bank risk manager wp
TRANSCRIPT
-
8/8/2019 Bank Risk Manager WP
1/48
Th e Bo st o n Co n su l t in g Gr o u p
Resu lts o f a Global BCG Stu d y
From Risk Takerto Risk Man ager
Ten Principles for Establishing
a Compreh en sive Risk Managemen t
System for Banks
January 2001
-
8/8/2019 Bank Risk Manager WP
2/48
-
8/8/2019 Bank Risk Manager WP
3/48
Table of Contents
Foreword 3
Summary 5
From risk taker to risk manager: General issues 7
Principle 1: Risk management must become a central element in a
banks overall management system 12
Principle 2: Risk management must be firmly established at
all levels of the organization 14
Principle 3: Value-at-risk concepts should become the norm 15
Principle 4: An active portfolio management system should be
implemented for credit risks 19
Principle 5: Banks must move from measuring to managing
market risks 24
Principle 6: Operational risks should first be approached pragmatically 27
Principle 7: All types of risk should be aggregated 32
Principle 8: A banks management system should be
based on economic capital 35
Principle 9: Employees must nurture a risk-return culture 37
Principle 10: The concept in itself is nothing: It is the application
that creates competitive advantage 39
Notes on the study 42
1The Bost on Consul t ing Gr oup
-
8/8/2019 Bank Risk Manager WP
4/48
-
8/8/2019 Bank Risk Manager WP
5/48
Foreword
The banking industry has had a rude awakening. Cases like Barings, Schneider,
and Metallgesellschaft have shown the banking world it needs to treat lending,
and risk in general, far more carefully. Bank managers have long been aware of
the importance of having a comprehensive risk management system in place
much work is being don e to d evelop new structures and procedures. But n ot on ly
the highly publicized cases have made a deep impression on management: high
insolvency rates, an increasingly competitive environment, stricter supervisory
guidelines, and the emergence of the Internet also threaten the banking estab-
lishment.
In spite of challenging conditions and th e evident need for chan ge, many banks
are still hesitating to put a comprehensive risk management system into practice.
Particularly in the area of risk management, there is a notable lack of clear con-
cepts and well-articulated strategies. Risk management can no longer be consid-
ered in isolation. Together with portfolio managemen t, it is an integral part of the
bank managemen t system. It permeates all steps of the value chain. And above all,
it is a factor essen tial for sustainable, successful shareholder value m anagem ent.
The Boston Consulting Group has long recognized th e impor tance of a compre-
hensive risk management system. On the strength of many years of consulting on
intern ational projects, BCG wants to help promote the developmen t of risk man-
agement. The BCG concepts described here can help guide banks on the path
from "risk taker" to "risk manager" and thereby provide one of the main ingredi-
ents for success in the banking business of the twenty-first century.
We h ave formu lated ten principles that ou tline one possible path to a consistent
and efficient risk management system. It is a path strewn with obstacles and one
that demands endurance, but it also leads directly to the goal. Although other
strategies may be equally successful, our ideas have been tested extensively in the
real world. In ou r study, which included some 60 leading banks and r isk manage-
ment software vendor s, we analyzed the state-of-the-art o f risk man agemen t in the
banking industry.
3The Bost on Consul t ing Gr oup
-
8/8/2019 Bank Risk Manager WP
6/48
Ou r special than ks go to all participants in the study, who have given freely of
their expertise and time. We would also like to thank the BCG risk management
pr oject team , namely, Susanne Chakr avarty, Carsten Gerh ard t, Sebastian
Hofmeister, Christian Rosen, and the project leader, Franz J. Herrlein.
We h ope that what follows piques your interest, and we wish you every success with
your risk management plan!
Thomas Gro Claus Michalk Andrew Cainey
Vice President Vice President Vice President
4 The Bost on Consul t ing Gr oup
-
8/8/2019 Bank Risk Manager WP
7/48
Summary
Banks must become risk managers if they are to survive in this highly competi-
tive industry. This requires developing a consistent and comprehensive risk
management system. BCG has formulated ten principles for achieving this goal.
Principle 1: Risk management must become a central element in a bank's
overall managem ent system
Principle 2: Risk management must be firmly established at all levels of the
organization
Principle 3: Value-at-risk concepts should become the n orm
Principle 4: An active portfolio management system should be implemented
for cred it risks
Principle 5: Banks must move from measuring to managing market risks
Principle 6: Operational risks should first be approached p ragmatically
Principle 7: All types of risk should be aggregated
Principle 8: A banks management system should be based on economic
capital
Principle 9: Employees must nurture a risk-return culture
Principle 10: The concept in itself is noth ing: It is the application that creates
competitive advantage
BCG under took a global study to show the exten t to which banks have developed
risk management systems. The result was disheartening! Barely 5 percent of the
banks surveyed can be classified as risk managers, whereas a good two thirds still
see themselves as risk takers. The remainder, about 30 percent of the institutions
inter viewed, are cur ren tly tran sforming th emselves.
5The Bost on Consul t ing Gr oup
-
8/8/2019 Bank Risk Manager WP
8/48
Banks that succeed in identifying and eliminating areas of weakness from their
organ izations can lay the foun dation for a successful risk managemen t system and
thus for an holistic, value-based bank management system. This in turn opens up
the path to sustainable improvemen t in shareholder value.
What main conclusions can be drawn from our study?
First, technical development will not be the determining or even sole success
factor in the future. Much more important than a bank's ability to implement
mathematical models is its ability to handle risk. Risk needs to be understood
strategically and controlled organ izationally. A rapidly chan ging and competitive
environment has encouraged banks to focus on selected business segments, and
the resulting loss of opportunities for risk diversification has contributed to thegrowing impor tance of risk management.
The adjustments to processes and systemsoutlined in our studythat are need-
ed to realize a risk-based man agemen t ph ilosophy, however, are n ot en ough. The
real change has to occur in the attitudes and minds of the employees. They must
be brought to understand that managing risk is crucial for success. This change
cannot be brought about th rough appeals and requests alone. Intensive training,
clearly defined structures and responsibilities, and a commitment to change are
equally important.
In conclusion, this change will become no less urgent in the next few years. The
banks that begin th e (unavoidable) restructur ing early and recognize the impor -
tance of a comprehensive risk management system will be in the best position to
respond to future demand s.
6 The Bost on Consul t ing Gr oup
-
8/8/2019 Bank Risk Manager WP
9/48
From risk taker to r isk man ager:
General issues
The competitive landscape in th e banking industry is changing rapidly. The con-
cept of the "universal bank" is being abandoned in favor of a growing ten den cy to
focus on selected business sectors and product segments.
This paradigm shift is being driven by technological developm ents, changing cus-
tomer behavior, and th e increasing significance of the capital markets as a sour ce
of financing for companies.
The trend away from traditional, longer-term lending and toward off-balance-
sheet business is accelerating. Understanding and structuring risk is becoming
ever more important, and active portfolio management is replacing the tradi-
tional buy-and-hold approach.
