IBM Banking: Risk Management for Financial Institutions

8/9/2019 IBM Banking: Risk Management for Financial Institutions

1/40

December 2009

Integrated Risk Management

for Financial Institutions


2/40

Integrated Risk Management for Financial Institutions

Page 2

Executive summary

There is a logical roadmap for implementing state of the art risk management, the steps

being: 1) co-locating information pertinent to risk from diverse internal & external, real-time

and non real-time, and structured and unstructured information sources for risk analysis;

2) linking the information from these diverse sources for better risk insight and presenting

this insight to the stakeholders in risk information; 3)leveraging the risk insights in

optimization of business objectives; 4) developing robust models for risk that continuously

adapt to the changing nature of risk; and 5) ability to analyze risk information and respondto risk events in real time.

Most nancial organizations have a highly fragmented approach to risk management

where different business functions such as nance, operations and risk management have

their independent efforts to manage risk, the different lines of businesses like consumer/

commercial lending, credit cards, deposits (savings, current, etc.) have their own independent

efforts to mange risk, and each type of risk such as insider fraud, credit risk or market risk is

handled independently in isolation. This fragmented and duplicative effort results in higher

cost and poorer quality of risk analysis.

The integrated risk management approach presented in this paper addresses the disadvantagesof fragmented implementation by creating a common platform based on proven IBM

hardware and software offerings. This common platform is capable of provisioning data

pertinent to risk analysis, integrating risk assessments in business processes to create the

intended business advantage, and disseminating risk assessments to the various stakeholders

in the organization. It creates common investments in technologies for real-time risk

management, high speed event analytics and advanced text analytics to gather risk informa-

tion from unstructured information sources. The industry data models for banking provide

a common business vocabulary to facilitate the integration of various middleware and

application components.

In this paper we rst describe a common framework for supporting the various types ofcredit, market and operational risks. Then we go into details of asset-liability management,

regulatory (compliance) risk, operational risks stemming from identity management and

access control. We also cover the technologies needed to support real-time risk detection

and mitigation.

Signicant additional cost savings can be achieved by automating the risk management

lifecycle of developing, deploying and operating individual risk solutions. The quality of the

results produced by these risk solutions improves through automation of the tasks traditionally

Contents

2 Executivesummary

3 Differentkindsofrisks

5 Stagesofmaturityinrisk

management

7 Integratedriskmanagement

14 Implementinganintegratedriskmanagementsolution

19 Specicrisksolutions

32 Keyproducts

34 Automatingtheriskmanagement

lifecycle

39 Furtherinformation


3/40


Page 3

performed by the data architects and database software developers to provision the data for

the risk solutions, and automation and simplication of the coordination/orchestration of

the several concurrent data movement and risk calculation processes in a risk solution.

1. Different kinds of risks

As recent events have demonstrated, a nancial organizations competitive advantage

depends heavily on its ability to handle various types of risks, especially in turbulent

economic times. Risks faced by an organization are of many different kinds. Some of

the key types of risk of concern to nancial institutions are shown below in gure 1. At

a high level, the risks divide broadly into two categories, nancial and non-nancial.

Financial risk, as the name suggests, impacts the organizations ability to meet its nancial

performance indicators such as capital reserve requirements, revenue streams from its

assets (loan instruments) and expenses from its liabilities (deposits). Credit risk in simple

terms arises from the defaults in payments by the banks debtors while market risk arises

from the uctuations in revenue and expense streams because of changes in interest rates

associated with the income/expense streams, or uctuations in the value of the nancial

instruments on its books such as stocks, bonds, options and swaps.

Financial risks are not unique to banks or nancial institutions. Non nancial institutionsinvariably extend credit on large machinery, or accept payment in terms of future income

stream from large projects. Hence they are subject to credit risk arising from the defaults in

payments. Business risks are not very well dened; however, two important and somewhat

interrelated categories are counterparty risk and systemic risk. Counterparty risk arises

primarily from the inability of market makers who create complex nancial products

like derivatives and swaps, to cover their obligations during adverse market conditions.

Systemic risk deals with the instability in the over all nancial system, as opposed to

defaults of individual actors. Two threads of systemic risk are widespread liquidity crisis,

when the market is unable to absorb assets priced at fair value due to adverse market

conditions, and widespread solvency crisis posed by deteriorating demand for nancial

products (run on the bank, or all mortgages being prepaid).

Itsnotthebiggest,thebrightest,or

thebestthatwillsurvive,butthose

whoadaptthequickest

Charles Darwin.


4/40


Page 4

Non-nancial risk is broadly everything except nancial risk, but we focus on two

categories, operational risk and regulatory risk. While in this paper we do not dwell on the

risks posed by conditions outside the control of individual business such as political

upheavals like revolutions and wars, extreme weather like massive oods and draughts,pandemics, etc., prudent enterprises will be able to model and better forecast the

probabilities of these risks, and be better prepared to react to them.

Operational risk is dened in Basel II as risk of loss resulting from inadequate or failed

internal processes, people and systems or from external events. (External events are

political, weather, or pandemic etc.). This denition includes legal risk, but excludes

strategic and reputation risk. Our primary focus here would be addressing the gaps in

IT systems and applications that are exploited by customers and adversaries external to

the organization, as well as rogue employees to perpetuate fraud. We also cover the legal

and reputational risks arising from data theft or loss, or breach in information privacy.

Regulatory risk arises from non-compliance with internal governance and government

regulations, i.e., from failure to audit the actions to comply with the regulations, report

the results, and remediate gaps in compliance. Regulatory risk covers both nancial and

operational risk and hence we deal with it separately.


5/40


Page 5

2. Stages of maturity in risk management

Not all nancial institutions are equally deft at managing risk. Their ability to manage

risk varies by their size, geography, sophistication in leveraging IT, and business strategy.

However, the following is a logical progression for most organizations for implementing

risk solutions.

Easyaccesstoinformationpertinenttoriskassessment:The information pertinent

to risk exposure is often distributed across organizational boundaries, locked intoapplication specic formats and database schemas (physical schema designs) opaque

to a risk analyst. The rst step most organizations take in implementing effective risk

management solutions is to create a centrally managed repository of trusted information

accessible to risk analysts. This includes correlation of information gathered from the

multiple internal and external sources to generate actionable insights. In this process

enterprise models for risk data at business, logical, and physical levels are dened to

simplify access to risk information and its analysis.

