Risk Management systems Guide 2015 by bobsguide

bobsguide

The leading web resource for financial technology

Risk Management Systems Guide 2015

UBS Delta Quantifying risk and performance

UBS Delta is an award-winning provider of client reporting solutions, portfolio exposure tools, risk analytics, and performance measurement and attribution, for asset managers and asset owners globally, across fixed income, equities, FX, commodities, alternatives, and derivatives. Thanks to our clients, we have been voted â&#x20AC;&#x153;Best Broker-Supplied Tool/Technologyâ&#x20AC;? making it three years out of the last four that UBS Delta has won this award. Our team is committed to constantly evolving UBS Delta to help our clients face the challenges and risks of their businesses. Learn more about how we are evolving to help you please visit www.ubs.com/delta or email delta@ubs.com.

Welcome to the bobsguide Buyer's Guide to Risk Management Systems 2015 Welcome to the new Buyer's Guide to Risk Management Systems from bobsguide. The focus on risk management for banks and corporates alike has been critical since the financial crisis highlighted certain shortcomings and increased the regulatory focus. For organisations looking at purchasing new risk solutions in order to address the increasing pressures in this area, our Guide features a comprehensive matrix allowing buyers to compare and contrast the different functionalities of solutions on the market today. Complementing the Risk Systems Matrix, we have a selection of features that explore a variety of the key risks that both banks and corporates face in the current economic environment. Against the backdrop of recent huge fines handed down to banks from governments that identified violations of sanctions regulations, our first feature looks at the issues around compliance in this area. Compliance risk is clearly top of mind for financial institutions today. Credit risk is also under the spotlight, from Basel III and beyond. Our second feature looks at how banks are responding to new regulations and directives, and what effect these major changes to banking are having on their clients. We also explore how, as technology evolves, the threats to bank systems continue to increase and how financial institutions can counter this. Finally, we explore how corporate treasurers are now in a leading position when it comes to organisational risk management. I hope you enjoy the Guide.

Risk Management Systems Guide 2015 Editor Ben Poole ben@ben-poole.com CEO Anne-Marie Rice annemarie@bobsguide.com Sales Director Stephen McMaugh stephen@bobsguide.com

Ben Poole, Editor

Senior Account Manager Stefano Perciballi stefano@bobsguide.com

Contents

Business Development Manager Edward Drew edward@bobsguide.com Design & Artwork Donna Healy donna@missjonesdesign.com

Compliance Hits Home

Banks have been hit with huge fines for breaking sanctions rules. What can they do to ensure compliance with the various sanctions edicts around the world?

Basel III Shines Spolight on Credit Risk

Technology and Risk: Evolving Together

The phased implementation of Basel III is forcing banks to pay close attention to their credit risk management policies.

With organised crime groups exploiting the latest technology, the stakes have never been higher for banks' systems risk management policies.

Functionality Matrix Treasuryâ&#x20AC;&#x2122;s Rising Role in Risk Management

The treasurer's focus on risk management is stronger than ever, as treasury departments take on more risk responsibilities from the organisation.

www.bobsguide.com

bobsguide is the trusted online global resource for buyers of financial IT technology. More than 55,000+ users visit bobsguide every month to research and purchase systems for banks, dealing rooms, corporate treasuries and other financial environments. CopyrightÂŠ 2015 My Guides. Copying and redistributing prohibited without permission of the publisher. This information is provided with the understanding that the publisher is not engaged in rendering legal, accounting or other professional services. If legal or other expert assistance is required, the services of a competent professional person should be sought. bobsguide One Hammersmith Broadway Hammersmith. W6 9DL UNITED KINGDOM Tel: +44 (0) 208 080 9167 Fax: +44 (0) 207 084 7783 sales@bobsguide.com news@bobsguide.com

Are you exposed to Financial Crime?

Risk Management Systems Guide 2015

www.bobsguide.com

Unprecedented flexibility for multi-asset risk modeling and reporting, on a fully customizable and interactive platform.

Axioma Risk

â&#x20AC;&#x153;I need a multi-asset class risk solution that speaks to portfolio managers and risk-control managers alike.â&#x20AC;?

Risk Management US & Canada: +1 212-991-4500

Analytics

Data

Europe: +44 (0)20 7856 2424

Reporting

Asia: +852-8203-2790

www.axioma.com

Compliance Hits Home Words: Ben Poole

The US government has been in the news for handing out multi-billion dollar fines to banks that it views as having broken sanctions rules. With the severity of the potential punishments hanging over them, what can banks do to ensure they comply with the various sanctions edicts around the world? As the volume of electronic payments continues to rise in line with new digital channels, so does financial crime. 2014 has seen antimoney laundering (AML), sanctions breaches and countering financing of terrorism (CFT) dominate the financial services landscape.