The bank's internal ability to actively handle risk is quickly growing in impor-
tance. New target measurements are being introduced for risk management:
strategies are increasingly influenced by a risk-return-oriented op timization of the
por tfolio and the allocation of economic capital.
Simply meeting regulatory requirements is not enough
Over the last few years, two factors have shaped the discussion surrounding risk
management: competitive requirements and supervisory regulations. In the
future, banks will and indeed must concentrate more than ever before on com-
petitive challenges. Focusing on regulations alone may not necessarily lead to suc-
cess because these regulations cannot keep pace with fast-changing competitive
conditions. And regulations represent only the minimum standards to be met.
Our study identified clear regional differences. In North America and Australia,
banks are concentrating on risk management primarily to enhance their com-
petitive positions. In Europe, in Asia, and par ticularly in South America, however,
7The Bost on Consul t ing Gr oup
-
8/8/2019 Bank Risk Manager WP
10/48
risk management is considered primarily from the perspective of regulatory
requirements.
As a result, the effects of the proposals drawn up by the Basel Committee on
Banking Super vision on the topic "A New Capital Adequacy Framework" are clear-
ly assessed in different ways by the banks surveyed:
s The hot topic in Europe, and in Germany in particular, of whether and how
to accept internal ratings and th e associated regulator y capital backing is no t
an issue for the North American banks questioned. This problem appears
almost negligible to them because they have a broader base of externally
rated companies. Moreover, North American banks have already begun trad-ing debt from the segment of small and medium-sized companies as well as
from re tail customers. There are also a significant nu mber of customers in
the portfolios of American banks, however, that are not rated by external
agencies. This is likely to cause problems similar to th ose experienced in th e
rest of the world.
8 The Bost on Consul t ing Gr oup
Assessment of main risk management drivers by the banks surveyed
40%
60%
Competition
Regulators
The main driver ofrisk management is
North America
Competition Regulators
South America -
-
-
Europe
Asia
Australia
( ) ( )
( ) ( )
Source: BCG study
Global Regional
Competitive pressure as the main driver in North America
and Australia
Exhibit 1
-
8/8/2019 Bank Risk Manager WP
11/48
s Within Europe, Scandinavian and British banks indicated they were least
affected by the innovations in Basel. And South American banks seem almost
unaware of a problem.
Exhibit 1 assesses the relative importance of regulatory requirements and com-
petitive pressures.
In conclusion, risk management concepts differ significantly from region to
region . The leaders are mainly institutions from th e Un ited States. However, non-
U.S. banks are making the greatest efforts and are simultaneously continuing to
improve th eir databases, so Europeans, in par ticular, should be able to red uce the
disparity somewhat over the n ext few years. Even today some European banks arecounted among the leaders in risk management.
Accordingly, banks should not restrict cur ren t d iscussion to simply fulfilling reg-
ulatory requirements. Rather, they should focus on building competitive advan-
tage through risk management.
Significance of the different types of risk for banks
Individual types of risk must be considered separately to derive concrete recom-
mendations for dealing with them. In our study we wanted to find out what sig-
nificance credit, market, and operational risk have for the banks we interviewed.
The conclusion: credit risk is and will continue to be the most important risk cat-
egory in th e future, but oper ational risks will gain in importance. The results sup -
por t th is conclusion:
s More than 50 percent of banks surveyed described credit risk as the most
important risk category (see exh ibit 2) .
s More than 30 percent of banks ranked credit, market, and operational risks
as equally important.
9The Bost on Consul t ing Gr oup
-
8/8/2019 Bank Risk Manager WP
12/48
s Approximately 5 per cent of participan ts in the study identified operational
risk as the most important type.
s Fewer than 5 percent of banks sur veyed described market risk as the decisive
risk factor.
s About 10 percent of banks sur veyed do no t consider credit, market, or oper-
ational risk most important. For them, general investment risk (such as late
entry into e-commerce) is the most significant.
Those sur veyed feel that th e man agement ofoperational risk will play an increas-
ingly important role. Managing this type of risk in particular presents the institu-tions with a special challenge.
General investment risksaccord ing to the banksshould be tackled within th e
overall bank strategy. For example, they should be considered separately within
the con text of investmen t decisions. These risks will there fore n ot be analyzed fur-
ther in th is study.
10 The Bost on Consul t ing Gr oup
"Which type of risk is most important for your bank?"
Credit risk
Generalinvestment risks
All types areequally important
Marketrisk
Operational risk
5%3%
10%
30%
Source: BCG study
52%
Credit risk by far the most important risk category for banks
Exhibit 2
-
8/8/2019 Bank Risk Manager WP
13/48
Ten principles for an efficient management system
We have elaborated on th e basics and stated the prevailing conditions. What next?
We want to develop ou r ten principles as an instructional guide to h elp bankers
quickly and directly build a state-of-the-art risk management system. Our proce-
dures aim to make it p ossible to quan tify, aggregate, and man age all types of risk.
By looking at risk management as an integral part of the bank's overall manage-
ment system and defining risk from a value-at-risk (VAR) perspective, we will first
deal with credit, market, and op eration al risk. We will show how these types of risk
can be systematically managed. Then, we will aggregate the individual cate-
goriesthe starting point for a value-based allocation of econ omic capital. Finally,we will give t ips on actual imp lemen tation , because knowledge in and of itself is
ultimately nothing: it is the application that creates competitive advantage.
11The Bost on Consul t ing Gr oup
-
8/8/2019 Bank Risk Manager WP
14/48
Principle 1: Risk management must
become a central element in a banks
overall managemen t system
The goal of every bank is to maximize the return on capital employed and to
create value. A modern value management system is one of the keys to success.
When understood as the sustainable optimization of corporate value, value man-
agemen t can influence two levers: profitability and growth .
Here, profitability is measured by the increase in return using a return on risk-
adjusted capital (RORAC) approach. Growth, in turn, is reflected in changes ineconomic capital, i.e., a risk-adjusted measure of capital. This makes risk man-
agement an in tegral part of any modern value management system.
Figures for profitability and growth may, for example, be combined using the
"delta added value on equity" (DAVE) concept developed by BCG (see exhibit 3).
It is defined here as a measure of the change in added value on equity, and it
can be used as the centr al inter nal measure of value added .
12 The Bost on Consul t ing Gr oup
Value management
Source: BCG study
Added value on equity
Delta added valueon equity (DAVE)
records profitabilityand growth
Profits requiredby capital market
Cost ofcapital
Capital
Return
Economiccapital
Economiccapital
RORAC
RORAC2
1 2
1
Profitability
Growth
Profitability and growth are the decisive components in valuemanagement
Exhibit 3
-
8/8/2019 Bank Risk Manager WP
15/48
The DAVE concept facilitates both performance measurement on a bankwide
level and direct comparison of business units. It therefore represents a crucial
basis for maximizing corporate value: capital is made available to those business
un its that can realize th e maximum DAVE.