EnterprisewideviewofriskRiskinsight:The trusted risk information above

becomes the foundation for developing an integrated enterprise wide view of risk

focused on the presentation layer to generate the relevant reports and dashboards forthe risk and nance executives and more granular reports for business analysts who

use the risk information for transactional decisions and portfolio management. This

further involves:

a. Denition of the relevant KPIs/KRIs for risks, particularly for the non-

traditional risks, for capital and nance groups such as relationship managers,

line of business executives, system owners, operation heads etc.

b. Simple consolidation models for generating the above KPI/KRIs by aggregating

the trusted risk information. Rules of aggregation are often very complex.

c. Capturing risk information from internal sources in real time for intra-dayassessment of risk postures.


6/40


Page 6

Riskoptimizationandcontrol:Risk optimization and control refers to the enterprises

ability to exploit its understanding of its risk posture to maximize revenue and prot.

For this, analytics has to be integrated in strategic decisions in nance, business

modelling and planning, and strategy- execution alignment. Analytics also has

to be integrated into operational processes such as capital allocation for minimum

capital requirements. Analytics at the granular level is integrated with decisions at the

transactional level such as loan or credit approval, increasing credit limits, stopping or

agging fraudulent nancial transactions on credit cards, or money laundering efforts.

Riskmodelingandscenarioanalysis:In risk insight, the collection of the right

subset of data from a diversity of sources, establishment of linkages across it, and some

analysis performed on the aggregated data generates the risk information needed at the

decision points in risk control processes. In risk modeling, predictive and descriptive

analytics, that is regression approaches and data mining, are deployed to develop:

a. The analyses performed in the risk insight step to assess nancial risk (credit,

market, counterparty, liquidity, and/or interest rate risk) and operational risk.

b. Models that predict outcome of various risk mitigation actions on the risk

posture of the enterprise thereby enabling the selection of optimal action.

c. Additional models or extensions to existing models to understand the

consequences of improbable events (stress tests required by regulatory

authorities). Computational environments separate from those used for

regular business are provisioned to execute the improbable scenarios.

d. Validation of the models with banks test data to address unique aspects of the

customer set or portfolio, and to continuously/periodically assess the adequacy

of the model.

The rationale for assigning higher maturity level to risk modeling is that these models

need not be developed in-house. They can be obtained from ISVs, particularly in caseof small and medium nancial institutions.


7/40


Page 7

Real-timeriskinsightandcontrol:There are many areas of opportunity in real-time

risk controls. Blocking fraudulent monetary transactions such as credit card payments

and responding to movements in capital markets at sub millisecond latencies are

quoted often. However the most promising opportunities come from the ability to

analyze unstructured information being received from news wire and other sources and

factoring it in the decision processes. In addition to performing risk calculations and

acting on the results in real time, the models used for these risk calculations can be

tuned in real time using improved estimates of the macroeconomic indicators that aretypically the key parameters of the risk models.

3. Integrated risk management

IBMs Integrated Risk Management approach offers four key capabilities shown in gure

2 below which support the rst four stages of maturity discussed above. Real-time risk

insight and control, real-time analytics, is discussed separately in section 5.2.

Aggregationofdatafromdiversesourcestoaddresstherststageofmaturity.

Most of the sources will be the various database systems used in daily operations.However, data is also sourced from external sources such as watch list publishers or

rating agencies. It could be in unstructured format, examples being nancial reports or

regulatory lings, and some data like market feeds may require real-time processing.

Results of risk analyses are only as good as the completeness & accuracy of data they

are based on. Hence, discovery, aggregation, and enrichment of this data by linking

data across various sources is an important capability of the risk management approach.


8/40


Page 8

Resultsofanalysisarevaluableonlytotheextenttheycanbeleveragedto

furtherbusinessobjectives.Typically the analysis results are used in the following

three ways:

a. By decision makers for planning and governance. To support the second stage

of maturity, BI tools like Cognos facilitate the consumption of analysis results

through easily congurable dashboards, scorecards and reports. Cognos has a

wide range of industry specic blue prints to accelerate the deployment of the

planning/governance capabilities.

b. By knowledge workers in workow mediated processes such as remediation of

risk exposure through appropriate portfolio adjustments. This and 2c below

address the third stage of maturity.

c. Through direct use in automated business processes, for example authorization

of credit or approval of a loan based on credit rating.

Financialriskandanalyticsishighlydiverse.There is a wide variety of nancial

instruments and a variety of risks associated with each. Deep specialized domain

knowledge is required to manage each type of risk for each of these nancial instruments

Aggregation of the risks across instruments and risk types based on the correlations in

risk across them is also a sophisticated analysis. To address the fourth stage of maturity,

which in turn supports the second stage, IBMs approach is to enable a wide variety of

risk calculators and a whole variety of applications for pricing of nancial instruments

to operate cohesively in a single solution environment as shown in gure 3. The

solution environment also provides feedback loop to monitor the validity of the risk

models as the economic/business environment changes.

Current implementations of risk solutions involve integration of all of the above

capabilities individually for each customer in a traditional manner involving signicant

programming to provision the right data and integrate the results of the analytics back

into business. IBM Research & Development Labs are working on advanced solutions to

automate much of this traditional upfront work in deploying the nancial risk solutions.


9/40


Page 9

In most nancial institutions, risk is managed across following three dimensions. The

rst dimension is the business function. The three key business functions are Financial

Optimization, Business Assurance and Exposure Control, managed by the CFO, COO

and CRO respectively. Broadly, while the CRO is interested in quantifying risk per say,

COO is concerned about its consequences on business operations, and CFO about the

consequences of risk on nancial operations. The second dimension is the risk type,

i.e., nancial risk, operational risk and regulatory compliance, which are managed by

different set of experts in respective risk types. Finally, the third dimension for segmentingrisk solutions is lines of business (LOBs) for nancial risk. The above landscape for risk

management has led to a proliferation of risk solutions in nancial institutions. The LOBs

or business functions have often implemented different solutions for the same type of

risk, either because of independent choices made at different point in time, or because

these solutions are specialized for a particular aspect of risk within the risk types listed

earlier. The plurality of risk solutions for each risk type causes unjustiable expense,

and has not been effectively leveraged to improve the quality of risk assessments.

Consolidation of information provisioning for risk management

As the right side of gure 3 suggests, signicant amount of the duplicated effort can be

eliminated if we break up each risk solution into its data provisioning, risk analysis, and

report dissemination parts, and re-aggregate all the data provisioning pieces and report

creation and dissemination pieces separately into a single data provisioning and report


10/40


Page 10

generation framework. All data feeds get aggregated into the risk information warehouse

using the IBM banking industry data models and information integration middleware.

