Commentary: Governance, risk management and compliance
11 February 2009
Sai Sireesh Pachava, worldwide director for risk management and compliance industry solutions at Microsoft, takes stock of the risk and compliance situation after a year of challenges.
The financial services industry is continuously evolving at a rapid pace. Besides the challenges posed by emerging technologies, expanded business strategies, redefined business processes, new financial instruments and regulatory frameworks, 2008 has thrown up the additional trials of the global credit crisis and government interventions that have increased the scale, scope and interconnectivity of financial institutions. Correspondingly, enterprise risk management across multiple business units within increasingly complex organisations is under increasing scrutiny, and rightfully so given what is at stake to investors, creditors and clients, and more broadly, to the global economies and financial markets.
The past year has been humbling and disruptive for the financial sector - perhaps especially for the large investment banks, but also for the risk management profession as a whole. Many epitaphs will be written for legendary institutions that disappeared overnight, and the demise of these organisations will be spoken about for decades to come in terms of the crunching global impact and associated lessons.
In the US, about US$650 billion of sub-prime bonds were outstanding in March 2008, about 75 per cent of which were rated ‘triple A' at issuance, and across the world, banks raised around US$600 billion in 2008 worldwide in order to survive. This global development has broad, long-term implications for the risk management role and the function of governments and sovereign wealth funds.
With government bailouts for banks across Europe and the US Federal Deposit Insurance Corporation's recent suggestion of using an aggregator bank, there is a fascinating convergence of free markets and the role of governments as risk managers of last resort. This complements an ongoing global risk management effort that, although coordinated in some parts of the world (for example G7 and the European Union) and disparate in others, does show signs of an orchestrated effort.
But as governments around the world continue their efforts to bolster financial firms' defences against risk, there are also lessons to be learned from the current situation, in order to guard against the need to resort to such measures again. Because of the sheer magnitude and ubiquity of government interventions and bailout funding, many people see the situation as tantamount to nationalisation. However, the free market economies are fully aware of the economic distortions and allocation inefficiencies involved, and their objective is not to widen the sphere of the state in financial markets (as in nationalisation), but simply to provide temporary support to sustain the market mechanism by throwing a lifeline. The function of this sovereign funding is to act as a safeguard against market failure - what must be taken into account, though, is that it has serious implications and consequences for risk management.
There are several potential effects to consider. First, the regulatory burden may increase because, having channelled tax revenues to address the problem, governments will want banks to show tax payers, and to justify to the wider world, how that money is being used. In addition to this, the natural tendency of regulatory regimes to expand their footprint will be boosted. Further, risk-taking by banks may be more guided by the perceptions and preferences of government policies than by portfolio considerations. There is also an attendant risk of over-regulation, as governments seek to compensate for a diminished trust in bank management by implementing detailed transaction-oriented examinations.
The current situation raises an additional dimension for chief risk officers to deal with, if their institution is subject to government risk management activities. The lessons learned from government risk management will also feed into a heavier touch from regulators in industry risk management. In addition, the knowledge that governments around the world gain from their experience of rescuing ‘too big to fail' firms will have an impact on the future viability and ambitions of ‘financial supermarts' around the world. Finally, this government risk management effort will have far-reaching impacts on the risk management role of governments in the future and, implicitly, the role of risk management in society.
For years, financial institutions have faced the ongoing challenge of meeting new levels of risk management and greater demands for compliance. As in previous times of crisis, that challenge is now intensifying alongside the global economic situation. As the role of governments continues to intensify and transform these challenges, it is perhaps more important than ever for financial firms to take a holistic approach to risk and compliance, based on a strong and flexible IT infrastructure.
Microsoft works with leading partners that deliver solutions to address the spectrum of risk management and compliance needs. These solutions take advantage of Microsoft's focus on strong infrastructure and reusable business components, while using enterprise-ready products and technologies and taking advantage of the tight connection of the back end to Microsoft's leadership in client devices.
A key strength of this approach lies in the familiarity of end users across the organisation with Microsoft tools and capabilities, which are ubiquitous in many organisations as well as in users' homes. In enabling users to embrace and use information technology that aligns with a company's business process, this minimises training needs and helps to build an integrated risk management and compliance culture across the organisation.
In these difficult times, our efforts at Microsoft are focused first and foremost on helping our customers maximise the existing investments they have made with us. The latest guidance around IT compliance management is a good example of these efforts. We are also starting work on a Future State of Risk Management global study and will be releasing this in the middle of 2009.