Empirical analysis by BCG has shown the suitability of DAVE for measuring the
development of corporate value. There is a high correlation with the (relative)
total shareholder return (RTSR; see exhibit 4), which is decisive for the share-
holder. The RTSR is an indicator of a stock's performance in relation to that of a
corresponding stock index.
For th e best possible use of DAVE as a man agemen t metric, it is vital that there bea standard, value-at-risk-based definition of RORAC and economic capital
throughout the bank. All essential types of risk must be recorded for this.
Under these conditions, risk management is an integral part of any coherent
value management system and may make an en during contr ibution to th e maxi-
mization of value.
13The Bost on Consul t ing Gr oup
Exhibit 4
DAVE
Source: BCG database; BCG analysis
30
20
10
0
-10
-20
-4 -2 0 2 4 6
R = 55%2RTSR (%)
Average DAVE (%)
High correlation between DAVE and the relative totalshareholder return (RTSR)
-
8/8/2019 Bank Risk Manager WP
16/48
Principle 2: Risk management must be
firmly established at all levels of the
organization
Value can be created on ly by differentiating a bank's concepts and produ cts from
those of its competitors. To do this, internal procedures, systems, and structures
have to be adapted. It is important th at risk managemen t concepts be tailored to
key success factors specific to the business. Standardized concepts lose their sig-
nificance as transaction complexity increases, so customizing risk management
systems is essen tial.
The universality of the concept is also important. Risk management must be
linked logically from the level of the individual transaction to the overall bank
level. It must permeate all marketing and management procedures, and it must
record all essential compon ents of credit, market, and operational risk in a con -
sistent manner.
Risk man agemen t in this sense is active rather than reactive, and it affects all trans-
actions and processes within a bank. It affects traditional counter transactions at
retail branches and global investment banking alike. A risk management system
of this sort must also rise to the challenge of realizing two basically opposing
goalsrequirements specific to the business un it must be taken into accoun t, and
a standard framework for comparisons between the different business units must
be guaranteed.
Risk man agement runs both vert ically and horizontally across a ban k. Vert ical un i-
versality refers essentially to uniform, interrelated procedures and controls.
Horizontal un iversality, on th e oth er h and , describes the comparability of indi-
vidual business units, using predetermined and clearly defined metrics. The
banks that can bridge this gap have laid the cornerstone for an efficient,
bankwide management system and a successful value management approach.
14 The Bost on Consul t ing Gr oup
-
8/8/2019 Bank Risk Manager WP
17/48
Principle 3: Value-at-risk concepts
should become the norm
The DAVE concept clearly dem onstrates the significance of risk management for
a value-based bank management system. A prerequisite is one uniform way of
viewing risk within a bank. But which definition of risk is the most appropriate?
As active portfolio management increasingly replaces traditional buy-and-hold
strategies, value-based risk assessment in the sense of a value-at-risk (VAR)
approach seems most suitable.
Th e VARhere is defined as a measure of the possible negative change in the
market value of an asset with a given confiden ce level and within a certain time
frame.
Ou r study shows that one cannot yet speak of a un iform r isk definition , however.
Most ban ks still have far to go in this regard as is demonstrated by the following:
s Less than 50 percent of those surveyed have a standard definition of credit
and market risk that applies throughout the bank (see exhibit 5).
15The Bost on Consul t ing Gr oup
Definition of market and credit risk
Value at risk
VAR concept predominates inNorth America and Australia
Operational risk isusually not recorded
Earningsat risk
No standarddefinition
Losses realized
55%
15%
3%
27%
Source: BCG study
Fewer than 50 percent of the banks surveyed have a standarddefinition of risk
Exhibit 5
-
8/8/2019 Bank Risk Manager WP
18/48
s A standard definition has been established on ly in North America. In the rest
of the world , cred it and m arket r isk are often d efined d ifferen tly. The value-
at-risk concep t has indeed becom e a market standard when d ealing with mar-
ket risk, although most banks have not yet applied this logic to all product
lines. Moreover, different VAR approaches have not yet been made suffi-
ciently comparable ( e.g., in terms of holding periods) . By contrast, credit risk
is traditionally defined by a loss concept. VAR concepts are, at best, deployed
for larger corporate customers or for listed compan ies.
s A standard definition has not yet been established for operational riskonly
a few banks are geared to VAR.
On ly a small number of banks will presumably be in a position to introduce a un i-
form way of looking at risk in the short te rm. We therefore recommen d p roceed-
ing step by step:
s First, a standard assessment method should be introduced for each type of
risk. This will make it possible to m anage the portfolio within business un its
accord ing to standardized criteria.
s In the next step, the risk evaluation method should be standardized among
the business unitsif necessary, as an interim solution, e.g., on the basis of
an earn ings-at-risk (EAR) approach. EAR is defined as a measure of the pos-
sible negative deviation from the expected earnings (with a given confiden ce
level and time frame) . The advantage of the EAR is that it requires fewer data
than VAR. All types of risk can be assessed using EAR, and this allows a first
comparison between different business un its and types of risk. This compari-
son, however, fulfills the requirements of portfolio management and capital
allocation only to a limited extent.
s Having a value-based VAR concept is still the goal for a standard definition of
risk within a bank. Only then will it be possible to compare market, credit,
and operational risks.
16 The Bost on Consul t ing Gr oup
-
8/8/2019 Bank Risk Manager WP
19/48
VARconcepts are almost the market standard in credit business with large
corporate customers
Value-at-risk concepts are becoming the norm in the large corporate customer
business. The following picture emerges when the prevalence of VAR systems is
analyzed:
s More th an 60 percen t of those banks sur veyed use a VAR approach to quan-
tify credit risk in the large corporate sector and to determine how much ind i-
vidual borrowers contribute to the institution's total portfolio risk.
s All study participants in North America, Australia, and Japan employ a VAR
approach. In Europe, only about 50 percent do. In South America, VAR con-cepts are barely applied. The significant regional difference in the spread of
VAR concepts can be explained main ly by data problems.
s In th e large corporate customer por tfolio, the r isk models developed by KMV
(Kealho fer/ McQuown/ Vasicek, San Francisco) an d RMG (RiskMetr ics
Group, New York) are most frequen tly used.
s Of the banks yet to u se VAR concepts, some 50 percent are planning to intro-
duce such a model within the next 18 months.
It is true that risk hedging and loan trading, for example, are generally possible
at the ind ividual transaction level without VAR models (provided there are exter-
nal ratings), but the greatest efficiency in portfolio managemen t and pricing can
be ach ieved only if VAR models are used. These models are also creating the pre-
requisites for the value-based allocation of economic capital. Here, it is importan t
for th e leading models to be able to hand le earn ings at risk as well as value at r isk.
