Last week, we finished the article indicating how, in order to confirm that risk and compliance could be placed under its own perspective, the strategy defined under this perspective requires to be represented by quantitative indicators as a mandatory step
A great deal of information about quantifying risk and compliance is provided or mandated by regulation itself, which defines certain qualitative procedures and quantitative indicators that affect all aspects of the business, and would provide public companies with a common framework suitable to establish the degree of risk a public company has undergone in order to achieve its financial statement and strategic objectives, allowing to compare with other public companies. Some examples that can be used as examples are: RWA, EAD, PD LGD, RORAC, RAROC, VaR, Loan to Deposit ratio, regulatory capital, economic capital, solvency capital, current ratio, quick ratio, debt to equity ratio, liquidity coverage ratio, net stable funding ratio, net interest mapping, economic volume of capital, etc.
But compliance alone is not enough. Daily business procedures and processes would provide more information allowing, for example, for the estimation of the cost of compliance (the costs of all projects and procedures needed to comply with all legal requirements) and the cost of No Compliance (fines, economic compensations, loss of market share price due to reputational loss, …); or building operative procedures and processes aimed to reduce operational investment while maximizing value. This will allow for capital optimization due its mitigation of the associated operational risk, which favors a decrease in the economic capital provisions.
A small generic example can be proposed, with some of the strategic objectives which could be defined associated to risk and compliance*.
If an organization wants to achieve the following Strategic Objectives:
- Increase Transparency
- Improve market perception
- Minimize capital provisions
- Minimize fines
Might try to follow the following tasks according to a Risk and Compliance Perspective:
- Improve global risk exposition of the organization (Economic Capital, VaR, Stress Test, RORAC, …).
- Increase the degree of compliance in local and international markets.
- Comply with main risk regulations (Basil II & III, Solvency II, …)
- Comply with main financial markets regulation (MiFID, FATCA, MIFID II, …)
- Minimize exposure to credit risk, ALM risk, market risk, liquidity risk, operational risk, … (RWA, PD, EAD, LGD, Loan to Deposit, Current Ratio, Quick ratio, Net Stable Funding Ratio )
- Implement advanced models for risk management (Regulatory Capital for credit risk, operational risk, solvency capital, …).
This will directly quantify, affect and/or modify some of the usual indicators associated to the rest of perspectives:
1.- Financial Perspective
- Benefit margin.
- Share benefit
- Loss due defaults
2.- Internal Perspective
- Process optimization (number of system certifications)
- Number of processes automated
- Implementation of BI & analysis systems
- Centralized data
- Implement a data quality program
- Key areas with access risk information to like Treasury, Board of Directors, …
- International accounting standards (NIC, NIIF) implemented.
- Develop Internal models for risk management
- Number of incidences
- Overall cost of incidence management
- Cost of operational risk
3.- Customer perspective
- Information through commercial channels
- Customer Due Diligence
- New customers per Channel.
- Number of claims.
- Volume of exposure
- Number of products acquired
- Defaults per customer
- Number of contracts
- Market share
4.- The innovation and learning perspective
- Implementation of change management techniques.
- Cost of Internal training.
- Better tools for internal users business managing, control and parameterization.
- Number of Incidences due to employees
- Cost of incidences due to employees
- Fines due to employees
(*)Note: This is only an example and intended for illustrative purposes only. A real exercise might differ from this view in a great % due to the strategic objectives and the nature of the organization.
Because of all of the previous reasoning, the traditional Balance Scorecard model seems already obsolete and not suitable for present and future needs. To properly address the challenges associated with risk and compliance, a Balance Scorecard model needs to incorporate them in a separate perspective in order to facilitate public companies and organizations to meet the growing expectations of shareholders, regulators, market and customers.
Implementing a risk driven organization is a great challenge, as financial institutions struggling to do so can tell; but the advantages are of great potential since those organizations that have implemented advanced models for risk management as stated by Basel II can be considered winners in the present moment of crisis.
Depending on the present state of the art technology, a well defined balanced Scorecard would allow organizations to:
- Provide business information to the Board of Directors and Senior Management useful to drive organization according to the desired risk and compliance strategy and appetite.
- Build a business management control system capable to compare projected results and scenarios with real time data, so that senior managers might take action at the first sign of stress (as it happens).
- Distribute the information anytime anywhere.
All of it will imply the necessity to establish a well defined technical platform mature enough to manage data with sufficient quality for business management and analysis, but this is part of another discussion.