”While there are some differences in compliance regulations in different jurisdictions, overall if you look at Europe, Asia and the US, regulators are trying to similar things regarding sanctions, AML and know your customer [KYC],” says Luc Meurant, Head of Compliance and Banking Markets at SWIFT. ”Overall, the intention is fairly consistent

across the geographies. The details of implementation can still differ and the fines involved can also differ country by country.” While the fines may differ, the past year saw a number of large-scale fines hit the headlines. ”In terms of why the fines have been so big, the general

www.bobsguide.com

Risk Management Systems Guide 2015

view was that the cost of compliance was historically higher than the cost of adhering to the regulation,” says Amanda Gilmour, Product Director of Payments at Temenos. ”For the larger banks, operating in a wide number of jurisdictions with differing regulations, operating with different systems in their satellite offices it was just not worth it. Regulators have started to realise that for banks to take the issue of financial crime seriously they must hit the banks where it hurts them.” US v Europe? The cases that have received widespread coverage in 2014 have generally seen the US government handing down multibillion dollar fines on banks that are based in Europe. While every case is different, these fines often occurred as a result of the difficulty some non-US banks have had in complying with US law and/or possibly a resistance some institutions feel in having to do so. This was seen when BNP Paribas was hit with a fine of almost US$9bn from the US. ”French government officials have repeatedly mentioned that BNP's alleged actions don't violate European

law,” says Temenos' Gilmour. ”However the US Justice Department is not interested in whether BNP's actions violate European law; by operating in the US (through Bank of the West and First Hawaiian Bank), BNP has agreed to follow US law. US officials view sanctions violations seriously, and these violations do not have to occur in the country for US authorities to act.” Ensuring Compliance In terms of the steps banks should take, there are two elements that are essential: 1) having the right frameworks and 2) having the right technology to support those frameworks. In terms of the framework, regulations stipulate that a sanctions compliance programme be setup. This must meet the minimum requirements such as policies, procedures and internal controls to comply with the Bank Secrecy Act (BSA). These include verifying customer identification, filing reports, detecting suspicious activity, creating and retaining records and responding to legal requests. In addition, it is usually stipulated that a

FlexibilityAEAEA

designated compliance officer be in place to assure daily compliance with the programme and support other elements such as training and updating policies and procedures. In particular, where an FI has a presence in more than one jurisdiction, it must adopt a group AML/sanctions policy. ”Banks should comply with the standards of the most stringent national frameworks and the territories where it has a presence, even through a subsidiary company,” says Temenos' Gilmour. ”Customer centric regulations

“ The challenge for banks is to know when what they are doing is good enough."”

RiskMine EEE EEEEIOE

Aggregation

Stress Testing

Market Data

Automation

Benefits: bEE bEE bEE bEE

Solutions: bEEBEE bEE bEE bE

Percenti e wwwApercentileAcoAuk

1EOE

Risk Management Systems Guide 2015

such as KYC and customer enhanced due diligence (CEDD) must also be considered. Financial institutions are required by law to establish well defined processes to meet global KYC/CEDD requirements and involves constant tracking of sanction/watch/embargo lists from around the world, along with being in constant sync with regulatory changes in different jurisdictions.” These requirements vary along many lines, including: • Geographic areas that bank customers deal in. • Lines of businesses. • The product and service portfolios and delivery channels they use. • Type and size of transactions undertaken by institution's customers. • The risk profiles that they belong to. ”Banks need to invest in the systems that help them comply with regulations around sanctions, AML and KYC,” says SWIFT's Meurant. ”The challenge for banks is to know when what they are doing is good enough. There is no real benefit for them in being the best in class in financial crime compliance, as they don't get any new customers because of this. All banks are expected to comply, and what they want to make sure is that they are as good as the others. Unfortunately there is no clear measurement that a bank can do to see how it compares to the average. That is a challenge for banks. At SWIFT banks often ask us about how we can 8

help with market practices. You get a real sense that there is a real appetite from banks to benchmark what they are doing compared to others.” A Community Issue Sanctions regulations must not just be adhered to by banks. Business must also meet regulatory requirements. If companies do not adhere they risk injunctions, levy hefty fines and prescribe temporary or permanent bans. Government sanctions adversely affect operating activities, particularly with regard to production costs and corporate reputation. ”Most industries are affected by sanctions,” says Temenos' Gilmour. ”The manufacturing industry in particular must consider them. During the manufacturing of a product, the elements that make that item may come from a wide variety of sources and countries. If a sanction is imposed on one of these countries, or individuals, then the total cost of production may increase greatly unless this new source is found at the same or lower cost. In addition, time may be lost sourcing this item elsewhere and establishing a new relationship.” Organisations also need to employ personnel to ensure that they are not working with companies that feature on sanctions lists. Those employed may include cost accountants, financial managers, compliance specialists and factory foremen. To support the tracking, they may use tools as varied as defect-tracking programmes, warehouse shipping Copyright © 2015 MyGuides. All Rights Reserved

management software, product life cycle management applications and risk assessment software. The Continuing Challenge Without the right policies and technology, the trend of large fines is expected to continue. ”I expect an increase in the volume and scale of personal fines,” says Temenos' Gilmour. ”Banks and individuals may be forced to plead guilty to criminal charges and fire employees close to the issue. The recent fines are a clear indication that governments may reconsider the doctrine of 'too big to jail' as fines levied in the past seem to have had little impact in curtailing illegal behaviour.” Regulators, particularly within the US, are also talking about suspending, at least temporarily, a bank’s ability to move money if it falls foul of compliance regulations. This level of suspension would impede the bank’s ability to process payments or issue letters of credit (LCs) for a period of time, which could cause significant disruption for its customers. A penalty such as this, combined with a fine and potential additional penalties may damage a bank’s credit rating. ”Banks are aware of the need for change, however,” says Gilmour. ”Findings in CEB TowerGroup’s Adoption and Investment survey illustrated this, with 41% of institutions expected to replace their AML and sanctions systems by 2018, while 48% will increase their spending in the coming year.” ■ www.bobsguide.com