So what should banks be doing? On no account should they wait any longer to
adopt such models for their large-corporate-customer business. In addition, expe-
rience can be collected for applying cred it-risk VAR models to other clien t groups
as well.
17The Bost on Consul t ing Gr oup
-
8/8/2019 Bank Risk Manager WP
20/48
VAR concepts should be extended to small and medium-sized corporate
customers and retail customers
Unlike in business with listed companies, there is at present no market standard
for assessing credit risk in the small and medium-sized enterprise segment.
Usually rating- or scoring-based in-house solutions are used to estimate risk in
individual cases. Although these approaches represent a step in the right d irec-
tion, VAR concep ts are still needed to establish a value-based managem ent system.
VAR models can be applied to small and med ium-sized companies and retail cus-
tomers. Our study revealed clear limitations to this approach, however:
sInternal and external historical data are not really available, which meansthat an important pre requisite is missing.
s U.S. banks are the exception, because they have a broader base of data on
small and medium-sized companies at their disposal. Why? Even within this
group , there is a greater propor tion of externally available data because more
of the companies are listed on a stock exchange. In addition, U.S. banks
began constructing inte rn al databases early. In Eur ope , only Scandinavian
banks possess databases that are in an y way comparable. ( These were set u p
in response to the banking crisis in the early nineties.)
s In the retail business, problems are similar at all banks sur veyed.
Risk management must eliminate as quickly as possible the weaknesses in meas-
uring portfolio risk (especially missing data) in small and medium-sized compa-
nies as well as in the retail business. In addition, internal rating systems must be
aligned with th e market standards.
The exten t to which VAR models from the large-customer segment can be ap plied
to small and medium-sized companies and retail customers has to be tested for
each institution . Certainly, a complete tr ansfer is not possible, but there are good
interim solutions. Until a new, sufficiently large historical database is built up,
intern al ratings can be compared with extern al references. And in th e retail sec-
tor? Even if there is no real data h istory here , robust VAR models can still be devel-
oped at the portfolio level.
18 The Bost on Consul t ing Gr oup
-
8/8/2019 Bank Risk Manager WP
21/48
Principle 4: An active portfolio manage-
ment system should be implemented
for credit risks
An active credit portfolio managemen t system will become the decisive factor in
lend ing, as this is how to optimize the risk-return ratio. Most banks, however, have
not come this far. Most institutions are trying to close existing gaps at the risk
measurement level, but the real problem remains unsolved. The knowledge
gained from risk measurem ent is seldom used to manage the portfolio. In oth er
words, the step from risk taker to risk manager has not yet been taken.
The BCG stud y high lights the following problem areas:
s Banks are mainly concerned about the lack of data in the lending business
with small and med ium-sized business clien ts. Things are no better with r etail
customers. Why is this so? On the one hand, there is relatively little internal
data, and th ere is little to be learned from extern al information sources. On
the o ther hand, data warehousing concepts are not widespread . Much more
information is available in the large-customer business, especially in view of
the larger number of publicly traded compan ies.
s With the exception of U.S. banks, all participants in the study regret the low
levels of secondary market liquidity for credit r isks. The use of loan trad ing,
credit derivatives, and asset-backed securities (ABS) transactions is restricted
by a lack of standards for estimating risk, for pricing, and for formulating
agreements. Current developments such as the founding of electronic mar-
ketplaces (such as Cred itex and Loantrade) p rom ise increased liquidity.
s Although comparability and the negotiability of risk are taken for granted in
the large-customer segment ( ther e is a broad base of external ratings here) ,
the situation is somewhat different for small and medium-sized companies
and individuals, for whom only internal ratings are usually available. Since
these do not conform to any norm, trading and hedging credit risk are
restricted to individual agreements between risk vendors and purchasers.
19The Bost on Consul t ing Gr oup
-
8/8/2019 Bank Risk Manager WP
22/48
s The situation is quite different in countries where, regardless of the type of
credit, interest rates are predominantly flexible (for example, in Norway) or
only short-term loans are granted (for example, 30-day terms in Brazil). In
these regions banks are by nature affected by the secondary market problem
only to a limited exten t. Neverth eless, the problem remains that companies
at risk of bankruptcy can no longer be hed ged through th e market. Increases
in interest rates or the failure of loan renewals lead, in cases of doubt, to
bankruptcy and thus to loss of the loan or redu ced value.
The core elements of an effective portfolio management system
First, an effective portfolio management system requires that internal databases
be developed. Historical ratings, default probabilities, etc. need to be drawn on tocalculate portfolio risks. This, however, solves only part of the problem, of meas-
uring risks and making them comparable within the bank. To create an effective
por tfolio managemen t system, banks have to reach a common understanding of
risk. This involves solving th e rating p roblem, particularly for small and medium -
sized companies. The levers for doing this are the creation of common internal
rating standards and the further spread of external ratings.
s Banks, however, are still far from having a standard internal rating system.
Even if Basel II has recently breathed new life into the topic, the discussion
has essen tially not progressed. Th ere is still great uncertainty abou t the exact
requirements: contents and ratios for internal rating systems are disputed.
Nor is it clear when there might be acceptance from national supervisory
bodies, and what r oom there is in national law for implemen tation. Generally
speaking, we can assume th at, even in the futu re, it will no t n ecessarily be p os-
sible to fully compare internal ratings, although this is essential for the
improved negotiability of cred it r isks.
s One solution might be for banks to mutually approve each other's rating sys-
tems, thereby defining a market standard. The validity of "compromises"
reached would be guaranteed through the regulatory powers of the market.
This concep t is curr en tly being discussed in tensively th rou ghout Europe, and
20 The Bost on Consul t ing Gr oup
-
8/8/2019 Bank Risk Manager WP
23/48
some bankssupported by external rating agencieshave already secured
mutual acceptance of their ratings.
s An alternative solution is to include more small and med ium-sized compan ies
in th e rating p rocess. We are alread y seeing great e ffortsmostly in Europ e,
and particularly in Germanyto set up rating agencies for small and medi-
um-sized companies. Two factors support this developm ent: the banks' efforts
to run active credit portfolio management systems, and the incentives of the
companies themselves, which hope to be able to lower their financing costs.
Additionally, external ratings repr esent an independ ent verd ict on credit-
worthiness, which might have more credibility than internal ratings.
Although external ratings will undoubted ly take on a more p rominent role inthe next few years, they do not yet represent a genuine alternative. On the
one han d, market penetr ation is still too low and , on th e oth er, there are sig-
nificant differences in the quality of the ratings produced. The professional-
ism of the providers also varies considerably. Because many providers are cur-
rently entering this segment, we can expect a consolidation to occur in the
next few years.
Once the rating problem is solved, we can assume that the liquidity of secondary
markets for cred it r isks will increase considerably. Several th ings have to happen,
however, before that point is reached.
