You are on page 1of 40

December 2009

Integrated Risk Management


for Financial Institutions
Integrated Risk Management for Financial Institutions
Page 2

Executive summary
Contents
There is a logical roadmap for implementing state of the art risk management, the steps
2 Executive summary being: 1) co-locating information pertinent to risk from diverse internal & external, real-time
3 Different kinds of risks and non real-time, and structured and unstructured information sources for risk analysis;
5 Stages of maturity in risk 2) linking the information from these diverse sources for better risk insight and presenting
management this insight to the stakeholders in risk information; 3)leveraging the risk insights in
7 Integrated risk management optimization of business objectives; 4) developing robust models for risk that continuously
14 Implementing an integrated risk adapt to the changing nature of risk; and 5) ability to analyze risk information and respond
management solution to risk events in real time.
19 Specific risk solutions
32 Key products Most financial organizations have a highly fragmented approach to risk management
34 Automating the risk management where different business functions such as finance, operations and risk management have
lifecycle their independent efforts to manage risk, the different lines of businesses like consumer/
39 Further information commercial lending, credit cards, deposits (savings, current, etc.) have their own independent
efforts to mange risk, and each type of risk such as insider fraud, credit risk or market risk is
handled independently in isolation. This fragmented and duplicative effort results in higher
cost and poorer quality of risk analysis.

The integrated risk management approach presented in this paper addresses the disadvantages
of fragmented implementation by creating a common platform based on proven IBM
hardware and software offerings. This common platform is capable of provisioning data
pertinent to risk analysis, integrating risk assessments in business processes to create the
intended business advantage, and disseminating risk assessments to the various stakeholders
in the organization. It creates common investments in technologies for real-time risk
management, high speed event analytics and advanced text analytics to gather risk informa-
tion from unstructured information sources. The industry data models for banking provide
a common business vocabulary to facilitate the integration of various middleware and
application components.

In this paper we first describe a common framework for supporting the various types of
credit, market and operational risks. Then we go into details of asset-liability management,
regulatory (compliance) risk, operational risks stemming from identity management and
access control. We also cover the technologies needed to support real-time risk detection
and mitigation.

Significant additional cost savings can be achieved by automating the risk management
lifecycle of developing, deploying and operating individual risk solutions. The quality of the
results produced by these risk solutions improves through automation of the tasks traditionally
Integrated Risk Management for Financial Institutions
Page 3

performed by the data architects and database software developers to provision the data for
the risk solutions, and automation and simplification of the coordination/orchestration of
the several concurrent data movement and risk calculation processes in a risk solution.

1. Different kinds of risks


As recent events have demonstrated, a financial organization’s competitive advantage
depends heavily on its ability to handle various types of risks, especially in turbulent
economic times. Risks faced by an organization are of many different kinds. Some of
the key types of risk of concern to financial institutions are shown below in figure 1. At
a high level, the risks divide broadly into two categories, financial and non-financial.
Financial risk, as the name suggests, impacts the organizations ability to meet its financial
performance indicators such as capital reserve requirements, revenue streams from its
assets (loan instruments) and expenses from its liabilities (deposits). Credit risk in simple
terms arises from the defaults in payments by the banks debtors while market risk arises
from the fluctuations in revenue and expense streams because of changes in interest rates
‘It’s not the biggest, the brightest, or
the best that will survive, but those
associated with the income/expense streams, or fluctuations in the value of the financial
who adapt the quickest’ instruments on its books such as stocks, bonds, options and swaps.
Charles Darwin. Financial risks are not unique to banks or financial institutions. Non financial institutions
invariably extend credit on large machinery, or accept payment in terms of future income
stream from large projects. Hence they are subject to credit risk arising from the defaults in
payments. Business risks are not very well defined; however, two important and somewhat
interrelated categories are counterparty risk and systemic risk. Counterparty risk arises
primarily from the inability of market makers who create complex financial products
like derivatives and swaps, to cover their obligations during adverse market conditions.
Systemic risk deals with the instability in the over all financial system, as opposed to
defaults of individual actors. Two threads of systemic risk are widespread liquidity crisis,
when the market is unable to absorb assets priced at fair value due to adverse market
conditions, and widespread solvency crisis posed by deteriorating demand for financial
products (run on the bank, or all mortgages being prepaid).
Integrated Risk Management for Financial Institutions
Page 4

Non-financial risk is broadly everything except financial risk, but we focus on two
categories, operational risk and regulatory risk. While in this paper we do not dwell on the
risks posed by conditions outside the control of individual business such as political
upheavals like revolutions and wars, extreme weather like massive floods and draughts,
pandemics, etc., prudent enterprises will be able to model and better forecast the
probabilities of these risks, and be better prepared to react to them.

