An under-appreciation of the risks posed by securitised products, such as collateralised debt obligations of asset-backed securities, has been widely fingered as a cause of the recent market turmoil. But although 80% of firms questioned performed stress tests for their banking and trading books, only 58% of those surveyed stress-tested their exposures to securitisations and related transactions. Of institutions that conducted stress tests on these exposures, just 17% carried them out daily, while 68% carried them out quarterly or even less frequently.
“Given the pace at which markets move, institutions may face regulatory or other pressure to perform stress testing more frequently,” the survey said. The problems of risk measures such as value at risk had become more apparent as a result of the credit crisis, the survey pointed out – setbacks that have prompted regulators to place greater emphasis on stress tests.
Regulators have also been encouraging financial institutions to independently validate their risk models, the survey noted, to help them assess the likelihood and magnitude of potential risks. However, just 53% of the firms assessed had an independent model validation function, while almost two-thirds of remaining firms had no plans to create one.
Shortcomings were also found in the area of operational risk: only about 40% of the companies surveyed considered their operational risk systems and internal loss event data to be well developed. Other operational risk areas, including key risk indicators, external loss event data and scenario analysis, were said to be well-developed by only 20% or less of participating companies.
Meanwhile, many of the firms questioned were unhappy with their risk management IT infrastructure, according to Deloitte. Around half of the participating firms were satisfied with the capabilities of their IT system aimed at managing market and credit risk. For issues such as liquidity and operational risk, the proportion of satisfied firms dropped to 40% or lower.
The financial market crisis was “placing a premium on risk management systems that can consistently assess risk [and] on those that help institutions identify and monitor emerging risks and react quickly,” the survey said. This implies institutions might need more robust systems that can quickly achieve a broad picture of risk across business lines, it added.
When asked about enterprise risk management (ERM), just 36% of institutions were found to have an active ERM programme, while 23% were in the process of creating one. However, the proportion of firms with ERM programmes in place was higher among firms with $100 billion or more in assets, at 58%.
Elsewhere, firms exhibited a lack of integration between risk management and other business functions, the survey found. Only 49% of the institutions surveyed had incorporated risk management responsibilities into the performance goals and compensation for senior management, for example.
The survey included senior executives from 111 financial firms across the globe, with total assets of more than $19 trillion, according to Deloitte. They included banks, insurers, investment managers and government-related finance companies.