VAR should be considered in limit setting and pricing
VAR mod els for defining risk at the por tfolio level are increasingly becoming th e
norm in the lending business. A logical consequence is that VAR would have to
be included in limit setting and pricing for individual transactions. Most banks,
however, are still far from this level of sophistication:
s Limit setting is still done m ainly in the tr aditional way. Nominal limits are set
by region , industry, or ind ividual borrower.
s Risk pricing usually occurs, if at all, according to the standard cost-of-risk
principle: the expected risk is based on historical losses. In our study some
21The Bost on Consul t ing Gr oup
-
8/8/2019 Bank Risk Manager WP
24/48
two-thirds of the banks surveyed said that they included risk specific to cus-
tomers within the scope of an ordinary pr icing process, but th ere are still vast
differen ces in practical implementation . There are reservations in Europe in
par ticular, where loans are n ot p riced to adequately cover r isk, for reasons of
customer retention. And risk considerations are only partially relevant to
pricing in South American banks.
In th e short term, considering VAR within pr icing processes and th e allocation of
VAR limits are feasible options only in the large-customer business. Interim solu-
tions are needed for small and med ium-sized corporate and retail customers:
sFirst, at least the expected risk should be accounted for in pricing decisionsfor all customer segmen ts. This can be achieved via the standard cost-of-risk
scheme. In addition, limit setting should be linked with concrete risk meas-
ures and guidelines for cred it policy. Cluster r isks may be restricted, for exam-
ple, by using a pragmatic combination of customer, industry, and regional rat-
ings.
s In th e next stage, the cost of capital shou ld be taken into account at the indi-
vidual transaction level on the basis of VAR calculations. In th is way, un ex-
pected risks should be covered by the pricing process.
s In the final stage, portfolio effects are considered. This means that the cost
of capital for what each individual transaction contributes to the portfolio
VAR is brought into the equation. Thus, pricing reflects only the "marginal"
VAR.
Systems must be changed
An active portfolio management system requires adapting more than risk instru-
men ts and systems. Equally importan t are changes in the organization 's structures
and proceduresa monumen tal feat that in many banks will turn existing struc-
tures in the lending business upside down. Above all, three sectors are affected:
22 The Bost on Consul t ing Gr oup
-
8/8/2019 Bank Risk Manager WP
25/48
s Sales units will concentrate exclusively on the acquisition of new business
and on satisfying existing customers' needs. They will sell credit risks at fixed
internal transfer prices to the portfolio management unit. Sales units will be
managed as profit centers, meaning that if the transfer prices are not fully
attained , the profit cen ter's earn ings will be diminished .
s Traditional loan departments will become intern al rating agencies. They will
be fully responsible for determining the risk for each individual transaction.
They will not decide, however, how a tran saction will be concluded .
s Portfolio management will also be managed as a profit center. It will enter
the risk at transfer prices on its books. At the same time, portfolio manage-ment will be responsible for developing portfolio strategies and for imple-
menting activities on the secondary market. The aim: to improve the risk-
return tradeoff.
23The Bost on Consul t ing Gr oup
-
8/8/2019 Bank Risk Manager WP
26/48
Principle 5: Banks must move from
measuring to managing market risks
With a consisten t market-risk man agemen t system, market risks are defined across
all product types in a standardized, and therefore comparable, manner. All for-
ward-looking aspects are taken into consideration, and appropriate monitoring
and management procedures are implemented. Most banks are still far from
achieving th is ideal. The challenge consists in progressing from simply measur ing
to actually man aging market r isks.
Uniform risk measurement, in the sense of a mark-to-market approach, and theuse of VAR models are considered standards in market-risk management: some 80
percen t of banks use VAR models. These mod els are essen tially based on the vari-
ance-covariance approach, although some are also based on historical volatility
and/ or Monte Carlo simulations. Market-risk VAR models are p redominantly
based on the logic of the RiskMetrics approach. The selected confidence level for
external reporting is usually 99 percen t, with a h olding period of ten days; for inter-
nal man agement purposes, it is often 95 percent with a one-day holding per iod.
Although our study shows that m ost banks use sophisticated market-risk models,
their d evelopmen t is far from complete:
s One element th at is often lacking is the conversion of VAR metr ics for dif-
ferent product lines to one standard measurement. This is needed to calcu-
late portfolio VARs and to aggregate r isk within the con text of capital alloca-
tion.
s Only a small minority of banks use VAR models for all product lines. In addi-
tion, the systems are usually restricted to the tr ading sector. Also, interest r isk
is in th e bailiwick of the Treasury, and is often considered separately.
s There is also a need for adaptation with respect to modeling issues. New VAR
models will be guided by the future development of risk to a greater extent
24 The Bost on Consul t ing Gr oup
-
8/8/2019 Bank Risk Manager WP
27/48
than existing systems. This also includes extending and ensuring more flexi-
bility in stress testing and scenario models for market risk. Only two-thirds of
the banks surveyed are systematically applying sensitivity and scenario analyses.
The fact that market risk cannot be fully mapped has less to do with quantifica-
tion than with problems associated with data wareh ousing. Efforts to capture and
model relevant data h ave already caused many headaches. An efficien t data ware-
housing system is rarely achieved; data validation, preparation, and administra-
tion are still in their in fancy. Existing VAR con cepts must be tr ansferred logically
to all product lines to record the full extent of the market risk, and banks must
create the technological prerequisites for this as quickly as possible. Moreover,
procedures have to be developed to compare th e VARs of individual risk/ productcategories.
Market risk management processes must be improved further
Although risk taking and risk control appear to have been essentially separated
within the organization's structures and procedures, there is still a need to align
the processes with the business requirements.
Basic weaknesses can be identified in virtually all the banks surveyed:
s Limits are still set m ainly th rou gh the allocation of notional limits. VAR lim-
its have subordinate significance, as do stop-loss limits.
s Limit setting is un iform ly determ ined with respect to ne ither the type of limit
nor to the allocation of limits to organizational units.
This means that, within individual banks, part of the market risk is managed on
the basis of VAR limits. The other p art is managed on the basis of notional limits
or of both types of limits together. In addition, these limits are reduced to the
ind ividual trader or customer level in man y product sectors; in others, on ly down
to the departmen tal or desk level.
25The Bost on Consul t ing Gr oup
-
8/8/2019 Bank Risk Manager WP
28/48
Control in risk man agemen t is less efficien t as a result: there is no universal logic
behind managing m arket risks.
Eliminating these weaknesses is less a question of feasibility than of the need to
establish un iform guidelines for market risk. Thus, the n eed for action in market-
risk management will continue to be great.
26 The Bost on Consul t ing Gr oup
-
8/8/2019 Bank Risk Manager WP
29/48
Principle 6: Operational risks should
first be approached pragmatically
Operational risk management represents an unsolved problem for an over-
whelming majority of ban ks. Yet in some cases is it not even perceived as such .
Why? The topic has no standard definition and is therefore hard to grasp.