Risk Management Systems Guide 2015 ADVERTORIAL

Prometeia is a leading provider of consulting services and IT solutions focused on Enterprise Risk Management. Founded in 1974, it serves more than 200 financial institutions in twenty different countries, through a consolidated network of foreign branches and subsidiaries located in Europe, Africa and Middle East. Prometeia’s client base includes primary financial institutions, central banks and multilateral organisations, although the company is rapidly expanding into emerging markets, where it supports the growth of the local banking players. Prometeia’s business model is atypical in the Risk industry, combining extensive consulting services, software solutions, implementation support and methodological training for risk practitioners. ERMAS Suite is the flagship solution of Prometeia, integrating the enterprise risk management with analysis of balance sheet risks and performance analytics. The ERMAS software solution has an integrated and flexible structure comprised of three main components: •R isk Datamart and ETL tool to import and manage data from core systems. The ETL tool is highly customisable and provides data profiling and mapping capabilities; •D istributed computation engine, fully compatible with Microsoft Parallel DWH technology, which allows the maximum degree of performance in all risk calculations; • Presentation component, entirely based on Microsoft ”in memory” technology, includes drill-down and dashboard-generating functionalities. This all-inclusive suite covers ALM, market risk, liquidity risk, credit risk analysis, and regulatory reporting, with a strong emphasis on commercial banking business. This application is complemented by ECAPro, a workflow-driven software platform supporting the credit origination process in conjunction with ERMAS risk analytics. This combined application is designed to improve portfolio credit quality by putting the lending process under structured control. ERMAS ALM capabilities provide interest rate risk calculations and credit risk adjusted balance sheet analysis. Shocks to yield curves can be simulated for interest rates and other market risk factors by defining specific scenarios for curves, FX rates and various other parameters. Regulatory reporting - including Basel III Pillar I RWA and regulatory liquidity, stress test EBA/ECB, COREP, ICAAP - is provided in compliance with both national and supranational regulatory requirements, including periodic updates of regulatory reporting formats. ERMAS creates reports on different consolidation levels (e.g. individual, subgroup, group), which can be exported into multiple formats (MS Excel, XBRL). ERMAS provides also liquidity and credit risk analytics that support cash-flow analysis, stress testing and fund and credit capital planning. The solution is designed to run hypothetical and historical scenario-based simulations both on market and credit risk factors. FTP capabilities are based on the cash flow schedule of each individual position, its financial characteristics and behavioural assumptions. All market, liquidity and credit risk components are considered in the fund transfer pricing process in order to support a clear allocation of risk and financial P&Ls. Capital Management capabilities cover credit, market and operational risk supporting economic capital assessment and business planning, including stress testing functionalities. Users can simulate the impact of stressed macroeconomic scenarios on P&L and capital, as well as, obtain a dynamic projection of future balance sheets. Prometeia’s ERMAS Suite and consulting services offer a fully adaptable and all-inclusive solution for all risk management needs; helping clients monitor, analyse, manage and control risk to maximise their profitability while still meeting regulatory requirements.

Prometeia, all rights reserved Headquartered in Bologna (Italy), Via Marconi 43, 40122 For additional information please visit our website: www.prometeia.com Local offices in London, Istanbul, Moscow, Beirut, Lagos, Milano, Rome

www.bobsguide.com

> Are your systems agile enough to meet your financial reporting demands? S

ince the 2008 global economic crisis transparency in all financial reporting has become increasingly important. Advances in technology, the growth of the internet and the functionality that accompanies this rapid growth mean that organisations have the opportunity to transform how they do business. So what can your organisation do to ensure it isn’t constrained by old habits?

A rise in computing capacity The growth of the internet has changed the way that we all operate in both our personal and professional lives; we live in an interconnected world where we can communicate instantly via email, social networks, and our smartphones and tablets. When it comes to financial reporting the submission of financial statements has also moved on from the dark ages, with new reporting languages that enable fast analysis by the world’s regulators. To date UK and European regulators have been forward thinking in their

adoption of XBRL for the submission of financial statements. A human readable format of XBRL makes sense and we believe is the global financial reporting language of the future.

iXBRL adoption and the impact on your business At Arkk Solutions, we appreciate that new reporting methods can be a challenge; with over five years’ experience of helping leading organisations manage their transitions we have developed reporting solutions which between them result in transparent, selfdescribing documents that take the hassle out of financial compliance. With a commitment to innovation and a passion for helping organisations be more efficient and transparent, we have developed solutions for capital adequacy reporting – specifically CRD IV (COREP & FINREP) and Solvency II reporting in XBRL – which we provide to filers across Europe including the UK, Ireland, France, Germany, Spain, the Netherlands, Norway and Denmark. Additionally we have an AIFMD reporting solution that has

been adopted by some of the world’s largest fund managers.

More than just XBRL and iXBRL Along with delivering market leading software products we also assist organisations with the adoption of reporting standards for new legislation, and specialise in projects to convert internal business information into specific reporting formats for external regulators.

