Spurred by industry scandals and new regulations, financial-asset-management firms are quickly establishing enterprise-level operational risk-management systems, according to a survey released Monday by Ernst & Young LLP.
Asset-management firms include banks, insurance companies, mutual funds, hedge funds, and other companies that manage large investment portfolios such as pension funds. Operational risk is the likelihood that a firm will incur losses due to fraud, computer glitches, natural disasters, and other unforeseen events.
In the survey, conducted earlier this year of 51 asset-management firms, 74% of respondents reported that they either have or are putting in place an enterprise operational risk-management framework. New regulations were cited by 75% of respondents as the primary catalyst: These regulations include Basel II, which requires financial institutions to measure operational risk, and the Securities and Exchange Commission's "compliance rule," which requires mutual-fund companies to appoint a chief compliance officer and have written policies to prevent abuses of market timing and late trades. The Sarbanes-Oxley Act also requires firms to measure the effectiveness of internal controls.
Asset-management companies outside of the United States are further along than U.S. firms in creating operational risk-management systems: Sixty percent of non-U.S. respondents in the Ernst & Young survey said they've invested in new systems and software, versus 40% of U.S. respondents. The disparity can largely be attributed to the fact that Basel II applies to most banks in Europe versus only a handful in the United States.
The creation of an operational risk system presents enormous IT challenges. Information needs to be pulled together from systems spanning a firm's business units and compliance and risk-management divisions. "Asset-management firms are having to do a better job of integrating data for operational risk," says Marc Rosenblum, senior manager at Ernst & Young. "It's an exercise they haven't undertaken previously."
Among the risk-management software products being peddled to banks are IBM's Risk and Compliance-Basel II Information Management Offering, which combines its DB2 data-warehouse software with Fair Isaac Corp.'s Triad credit-risk scoring system. SAP has rolled out software to help banks comply with the International Financial Reporting Standards. The software centralizes financial data in a common database, eliminating the need for manually compiled spreadsheets.