From the warehouse information can be easily provisioned for the ISVs, or the in-house

risk solutions, and to the aggregation functions for reports and dashboards. This approach

has been successfully implemented by IBM in several customer environments. As the

right side of gure 3 suggests, in an integrated risk implementation additional savings

are accrued by eliminating the risk solutions that are truly duplicative and retaining the

ones that work well on particular metrics or a particular scenario, even if it is duplicativewithin a risk type.

In the independent risk solution approach on the left hand side of gure 3, quality of risk

assessment suffers because each business function or LOB is using its own risk analysis

in isolation and not leveraging the risk analysis solutions available in other LOBs or

business functions, which may work better for some risk metrics or in some scenarios.

The integrated risk management approach shown on the right hand side of gure 3

provides an effective way to apply multiple risk assessment algorithms and aggregate

their results. If the nancial institution is using in-house risk models, they can benet by

leveraging data in the risk information warehouse which has been provisioned for other

risk solutions.


11/40


Page 11

The integrated risk solution outlined in gure 3 also makes it easier to get the information

pertinent to an enterprise wide view of risk as data from all LOBs is consolidated in the

risk information warehouse and aggregated in route to reports and dashboards. The

aggregation is far more complex than simple sums, as it could involve complex regulatory

rules like applying haircuts to income streams, or require factoring in correlations,

parameterized by business and economic outlook, that offset or exacerbate risks.

Extensions needed to handle risk optimization and real-time assessment of risk are also

shown in Figure 4 but discussed in more detail in section 5.2.

Consolidation of risk analysis

Risk analysis happens at four different places in the solution architecture shown in gure 4,

complex high-speed event processing, analytic models, text analytics, and reporting and

KRI dashboards. Potential interactions between these four components are illustrated

in gure 5. Analysis happens at these different places because of the different kinds of

data analyzed (structured, unstructured, real-time, etc.), different nature of the analysis,

different programming model deployed in the analysis, and the different performance and

response time requirements for the analysis. .

Predictive/descriptiveAnalytics:As shown in gure 5, the Predictive/Descriptive

Analytics subsystem has the high complexity analytics. It has a base layer of industry

neutral and domain neutral analytic capabilities such as ILOG business rules engine,

Identity Insight entity analytics, statistical packages like SPSS, and core data mining

algorithms for classication, clustering, and predictive analytics and regression etc. The

base layer is used by analytics modelers to build risk, fraud or other analytic models,

validate the models on an ongoing basis or tune their parameters. Some of these models

use patterns or features detected in real time streaming data. The denitions of those

patterns or features are deployed in complex real-time analytics subsystem.

The fraud detection engines and risk calculators may be provided by IBM or an ISV or

be developed in-house by the bank using the base layer. While the analytics subsystemcan be made extremely scalable for both the data persisted in the warehouse and in

terms of the computations involved in sophisticated risk models, the event processing

approach shown in gure 6 is more appropriate for the most extreme data rates (as in

real time market feeds for all nancial instruments) and sub-millisecond response times.

IBM Smart Analytics System, described in the next section is a scalable platform for high

complexity analytics. A good example of complex analytics performed in the analytics

subsystem would be projecting losses due to fraud at enterprise level, or losses due to

credit risk exposure at an enterprise level.


12/40


Page 12

Real-timeAnalytics:The Real-time Analytics subsystem has the complex and high

speed event processing to deal with real time data, often time series data like market

feeds or sequences of transactions on an account. Analysis can be done on an instance

of that data, or a collection of instances recorded over a nite time window, with some

context information from additional data sources (reference data). Analysis typically

involves detecting a pattern or features in the events received from many sources over

a time window . The pattern or feature being sought is dened or developed in the

Predictive/Descriptive Models box in Figure 5 by the analytics modeler using traditional

data mining techniques. Because of performance and response time constraints arising

from the volume of data involved, the patterns or features to be detected are embedded

in a procedural programming language like C or Java, and hence the development of highspeed event processing capability typically requires the involvement of the IT shop and

the standard software development practices.

For extremely high performance requirements like high speed trading or insider fraud

detection, InfoSphere Streams, IBMs stream processing platform shown in gure 6,

enables detection of complex patterns occurring in information being received from di-

verse sources at speeds that are orders of magnitude greater than that of existing systems.

In addition to the highly scalable, high performance execution environment, InfoSphere

Streams also provides a highly usable programming environment to access and manipulate

streaming information such as events from IT infrastructure or application logs, or trad-


13/40


Page 13

ing activities. Streams programs can analyze the market data in real-time, and apply

analytics to identify market risk. Pre-trade compliance is one area where analytics running

on InfoSphere Streams can provide proactive indications of market risk and mitigate

undesirable trading. Another capability of InfoSphere Streams is the ability to analyze

structured and unstructured content. Sentiment analysis can be applied to real-time feeds

of news data to provide additional insight into current market conditions.

Reporting&KRIdashboards:The third location of analytics is a BI system like

Cognos. The distinguishing characteristics of these systems is their ability to take large

volumes of operational data, either from the diverse sources of data from bankingoperations from different LOBs and business functions, or outputs of the models in the

analytics subsystem, for aggregation and analysis. Typically the BI systems have dashboards

for the executives of the business functions (CFO, CRO, COO) and LOBs, and reports to

disseminate the results to the larger set of knowledge workers in the organization. Rules

engines like ILOG play an important role in aggregation and disaggregation of information.

For example, aggregation of risk or disaggregations of income stream into individual

tranches of an SDO have complex rule sets. Statistical packages like SPSS also play a

key role in predicting the KRIs (Key Risk Indicators) based on past observations. XML

technologies and accompanying XBRL standards are critical for ling reports to regulatory


14/40


Page 14

agencies to comply with various regulations. Entity Analytic solutions like Identity

Insight provide the ability to reconcile multiple source system representations of a single

individual into a unique entity and then assess both suspicious associations as well as the

nature of their nancial activity via complex event processing.

TextAnalytics: Text analytics, the fourth location of analytics, deals with extraction of

information from documents led as unstructured text, and the fusion of this information

with rest of the structured information. Typical steps preceding the fusion step are

discovering the entities in each document preceding the fusion step and establishing the

relationship between these entities. Entities can be people, roles and responsibilities,

corporate actions, places of work. Relationships could require composition of relationships

from different documents. Finally, relationships discovered in unstructured information

should be fused with information in structured sources to get a more complete view.