Next steps If you are looking for the most efficient, easy to implement solutions to convert your internal data to a format that your regulator demands, then we can help with simple to adopt products and great customer support. ‘We experienced no challenges during the transition to iXBRL, and we have been very happy with Arkk’s efficient and friendly support service and technology excellence.’ Kevin Lane, Group Financial Controller, Aspers Group

Get in touch e: enquiries@arkksolutions.com w: www.arkksolutions.com Follow us on Twitter: @iXBRL

Connect with us on: LinkedIn

t: 020 7036 2758 Join the conversation on: Google+

Risk Management Systems Guide 2015

Basel III Shines Spotlight on Credit Risk Words: Ben Poole

The capital component of Basel III has forced banks pay very close attention to their credit risk management policies. While the timeline for full compliance with Basel III runs until 2019, the effects are being felt today. From a capital perspective, Basel III requires firms to hold more capital and also a higher quality of capital. The goals of the capital requirements are so that banks have a better ability to absorb shocks such as those seen during the financial crisis, as well as to improve risk management in banks overall. As well as the minimum capital component, a capital buffer is also required for Basel III compliance. Between the capital component and the buffer, banks need to hold much more capital. Faced with these challenges, there are three main areas where banks have been most proactive in responding: 1. Technical responses. 2. Strategic responses. 3. Operational responses. Technical responses If banks have to hold more capital, it means they cannot use that money for something else. It is costly to hold this capital, and it can impact profitability, particularly in the current low interest rate environment. ”From a technical perspective, banks are looking to reduce more risky and highly capital consuming exposures,” says Nancy Masschelein, VP Market Management Risk & Finance EMEA at Wolters Kluwer Financial Services. ”That is something we have

seen in asset restructuring - banks have had a continuous focus on reducing securitisation exposures, for example.” As holding capital is costly, banks are also incorporating this into their overall pricing, creating more risk sensitive pricing. The more capital needed to be held for a counterparty exposure, the higher the pricing will tend to be. Strategic responses Some banks have changed their business models by selling business units that consumed more capital, or the group organisation changed its overall structure to minimise exposure. Additionally, since Basel III was first mentioned, banks have issued a lot of new capital. This is partly a strategic response and partly a technical response. Operational responses ”One of the operational responses from banks has been to ensure that data is managed in an efficient way,” says Wolters Kluwer's Masschelein. ”This allows banks to readily identify their exposure to higher capital, meaning they can think about the responses and actions that they need to employ. In addition, quite a lot of investment has been made to improve the calculation capabilities overall. Here I'm talking about investments in risk weighted assets [RWA] optimisation techniques, or in collateral optimisation techniques.”

Other operational responses have been seen with bank processes, with stricter credit approval processes and a closer integration of the risk and finance function, for example. Credit Risk Management Due to the financial crisis, the management of credit risk has had a much stronger focus from both banks and regulators (as seen in the Basel III framework). Banks are much more tightly managing their credit risk as a consequence. ”In addition, there is an interesting dimension on intra-day credit, which didn't really exist that much as an area of focus before,” says Ruth Wandhofer, Global Head of Regulatory & Market Strategy at Citi. ”Now that the Basel Committee requires banks to report data on intra-day liquidity extended to clients [from 1 January 2015, subject to national implementation] this comes into the intra-day credit conversation. Technical monitoring and getting data has to be linked back to internal business management processes to ensure that the credit department is involved for any intra-day sign offs that may be required. This is happening in a much more formal way than may have been the case pre-crisis.” The pressure around credit risk is not only coming from Basel III. "There are the European Central Bank (ECB) stress tests

www.bobsguide.com

Risk Management Systems Guide 2015

“ There is a focus on fine tuning on the details of Basel III.” that are looking at the balance sheets of all the big European banks and checking that they hold sufficient capital to cope with adverse market events,” says Wolters Kluwer's Masschelein. ”You can also think about the regulations coming from the International Accounting Standards Board (IASB). In IFRS 9, one of the key components is to make sure that impairments are better reflected on the balance sheet, taking account of the forward-looking nature. Also, banks are focusing on having a better and more accurate view on their credit risk.” Unintended Consequences for Clients? Following financial crisis and in the context of the Basel Framework, counterparty risk and the credit rating of counterparties, including customers, is very relevant. ”If a bank has a rated counterparty such as a large corporation that has a AAA rating, this large corporation will not be seen as a significant lending risk under Basel, translating into a lower level of risk weighted assets on the bank's balance sheet,” says Citi's Wandhofer. ”Alternatively, lower credit rated or the non-rated may have more difficulty to obtain lending. This is particularly the case in relation to the liquidity coverage ratio [LCR]. Here the value of deposits of corporate customers has been redefined, reflecting a lower liquidity value for the bank compared to Basel II. As a consequence, banks have responded by developing LCR-friendly deposit solutions and are ensuring that operational deposits, which receive a higher liquidity value, are clearly identifiable for regulatory reporting.” Banks are working with both the regulators and their clients on the issues that have arisen from Basel III. ”An area where we did a lot of work with the Basel Committee on a global level was to improve the liquidity treatment of corporate operational and non-operational deposits,” says Citi's