Operational risk is defined in Basel II as risk of loss resulting from inadequate or failed
internal processes, people and systems or from external events. (External events are
political, weather, or pandemic etc.). This definition includes legal risk, but excludes
strategic and reputation risk. Our primary focus here would be addressing the gaps in
IT systems and applications that are exploited by customers and adversaries external to
the organization, as well as rogue employees to perpetuate fraud. We also cover the legal
and reputational risks arising from data theft or loss, or breach in information privacy.
Regulatory risk arises from non-compliance with internal governance and government
regulations, i.e., from failure to audit the actions to comply with the regulations, report
the results, and remediate gaps in compliance. Regulatory risk covers both financial and
operational risk and hence we deal with it separately.
Integrated Risk Management for Financial Institutions
Page 5

2. Stages of maturity in risk management

Not all financial institutions are equally deft at managing risk. Their ability to manage
risk varies by their size, geography, sophistication in leveraging IT, and business strategy.
However, the following is a logical progression for most organizations for implementing
risk solutions.

• E
 asy access to information pertinent to risk assessment: The information pertinent
to risk exposure is often distributed across organizational boundaries, locked into
application specific formats and database schemas (physical schema designs) opaque
to a risk analyst. The first step most organizations take in implementing effective risk
management solutions is to create a centrally managed repository of trusted information
accessible to risk analysts. This includes correlation of information gathered from the
multiple internal and external sources to generate actionable insights. In this process
enterprise models for risk data at business, logical, and physical levels are defined to
simplify access to risk information and its analysis.

• E
 nterprise wide view of risk – Risk insight: The trusted risk information above
becomes the foundation for developing an integrated enterprise wide view of risk
focused on the presentation layer to generate the relevant reports and dashboards for
the risk and finance executives and more granular reports for business analysts who
use the risk information for transactional decisions and portfolio management. This
further involves:

a. Definition of the relevant KPIs/KRIs for risks, particularly for the non-
traditional risks, for capital and finance groups such as relationship managers,
line of business executives, system owners, operation heads etc.

b. Simple ‘consolidation’ models for generating the above KPI/KRIs by aggregating


the trusted risk information. Rules of aggregation are often very complex.

c. Capturing risk information from internal sources in real time for intra-day
assessment of risk postures.
Integrated Risk Management for Financial Institutions
Page 6

• R
 isk optimization and control: Risk optimization and control refers to the enterprise’s
ability to exploit its understanding of its risk posture to maximize revenue and profit.
For this, analytics has to be integrated in strategic decisions in finance, business
modelling and planning, and strategy- execution alignment. Analytics also has
to be integrated into operational processes such as capital allocation for minimum
capital requirements. Analytics at the granular level is integrated with decisions at the
transactional level such as loan or credit approval, increasing credit limits, stopping or
flagging fraudulent financial transactions on credit cards, or money laundering efforts.

• R
 isk modeling and scenario analysis: In risk insight, the collection of the right
subset of data from a diversity of sources, establishment of linkages across it, and ‘some
analysis’ performed on the aggregated data generates the risk information needed at the
decision points in risk control processes. In risk modeling, predictive and descriptive
analytics, that is regression approaches and data mining, are deployed to develop:

a. The analyses performed in the risk insight step to assess financial risk (credit,
market, counterparty, liquidity, and/or interest rate risk) and operational risk.

b. Models that predict outcome of various risk mitigation actions on the risk
posture of the enterprise thereby enabling the selection of optimal action.

c. Additional models or extensions to existing models to understand the


consequences of improbable events (stress tests required by regulatory
authorities). Computational environments separate from those used for
regular business are provisioned to execute the improbable scenarios.

d. Validation of the models with bank’s test data to address unique aspects of the
customer set or portfolio, and to continuously/periodically assess the adequacy
of the model.