4. Implementing an integrated risk management solution

In the past, IBMs customers invested in information technology with the goal of automating

business processes. Such automation provided savings in operational costs, better response

times and often enabled more customized or more exible processes. Information

management products and solutions, data bases, data integration products, contentmanagement technologies, and other software products, were designed to address the

needs of business automation. While automation focuses on executing individual business

transactions (internal or external), analytics and optimization look across all transactions,

often across different business units, to derive business insights and make optimal business

decisions. Analytics and optimization is inherently harder than automation because of

expanded magnitude of data involved, the diversity of the sources of data, existence of

data in multiple modalities (structured, unstructured, the latter being text, voice, or even

images), and greater complexity of computations performed on this data.

Optimization solutions require even a greater array of products and capabilities than

automation as highlighted in gure 7. Figure 7 is an extension of gure 3 with three newcomponents, text analytics, front-ofce enablement, and the storage/server and system

management component. Customers are nding it quite challenging to buy the above

products separately and integrate them into an analytics solution in-house, and to

integrate the analytics solution back into their existing IT environment. IBM has

responded to this requirement by developing the IBM Smart Analytics System (ISAS)

which packages the following functionality:


15/40


Page 15

AnalyticsSoftwareOptions

o Cognos 8 Business Intelligence suite to deliver a complete range of business

intelligence capabilities with reporting analysis, dash-boarding and scorecards

with a single, service-oriented architecture

o Robust and scalable multidimensional analytics with InfoSphere Warehouse

Cubing Services

o InfoSphere Warehouse Text Analytics & Data Mining to unlock the value of thetext content with unstructured analytics and for data discovery, detection and

prediction on structured data

DataWarehouseSoftware: InfoSphere Warehouse, InfoSphere Warehouse Advanced

Workload Management, and Tivoli System Automation

Hardware/OS:IBM Power 550, IBM System Storage DS5300, AIX 6.1

The key attributes of ISAS are that it is pre-integrated with a single point of support and

it is factory tuned for analytics workloads. The hardware, system management, middleware

and analytics components integrated in ISAS are highlighted in yellow in gure 7. The

products underlying the highlighted components are listed in green lettering. Customersand ISVs will nd signicant time savings in avoiding the task of integrating the

constituent pieces of ISAS in-house and conguring/tuning these pieces. Furthermore,

ISAS is scalable in terms of both capacity and function. As additional warehouse capacity is

needed for the risk analysis activity, the warehouse and underlying storage can be scaled.

As new analytic functions are needed, be it mining or predictive analytics or text analytics,

they can be added as need arises. With new regulatory requirements for nancial risk

management appearing at a good sustained pace, and the unknown nature of the analytics

capability and capacity needed to comply with them, customers and ISVs will nd it

convenient to start with a small but adequate ISAS footprint with easy growth at

predictable cost as need arises.


16/40


Page 16

Figure 8 illustrates the additional details behind these components shown in gure 7and gure 9 overlays the key IBM software products relevant to the risk management

framework on gure 8. An instantiation of the framework may not use all the products

illustrated in gure 9, however, the gure illustrates the breadth of the framework

capabilities. Added capabilities can be introduced in provisioning trusted information for

analysis depending on the latency, performance and other non-functional requirements.

The key ones are:

1. In memory relational database or in memory cache for risk data in relational format

that is not large but needs to be accessed at a high bandwidth

2. In memory fact and dimension tables for supporting high volumes of real-time OLAP

activity

3. Change data capture technology to keep the trusted risk information warehouse in

synch with operational data for real time applications like detection of payment frauds

where one typically wants to block the transaction in real time

4. Lineage and provenance information stored as part of operational metadata to establish

veracity of the information


17/40


Page 17

The industry data models shown in gure 10 provide the data models needed to create

the trusted information for risk in the data warehouse or relational/multi-dimensional

OLAP repositories or reference data for risk management. The reference data typically

is customers and business entities, accounts, nancial products and securities (traded

nancial instruments). Signicant details of this data are obtained from external sources

and refreshed continuously. The requirements models of business solution templates

(BSTs) provide the physical and logical schemas for multi-dimensional or relation OLAP

repositories. Physical models can be used if these repositories are being created from

scratch. Similarly, application solution templates or ASTs provide the logical and physical

schemas needed for the datamarts used by various data mining applications and the data

warehouse design models provide the same for the main data warehouse.


18/40


Page 18

The industry data models also provide the glossary models that are the business level

terminology for the data described by the logical and physical models. The glossary

models help establish consistency in information across all of the risk solution components.

As shown in gure 10, in addition to helping deploy the initial instance of the risk

information repositories, the industry data models are also leveraged by data movement and

transformation tools such as IBMs InfoSphere DataStage tools to facilitate the creation

of the ETL scripts needed to populate these risk repositories.


19/40


Page 19

5. Specic risk solutions

The integrated risk management (IRM) solution approach outlined in section 4 will

enable the wide range of risk solutions identied in gures 1 and 2, as well as most of

risk categories not listed in those gure 2. In this section we select asset liability manage-

ment (ALM) as an example of nancial risk, identity management and access control as

an important component of operational risk and nancial fraud, and GRC (Governance,

Risk and Compliance) reporting solutions and discuss how they are enabled by the IRM

solution approach. We also discuss the capabilities for real-time data/event managementand real-time analytics that are critical for real-time risk management solutions, typically

needed in payment fraud control and risk management in capital markets.

5.1 Asset Liability Management (ALM)

For retail banks, ALM has been for long at the heart of risk management. For them

nancial risk is indeed a complex mix of business, liquidity, credit and market risks

that only simulation can help apprehend. Initially designed to calculate the long-term

effect on protability and liquidity of short-term decisions, ALM solutions have evolved

signicantly to become a universal decision-support tool for directors, treasurers, and

business line managers alike. Recently, the nancial crisis has created a case for developing

ALM even further, making it more encompassing, more precise, and more granular.

A consequence is that ALM systems are likely to increasingly overlap with other risk

management systems, in particular:

Funding liquidity management systems

Treasury management systems

Fund transfer pricing systems

Systems for managing the interest rate and currency risks in the banking book

Performance and Capital management systems.

It therefore highly likely that banks will revisit their ALM requirements and reconsider

the architecture to best support them. Any good ALM system comprises at least the

following functions:

Aggregation of transactions and positions on a wide range of products, generating

risk equivalents when necessary (non-maturing products, undetermined cash-ow

etc.);

Projection of current positions and exposures under specic assumptions

(economic conditions, default probabilities, customer behavior, business

performance, rollover scenarios)


20/40


Page 20

Generation of market-coherent sets of scenarios (risk-neutral valuation constraints, etc.)

Generation of multiple projections reecting a vector of possible scenarios

(stress testing);

Simulation of future cash-ows and asset values for a given projection;

For a given projection and a selection of asset-liabilities items, analysis of various

matching rules (maturity, duration, hedging ratio, etc.) and reporting of resulting

gaps;

Generation of related accounting entries, simulation of P&L and book values,

estimation of related statistical indicators such as Earning at Risk and Economic

Value, and production of prospective nancial reports.

