Credit Risk Solutions - Making the Right Choice
The demands made of credit risk management departments are rarely static for long. The increasing complexity of financial products, evolving regulatory requirements and shifts in the economic climate mean that credit risk managers must be flexible and forward-thinking to adapt to changing conditions.
The same is true of credit risk management systems. Solutions for risk management tend to be much more complex than those employed elsewhere in a financial institution. It is rarely possible to select a package off the shelf and simply plug it in. And packages offering credit risk management are more complicated still, as they must deal with more demanding concepts and calculations than market risk management software.
As Jonathan Berryman, head of credit risk systems for financial markets at ING Group, explains, “Credit risk management is a complex topic. It needs to be enterprise-wide – much more so than market risk – and tends to be much more global and much more cross-product.”
Of course plenty of third-party systems for credit risk management are available, offering a range of functionality, including limit and exposure management, credit exposure modelling, portfolio management and collateral management. The most advanced systems now offer fully integrated solutions that are suitable for large financial institutions. Although vendors and external project managers can help the institution to implement the system, things don’t always go smoothly. To help ensure success, banks should carry out detailed due diligence on the system prior to deciding to implement a third party solution, including talking to other clients and running sample portfolios through the risk engine.
Another alternative is to build a system in-house. The advantage of this option is clearly that the solution is specifically tailored to the requirements of the institution. In house development can also enable the bank to be innovative and creative in the system it implements. But while this route may be the one followed for simpler solutions, many institutions conclude that they lack the experience necessary to develop the type of credit risk system their current workload demands. In-house solutions are also more time-consuming to develop and implement and can be considerably more expensive than third-party systems.
One option that can offer the best of both worlds may be described as ‘outsourced development’. This means that an external software supplier develops a system that is tailor-made to meet the demands of a particular institution. The advantage of outsourced development in credit risk management systems is that the resulting package represents the bank’s particular credit policies and credit controls without using up all the resources demanded by a system developed in house. More rigid packages can be inflexible and expensive to upgrade to pick up the particular nuances that the bank is intent upon.
The decision as to which approach to choose is likely to entail a trade-off between functionality and cost. These factors will be largely dependent on the type of business the bank specialises in. “If you’re a mid-size European bank, working mainly in developed markets and trading vanilla products, you’re more likely to find a package that meets your requirements. If you’re a global bank operating in emerging markets and using exotic products, you’re less likely to find a perfect fit,” says Berryman.
Whichever approach a bank takes, there a several keys to success that can mean the difference between a long-draw out implementation that is fraught with complications and one that passes swiftly and smoothly.
One of the biggest constraints financial institutions face when implementing a credit risk solution is their legacy system. Few are in the enviable position of being able to introduce their new software from scratch. Before trying to put a new system in place, it is vital to ensure the existing environment is as efficient and organised as possible. Trying to implement a new system without a clean counterparty database and effective reconciliation processes, for example, is sure to lead to problems further down the line.
Logistically, it is difficult to leave the current architecture running while rebuilding the whole application. As the deadline for implementing new regulatory requirements approaches – notably the new capital adequacy rules from the Basel Committee on Banking Supervision, commonly known as Basel II – banks will need to integrate successfully all the necessary new elements into their systems. This will mean extending their credit risk systems infrastructure and moving away from the traditional reliance on financial reporting systems.
The framework needs to allow the institution to move forward over the next few years. Each step becomes progressively more difficult as institutions move from individual product risk limits to global risk limits then to a more complex exposure calculation methodology, so that eventually the whole credit risk system dovetails with regulatory and internal capital or Raroc requirements.
Bearing this in mind, it may be worth considering the issue of data at an early stage. A common database across all areas of credit risk, including collateral management, limit and exposure management and risk engines, helps smooth the progression to an integrated, enterprise-wide credit system.
A single risk database also means risk managers can be absolutely confident that any piece of information in the system is from the same source and there are no reconciliation issues. And it can overcome problems that may arise when, for example, a bank has separate systems for different disciplines. Certain issues, such as excess approval and temporary limit reallocation, lie on the boundary between two areas: limit and exposure management, and credit approval, and it is not always clear which of the systems should deal with them.
To enable credit risk solutions to develop and integrate over the years, it is vital to build maximum flexibility into any implementation. Risk management never stands still for very long and systems repeatedly face new challenges. In addition to facing up to new regulatory demands, migration plans must be flexible enough to allow the bank to shift priorities and adapt to changes, such as mergers or the acquisition of new businesses. When a merger takes place, it is much easier and cheaper to adapt one of the existing credit systems than to bring in another new one.
If the system is insufficiently flexible, in future it may find itself constrained by designs that were never intended to meet the new demands being made of it. The organisation may then face the decision to either work within the constraints of the original system or to scrap it and start again, at considerable extra cost.
One of the most important elements of a successful systems implementation is a clear understanding of the requirements of the new system. “Getting the design right at the very start of the implementation is a key issue. If you over-engineer and try to include too many points in the design, it will take too long. And if you get something wrong in configuring the system, you will have to do it all over again, even though you might not identify it until much later on in the project,” says Julian Leake, a London-based director in the financial services industry team at Deloitte & Touche.
Equally vital is a strong project manager. Any credit system will involve numerous interested parties with different priorities and varying business requirements. A manager with an overall vision, who will not be swayed by conflicting arguments and who can prioritise correctly, is vital to ensure the system is implemented from the start in a way that meets the needs of all its different users.
The project manager must also be able to push the implementation forward, avoiding endless rounds of decision-making and academic arguments. A successful credit risk system can be implemented (that is, achieve ‘live’ status for the initial phase) in two months or less, but many projects take a year or more. The usual timeframe for going live on the initial phase is around six to nine months.
Delays during the implementation process can result from changes in external circumstances. The temptation may be to alter the parameters of the implementation to take new developments into account. However, one of the most important tasks of the project manager is to get the job completed, while building in sufficient flexibility to fine-tune the system afterwards to deal with external changes.
For some institutions, the decision to implement a new credit risk management system also provides an ideal opportunity to introduce a greater culture of credit awareness throughout the organisation and to link credit risk management strategy into overall business strategy. Raising the profile of risk management across an institution can help reduce losses and, ultimately, improve shareholder value.
In the next few years, as banks improve their credit policies, begin active management of their credit portfolios and comply with future regulatory demands, a fresh set of challenges will face those building a new generation of credit risk management systems. The theory of these developments is already being discussed, but practical implementation of them will provide financial institutions with another difficult test.