www.bobsguide.com

Wandhofer. ”These were reflected in the updated LCR version of 2013 and subsequently adopted by many key jurisdictions. Corporate operational deposits maintain a liquidity value of 75%, so there's only a 25% run off rate. Any non-operational deposit of a corporate would have a 40% run off rate, reducing the liquidity value in times of short-term stress by this percentage. To ensure more stickiness of deposits, LCR-friendly deposits that go beyond the 30-day Basel timeline have been developed in the market. It is all about designing solutions for clients that align with the new regulatory framework.” Future Prospects The financial crisis meant that Basel III followed hot on the heels of Basel II. Could Basel IV be just around the corner? ”If you just look at the Bank of International Settlement (BIS) website, every month there's a lot of material published and not all of it is under the header of the Basel framework,” says Citi's Wandhofer. ”Some measures are ancillary, rather more like Basel 'plus'. As the Basel implementation timeline runs up until 2019, there is still a way before we have completed Basel III and the majority of jurisdictions are having their financial industry operate on a safer level of capital, liquidity and limited leverage. That is why I still think we have some time before we see a Basel IV.”  Wolters Kluwer's Masschelein agrees. ”I don't see any signals of Basel IV just yet,” she says. ”Rather, there is a focus on fine tuning on the details of Basel III. For example, further fine-tuning is going on with counterparty credit risk, and the trading book review is completely overhauled at the moment. There is also a focus on implementation of Basel III. Furthermore, there is a focus from the Basel Committee on alignment with the accounting world. Aligning with nonBasel Committee countries is another priority. This is what I see coming from the Basel Committee.” ■

Risk Management Systems Guide 2015

Technology and Risk: Evolving Together Words: Ben Poole

The stakes have never been higher for banks' systems risk management policies. Powerful organised crime groups are exploiting the latest technology to find any way to manipulate banking systems for financial gain. Banks are effectively in a cyber war with malevolent forces that are constantly seeking ways to infiltrate their systems to steal data and money. For financial institutions there is a lot at stake - just being able to access a small amount of their information, or subvert funds and transfers means that it is extremely lucrative for the organised crime gangs that are increasingly targeting this space. There are a lot of zero-day attacks from malware specifically tailored to subvert an organisation. Organised crime groups carry out a lot of profiling using social media and other sources, so they can fine-tune an attack. ”We have seen quite a few examples in recent months at some of the large US banks being targeted,” says Peter Jopling, CTO & Software Security Executive UK & Ireland at IBM. ”For example, one bank found that a single attack led to over 60 million accounts being compromised. These are huge numbers. This is bad news for the bank reputationally and there is a huge cost to potentially indemnify users credit scores.” 14

Lots of data generates alerts and audit trails, but sometimes it can be difficult to identify the key action items amongst all this. Banks require governance processes that are driven by technology in order to provide them with the ability to focus on the areas that they need to action against. ”Financial organisations have a lot of different solutions in place, but sometimes what they don't get is that holistic view,” says IBM's Jopling. ”Financial institutions are willing to use many different technologies to build up their layers of defence,” says Russell Stern, CEO of Solarflare. ”You do not see one vendor dominating in a particular type of technology, because if you want to stop the bad guys you have got to throw a lot of different types of defences at them, including ones that they don't realise you are implementing. Capturing more data at more points over longer periods of time is also key. You will see that continue to be a trend.” The Legacy Issue Many financial institutions have legacy equipment and systems in place. While this may still work for the bank, there can be challenges. For example, the Copyright © 2015 MyGuides. All Rights Reserved

documentation may be a bit sparse and the people that originally wrote it may no longer be with the organisation. There can be a lot of ongoing maintenance issues around that. ”Banks can sometimes have between five thousand to 10 thousand legacy applications,” says Solarflare's Stern. ”If these systems are not broken, banks aren't going to rewrite or put more money in these. Because some of these legacy applications were written before the next generation of firewalls and security devices existed, they don't integrate well in a legacy environment. Legacy applications need to be put under heavier guard and networks that are attached to these types of applications must be isolated.” IBM's Jopling agrees: ”With cyber attacks on legacy systems, we can work to put a bubble around that technology because it is going to be nigh on impossible to patch. There will be known vulnerabilities within the coding itself, because that is how the code was written in the first place. The best way is not to try and re-engineer this, as it takes a huge cost and can be a big risk, www.bobsguide.com

Risk Management Systems Guide 2015

quite a few cases, banks don't supply all of the products that they are actually selling but buy those services in, such as insurance. The back end application is still going to expect a credential or a token to let that person in, so it's about the user experience underpinned by robust security mechanisms.” Online and Mobile Threats As banks roll out new services to their different customer bases, many of these take the form of online or mobile solutions. As such, the systems risk threat lurks here too, with banks constantly trying to find new ways to secure their offerings. ”The risk departments within banks acknowledge that online and mobile banking are areas where there is a lot of focus from external threat actors trying to subvert that type of communication,” says IBM's Jopling. ”And although the average user in the street can be targeted, organised crime would in most cases, target a larger organisation, specifically high value targets such as an accounts department, where a phishing attack can potentially gain far higher financial rewards as the current 'Dyre' malware which purports to be an unpaid bill demonstrates.”