In order to address the above requirements, the ALM solutions need mechanisms to

calculate various types of risks associated with the assets and liabilities in nancial

institutions portfolios. As illustrated in gure 11, these various types of risks have to

be netted under consistent set of assumptions/scenarios. In addition ALM systems are

expected to have some capabilities to manage investment portfolios (Held to Maturity and

Available For Sale in particular), which may involve Credit Portfolio management features.For an investment bank, or any nancial institution active in derivatives or securities

nancing, the ALM system should in addition be able to incorporate some elements of

Counterparty Credit Risk.


21/40


Page 21

When all the above is taken in consideration, one can imagine that an ALM system can

be as complex as one wants it to be! In order to balance usefulness, performance and

practicality, subtle trade-offs have therefore to be made. In particular, the exibility of the

simulation engines, the granularity and comprehensiveness of the data, the sophistication

of the pricing analytics, the details in the MIS reports and the post-processing on risk

analytics shown in upper half of gure 12, have to be limited to realistic levels. Whatever the

choices made by a particular institution, it is likely that the requirements will continually

increase over time. It is therefore essential that the ALM system is built on foundationsthat support future extensions, higher volumes, as well as faster and more complex

calculations. The risk management solution approach outlined in section 4 is ideal for

ALM solutions because, as illustrated in the lower half of gure 11, it allows the all

components of the ALM calculations, the different types of risks to the cash ows that

have to be netted, to be computed in one place. Furthermore, it allows the nancial

institutions to dene their own roadmap for implementing and evolving their ALM

solutions, incorporating the various types of risks calculations pertinent to ALM, as they

are needed, on a common investment of data foundation and reporting tools.


22/40


Page 22

5.2 Real-time risk analysis

Real-time risk analysis has two components. First is the capability to analyze large

amounts of data in motion and present the information in real time or set up the

necessary alerts. The second component of real-time analysis is the ability to conduct

large number of concurrent complex queries, including what if analysis, in real-time.

Analyzingdatainmotion:This requires the data to be received, normalized, distributed

and analyzed using very high speed technology measured in micro seconds. The goal is

to be able to react to the data in real time, identifying and preventing fraudulent transactions

before they occur rather than reacting to them after the fact. The bottom half of gure 4

illustrates the components involved in analyzing information in motion. At the core of

this is Event Analytics, but there are a number of supporting systems and technologies

that contribute to the effectiveness of the analytics. These technologies are presented in

Figure 13 and are described below (Figure 13 depicts an algorithmic trading scenario).

To meet customer demand for real-time assessment of enterprise risk posture, nancial

rms need connections to more venues and exchanges than ever before WebSphere

Front Ofce provides out-of-the-box access to dozens of direct exchanges, order books

and consolidated feed handlers and support for over 80 data feeds worldwide. Throughintegration with IBM WebSphere MQ Low Latency Messaging, WebSphere Front Ofce

provides nancial rms the ability to manage large volumes of market data while enabling

high-speed, reliable connectivity to real-time algorithmic and electronic trading platforms

at high throughput levels. The speed and throughput capabilities of Low Latency Messaging

enable the real-time detection (and reaction to) market and credit risks. Through its

features for latency monitoring, WebSphere Front Ofce supports Regulation National

Market System (RegNMS) in the United States for execution in equities markets and

Markets in Financial Instruments Directive (MiFID) in Europe, for execution within

all markets. solidDB is IBMs in-memory database technology that provides high speed

access to data through its memory-based data management approach, high throughput,

high availability due to its built-in replication and failover capabilities, distributed

operation and exible deployment. In-memory database technology provides up to ten

times the performance of traditional relational databases.


23/40


Page 23

CognosNOW!At an aggregate business level the risk exposure changes constantly,occasionally generating large exposures that can have catastrophic consequences. Active

monitoring of those exposures by risk class, trading position, asset class, customer, geo

or product enables the businesses to manage the ramications of justiably disconnected

risk bearing decisions. Cognos NOW offers an in memory real-time risk presentation

layer including risk dashboards, risk alerting, risk reporting and risk analysis. Part of

the Cognos Analytics and Performance Management suite, Now! supports an emerging

continuum of real-time to end of month/quarterly risk intelligence demanded by nancial

markets and commercial banking businesses.

5.3 Identity Management, Access Control and nancial fraud detection/preventions

Identity management and access control are the rst line of defense against insiderand external fraud perpetrated by misuse of IT infrastructure. A wide range of system

management tools are in use today to handle the rst line of defense as illustrated in

Figure 14. While essential to protect the enterprise, traditional security is being hard

pressed to address those criminal elements attempting to defraud nancial institutions.

A combination of malware hacking and infecting personal and corporate computers,

targeted phishing, VoIP spoong, botnets, ATM card skimming, highly sophisticated

social engineering schemes, and other techniques are employed to bypass nancial

industry security best practices. In isolation, it may be very difcult to differentiate

between a legitimate versus a fraudulent access.


24/40


Page 24

As a result, banks want to detect account break-ins, social engineering or insider fraudulent

accesses even when these rst lines of defenses fail. This is done by monitoring transactions

for anomalistic patterns. As illustrated in Figure 15, this second line of defense dependsheavily on leveraging customer, merchant, location and employee proles to build their

segment denitions, as shown in upper left corner of the gure. The segment denitions

are used to further model collective activity at all access points, including the web, ATM

machines, IVR systems, call centers or employee computers, to dene the envelope of

expected transactional behavior, which is used to ag outliers (middle left).

Fraudulent transactions often have precursors (footprints) in access channel and LoB

events which can be analyzed to identify incipient fraudulent activity. To be most effective

these events need to be analyzed in real-time. There are cases where access channel

(e.g., web, IVR, ATM, etc.) and applications needs to be monitored jointly since the

evidence of fraudulent activity is insufcient when monitored independently.Organizationally this can be challenging since the security events are typically monitored

by the IT security organization, while the fraud detection and management is traditionally

handled by the LoB. Sophisticated fraudsters recognize and exploit the gap in security/

fraud detection due to this separation of duties. The more mature nancial institutions

are recognizing that they need to combine both the IT security and application fraud

detection capabilities into a single solution if they are to effectively protect their assets.


