Operational Risk Management Systems for Financial Services 2014
According to an OCC review of examined bank risk, operational risk has overtaken credit risk as the most important risk type, and the LIBOR scandal, product mis-selling, fraud in ETF and securities financing markets in Europe have brought it to the forefront. With further neighboring disciplines being incorporated into and extending on from operational risk management, it occupies a position at the core of the modern risk function.
Chartis has noted a number of trends in the demand side, which are listed below:
Preparing for future crises: The definition of a safe financial institution has changed - it is not one which takes no risks or is risk-compliant, but one which is organizationally and technologically able to withstand the crises of the future.
Observation bias: The low-frequency, high-severity events cannot be accounted for by traditional operational risk systems, yet firms continue to believe that their risk metrics are effectively managing operational risk. The observational bias of measuring risk in a simplistic manner, and then assuming that these simplistic views of risk are accurate, is one of the biggest dangers facing the financial services sector.
The shortcoming of compliance-based operational risk: There is a growing divergence between riskmanagement and compliance - regulation is backwards-looking, and will be unable to capture the risk events of the future.
No respite from regulation: The regulatory cost of operational risk continues to increase in both direct and indirect ways. The costs of databases and data models and non-compliance are coupled with the transformation of market and counterparty risks into operational risk.
Allocation and optimization: It is critical to optimize the risk taken in the context of the risk appetite of shareholders. Operational risk is becoming a trigger for firms to exit or modify their business portfolios.
The future of operational risk: The market leaders in operational risk will be those looking ten years or more into the future. The scope of operational risk will widen and come to primacy as the most important risk discipline, incorporating and closely linking with other risk disciplines such as conduct risk, model risk, and reputational risk, and new systems focused on discovery and “unknown unknowns” within data sets will detect the black swan risks just around the corner.
Within the supply side of operational risk management systems, Chartis has observed the following trends:
The range of solutions and functionalities offered by vendors can make it difficult for buyers to decide which solution best suits their operational risk needs. Consolidation of vendors, increasing requirements and demands from buyers, and continued innovation has altered the operational risk technology landscape.
Operational risk systems are increasingly including cyber-security. With the increased connectivity of modern banking, including cloud-based and mobile solutions, the potential cost of cyber-security failures has increased dramatically and is swiftly becoming a priority.
Consolidation of systems: Although some firms are utilizing separate systems for operational risk requirements, cost and complexity pressures are driving them to consolidate into enterprise operational risk platforms.
Linkage of systems: As an extension of the above trend, neighboring disciplines are being incorporated into operational risk such as audit, compliance, and financial crime. These in turn are leading to the incorporation of advanced analytics from these systems.
Advanced analytics: Traditional operational risk models have focused on over-fitting and data adequacy. New research methodology is focusing on a variety of analytical methodologies, such as factor based models, fuzzy logic systems, and concept maps.
Quantification: The sensitivity of loss distribution fitting processes, together with paucity of data, have led to new quantification methods, including graph and network-based models, phylogenetic comparison methods, and
varied network topology.
Model granularity: Models are becoming increasingly granular, and moving lower in the business lines. Methods of model design are being explored to make numbers more meaningful to specific business lines.
Continuous data: The interlinked and ad-hoc nature of events has led to the creation of more continuous data and event models, including near misses and focused KRIs.
Loss data collection: A broad set of internal, external and industry standard data is driving the creation of loss data collection processes, which can condition future expected losses and risk mitigation controls.
Separation of systems, architecture and content: As every element of an operational risk framework is increasingly representable as data, the move is towards production of elements such as KRIs as standardized data sets. Vendors are increasingly enabling the delivery of business focused data and rules in clear packages.
This report uses Chartis’s RiskTech Quadrant® to explain the structure of the market. The RiskTech Quadrant® uses a comprehensive methodology of in-depth independent research and a clear scoring system to explain which technology solutions meet an organization’s needs. The RiskTech Quadrant® does not simply describe one technology solution as the best operational risk solution; it has a sophisticated ranking methodology to explain which solutions would be best for specific buyers.
This report covers the leading vendors offering operational risk solutions for financial institutions, including Chase Cooper, Empowered Systems, IBM, MEGA, MetricStream, NASDAQ BWise, Oracle, Optial, Prometeia, Protiviti, SAP, SAS, Thomson Reuters, Wolters Kluwer, and Wynyard.