Supported by

Is risk becoming too complex to manage?Examining the risk management challenges facing Japanese financial institutionsA summary of the July 2nd Hitachi Consulting Risk Management Forum July 2014

Risk management is becoming more demanding for all financial institutions. On top of this, being a Japanese financial services provider, doing business in the UK brings another set of challenges. The July Rick Management Forum, sponsored and hosted by Hitachi Consulting, and supported by Hitachi Europe and Oracle examined the latest thinking in risk management as well as the unique challenges facing Japanese businesses in the UK.

The Forum was held on 2nd July 2014 in a chic and tranquil private studio in the Andaz Hotel, adjacent to Liverpool Street station in central London. It was the first event of its kind to exclusively focus on Japanese financial institutions in UK – and attracted more than 40 people representing over 20 Japanese companies.

The event’s expert speakers included:

■■ Isabel Viegas, Director - Financial Services EMEA, Hitachi Consulting,

■■ Paul Newman-Horne, Vice President – Strategic Development and Regulatory Reporting, Barclays Bank

■■ Stephen Skrobala, Senior Director – Financial Services EMEA, Oracle

Following the presentations guests were able to enjoy some delicious traditional Japanese dishes prepared by the Miyako restaurant and a Sake Tasting experience hosted by Ms Natsuki Kikuya from the Museum of Sake.

Regulatory landscape continues to become even more complex

The new era of risk management and regulatory reporting Isabel Viegas, Director Financial Services EMEA, Hitachi Consulting

The credit crisis undoubtedly rocked the UK economy and has left a legacy of volatility and uncertainty in the financial markets and the wider business community. In an attempt to stabilize the situation and prevent it from happening again, the regulatory landscape continues to become ever more complex, stringent – and intrusive. Risk management simply cannot be ignored and is now a central board-level issue in every financial organization.

So what are the key risk management challenges for businesses operating in the UK?

■■ The speed of regulatory change New legislation and regulatory requirements are arriving at a pace that makes them difficult to manage. Major changes are occurring simultaneously in Liquidity, Supervision, Capital, Governance and Conduct. This is putting a lot of pressure on companies, mainly in the areas of Regulatory Affairs, Senior Management, IT and Infrastructure and other key functions, like Risk, Finance and Treasury.

■■ Changes in operating model Businesses are being driven to make organizational changes to cope with the demands of multiple local and international regulators. Assets are being split, with a significant focus on separating Retail and Investment banking activities, with the clear goal of reducing the size of the balance sheet to avoid institutions “too big to fail”. New Capital requirements and new Liquidity Ratios are re-shaping key areas, such as strategy, products development and pricing. These changes create new challenges for the Financial Institutions:

■– Which businesses should be divested?

■– How to return to acceptable levels of RoE?

■– How to make these results consistent?

These are the questions that all the Financial Institutions are trying to answer on a daily basis as risk management will be the center piece while running a Financial services business.

■■ Reporting requirements have increased exponentially in line with new regulatory requirements. Risk Units require timely and comprehensive data and it is essential that they have the ability to query and do ad-hoc analysis. It is the time to see the regulatory requirements not only as a mandatory request that Financial Institutions must comply with, but as an opportunity to embed these on the day-to-day management and take advantage of all the information and data available.

The revolution in risk management is here to stay. The Financial Institutions that can successfully cope with all of these challenges will be the ones that are agile and can quickly adapt to any new requirements. And that means having good quality data built on a comprehensive and flexible data platform, so that it is auditable and accessible and capable of feeding analytics, control and reporting, but still gives you the “big picture” to help drive business strategy and enable increased competitiveness.

“Over the last couple of years, risk managers have been spending up to 70% of their time on regulations.”

UK subsidiary of a Japanese Bank

Evolution of profitability in Banks Data framework

Recent example of regulatory demands

(data source: ECB Consolidated Banking data 2013)

The challenges of compliance with different regulatory demands Paul Newman-Horne, Vice President – Strategic Development and Regulatory Reporting, Barclays Bank

The onslaught of regulatory change is never ending – the number of applicable laws and regulations is in the tens of thousands. And things will only get worse. Especially as regulators now perform regular stress-test activities and are also demanding propriety, transparency, better risk management and, perhaps most important of all, accountable governance.

So it is clear that the situation for many compliance functions is extremely serious. More DATA is required, more standardized and detailed CALCULATIONS are needed, more REPORTS will be generated and electronic SUBMISSIONS via XBRL will be required. Reporting is also becoming more granular, there is more emphasis on benchmarking and industry initiatives such as the EDTF (Enhanced Disclosure Task Force) are aimed at creating a more standardized way of reporting.