25/40


Page 25

As shown in Figure 16, the ability to co-analyze access channel and application events is

one of the differentiating capabilities of IRM. Because of the speed and number of system

events, they have to be analyzed in high performance event processing engines in context

of application events in real-time leveraging the real-time capabilities discussed in section

5.2. In the past banking systems had been batch oriented. Lack of real-time detection and

patching of the security holes in the banking system did not pose a signicant nancial

risk. However, with the new types of payment mechanisms that result in increased cross

channels nancial ows, including the acceleration of real-time payments and settlement,the nancial risks are increasing. It is possible for fraudsters to steal millions of dollars in

a matter of minutes. This increases the need for real-time fraud detection capabilities that

far go beyond the after-the-fact fraud detection and management solutions.


26/40


Page 26

IBMInfoSphereIdentityInsight provides real-time fraud detection capabilities by

combining a distinguished entity resolution engine along with complex event processing.

By comparing the personal information from business transaction, the system veries

whether the person is who they claim to be in addition to nding associations that may be

of particular interest or suspicious due to linkages to PEP, WatchList or internal banking

hot lists. The transaction data is then analyzed against all previous events for this entity to

determine if along with other activities this now qualies as potentially fraudulent. Either

of these situations may generate an alert that should be investigated by the institutions

fraud investigation unit. The product includes a series of features (Perpetual Analytics,

Global Name Recognition, Business Rule Thresholds and Conrmation/Denial Scoring)

to ensure that false positives are minimized. Because the solution correlates both physical

attributes (name, address, SSN, etc) along with digital attributes (cookie, email address,

etc), it also lends easily to augmenting the Identity Management solution covered earlier

in the section.

The key nancial fraud detection capabilities of identity insight solution are illustrated

in gure 17 and they are shown in context of overall fraud detection and mitigation (case

management) in gure 15. The left side of gure 14 illustrates how multiple fake identities

of Linda Sweetheart entered through different channels with different names at different

time , while initially irreconcilable, eventually get resolved into a common real identity as


27/40


Page 27

the last entry shown in upper right is made. Furthermore, the gure also illustrates how

insider fraud can be detected by linking employees to suspicious customers. In general

Identity insight can discover social networks and analyze their collective transactions for

fraudulent activities like anti money laundering (AML)

5.4 Compliance

While compliance is a broad topic, in this section we focus on IBMs capabilities in

facilitating compliance with regulations related to nancial risk. As the Venn diagram in

at the top in gure 8 suggests, managing nancial risks, nancial crimes and operational

risks is an important part of regulations for nancial sector. Risk postures and loss events

have to be detected, reported internally and in most cases to the regulatory bodies, and

case management or workows to mitigate the risk or loss have to be undertaken. A fairbody of regulations also deal with collection, analysis, protection and reporting of

information, a set of activities broadly termed as Compliant Information Management.

Every piece of information has a lifecycle. Initially information is created (whether in

paper form or digital form). Then that information is developed going through draft,

review and approval phases. At some point that information becomes less active

and then it may be archived or put under records or retention control. Even after that

happens, the information may become active again. As an example, access to archived


28/40


Page 28

content may be required to satisfy an eDiscovery or audit request. As some point, the

information gets deleted or explicitly archived. Figure 18 shows the ve phases of managing

information through its lifecycle for compliance. The rst step is collecting the information.

The collection of the information requires that policies and rules by dened that identify

which content should be collected, as well as where and how it should be managed in the

ECM repository. Once the information is collected, advanced classication can be applied

to help analyze the information to differentiate non-critical documents from critical ones,

and dene categories or taxonomies for how those documents should be handled. Duringthis process, metadata can also be extracted from the information that can later be used

for analyzing the information. Phase 3 in the lifecycle is records management. Ensuring

that information is securely managed and that appropriate retention policies are in place

is critical for regulatory and compliance related activities. In phase 4, the information is

made available to eDiscovery and auditory inquiries. Finally in phase 5, information is

either archived permanently or discarded. The products supporting each phase are

shown in blue rectangles.


29/40


Page 29

IEffectively managing this dynamic lifecycle from a compliance point of view requires

the capabilities that are integrated effectively in the integrated risk management platform

as shown in Figure 19. Some components pertinent specically to compliance activities

are highlighted at the bottom of the gure. A key component of regulatory compliance is

the Inventory of Obligations, a collection of activities pertaining to internal audit, record

retention, and other activities that must be performed to comply with the various

regulations an organization is subject to. The inventory of obligations is a human-readable

repository. Using information metadata, advanced classication, business events andbusiness rules embodied in ZeroClick technology, information in an organization can

be automatically classied as targets of various compliance regulations applicable to

the different phases of the compliant information lifecycle. The compliance obligations

in the inventory of obligations are translated into a canonical (non-repetitive) set of

programmatic commands that can be executed automatically by a work ow engine like

FileNet, or information masking or archiving solution like Optim. The logs and results

of executing the record retention solutions or audit functions are presented in reports and

preserved as evidence. The IBM eDiscovery tools proactively search and analyze

information in response to audit, legal or regulatory inquiries.

Figure 20 depicts how different parts of the platform implement ZeroClick. IBM Content

Collector uses rules and policies to determine which information to collect, where to store

it and how to reference it. IBM Content Collector can access a wide range of information

sources, and can be congured to either move the information into an IBM ECM repository

or access it directly in its current location. IBM Advanced Classication moves through

the information, extracting critical metadata and identifying which documents are

critical. IBM Records Management automatically retains and categories information

according to retention policies.


30/40


Page 30


31/40


Page 31

All of this technology is supported by an active governance mechanism that automatically

implements security, control and access policies. All activity is monitored and audited and

can be evaluated while the information is being processed. In addition, the IBM ECM

platform is well integrated with other parts of the IBM portfolio to provide efcient storage

management, and the ability to do analytics on both the efciency and the business value

of the process. For organizations who wish to implement the entire end-to-end solution,

IBM offers the Compliance Warehouse which is an integrated, end to end solution which

includes software, server and storage hardware, and business and technical services tobuild the solution.

5.5 Integrated Risk Solutions

To improve risk decision making and support the new risk management approach and

culture, risk information needs to be shared where needed, securely and efciently

throughout the enterprise. Often referred to as risk intelligence, the information needs

to be tailored to the users needs and their risk knowledge. As a minimum it needs to

be timely, support repeatable analysis from one period to another, consistent between

groups, and of course accurate. Independent therefore of risk class, LOB, geography,

customer or customer segment, function (risk, nance, capital, LOB) etc, information

needs to be delivered in multiple forms of risk reports, risk dashboards, risk analysis, risk

event management, and risk scorecards (KRI frameworks). Supporting the Integrated

Risk Management approach IBM Cognos has developed the following key solutions:

FIRM(Finance&IntegratedRiskManagement) , built with a number of universal

banks the services led solution supports credit, market, operational risk classes for

retail, commercial and nancial markets business lines and includes risk dashboarding,

scorecarding, reporting, OLAP analysis, and event management, with extensions for

Ofce tools and mobile devices. FIRM has been implemented in many banks worldwide

and is a key component of IBMs vision for risk insight and control across the enterprise.