but rather to try and put a virtualised bubble around it so that you can protect against current and potential threats while allowing the core legacy system to operate as it was intended to.” Cloud Security If legacy applications represent banking systems past, cloud applications are very much the present and future. There is a lot of hype around cloud computing, but it is just another platform and banks need to take the same pragmatic approach that they would if it were hosted in-house. ”Most financial institutions will only use public clouds very sparingly, and usually not in a case where sensitive data is exposed,” says Solarflare's Stern. ”They will build a private cloud. They will do this for two reasons. First, they have the scale. Going to a public cloud doesn't give them a big cost advantage - they buy enough computers. The second point is security. Financial institutions don't want to have their client information sitting in a location that they don't have control over.”

cloud services today,” says IBM's Jopling. ”Through a single portal, a customer gets one logical view being authenticated which is then authorised based on a dynamic centralised security policy as to how, when and where the user has connected. The dynamic security aspects are handled behind the scenes using common open standards, allowing them to transparently access other cloud services based on their real time access rights. The question for banks around federated identity is how this can be achieved across multiple domains. In

“ One bank found that a single attack led to over 60 million accounts being compromised.”

”Something else to watch going forward is how the regulators get involved in this process,” says Solarflare's Stern. ”Until now, regulators associated with the banking industry have talked more about the handling of financial transactions between various players, looking for people that are deceiving banks and looking for ways to launder money, for example. The systems risk that banks face adds a whole dimension for the regulators. The people that staff those organisations are going to have to be much more sophisticated and knowledgeable in the domain in order to implement regulations. I think that learning cycle may take some time.” ■

”There are examples of federating www.bobsguide.com

Future Thoughts A main point about security is that it is ever evolving. There is not one thing that banks can do that will make them 100% secure. It is about having a number of tools working in harmony, creating a fluid environment that can change dynamically as and when necessary depending on what that activity is. Threats such as open SSL encryption or the Unix security issues that have occurred have affected large numbers of organisations. This highlights just how critical systems risk management is for financial institutions.

Risk Management Systems Guide 2015

Behaviour Detection/ Predictive Analytics

Collateral Management

Asset&Liability Management

RMS Functionality Matrix

Company Name

System Name

3i Infotech Limited

Kastle solutions

3V Finance treasury solutions

TITAN CUBE Treasury & Risk

Acuity Risk Management

STREAM

Advent Software

Syncova

AlternativeSoft

Aqua Global Solutions

e2gen

Aspect Enterprise Solutions

AspectCTRM

Atlas Risk Advisory LLC

AtlasFX

AutoRek

AxiomSL

Brady Trading Limited

Fintrade

Brady Trading Limited

Brady ETRM

Brady Trading Limited

Aquarius

Brady Trading Limited

Trinity Cross Asset and Risk Management Solution

■

Broadridge Financial Solutions

CollateralPro

Chatham Financial

ChathamDirect

ClusterSeven

ClusterSeven ESM

CompuHedge

CoreFiling Limited

Seahorse XBRL for COREP, FINREP, Solvency II & iXBRL filing

CRIF

CRIF Credit Platform

C-RISK Software

CRISK Credit Risk and Margining System

CYMBA Technologies LTD

Athena IMS

Derivation Software

Enablon

Enablon Risk Management Platform

Fairmat Srl

Fairmat

Fenergo

Fenergo Client Lifecycle Management

Financial Sciences Corporation

ATOM

G2Link

ICS Financial Systems

ICS BANKS

Imagine Software Inc.

Imagine Software

InfoCat

CDM for European Mandates

INFORM GmbH

RiskShield

Investor Analytics

Investor Analytics - Risk Transparency Service

KnowCo Limited

KnowCo ALM System

■

KYCnet B.V.

Passport

Loxon Solutions

Loxon Basel II/III, Loxon Collateral Management System, Loxon Rating/ Scoring System, Loxon Lending System

■

Maclear

Maclear eGRC Suite™

■

Maraging Funds

RiskSystem

■

Misys

Misys FusionRisk

MORS Software

MORS Liquidity and Treasury solutions

Murex

MX.3

■

Nasdaq

BWise GRC

Northfield Information Services

MARS Enterprise Risk Management Service (ERM)

Northstar Risk Corp.

■

■ l

■

l l

■

■ ■

■

■ l

■ l l

www.bobsguide.com

Risk Management Systems Guide 2015

Structured Finance Solutions

■

l ■

Risk Management

Risk Databases

■

Risk Analytics

Operational Risk

■

Market Risk

Margin Software

Liquidity Risk

Grc/Erm

■ Some

Credit Risk

l Yes

Compliance

KEY

■

l l

■

l ■

■

l l

■

l ■

■

l l

■

l ■

l l

■

l ■

■

l l

■ l

l l

■

■ l

l ■

■

l l l

■ l ■

■

■ l

■

www.bobsguide.com

l l

■

■ ■

■

l l

■

■ ■

■

l l

■

l l

Risk Management Systems Guide 2015

Collateral Management

Behaviour Detection/ Predictive Analytics

Asset&Liability Management

RMS Functionality Matrix

Company Name

System Name

Numerical Technologies

NtInsight

OpenGamma

The OpenGamma Platform

OpenLink

Paymantix

pmFraud.