At the heart of all of this lies the need for high-quality data. For example, in Barclays’ recent COREP submission there were 29,000 data points identified. So unless your data is accurate you simply cannot be sure that the proper controls are being applied to the right pieces of data to comply with the appropriate regulations. Poor data could also result in PRA Section 166 reviews being required – with an estimated cost to the firm of up to £1 million or more.

Building constraints into the database can improve overall data quality, as well as defining referential integrity in the database. Data profiling technology can also be deployed to discover the quality and characteristics of information, and dramatically reduce the time and resources required to find problematic data. However, good data governance is about more than just regulatory compliance. If managed correctly, taking into account processes, policies, reports and organizational structure, it can bring other benefits, such as greater efficiency, visibility, cost savings and a wealth of customer insights that can drive improved service delivery and competitiveness.

Creating a robust yet adaptable data management structure is essential for the effective data governance and consolidation needed to ensure regulatory compliance. But it is also vital that you have “Golden Sources” of information – or a “Single Source of Truth” (SSOT).

A good Enterprise Data Management (EDM) model allows you to collect, standardize, consolidate and manage information about securities, products, customers, transactions, and other operations, so it can be used by different business applications. Of course, the reality is that many organizations have multiple information systems, each of which needs access to data relating to the same entities e.g. customers, so other technologies are commonly used to create a SSOT.

However, it’s not just about having a strong, state of the art data structure. You will also need to ensure that there is a general business appreciation of the need for data quality, effective and transparent business processes, and senior management accountability for data quality and governance.

“Regulators have no intention of trying to make it easy for us to understand how various regulations relate to one another.”

UK subsidiary of a Japanese Bank

The need for high-quality data

The business benefits of a comprehensive risk architecture Stephen Skrobala, Senior Director – Financial Services EMEA, Oracle

When it comes to creating a risk management architecture one of the most important things is how you bring risk together, so that it’s managed institutionally rather than discretely, with pockets of risk across the organization. There are many different types of risk. For example, risk for trading transactions is different to credit risk, market risk, and interest rate risk. Some will build up over time, while others are more immediate. You can never fully eliminate those risks, but if you understand them you can mitigate them.

Ideally banks would have a “dashboard” to monitor all types of risks. While that is a nirvana state, it’s a model and a vision that you can work towards. You can have different risk models and different measurements of risk, and you can try to put those into an architecture that builds up to create a way that enables you to look at the overall structure of risk from an enterprise-wide perspective

A key area is data quality. When BASEL II came out many banks invested in very sophisticated risk management systems, but they never made the investment in data quality, so they were only able to get to the wrong answer quicker! For effective risk management you need to break the data down, so each transaction has its own specific information and values associated with it.

If you don’t get it right at the start and create a “Single Source of Truth” then you end up reconciling data and that’s much more time-consuming, costly and resource intensive. You also need ways of aggregating and checking all of your data, so that you can do proper reporting on it for any requirements. This isn’t a strictly technology process – there are other business rules needed to validate the quality of the data. So you have to take into account certain risk management parameters, such as credit, market, liquidity, operational and model risk, and also factor in the need for regulatory compliance, so there may be additional information that needs to be captured that goes beyond pure risk management.

Using the capture (staging), enhance (processing) and reassemble (reporting) approach will enable you to use data in various ways for different audiences, such COREP and FINREP reporting or statutory reporting locally or back to the parent company. You should also be able to take those reports and drill down into the appropriate levels, so that management can share that information with the relevant business units. Because it’ s only when that information can be acted upon that it becomes useful. In other words you need to be able to intelligently identify the problem, understand it and put in place the corrective action.

“The key is to achieve the right balance between covering a wider set of risks and getting the right amount of detail… to make sure nothing slips between the gaps and also that enough depth is understood at a senior level.”

UK subsidiary of a Japanese Bank

Reassemble (report)

Capture (stage)

Single Source of Truth

Enhance (process)

Dashboard

Data Repositories

Credit RatingSystems

Quality check

Operational Systems

Reconciliation

Market Data Sources

Adjustment

GeneralLedger

Risk Modeling

Regulatory Reporting

Risk & Performance Measurement

Dynamic Analytics

Advanced Risk Solutions

Internal business Regulatory agencies Market

Reporting Architecture

Data Architecture

Risk Architecture

The unique challenges facing Japanese financial institutions Shinji Kamata, Senior Manager, Hitachi Consulting

The risk management challenges for financial organizations are substantial and constantly shifting. For Japanese businesses operating in the UK the challenge is even more extreme. Not only are UK regulations the most stringent in the world, and far more demanding than what parent companies are normally used to, but the UK subsidiaries also face significant operational, cultural and management issues.