BankingRiskPerformance-CreditRiskis an analytic application using CognosAdaptive Analytic Framework designed for retail banking risk management, nance

and senior management. It offers a full suite of 70+ out of the box risk reports and

dashboards covering the six main risk areas: Basel II reporting, front end performance,

Back end performance, Financial Oversight and Originations Analysis. The application

is mapped to IBMs Banking Data Warehouse and offers accelerated time to value and

return on investment.


32/40


Page 32

RiskAnalyticsandScenarioModelling(tobelaunchedinQ12010) offers risk

analytics at the aggregate/portfolio level, leveraging the banks investment in multiple, highly

specialised and tailored risk applications. The solution offers risk quants, nance and

business analysts a risk sandbox in which they can answer the ad-hoc risk analysis ques-

tions with condence, re-use previous analysis and share the results throughout the bank.

RiskAdjustedProtability calculates RAROC daily by customer, delivers collaboration

and business planning to relationship management, lending, risk, capital and senior

management teams. It is a critical component to operationalise risk appetite and

performance management.

RelationshipBasedPricing creates the risk informed value of customer relationships

and incorporates account strategy/planning, offer pricing and business planning processes

throughout the enterprise. Loan book impact of aggregate and external macro events

inform the offers and loan book portfolio concentrations. It is a critical component to

operationalise risk appetite and performance management.

6. Key products

IBM offers Integrated Risk Management capability as part of its Banking Industry

Framework. The key information management and analytics products in the riskmanagement domain of the framework are:

Datamanagementproducts:

Banking industry data models for data (BDW) which have business glossaries, ER

diagrams and physical schemas dened for over 5000 entities for banks and nancial

institutions. A signicant set of those cover wide range of risk related denitions in

areas such as but not limited to: Market Risk, Liquidity Risk, Credit Risk, Operational

Risk, Capital at Risk (incl. risk aggregation), Positions Exposure Analysis, and

Counterparty Credit Risk. The models provide the foundation for interconnecting

other components involved in movement and transformation of risk data as discussed

next and illustrated in the gure 2.

InfoSphere Information Server for data movement and transformation. It comprises

of Metadata server/workbench to track information, Information Analyzer to explore

known information sources, Data Stage and Quality stage to move and cleanse the data

and FastTrack to automate the overall data movement process.

Exeros and Optim Data Relationship Analyzer to automatically discover information

in multiple independently managed information sources with different and often

undocumented information representations, and understand the business rules,

transformations and relationships that link them.


33/40


Page 33

InfoSphere Warehouse, a subject oriented warehouse for large volumes of long term

persisted data, SolidDB in memory database for moderate volume data to be accessed

at high bandwidths, and Cognos Now, also an in memory database, for information

used in multi-dimensional analysis.

InfoSphere Federation Server and Change Data Capture capabilities to provision

information outside the warehouse for risk analysis.

IBM Content Manager for managing unstructured data in support of risk analysis.

Analyticsproducts:

In addition to the aforementioned data management products, IBM offers the following

products to analyze the data:

InfoSphere Streams for real-time analytics, scalable to very high volumes of data that

need to be analyzed with very low latencies. Specially suited for analyzing streaming data

(data in ight) as it offers a high level programming language to manage streaming data

and to specify analytics on them.

WebSphere Business Events for complex event processing.

Data Mining, Cubing and text analytics services from the InfoSphere Information

Warehouse.

Specialized analytics like Identity Insight and Global Name Recognition for the ability

to reconcile multiple source system representations of a single individual into a unique

entity and then assess both suspicious associations as well as the nature of their

nancial activity via complex event processing.

IBM Content Analyzer to analyze the unstructured content to extract entities and the

relationships between them.

The what-if analysis and scenario modelling capability provided by IBM Cognos TM1

products. A sample output from TM1 is shown in gure 3 below.

Risk Analytics and Scenario Modelling (in development with customers) - provides

pre-built stress testing and scenario modelling for Counterparty Credit Risk and

Capital Requirements at an aggregate portfolio level.

Predictive modelling capabilities through SPSS platform and ILOG business rules

management system.


34/40


Page 34

BusinessIntelligenceproducts:

IBM Cognos8 provides risk solutions including Banking Risk Performance Credit Risk

and Finance & Integrated Risk Management (FIRM) that together include:

Risk dashboards that provide graphical user interface for senior management

Risk reporting for production, ad-hoc and user self service delivers internal and

external disclosure

Risk analysis across multiple dimensions for risk, nance, business analyst etc

Risk scorecards identify key risk indicators, leading and lagging indicators, targets and

tolerances, owners of specic risk metrics and mitigation actions

Risk event management delivers proactive alerting of risk events and break-out

conditions, both centrally and user dened alerts

Ofce integration tools extend risk information integrity into PowerPoint, Word, Excel

etc.

FinancialPerformanceManagementproducts:

Enterprise Planning and TM1 provide nancial planning, budgeting, business modelingand forecasting, in a range of applications that include:

o Risk Adjusted Protability calculates RAROC daily by customer, delivers

collaboration and business planning relationship management, lending, risk,

capital and senior management teams

o Relationship Based Priced creates the risk informed value of customer

relationships and incorporates account strategy/planning, offer pricing and

business planning processes throughout the enterprise. Loan book impact of

aggregate and external macro events inform the offers and loan book portfolio

concentrations.

7. Automating the risk management lifecycle

In the preceding section we discussed how the integrated approach to risk management

can result in cost savings by amortizing the cost of provisioning data and disseminating

the risk assessments over a portfolio of risk solutions. This also resulted in a better quality

of risk assessment because each supported risk application had access to a richer set

of data as we broke down the barriers to information exchange imposed by IT

compartmentalization. In this section we dwell upon automating the risk management

lifecycle of developing, deploying and operating individual risk solutions and improving

the quality of their results by:


35/40


Page 35

1. Automating the tasks performed by the data architects in dening the representation of

the data in the risk information warehouse during initial development and subsequent

evolution of the risk solution.

2. Automating the tasks performed by the database software developers for transforming

the data and populating the warehouse, moving the data from the warehouse to the

risk analysis functions, and from the risk analysis functions back to the warehouse and

reporting/dashboard capabilities.

