Getting into gear

This month's OR&C Intelligence survey, conducted in partnership with enterprise risk management software firm BPS, shows credit and market risk initiatives are going to dominate the agenda in 2009, with scores of 6.7 each. Legal/regulatory issues follow close behind with a score of 6.4. These three risks are very much consolidated at the top, with almost a whole score point between them and the next item on the list, technology, at 5.5. Separately, 25% of respondents indicated, when they ticked the 'other' box on this question, that they would be placing a priority on operational risk.

These results, say industry experts, are thanks to the current global crisis, which has highlighted significant weaknesses in credit and market risk measurement, modelling, and management. The regulatory and legal backlash from these failures - failures that were on a catastrophic scale - is expected to be substantial.

It is telling that the most important success metric, according to the survey, is now 'reduction in risk exposure', which obtained a score of 4.1. This is a flip from other recent surveys carried out both by OR&C and other organisations, which showed other factors weighing in more heavily. But in today's organisation, facing an unprecedented economic and market environment, the focus is clearly no longer on risk taking, but rather on mitigation and elimination.

On this question, the second-highest item was 'increased insight', with a tally of 4, followed by 'better compliance', with a score of 3.9. Again, the focus of risk and compliance executives is on improving their ability to understand the challenge their organisations face, and avoid legal and regulatory battles with supervisors.

The OR&C survey also asked what executives viewed as their toughest challenges over the next 12 months for their organisations. The focus will clearly be on 'driving cultural change', which earned a score of 2.4. This was followed by 'identifying systemic risk themes' with a score of 2.2 and 'driving collaboration among the company's risk, compliance and control groups', scoring 1.9.

Executives who responded to the survey are keen to take action, but it is unclear whether they will eventually put their money where their mouth is. More than 46% of them said that, to achieve their goals, they are going to take 'definitive steps' to 'gain top-down support for more proactive risk management' - far and away the top focus in the survey. This was followed, at a distance of more than 13%, by 'implementing smart technology to better manage risks across the enterprise'. Thirty-one percent indicated they would be 'establishing a cross-functional risk and control committee to foster collaboration among the control groups'. However, just 9% indicated they would be 'asking for additional budget funds to support technology spending'.

Throughout the entire survey results there were mixed messages from respondents - there is an acknowledgement that significant action to reform risk management is necessary, but on the other hand there was concern about spending on technology and systems during what is turning out to be a substantial downturn for the financial services industry. About 45% of respondents expect 'some' risk management oversight change in their organisations based on current economic, regulatory and governance concerns. Another 23% are expecting a 'complete overhaul', while 25% are planning for 'minor operating adjustments'. Just 8% say there will be 'no change' within their organisation.

And while respondents might not be asking for more money, some of them will receive it anyway, to implement needed changes. According to the survey, 46% of respondents said they expected a 'slight increase' in their risk management budget in 2009 to help implement needed change. Another 13% said they expected their budget to 'increase substantially'. Meanwhile, 36% said their budgets would remain the same - itself good news as other budgets across firms are being slashed. Only 3% each said their budgets would be cut either slightly or substantially.

Perhaps this is because 26% of respondents don't use technology to manage risks in their organisation, while those who answered Yes said they were unhappy with the technology they did have in place. Says one operational risk executive at a large bank in London: "Many firms invested in some kind of system when the times were good, but in some cases the technology wasn't up to scratch, and in other cases it was never implemented properly. When the crisis hit, these organisations were caught out. They suddenly realised what they should really have been looking at, what risks they were facing, what their indicators were. Times are tight at the moment, I am shocked by the volume of redundancies at banks over the past few weeks. And yet I'm also surprised by the number of people I know who are talking about spending significant sums on risk management technology and consulting in 2009. I suppose they recognise that the problem is serious, and that regulators are going to be focusing on this area with laser-like intensity."