The rationale for assigning higher maturity level to risk modeling is that these models
need not be developed in-house. They can be obtained from ISVs, particularly in case
of small and medium financial institutions.
Integrated Risk Management for Financial Institutions
Page 7

• R
 eal-time risk insight and control: There are many areas of opportunity in real-time
risk controls. Blocking fraudulent monetary transactions such as credit card payments
and responding to movements in capital markets at sub millisecond latencies are
quoted often. However the most promising opportunities come from the ability to
analyze unstructured information being received from news wire and other sources and
factoring it in the decision processes. In addition to performing risk calculations and
acting on the results in real time, the models used for these risk calculations can be
tuned in real time using improved estimates of the macroeconomic indicators that are
typically the key parameters of the risk models.

3. Integrated risk management

IBM’s Integrated Risk Management approach offers four key capabilities shown in figure
2 below which support the first four stages of maturity discussed above. Real-time risk
insight and control, real-time analytics, is discussed separately in section 5.2.

• A
 ggregation of data from diverse sources to address the first stage of maturity.
Most of the sources will be the various database systems used in daily operations.
However, data is also sourced from external sources such as watch list publishers or
rating agencies. It could be in unstructured format, examples being financial reports or
regulatory filings, and some data like market feeds may require real-time processing.
Results of risk analyses are only as good as the completeness & accuracy of data they
are based on. Hence, discovery, aggregation, and enrichment of this data by linking
data across various sources is an important capability of the risk management approach.
Integrated Risk Management for Financial Institutions
Page 8

• R
 esults of analysis are valuable only to the extent they can be leveraged to
further business objectives. Typically the analysis results are used in the following
three ways:

a. By decision makers for planning and governance. To support the second stage
of maturity, BI tools like Cognos facilitate the consumption of analysis results
through easily configurable dashboards, scorecards and reports. Cognos has a
wide range of industry specific blue prints to accelerate the deployment of the
planning/governance capabilities.

b. By knowledge workers in workflow mediated processes such as remediation of


risk exposure through appropriate portfolio adjustments. This and 2c below
address the third stage of maturity.

c. Through direct use in automated business processes, for example authorization


of credit or approval of a loan based on credit rating.

• Financial risk and analytics is highly diverse. There is a wide variety of financial
instruments and a variety of risks associated with each. Deep specialized domain
knowledge is required to manage each type of risk for each of these financial instruments.
Aggregation of the risks across instruments and risk types based on the correlations in
risk across them is also a sophisticated analysis. To address the fourth stage of maturity,
which in turn supports the second stage, IBM’s approach is to enable a wide variety of
risk calculators and a whole variety of applications for pricing of financial instruments
to operate cohesively in a single solution environment as shown in figure 3. The
solution environment also provides feedback loop to monitor the validity of the risk
models as the economic/business environment changes.

• Current implementations of risk solutions involve integration of all of the above


capabilities individually for each customer in a traditional manner involving significant
programming to provision the right data and integrate the results of the analytics back
into business. IBM Research & Development Labs are working on advanced solutions to
automate much of this traditional upfront work in deploying the financial risk solutions.
Integrated Risk Management for Financial Institutions
Page 9

In most financial institutions, risk is managed across following three dimensions. The
first dimension is the business function. The three key business functions are Financial
Optimization, Business Assurance and Exposure Control, managed by the CFO, COO
and CRO respectively. Broadly, while the CRO is interested in quantifying risk per say,
COO is concerned about its consequences on business operations, and CFO about the
consequences of risk on financial operations. The second dimension is the risk type,
i.e., financial risk, operational risk and regulatory compliance, which are managed by
different set of experts in respective risk types. Finally, the third dimension for segmenting
risk solutions is lines of business (LOBs) for financial risk. The above landscape for risk
management has led to a proliferation of risk solutions in financial institutions. The LOBs
or business functions have often implemented different solutions for the same type of
risk, either because of independent choices made at different point in time, or because
these solutions are specialized for a particular aspect of risk within the risk types listed
earlier. The plurality of risk solutions for each risk type causes unjustifiable expense,
and has not been effectively leveraged to improve the quality of risk assessments.

Consolidation of information provisioning for risk management


As the right side of figure 3 suggests, significant amount of the duplicated effort can be
eliminated if we break up each risk solution into its data provisioning, risk analysis, and
report dissemination parts, and re-aggregate all the data provisioning pieces and report
creation and dissemination pieces separately into a single data provisioning and report
Integrated Risk Management for Financial Institutions
Page 10

generation framework. All data feeds get aggregated into the risk information warehouse
using the IBM banking industry data models and information integration middleware.
From the warehouse information can be easily provisioned for the ISVs, or the in-house
risk solutions, and to the aggregation functions for reports and dashboards. This approach
has been successfully implemented by IBM in several customer environments. As the
right side of figure 3 suggests, in an integrated risk implementation additional savings
are accrued by eliminating the risk solutions that are truly duplicative and retaining the
ones that work well on particular metrics or a particular scenario, even if it is duplicative
within a risk type.