Lengthy internal discussions on terminology prevent the banks from coming to
grips with the actual problem. Ind ividual, bank-specific definitions therefore have
to be drawn up to form the basis for further work.
An analysis of the current definitions of operational risk reveals two mainapproaches:
s Today, most banks understand operational risk as specific-event risk. This
includes inappropriate behavior, defective processes or technologies, and
external events. Examples of such events are computer crashes, deception,
and natural disasters. The British Bankers' Association also follows this
approach with its definition of "people, process, technology, and extern al
events." Despite this apparent standardization, however, there are clear dif-
ferences in interpretation: most banks usually restrict themselvesfor rea-
sons specific to th e institution and for ease of measurem entto a few select-
ed event categories. Such a partial approach, of course, cannot cover all
aspects of operation al risk.
s Besides specific-event r isks, strategic business risk is also understood to be an
operational risk by some banks. This expresses the risk of failure to produce
returns because of price, volume, or cost fluctuation, or because of changes
in market conditions.
To implement a comprehensive value management system, banks need to con-
sider operational r isks as comprehensively as possible when allocating economic
capital at the business-unit level. Specific-event risks and strategic business risks
27The Bost on Consul t ing Gr oup
-
8/8/2019 Bank Risk Manager WP
30/48
must therefore be looked at together. It is up to each institution to define the
extent to which both types of risk are considered.
Today, the focus is on pragmatic approaches to measuring operational risk
Although a compreh ensive concept based on a more-or-less standard logic should
be sought, most of the banks interviewed are currently focusing on a pragmatic
definition of operational risk:
s 60 percent of the banks surveyed are already trying to quantify operational
risks in concrete terms (see exhibit 6) . In par ticular, a focus on specific-event
risks can be observed. The most common approach is to establish internal
databases using self-assessment methods. Here, individual processes andunits are systematically analyzed for risk, and the possible effects are estimat-
ed .
s Some 20 percent of banks do not yet have an approach for managing opera-
tional risk but are developing in-house solutions to quantify it. Many have
already begun collecting data on internal loss events. All other banks are
awaiting regulator y guidelines.
28 The Bost on Consul t ing Gr oup
Overview of the spread of OR concepts
Waiting forregulatoryguidelines
Concept designphase
Deployment60%20%
20%
70%
30%
Source: BCG study
Self-assessment
Rule ofthumb
Self-assessment approaches dominate in the quantification ofoperational risks
Exhibit 6
-
8/8/2019 Bank Risk Manager WP
31/48
s The results of our study show that within two years some 80 percent of the
banks will have built up internal loss databases.
s External databases, on the other hand, are seen as relatively unsuitable by
more th an 75 per cent of those taking part in the study. At best, they can be
used to complement internal data. Instead of serving to supplement mathe-
matical simulations, external data are rather suited for benchmarking exer-
cises which are oth erwise h ard to carr y out, given the restricted public access
to bank loss data. Indeed, some attemp ts are being made to collect corrected
inter nal loss data cen trally to obtain a statistically adequate basic collection of
loss events, but it is still disputable whether such a method will succeed. The
majority of the banks interviewed rated this solution as having only a smallchance of success, as banks are not prepared to expose weakness and errors
in the ir procedures to the ou tside world.
s All banks surveyed reject the latest proposal from the EU Commission sug-
gesting the use of a top-down approach for calculating risk. Simple rule-of-
thumb approachessuch as the use of percentages of fixed costs to estimate
operation al riskdo not meet with much approval, either. Fewer th an 10 per-
cent of banks surveyed favor such an approach.
Despite the trend toward quantifying operational risk, only one-quarter of the
banks sur veyed assume th at operational r isks will be modeled like market or cred-
it risks in the near future. Pragmatic solutions are generally finding more favor
than soph isticated VAR mod els. Nevertheless, some banks are curren tly working
on VAR concepts to set standards that will be accepted by the supervisory auth or-
ities.
In summary, determ ining operational risk represents one of the greatest risk
management challenges for banks. A step-by-step procedure should be chosen to
quantify operational risk because of the existing weaknesses associated with the
availability of data an d m athematical modeling:
29The Bost on Consul t ing Gr oup
-
8/8/2019 Bank Risk Manager WP
32/48
s First, operational risk can be rou ghly determ ined with self-assessment proce-
du res. A prerequisite is a standard definition of risk, measured as a bank-spe-
cific combination of specific-event and strategic business risks.
s This basis should be used to build a loss database. Concepts for identifying
specific-event risks (bottom-up procedu res) and estimating strategic business
risks ( top-down procedures) need to be developed. Where intern al loss data
and information on historical fluctuations in earnings do exist, operational
risk can be mapped using an earnings-at-risk approach. This, at least, makes
it possible to approximately allocate econ omic capital.
sFinally, the earnings-at-risk approach needs to be translated into a value-at-risk mod el. Although initial approaches have already been in troduced, their
suitability in practice is still very restricted; more development is needed.
Should the effort succeed and an adequate historical basis of data be accu-
mulated, however, it will be possible to model operational risks like market
and credit r isks. The allocation of risk capital to operational risk will then be
possible at all levels of the bank.
The timing of this process is inevitably defined by progress in the collection of
inter nal loss data. Th e first two stages at least should be fully implemen ted within
two years, but the first EAR may be calculated much earlier.
Adapting control procedures is a key component of operational
risk managements
Along with establishing suitable models for quantifying operational risk, banks
need to modify the existing control procedures to avoid or minimize the occur-
ren ce of the r isk itself. New procedures may be n ecessary. The banks sur veyed rec-
ognize th is, as they place great importance on improving control procedures:
s Many banks see th e results of quan tification as an indication on ly, and focus
on procedural controls.
30 The Bost on Consul t ing Gr oup
-
8/8/2019 Bank Risk Manager WP
33/48
-
8/8/2019 Bank Risk Manager WP
34/48
Principle 7: All types of risk should be
aggregated
Value managem ent will succeed only if economic capital is allocated to th ose busi-
ness units that contribute most to improving corporate value. For this to be pos-
sible, all risks must be aggregated at the overall bank level.
Aggregating risk forms the basis for capital allocation
Aggregating all types of r isk at bank level is the basic requirement for capital allo-
cation.
Our interviews show clear room for improvement in the aggregation of different
types of risk. Systematic aggregation occurs in fewer than half of the banks, and
of those that aggregate their risks, the overwhelming majority merely add up the
various types of risk or proceed according to rules of thumb. Only a few banks
take correlations into account when aggregating risk (see exhibit 7).
32 The Bost on Consul t ing Gr oup
Overview of the spread of risk aggregation concepts
Source: BCG study
Aggregation withcorrelations
No aggregation
Aggregation withoutcorrelations
39%
6%
55%
Most banks do not aggregate risk at the bank level
Exhibit 7
-
8/8/2019 Bank Risk Manager WP
35/48
The following shou ld be considered when working toward a realistic aggregation
of risks:
s Risk must be defined consistentlypreferably in the sense of a value-at-risk
approach (see principle 3). At pr esent, however, VARs can at best be gener-
ated for market risk, and, in some cases, with credit risk models as well.