Percentile

RiskMine

PortfolioScience

RiskAPI Add-In

Prognoz

Prognoz Risk Management

Prognoz

Prognoz Credit Risk

Qualco SA

Qualco Debt Management

Quartet FS

ActivePivot

Quaternion Risk Management Ltd.

Quaternion Risk Engine

■

RaTT-Pac Computer Systems PTY LTD

Risk101

■

Resolution Financial Software

ResolutionPro

Rikma

ERE and On-boarding risk

Risk Focus, Inc.

RiskFactor Solutions Ltd

RiskFactor

RiskFirst

PFaroe

RiskVal Financial Solutions

Fixed Income Relative Value (RVFI)

Rockall Technologies Ltd

STOC

S&P Capital IQ

Desktop and Enterprise Solutions

SecondFloor

eFrame

StatPro

StatPro Revolution

SunGard

Protegent

SunGard

Adaptiv

SunGard

Ambit Risk & Performance

SunGard

Kiodex

Sword Active Risk

Active Risk Manager

■

SYSTEMIC RM

RISKVALUE

■

Thomson Reuters

Accelus

TMX Razor/Razor Risk

Razor Risk

TradeWatcher

TwoFour

■

UBS AG

UBS Delta

■

UnRisk

UnRisk Factory

VERATEC LTD

VERASIS RISK

Wealth Management System Limited

BONANZA ALM

Wolters Kluwer Financial Services

OneSumX

zeb

zeb.control

■ ■

l ■

l l

■ l

l ■ ■

■ ■ l

l ■

■

l l

l ■

l l

■

■ ■

www.bobsguide.com

Risk Management Systems Guide 2015

Risk Databases

Risk Management

Structured Finance Solutions

Risk Analytics

Operational Risk

Market Risk

Liquidity Risk

■

Margin Software

Grc/Erm

■ Some

Credit Risk

l Yes

Compliance

KEY

■

l l

l ■

■

■ l

■

■ l

■

l l

■

■ ■

■ l

■

l ■

■

l l

l ■ l

l l

■

l l

l ■

■

www.bobsguide.com

Risk Management Systems Guide 2015

Treasury's Rising Role in Risk Management Words: Ben Poole

Following the 2008 financial crisis, the role of the corporate treasurer has been elevated. The treasurer's focus on risk management is stronger than ever, as treasury departments take on more risk responsibilities from the organisation. 22

www.bobsguide.com

Risk Management Systems Guide 2015

Risk management has always been part of the corporate treasurer's responsibilities. Liquidity risk is a key focus - providing liquidity to the company is one of treasury's core activities. This can include external financing, internal financing, cash forecasting - everything that is part of managing the risk running out of cash. Alongside liquidity risk, foreign exchange (FX) risk and interest rate risk are the other classic risks that treasury has had responsibility for.

“ There was a need to gain visibility into cash because liquidity was scarce.” In addition, there are risks that some treasuries deal with and others do not. Credit risk, counterparty risk and commodity risk are examples of risks that are dealt with by some but not all treasurers. This depends on the strategic set-up of the organisation. ”Sometimes the responsibility for certain risks is due to historic reasons,” says Carsten Jäkel, partner, finance & treasury management at KPMG. ”For example, credit risk management has always been done by the accounts receivable department. In other cases it can be because treasurers do not want extra workload. When it comes to the commodity risk management, for example, this can be left with purchasing.” Additional Risk Responsibilities While risk management has always been part of the corporate treasurer's job, treasurers have taken on additional risk responsibilities since the financial crisis. Indeed, for certain risks this became the case before the credit crisis hit. ”Take commodity risk as an example,” says KPMG's Jäkel. ”This was not so much an issue during the financial crisis, but actually before the financial crisis when commodity prices skyrocketed. This is when treasurers began working in that area more than ever before.” www.bobsguide.com

Risk Management Systems Guide 2015

Post-credit crisis, there has been more of an emphasis on counterparty risk and liquidity risk. At the time of the crisis, these two risks went hand in hand. ”There was a need to see visibility into cash and liquidity because liquidity was scarce, with certain institutions not lending at all or not to the same degree as a consequence of the crisis,” says Bob Stark, VP strategy at Kyriba. ”The pendulum swung pretty far in one direction in terms of the conservation of cash. Treasurers had to make sure that everyone understood their liquidity responsibilities and that policy was tight around what they could be exposed to from a capital and credit perspective. While these were best practices at the time, they are now very much normal practices.” Taking the Lead As well as having more risks to focus on, treasurers have also been taking a lead role within the organisation in managing these risks. This also includes managing the risk consequences and the programmes that need to be put in place to deal with the risks. In 2009, treasurers had to be very reactive to questions that were coming down to them from board level senior management. These questions concerned issues such as counterparty risk, liquidity risk and volatility in the currency markets around that time. ”Treasurers were put in the spotlight but in a reactive capacity,” says Kyriba's Stark. ”Generally, treasurers were able to do a very good job of responding, identifying risks and taking action in a reactive manner. They were effectively able to prove that they could do more than they had previously been asked for. As a result, they were given more responsibility.” With more doors open to them, treasurers were able to take the lead on issues and become proactive, rather than just answer questions. ”The treasury team is the best in the organisation at understanding the impacts of currency rates, interest rates, commodity prices and in fairness counterparty and liquidity effects to. They understand how that affects the financial assets and, as a result, they understand how that affects the entire organisation's value. As well as taking the opportunity that was there, treasurers have also injected an information perspective that was lacking because other teams are just not as expert in how these factors affect the business.” 24

