, he coordinates the development of services offerings and of skills in the field of risk management, control and conformity. Philippe Deniau works with the major Banking or Insurance players in steering, or providing expertise in relation to, projects to transform or improve operational performance. Philippe Deniau is a graduate of the ESTP engineering school and of the ESSEC school and holds a chartered accounting qualification.

 Axel Maraut, Manager at Keyrus Management, has more than 8 years' experience in the banking sector. He began his career as a consultant within the Risk Advisory department of Deloitte, and then joined the Group Risks Department of BNP Paribas as a Credit and Rating Policies Analyst, then as a Strategic Risk Senior Analyst.  At Keyrus Management, he now works on consulting assignments relating to the organisation / management of projects, as well as on studies in the field of credit risk.