Quantifying operational risks remains the greatest problem.
s Unexpected losses or fluctuations in value should be seen in relation to a
standard confidence level and time frame. This applies to market risk itself
and also to drawing parallels between market and credit risk. The assump-
tions have to be standardized for market risk: daily or ten-day VAR?Confidence levels of 95 or 99 percent? Also, agreement must be reached on
market and credit risks, since th e con fiden ce level for credit risk is usually set
to one year. The bank's standard confidence level (with a one-year time
frame) is geared toward the desired external target rating for most of the
banks surveyed. Exhibit 8 shows the relationship between the confidence
level and the external rating.
s To aggregate the VAR figures for the th ree types of risk and to determine the
cumulative risk, the correlation among the types of risk must be recognized.
To date, however, there have been no definitive studies of these correlations.
The greatest problems are dependencies between operational risk and the
other classes of risk. Some of the banks surveyed have chosen a conservative
approach and assume a correlation of one. Conversely, other institutions
assume the different types of risk are independent. Thus, the value of the
overall risk is significantly reduced.
Besides the techn ical aspectsthe qu estion of the feasibility of calculating cor re-
lationsone thing should not be forgotten: concepts have to remain manage-
able. For this reason , a robu st determination of correlations is often p referable to
a mathematically exact calculation .
33The Bost on Consul t ing Gr oup
-
8/8/2019 Bank Risk Manager WP
36/48
In summar y, the ideal is to aggregate r isk using the VAR approach. Until this goal
has been attained, banks should be working toward pragmatic, interim solutions
in subunits.
34 The Bost on Consul t ing Gr oup
98.4 99.0 99.6 99.84
Example: Standard & Poor's
Source: BCG study
S&P's rating
AAA
AA
A
BBB
BB
Confidence level (%)
99.699.84
99.97
99.99
Confidence levels are directly related to the external rating
Exhibit 8
-
8/8/2019 Bank Risk Manager WP
37/48
Principle 8: A banks management
system should be based on economic
capital
Every bank's goal is to increase corporate value. To reach th is goal, banks need to
manage individual business units as well as the bank as a whole on the basis of
value. But what does this mean in concrete terms? It means that capital must be
allocated to th e ind ividual business un its according to the risk structures involved.
The starting po int is the VARs, since economic capital is made available to the
business un its on the basis of these values. Minimum rates of return must also bemet. It is ind eed possible to tran slate ban k goals into business-un it goals.
There is a yawning gap , however, between vision and reality: overall bank goals are
often broken d own into business un it goals in an undifferentiated mann er, so cap-
ital allocation is often no t as efficient as it might be:
s 45 percent of the banks surveyedparticularly in North Americastated
that they allocate economic capital to business units. RORAC and RAROC
are the standard metrics used for assessing risk and return.
s For 55 percen t of those taking part in th e stud y, regulatory capital is still the
relevant capital allocation metric.
s Capital allocation is usually restricted to market and credit risk. Operational
risk is taken into accoun t on ly to a minor degree.
The most important prer equisite for capital-based value man agement is to d efine
one uniform economic capital concept for the bank, on which the target returns
are then based. If a capital concep t is used consisten tly, un it results can be com-
pared with the ban k's overall goals.
35The Bost on Consul t ing Gr oup
-
8/8/2019 Bank Risk Manager WP
38/48
Of course, even if capital were allocated on an economic basis, the bank's regula-
tory requiremen ts would have to be met. Or, to put it d ifferen tly, the target is to
optimize return s on th e allocated econ omic capital, subject to the second ary con-
dition that regulatory requ iremen ts must be complied with.
There are three possibilities for meeting bo th conditions:
s Higher-of variant : econom ic capital is compared with r egulatory capital, and
the larger of the two values is taken as the key.
s Economic capital is the primary allocation key; regulatory capital is the sec-
ondary condition to be considered in individual cases.
s Regulatory and economic capital are weighted within the allocation key.
The last variant is preferable if regulator y and economic capital differ greatly. (In
some cases, th is could just be the result of an assumption of no correlation across
credit, market, and operational risk.) This is the only way to ensure that an ade-
quate rate of return on the fixed regulatory and economic capital is taken into
account. Since the regulatory concep t is becoming increasingly similar to the eco-
nom ic one, econom ic capital can be expected to become th e prevailing allocation
key in the long run .
Ultimately, once there is a standard capital concept th roughout the bank, the allo-
cation key has been defined, and the results of the risk aggregation are available,
capital may be distributed to the business units within the scope of the annual
plan. The original capital allocation may be amended throughout the year in
response to actual business trends. These changes will first be restricted to the
market risk sector, however, because most banks are currently unable to restruc-
ture their credit portfolios in the short term.
It is possible to measure p ortfolio effects approximately within the scope of capi-
tal allocation and then to allocate them to the business units. This approach is
rarely used, however, in practice because of the comp lexity and man agement dif-
ficulties involved.
36 The Bost on Consul t ing Gr oup
-
8/8/2019 Bank Risk Manager WP
39/48
Principle 9: Employees must nurture a
risk-return culture
When comprehen sive risk management systems are being intr oduced, the human
factor is at least as importan t as the technical. Not all procedu res have been auto-
mated, and leeway remains for individual decisions. And that is a good thing,
because th is is how differentiation arises.
The "correct" way to deal with r isk is not con fined to th e old adage, "Loans should
be allocated as if your own money were involved." Although this saying might well
be tru eand could be app lied to the other r isks as wellsuch an approach doesnot go far enough. The risk has to be placed in the context of the return attain-
able on all activities and transactions. Both sides must be weighed carefully. This
involves making employees aware of the bank's aims, equipping them to act, and
motivating them.
The key here is to create a corporate culture in which the principles of avoiding
risk and generating return s are n ot d iametrically opposed. Both have to be con-
sidered and employees need to be familiar with both to be able to assess the
opportunity for profit in relation to the associated risks. In concrete terms, career
planning shou ld include activities that focus on sales as well as risk man agement.
But that is not all. Responsibilities must be clearly allocated and not distributed
among a number of committees, for instance. Simultaneous consideration of risk
and return must also be reflected in management and incentive policies. For
example, if in the lending business sales units are managed on purely return-
based figures and the credit department is assessed only according to provision
charges, the optimal risk-/ retur n ratio will not be achieved.
The ban ks par ticipating in the survey were clear on th is point: even sophisticated
risk measurement procedures, decision-making processes, and structures cannot
compensate for deficits in the risk-return consciousness of employees.