A Permanent Shift The lead role that treasurers now hold over an expanded portfolio of risks is a responsibility is now part of the job. ”This responsibility is more than just here to stay, it will continue increase,” says KPMG's Jäkel. ”This is particularly the case when you look at an area like commodity risk management. Here there is still an issue over whether this is the responsibility of treasury or purchasing. I would say that it is the responsibility of both, but someone has to take the lead in that respect.” ”The role of the treasurer is now much more value orientated,” says Kyriba's Stark. ”Risk management is an integral part of treasury now because, if you ignore those risks, you will effectively not be protecting the value of the organisation, which is what the treasurer's role has become.” While the financial crisis was the event that triggered treasury's elevated role in risk management, there are other drivers in the market that will ensure this focus continues. The fallout from regulations brought about by the crisis is one example of this. While Basel III is a bank regulation and does not affect corporate treasurers directly, they will need to start making determinations about how they need to change the way they look at cash and liquidity in order to be able to react to what is going to come down the line. ”There is a high expectation that borrowing costs will completely change - not just the availability of credit but Copyright © 2015 MyGuides. All Rights Reserved

the cost of achieving those funds is going to change,” says Kyriba's Stark. ”That is not to say that interest rates, primary rates and LIBOR are necessarily going to skyrocket, but rather that the cost the banks incur to lend money is going to change under Basel III. The composition of the balance sheet will change as it becomes more costly to lend, and as a result costs will go up for corporate banking clients. Because of this, many treasurers are assessing liquidity risk as something that is a bit different to what it was in 2009. At that time it was just about making sure that they knew that they had access those sources of liquidity. Now it is a matter of determining what the most effective way to borrow is, finding the cheapest option to access funds.” Many treasurers are looking at working capital and are investing in those types of programmes for that exact reason. From a risk standpoint, liquidity could start to become more expensive. Treasurers are now in a leadership position on liquidity risk and can provide guidance and solutions for the organisation. ”With a direct regulatory impact, that is a risk that treasurers need to be able to have a solution for,” says Kyriba's Stark. ”If it is indirect, that creates a downstream risk, which is what we have seen with liquidity and Basel III. There is no end to the types of risks that treasurers have to deal with.” ■ www.bobsguide.com

Risk Management Systems Guide 2015 ADVERTORIAL

Chargeback Season Unveiled: Time for Banks and Merchants to Manage the Risks Post-Christmas returns are in full-swing so Monica Eaton-Cardone, CIO and Co-Founder of Global Risk Technologies, explains how banks and merchants can manage the financial threat of chargebacks. With consumers predicted to spend a staggering £107bn online in 2015 and cybercrime costing businesses across the globe an estimated £265bn, the threat of chargebacks to banks and merchants has never been greater. An estimated £810m was spent online by British consumers alone on Black Friday, and Cyber Monday spending grew 15% compared to the previous year, proving consumers took full advantage of the drastically reduced retail costs during the Christmas and New Year period. Not only did retailers offer huge discounts they also lowered their fraud prevention solutions to increase the amount of transactions. As a result of astronomical consumer spending during the festive season and a lack of cash flow during the New Year, banks and merchants need to be aware that the risk of friendly fraud and chargebacks increases. 2015 will be a huge year for fraud and security with two key industry developments expected to disrupt the industry. Consumers are set to contribute to more fraud than identity-theft criminals. With a rise in consumers committing friendly fraud, resulting in a chargeback for a retailer, merchants need to address this hidden problem. Another key development will be the shift in chargeback fees, as consumers are set to be issued fees if they have to file a chargeback case with their bank. Injecting the industry with chargeback compliance expertise, Global Risk Technologies provides a comprehensive and highly scalable web centric solution for chargeback processing, risk mitigation, fraud management and merchant education that is unrivalled anywhere else in Europe. Built upon years of risk management experience, Global Risk Technologies serves to focus on bringing exclusive solutions for ecommerce payment processing to merchants in the European market. It has taken years of education on the chargeback process to educate those at risk. The good news is there are solutions in place that will enable banks and merchants to reduce the risks and ensure they step one step ahead of the threat. For more information please visit www.globalrisktechnologies.com

www.bobsguide.com

AUTOMATED

HEDGE ACCOUNTING

SUPPORTED BY

EXPERTS Is applying hedge accounting at your company time consuming and complex? Are you concerned with the changing landscape of accounting standards? ChathamDirect, a SaaS solution, dramatically reduces the burdens of applying hedge accounting and simplifies the operational requirements needed to maintain a best in class hedge accounting program. ChathamDirect is scalable to address all hedge accounting needs. It is supported by our accounting experts that are working with auditors and standard setters to ensure ChathamDirect keeps pace with changing accounting standards. Whether you have a straightforward or highly complex hedging program to manage, ChathamDirect offers an intuitive and easy to use solution.

risk@chathamfinancial.com â&#x20AC;˘ 610.925.3120 â&#x20AC;˘ chathamfinancial.com