The risk management agenda is becoming particularly important, whenever banks tend to suffer from some unfavorable factors, such as, primarily, higher regulatory and supervisory controls, loss of traditional income drivers, higher rates of fraud events, reputation risks.
RISK MANAGEMENT AS SUCCESS FACTOR
In 2014, retail banks focus on maintaining their profitability rates. To do that, banks have to toughen lending requirements and reduce a share of unsecured lending in their portfolio to the extent possible. This will have to be done in the environment, when there is virtually no potential to attract new borrowers: the National Bureau of Credit Histories points to the fact that it is only 20% of economically active population that have taken out no loans. This would mean a significant increase in competition in the banking sector in 2014.
Meanwhile, analysts with the National Bureau of Credit Histories warn that the retail lending sector faces a new threat – credit fraud. The experts estimate that as of January 1, 2014 lenders suffered losses from fraud of 153 billion rubles, while this amount equaled 67 billion rubles in the previous year.
These developments would naturally pose the following questions: what are the ways to prevent credit risks occurrence and what role does a task of developing an effective risk management strategy play in Russian banks?
"The Bank places a special emphasis on fraud-related risks: each stage of review of loan requests includes a verification of reliability of the data that a borrower provides. Looking at the risk management strategy, the bank has developed and rolled out a risk management strategy that seeks to ensure an optimal ratio between profitability rates and a level of assumed risks. The strategy accounts for the recommendations of the Bank of Russia and the Basel Committee on Banking Regulations and Supervisory Practices," has commented as Sergey Korolev, Risk Controls Department Director at Vozrozhdenie Bank.
The effective risk management strategy is one of the priority tasks of Bank ITB. "Mitigation of risks, associated with fraudulent activities, is among the components, driven by the risk management team at the bank. Rolling out innovative solutions, provided by major credit histories bureaus, that enable to prevent fraud and breaches in the individuals lending segment, the bank has successfully mitigated this risk," says Viktor Orlov, Deputy Director of Assets and Liabilities Department at BANK ITB.
The conservative policy and stringent risk management have become the major factors that enabled SB Bank to avoid financial losses both during the crisis and post-crisis period. "We developed the management system with a focus on an integrated protection against risks and maximum facilitation for the bank in delivering on its strategic and short-term objectives. At the current stage, upon implementation of the standards of Basel II and Basel III, seeking to ensure required risk management capabilities the bank has continuously verified and adjusted the management systems, developed earlier, improved the loan policy and liquidity management policy," says Alexander Duzhyi, Director of the Department of Operations, Legal and Reputation Risks at SB Bank.
According to Sergey Gamberg, Director of the Small and Medium Businesses Risk Management Department at The Ural Bank for Reconstruction and Development, the strategies rolled out at the bank, incorporate the measures to implement an effective and efficient fraud risk management system. "As a mandatory requirement, this system delivers capabilities of identification, registration and reaction to fraud events (external and internal) by all departments that are directly engaged in loan requests processing (risk management departments, security department, legal department, business departments). Based on the collected information on the fraud events, the bank has also developed the mechanisms to reduce the fraud risks by building up fraud scoring models. Work is being done to build up a perpetrator profile, monitor for major fraud level indicators, register standard schemes of organized fraud and develop countermeasures. In addition, the bank product line is analyzed and adjusted based on how attractive individual products might be for perpetrators," says Sergey Gamberg (UBRD).
LEARN FROM OTHERS EXPERIENCES
How do industry specialists define a consistent approach to establishing a risk management system?
"We believe that the risk management system needs to enable users to obtain risks-related data at all stages of management decision-making in order to ensure that the strategic objectives are being attained in an effective manner. In this case the costs of measures to mitigate risks should correlate with possible losses from risk events occurrence," comments Sergey Korolev (Vozrozhdenie Bank).
Viktor Orlov (BANK ITB) is convinced that a consistent approach to setting up a risk management system should mean abandoning expert or in-house-made evaluation and management methods in favor of up-to-date technologies: Big Data, Data Mining, statistics and computer-assisted instruction. "The key indicator is the quality that they system can deliver. We need to make sure that each step in risk management passes a test and each stage is evaluated for effectiveness," the expert believes.
Sergey Gamberg (UBRD) says that a set of individual measures is not an effective solution to set up a risk management system. "This can be delivered only by a roll-out of integrated risk management technology that covers all business lines that a bank has. The technology should be driven by the principle that every business solution needs to be backed up by a clear understanding on the risk degree," the specialist remarks.
Vadim Mamonov, Director of the Risk Technologies Department at DeltaCredit, says that identifying an optimal risk/profitability ratio is the most important and simultaneously complex objective". Another key component is automation of all processes and abandoning manuals operations.
The risk management system will deliver only subject to the issues being addressed in a proper manner: to account for business operations in front office systems, consolidate and deliver high quality of the data within the integrated information pool, bring forward high-quality risks evaluation, support business processes to manage limits and many others. All of this makes it possible to say that the risk management is a technology-driven activity.
