The Aftermath of the ‘Tsunami of Systemic Risk’ – Microsoft Weighs in on Recovery

The financial services institutions that survived the credit crisis’ first wave of casualties are reassessing their risk management practices. Windows in Financial Services spoke with Sai Sireesh Pachava, director of risk and compliance for Microsoft’s Worldwide Financial Services, to hear his perspective on what caused the crisis and what companies can do to protect themselves.

WFS: Let’s go directly to the current crisis. What would you say went wrong in financial institutions approaches to risk management? Was it the technologies they chose, corporate governance, both? How would better risk management have lessoned the crisis?

SP: This really was a Tsunami of Systemic Risk of an unprecedented scale that totally overwhelmed the risk management capabilities of the institutions that were impacted directly. The after-effect tremors are still being felt. The underlying fault line of this systemic risk tsunami will take months or years to fully analyze and attribute. The encompassing nature of risk management means that there are many dimensions to consider – corporate governance standards, risk management practices, culture, people, their behavior and of course technology as an enabler for real-time risk management. The institutions that have managed their risk well in this crisis and actually benefited obviously have higher standards for risk management, corporate governance, loan/mortgage origination business, and tighter oversight of the credit derivatives business. It will also be interesting to examine the correlation between Basel II adoption and level of Risk Management.

WFS: What’s your advice to institutions re-examining their risk management strategies? What steps should they take?

SP: The crisis once again starkly reinforces how risk management capabilities and expertise really is key to the survival of the fittest. The scale of the systemic risk and threat of a global domino effect has forced all financial institutions around the world to a crisis management mode to proactively manage their risk exposures. Really the question on everyone’s mind is: How well did our existing risk management culture, techniques, workflows, processes, models, methodology, and technology help us withstand this crisis and where must we improve. It will include review of the fundamental risk management techniques:

■ Real-time view of banking book and trading books exposures to deal with the new emerging bankruptcy filings by counterparties;
■ Rigor around mortgage/loan origination standards, workflows and processes;
■ Internal and external credit scoring models;
■ Limits, liquidity risk management and asset liability management;
■ Value at Risk (VAR) methodologies; and
■ Stress testing models efficacy including Monte Carlo simulation.

WFS: Are firms making new investments in risk management? What activity have you seen at Microsoft?

SP: Microsoft recently commissioned a global risk management survey with Professional Risk Management International Association (PRMIA) that benchmarks the role of Enterprise Risk Management (ERM) in current and future business processes and assesses best practices. Broadly, the global ERM survey covered the following aspects: ERM program and methodology, success factors in ERM rollout and implementation, reporting structure, staffing, costs, and relation to economic capital. Risk analytics and reporting and regulatory compliance and controls were highlighted as the top two benefits and capabilities, and this crisis will reinforce this even further. In terms of ERM projects, the timelines were either ongoing or spread over the next two years. We also see a certain level of convergence around risk analytics, consumer analytics, and corporate performance management (CPM).

WFS: With cost cutting on their minds, financial institutions are looking at their IT budgets. Can you give us any guidance on the type of cuts that make sense and those you would consider a mistake?

SP: There has always been a ROI focus for most risk management and compliance investments and rightly so, but for the next 18-24 months, enhancing risk management capabilities will be on the top of everyone’s agenda and invested in. During the crisis, many decisions based on rapid fire due diligence were forced over the weekend, and many firms really struggled to be agile in terms of underlying infrastructure and technology to meet literally real-time exposure reporting needs. So having an agile people-friendly infrastructure and technology is a priority for such firms. Legacy mainframes’ maintenance costs are major items in IT budgets and should be reduced by migrating to more cost-effective, agile, easy-to-deploy technology platforms.

WFS: Tell us about Microsoft’s approach to helping financial services institutions execute their Governance, Risk Management and Compliance blueprints?

SP: Around the world, we are helping our customers build their integrated Governance, Risk Management and Compliance culture, environment and infrastructure. The five interrelated building blocks being risk analytics and reporting, regulatory compliance and controls, document and records management, security and privacy, and business continuity. We see a lot of interest to deploy our new wave of capabilities such as Microsoft Office Excel 2007, Office SharePoint 2007 Excel Services, PerformancePoint Server 2007, Windows Compute Cluster Server 2008 and SQL 2008 for Risk Analytics and reporting scenarios to extend the risk engines. Also highlighted in the global risk survey, key success factors in ERM projects are user training, ease-of-use of tools, and familiarity with tools. And these map very well to our focus and capabilities around last mile solutions for risk workflows, computing and reporting. Our ongoing research study on the future state of risk management blueprints will encompass the new paradigms that we expect to emerge post crisis.

WFS: What do you expect the environment to look like in the next 12-18 months?

SP: Given the dynamic environment, it’s certainly difficult to predict, but broadly we can expect the following flavors of risk:

■ Higher bar for risk management discipline;
■ New and tighter regulations around credit discipline, credit derivatives, capital adequacy etc.;
■ More centralization of risk management oversight functions;
■ With investment banking converting to banks, increased focus on banking book exposure management;
■ Revisions to risk-based approach to supervision;
■ Strict enforcement of a CRO role (often played by CFO); and
■ Review of government-sponsored entities (GSE) type institutions around the world.

www.microsoft.com