The automation is achieved by enabling the risk analyst to perform the data provisioning

and data transformation tasks, previously delegated to data architects and database

software developers, directly through business level interfaces. This can be achieved by

implementing an analytics integration approach as shown in gure 21. It is currently

being prototyped in IBM as project Hamilton. The automation solution consists of a

workbench, server and risk information directories. The server provides the automation

by interpreting the scripts produced by the workbench.


36/40


Page 36

The Analytics Integration Workbench gives the risk analyst a business level view of the

information available to him for analysis and the data transformation and analytical tools/

algorithms available to him from internal sources as well as from the external sources. It

allows the analyst to specify end-to-end risk solutions by composing the data transformation

operations, analytics operations, and data movement at the business activity and business

information level. The interface for the risk analyst offered by the Analytics Integration

Workbench is shown in gure 22. On the left hand side of the gure are the separate

palettes for risk data sources and feeds, risk calculators, reports and other computationalcomponents available to the risk analyst, which are described in business terms. On the

right side is the canvas for the risk analyst to compose the risk solution by dragging and

dropping the business level computational components from the palette. The workbench

denes a computational environment expected by the risk analyst and to a large extent

supported by the IT infrastructure. Three sets of data sources illustrated in gure 22 are

1) Market data feeds such as currency rates, prices of liquid nancial instruments, and

economic indicators like interest rates, unemployment gures, measured and forecasted

growth rates for the economy, etc.; 2) news feeds such as K10 submissions and other

corporate activity reports; and 3) portfolios (or banking and trading books).


37/40


Page 37

The analytics integration workbench reduces the time and effort spent by the risk analyst

and data architects in locating the risk information in banking operations databases. The

information not available to risk analyst is obtained on an exception basis, as depicted by

steps E1-E3 in gure 23, but once obtained, it is accessible by him and other risk analysts in

future without repeated involvement of the risk warehouse data architect or the database

software developers. Similarly, integration of risk analysis or fraud detection applications

from ISVs into the overall risk/fraud solution also becomes substantially easier as the

application providers provisions data for their applications, as shown in gure 23 in step2, with the same ease as the risk analyst provisions information into the warehouse and

OLAP cubes, without signicant involvement of the data architect or ETL developers.

The risk information directories shown in gure 21 provide the linkages between the risk

information and computational components dened in business terms, the denitions used

by the risk analyst, and the descriptions used in the IT infrastructure in programming

terms. These linkages are established by populating the palette in the workbench from

the business glossary terms in the directory. In addition to the incremental approach of

populating the risk information directories one risk solution at a time, nancial institutions

can also take a systematic approach of inventorying all data pertinent to risk analysis

across the enterprise, and all the risk analysis applications, and populating the risk

information directories with the gathered information. The advantage of this systematic

approach is that information and application discovery tools like InfoSphere Information

Analyzer, Exeros, and Optim Data Relationship analyzer can be used to drive high

efciency in the discovery process.


38/40


Page 38

Financial fraud and risk solutions are composed of several IT components as illustrated

in gure 5. The data provisioning, analytics, dissemination of analysis results through

reporting tools, and integration of analytics in core business processes, and most importantly

the interaction among multiple concurrent processes that are part of the analytics solution

are managed more or less independently with no coordination or formal specication of

the orchestration required between these activities. Naturally, the communication process

lacks formal capture of design agreements, is error prone and the resulting unveriable

agreements are not amenable to reasoning for correctness at the overall solution level,even by humans. Hamilton script mitigates these issues by capturing the comprehensive

description of all activities of all components of the risk solution and the orchestration

required between these activities in one place.

As shown in gure 21, Hamilton script is the output of the Analytics Integration Workbench

In that sense Hamilton script offers a unied programming model for the analytics

solutions and creates an enterprise wide blueprint of the risk/fraud solution. The risk

analyst species the solution in business terms using the graphical interface as illustrated

in gure 22, and the analytics integration workbench translates it into the Hamilton

scripts. The script is executed by the analytics integration server and hence the script is

the architectural contract between the workbench and the server, or the business level

user (risk analyst) and the IT staff.

Expressing the risk and fraud solution as an interpretable script makes them exible.

Hamilton script also enables the nancial institutions to rapidly integrate several existing

fraud and risk solutions to create better quality solutions. For example, a solution can be

updated or enhanced easily to leverage new or additional analytics or new and additional

information sources by manipulating the script without necessarily requiring the intervention

of data architects or database software programmers. The IT implementations of data

and analytic services can be changed without impacting the risk solutions, the changes

being limited to the mapping tables contained in the risk information directories. As an

example of integrating several existing solutions, Hamilton script can enable several fraud

detection engines to exchange the results of their analysis and use an ensemble approach

to reduce false positives and false negatives in fraud alerts. Traditionally risk analyst would

invest signicant time to explain the changes, enhancements or integration requirements

to data architects and database software developers, and the latter two would spend

signicant time in making the required modications or integration. Hamilton script

simplies the task of expressing the change and integration requirements and enables

automation of most of it through the analytics integration server.


39/40


Page 39

8. Further information

In this whitepaper we briey discussed the need for better risk management techniques

for the smarter planet which is increasingly more instrumented and connected, becoming

increasingly riskier for nancial institutions to do business in, and hence presents an

imperative for nancial institutions to use better techniques for risk assessments and to

better leverage those assessments in their business operations. We discussed a roadmap

for maturity in risk management and the imperative for integrated risk management for

improved quality of risk management and lower costs.

Though bulk of the paper was devoted to the integrated risk management approach,

a signicant part of IBMs integrated banking framework, and an experimental project

on automating the risk management lifecycle (section 7), there is far more detail to risk

management than what we could cover in this paper. We encourage the reader to visit

ibm.com/software/industry/frameworks/banking/riskmanagement.html for further

information or to contact their IBM sales representative to learn more.
http://www.ibm.com/software/industry/frameworks/banking/riskmanagement.htmlhttp://www.ibm.com/software/industry/frameworks/banking/riskmanagement.html


40/40


Page 40

CopyrightIBMCorporation,2009

IBMCorporation

Route100

Somers,NY 10589 U.S.A.

PrintedintheUnitedStatesofAmerica

12-09

AllRightsReserved

IBMandtheIBMlogoaretrademarksorregistered

trademarksofInternationalBusinessMachines

CorporationintheUnitedStates,othercountries,

orboth.

Othercompany,productandservicenamesmay

betrademarksorservicemarksofothers

P23836

IBM Banking: Risk Management for Financial Institutions

Documents

Transcript of IBM Banking: Risk Management for Financial Institutions