On the operational side of things, the legal structure has a significant effect, because being classified as a Subsidiary or Branch does affect exactly how much you are governed by local regulations. The degree of dependence on HQ systems can also determine how much autonomy you have to act or whether you are directly governed from Japan, as you may not even have sufficient data granularity to operate effectively.

If the business was acquired, rather than set-up directly by the parent company then the people, processes and systems that were inherited will tend to give you more autonomy, but this may also lead to incompatibilities that cause problems reporting back and ensuring compliance to regulations.

It is also important to understand exactly what the role and expectations of the HQ are. Do they want to have a strong input into the governance of the business? Or is there much scope to interpret and apply HQ policy locally? The nature of the UK business will probably also dictate what risks the operation need to manage, based on the types of customer e.g. whether they are retail or corporate, local or Japanese, the types of products e.g. derivatives or project finance, and also where the deals are booked e.g. locally or in Japan, and whether you need to worry about possible system errors.

Culturally there are some important considerations. In particular, expectations on what is “good enough” may vary, which can create internal conflict. While regulations in Japan are not as stringent as the UK, any non–compliance is perceived as having a heavy reputational risk, so the parent company may exert pressure to strive for perfection, but this obviously entails a cost that the UK operation may not be prepared to pay. It’s also worth noting that the remuneration systems in each country will drive different behaviors, so western traders have a different risk appetite to those in Japan.

Finally, there is likely to be a need to conduct dual reporting for regulatory compliance. So as well as meeting the needs of local authorities, the UK business will have to provide what the HQ needs to satisfy the Japanese financial authorities e.g. stress testing in Japan may require different data sets to the UK.

In all of these areas effective governance of data is crucial, because whether the UK business operates autonomously or if more closely governed at a global level by the HQ, the same data pool will be used to meet the requirements of both parts of the organization.

However, because the UK is operating under the most stringent regulatory conditions, the good news is that this also means that there is an opportunity to set the best practice standard within the organization. So the UK operation can become the “knowledge centre” for regulatory compliance within the group – and can help create a real competitive advantage for the entire business.

“Risk management is no longer seen as an extension of internal audit, but as an educational role within the organization to establish competitive advantage for the business”

Bridging Japanese business with the UK market

Summary Hitachi Consulting’s Risk Management forum examined the key risk management challenges relating to financial regulatory reporting in the UK. The discussion was brought to life when the audience were able to hear about the practical challenges faced by Barclays and its approach to meeting the company’s reporting requirements. This highlighted that the key factor in overcoming many challenges of risk management is the quality of data, in terms of its architecture, accuracy and granularity.

However, while most companies can realize immediate benefits by putting in place the right data architecture, having the right ethos for risk management is also very important – and can be the driver for overall business improvement and growth. Each business needs to be clear about the scope of the different risks it aims to cover and how proactive and holistic it wants to be in the way it manages risk.

Of course, the question then is how should Japanese financial institutions in the UK go about achieving their vision of risk management, given the unique set of challenges they must address, which go above and beyond those faced by western institutions?

As a global Japanese company, Hitachi is very familiar with challenges of achieving results in a local market, especially in the face of rigorous European regulations, while also satisfying the needs of the parent company. Hitachi Consulting also has considerable expertise and capabilities in the management of risk and can provide help in the areas of regularity reporting process and applications, system architecture and data modeling, system and data security and the use of Big Data.

Finally, from the perspective of wider spectrum of risk management, the forum did not cover topics related to operational risks, including systems risks and emerging risks. Hitachi Consulting will provide further insights into these and other areas in future Forum events.

To discover how we can assist your organization or to receive information about forthcoming events please contact financialservicesEMEA@hitachiconsulting.com

Hitachi Consulting is the global management consulting and IT services business of Hitachi Ltd., a global technology leader and a catalyst of sustainable societal change. In that same spirit - and building on its technology heritage - Hitachi Consulting is a catalyst of positive business change, propelling companies ahead by enabling superior operational performance. Working within their existing processes and focusing on targeted functional challenges, we help our clients respond to dynamic global change with insight and agility. Our unique approach delivers measurable, sustainable business results and a better consulting experience.

www.hitachiconsulting.com