"There is a vital need in obtaining information on the risks. Today, it requires expedient measures in data collection, storage and processing, as well as a roll-out of automated control procedures to prevent risk events. This requires advance technologies and presents high demands for the organization of processes," says Sergey Korolev (Vozrozhdenie Bank).
Vadim Mamonov (DeltaCredit Bank) says that the automation is highly important in risk management, however methods, based on professional expertise, are also paramount. "The clearly established business processes, including correctly placed control points, enable to mitigate a probability of risk occurrence," the expert says.
Viktor Orlov (BANK ITB) agrees with this position: "Today, it is primarily a technology-driven objective, as all business processes need to be standardized and automated. Of course, we should use the experts knowledge pool, but we moved away from the overall decision-making process being based on only them a long time ago. The risk management is just another business process, as many others, and it shall be driven as they are in order to attain the following objectives: qualitative evaluation, repeatability, results interpretation, etc."
Alexander Duzhey (SB Bank) says that any type of risk more or less requires a technology-driven approach and a detailed understanding of the ongoing processes: operations to identify, evaluate, monitor, control, mitigate a risk, capabilities to evaluate ongoing changes based on the set quality and quantity indicators. The expert says: "On the one hand, it is impossible to attain this objective without using business processes regulations, up-to-date IT solutions, software and special algorithms to process significant information volumes. Their application would enable the user to perform multiple calculations, perform online indicators control, immediately react to an emerging threat. On the other hand, we should understand that there are no across-the-board approaches. Not all qualitative changes can be described through algorithms without a significant loss in accuracy of a forecast evaluation."
IT'S ALL ABOUT PEOPLE
The expert believe business risk management is not feasible without utilizing IT solutions. However, measures to mitigate or, at least, stabilize a risk level require special knowledge, while IT specialists and IT manager often do not have those. What are the effective ways to organize the work of individual risk managers and banks overall in this environment?
"It is clear that it's not an easy task. A successful roll-out of measures to mitigate risks requires interactions of specialists that come from various departments of a bank. In order to attain objectives at the junction, we apply the project-based approach, identifying an individual objective relating to adjustments to business processes, as well as deadlines, budgets and specialists pool to be engaged. This enables to build up effective interactions and deliver desirable outcome," says Sergey Korolev (Vozrozhdenie Bank).
Viktor Orlov (BANK ITB) believes that the software used for analytics purposes should enable banks to mitigate a need in programming operations. The best scenario is when all work can be done with no encoding operations. The less intermediate stages between risk managers and the data being analyzed there are, the better. "The risk management requires engagement of specialists that have in-depth expertise at the junction of business, IT technologies and mathematics – risk analysts and data researchers. Today, such specialists are still hard to come by at the labor markets, and so it makes sense to train risk manages within a bank," the expert says.
Sergey Gamberg (UBRD) comments: It is quite often that IT specialists lack special economics training or, in any case, do not have sufficient experience in order for them to independently deliver on all demands that risk management departments have. "In practice, specialized process managers are engaged to arrange interactions between these structures, acting as a link within a properly set up process to identify objectives. A process manager interacts with risk management departments, analyzes details of each project and then interprets the obtained expertise and information in setting up objectives for IT Departments in such a manner, as to enable clear understanding of those," the specialist says.
Thus, it is evident that the risk management agenda for any bank is a truly complex objective that requires a sophisticated strategy and well-adjusted and clearly presented processes. It becomes as important to roll out advance IT solutions and improve professional qualifications of specialists as the market is being developed. In the event that, at least, any of these requirements is not fulfilled, a bank might face significant costs as a result of occurrence of particular risks.
Anton LAZEBNYY, Director of "Risk Management" Business Line of Neoflex Company
In the conditions of a deceleration of individual lending market growth rates, many lenders see a significant increase in overdue payments. In this context, the main objective for the Risk Management Departments with retail banks is an expedient adjustment of the strategy in such a way, as to stop an increase in overdue payments and prevent granting of unsecured loans to high-risk segments of borrowers. However, lenders never go to extremes: if the lending requirements are excessively stringent, there is a risk of the lending volumes decreasing to the minimum levels. Thus, the banking risk management faces the challenge on how to expediently react to the market changes and balance between the two opposite risk strategies.
It has always been important, but today it has become an especially complicated and hard task.
A system that includes a well-adjusted bank's risk strategy may become one of the factors that might help lenders to address this challenge. There is no doubt that it is a just a tool, but for a competent business user it may become especially valuable. Applying it, the user can perform a thorough evaluation of the decisions taken and forecast results. When we refer to these tools in general, we use the name ñ BRMS (Business Rules Management System).
Our company recommends to review one of the best BRMS ñ FICO Blaze Advisor ñ which enables to deliver on this and many other objectives. The strategies, developed by Neoflex Company, enable effective controls of lending portfolio quality, which is confirmed by long-term experience of the company in the field of risk management automation for lending companies. One of the recent cases of the system roll-out is a project at Eastern Express Bank, where the first stage of adjustments for FICO Blaze Advisor was completed. At this stage, it was possible to deliver on the objective to build up capabilities for regular revision of limits for credit cards. This system enables to immediately react to any changes in financial status of borrowers and manage expansion of the loan portfolio, maintaining the pre-set quality level.