37The Bost on Consul t ing Gr oup
-
8/8/2019 Bank Risk Manager WP
40/48
The aim is obvious. Rather than a technocracy and a belief in figures, initiative
and a focus on th e business, combined with a r eal awaren ess of risk-return ratios,
should predominate. What does this mean for risk management? It must set up
and develop guidelines, and it must enable employees to act within this frame-
work. Above all, risk management must ensure compliance with the guidelines.
38 The Bost on Consul t ing Gr oup
-
8/8/2019 Bank Risk Manager WP
41/48
Principle 10: The concept in itself is
nothing: It is the application that
creates competitive advantage
How can all the requiremen ts described h ere be met? Although the backgroun d,
resources, and goals differ from bank to bank, the procedure described below
gives a useful basic framework.
(1) Conducting a risk management audit
All efforts should begin with comprehensive analysis. In which areas (business
segmen ts) is the ban k active an d in which regions? Thus, which risks are relevantand to what extent? The answers determ ine th e n ext steps, starting with an audit
of the existing risk management system, its strengths and weaknesses, and the
data available.
Moreover, in th is first ph ase a general awaren ess of risk is stimulated and the basic
aims of risk management are defined. Is the system being established or restruc-
tured intended primarily to limit loss? Or is the purpose to optimize the
risk/ return ratio? Are there oth er goals? The concept ph ase should be initiated
only after concrete objectives have been identified.
(2) Development of a risk management concept
During the second stage, the ground rules and components of the risk manage-
ment system have to be defined. Depending on the goals set in the preliminary
phase, this is a question of developing the appropriate approaches to market,
credit, and operational risk within the scope of recording and quantifying risk.
This includes both the individual transaction and the portfolio level.
To man age risk, banks must specify monitoring and control processes, define ad e-
quate risk-return management systems, and describe and allocate clear responsi-
bilities.
39The Bost on Consul t ing Gr oup
-
8/8/2019 Bank Risk Manager WP
42/48
Then the next steps to be taken must be determined. At what point should spe-
cific goals be attained? Focal poin ts must be established when consider ing restrict-
ed resourcesshort-term milestones help to proceed toward the goals. Should
the real estate business be looked into first, or is it better to begin with investmen t
banking? How relevant are operational risks, and which ones should be tackled
first? Proceed ing step by step he lps you see th e big picture and p revents you from
doing too much at once. A development plan should be drawn up to cover all
issues and dependencies to be addressed, as should a schedule for tackling them.
Just as important is communication with employees. All units concerned should
be involved in th e process early. Simply presenting a finished concep t to the
employees is not enough; their ideas should be solicited from the outset. Thisensures that th e solutions developed will be un derstood and accepted later on .
(3) Implementation
Implemen tation can be started while the concept phase is still in progress. Solving
data problems for all types of risk should be emphasized. Even if the need to act
on credit and operational risks is the most pressing, the need for change in the
market r isk sectors should n ot be underestimated. What is to be done?
s Databases should be established for specific purposes. It is importan t to clar-
ify what kind of information is to be generated for which users, for which pu r-
pose, and when. Useful data can be procured only on this basis.
s Data already available internally and externally should be processed in line
with this model to improve th e cur ren t situation as quickly as possible.
s Prerequisites for an effective data warehousing system must be developed
along with th e creation of sufficiently broad an d deep databases: they should
be formulated in a way that guarantees the best possible use from the very
moment they go live. Existing internal bank systems should be adapted early
to interface with th e data warehouse.
40 The Bost on Consul t ing Gr oup
-
8/8/2019 Bank Risk Manager WP
43/48
The degree of standardization and the integration of the solutions used with the
existing IT infrastructure should also be decided upon. The more complex the
tasks, the ear lier customized and ind epen den t procedures must be developed.
Once methods and IT solutions have been detailed, universal procedures deter-
mined, and responsibilities allocated, pilot schemes should be initiated even for
partial solutions. The knowledge and experience gained from this phase may be
used to make further improvemen ts.
Step by step, the individual components are made operational. The decisive suc-
cess factor here is not how good or sophisticated the system is, but how well
employees use it to realize th e ban k's goals.
The procedure outlined is certainly an ideal one and many of the banks inter-
viewed did want to proceed in this manner. However, a greater number of insti-
tutions confessed that they had strayed from this concept because of daily opera-
tional demands. The consequences are fatal:
s isolated, incompatible solutions,
s budget and time overru ns due to th e high cost of integration ,
s figures that are on ly par tially available and even then bare ly comparable, and
s frustration among top management because the original goals are not being
met.
Almost no other important topic requires more patience during implemen tation.
Therefore, the creation of the risk management development plan is absolutely
critical. It addresses the expectations of individual units and persons. If imple-
mented cor rectly, it helps the bank realize the ben efits of a risk managemen t sys-
tem at an early stage. Above all, it ensures that the overall goal is always clear.
Then , and on ly then , the tran sition from risk taker to r isk manager can be m ade
successfully.
41The Bost on Consul t ing Gr oup
-
8/8/2019 Bank Risk Manager WP
44/48
Notes on the study
The results of our study are a product, on the on e hand, of the inte rnational pro-
ject experience of The Boston Consulting Group in the risk management sector
and, on the other, of some 60 inter views condu cted th roughout the world. Those
interviewed included decision-makers from banks and selected risk management
software vendors.
Exhibit 9 shows the industry and geographic spread of those who participated in
the study.
The in terviews were cond ucted between November 1999 and March 2000 by BCGconsultants who have many years of project experience in the field of risk man-
agement.
42 The Bost on Consul t ing Gr oup
Participants by industry Participants by region
Investmentbanks
Commercialbanks
Softwarevendors
Other Asia/ Australia
Europe North/SouthAmerica
8
3
40
96
2426
Source: BCG study
Overview of study participants
Exhibit 9
-
8/8/2019 Bank Risk Manager WP
45/48
-
8/8/2019 Bank Risk Manager WP
46/48
-
8/8/2019 Bank Risk Manager WP
47/48
Th e Bo s t o n C o n s u l t i n g Gr o u p , 2 00 1
For fur ther in form ation , please con tact:
Thomas Gro
Grn ebur gweg 18
60322 Frankfurt
GERMANY
Telephon e: +49 69 9150-2192
Fax: +49 69 9150-2131
E-mail: gross.tho [email protected]
Andr ew Cainey
50 Raffles Place #44-02/ 03
Singapore Land Tower
SINGAPORE 048623
Telephon e: +65 429-2533
Fax: +65 226-2610
E-mail: cainey.andr [email protected]
-
8/8/2019 Bank Risk Manager WP
48/48
Th e Bo st o n Co n su l t in g Gr o u p
Amsterdam
Atlanta
A kl d
Brussels
Budapest
B Ai
Dallas
Dsseldorf
F kf t
Jakarta
Kuala Lumpur
Li b
Melbourne
Mexico City
Mil
Munich
New Yor k
O l
Seoul
Shanghai
Si
Tokyo
Toronto
Vi