In the independent risk solution approach on the left hand side of figure 3, quality of risk
assessment suffers because each business function or LOB is using its own risk analysis
in isolation and not leveraging the risk analysis solutions available in other LOBs or
business functions, which may work better for some risk metrics or in some scenarios.
The integrated risk management approach shown on the right hand side of figure 3
provides an effective way to apply multiple risk assessment algorithms and aggregate
their results. If the financial institution is using in-house risk models, they can benefit by
leveraging data in the risk information warehouse which has been provisioned for other
risk solutions.
Integrated Risk Management for Financial Institutions
Page 11

The integrated risk solution outlined in figure 3 also makes it easier to get the information
pertinent to an enterprise wide view of risk as data from all LOBs is consolidated in the
risk information warehouse and aggregated in route to reports and dashboards. The
aggregation is far more complex than simple sums, as it could involve complex regulatory
rules like applying haircuts to income streams, or require factoring in correlations,
parameterized by business and economic outlook, that offset or exacerbate risks.
Extensions needed to handle risk optimization and real-time assessment of risk are also
shown in Figure 4 but discussed in more detail in section 5.2.

Consolidation of risk analysis


Risk analysis happens at four different places in the solution architecture shown in figure 4,
complex high-speed event processing, analytic models, text analytics, and reporting and
KRI dashboards. Potential interactions between these four components are illustrated
in figure 5. Analysis happens at these different places because of the different kinds of
data analyzed (structured, unstructured, real-time, etc.), different nature of the analysis,
different programming model deployed in the analysis, and the different performance and
response time requirements for the analysis. .

Predictive/descriptive Analytics: As shown in figure 5, the ‘Predictive/Descriptive


Analytics’ subsystem has the high complexity analytics. It has a base layer of industry
neutral and domain neutral analytic capabilities such as ILOG business rules engine,
Identity Insight entity analytics, statistical packages like SPSS, and core data mining
algorithms for classification, clustering, and predictive analytics and regression etc. The
base layer is used by analytics modelers to build risk, fraud or other analytic models,
validate the models on an ongoing basis or tune their parameters. Some of these models
use patterns or features detected in real time streaming data. The definitions of those
patterns or features are deployed in complex real-time analytics subsystem.

The fraud detection engines and risk calculators may be provided by IBM or an ISV or
be developed in-house by the bank using the base layer. While the analytics subsystem
can be made extremely scalable for both the data persisted in the warehouse and in
terms of the computations involved in sophisticated risk models, the event processing
approach shown in figure 6 is more appropriate for the most extreme data rates (as in
real time market feeds for all financial instruments) and sub-millisecond response times.
IBM Smart Analytics System, described in the next section is a scalable platform for high
complexity analytics. A good example of complex analytics performed in the analytics
subsystem would be projecting losses due to fraud at enterprise level, or losses due to
credit risk exposure at an enterprise level.
Integrated Risk Management for Financial Institutions
Page 12

Real-time Analytics: The “Real-time Analytics” subsystem has the complex and high
speed event processing to deal with real time data, often time series data like market
feeds or sequences of transactions on an account. Analysis can be done on an instance
of that data, or a collection of instances recorded over a finite time window, with some
context information from additional data sources (reference data). Analysis typically
involves detecting a pattern or features in the events received from many sources over
a time window . The pattern or feature being sought is defined or developed in the
‘Predictive/Descriptive Models’ box in Figure 5 by the analytics modeler using traditional
data mining techniques. Because of performance and response time constraints arising
from the volume of data involved, the patterns or features to be detected are embedded
in a procedural programming language like C or Java, and hence the development of high
speed event processing capability typically requires the involvement of the IT shop and
the standard software development practices.

For extremely high performance requirements like high speed trading or insider fraud
detection, InfoSphere Streams, IBM’s stream processing platform shown in figure 6,
enables detection of complex patterns occurring in information being received from di-
verse sources at speeds that are orders of magnitude greater than that of existing systems.
In addition to the highly scalable, high performance execution environment, InfoSphere
Streams also provides a highly usable programming environment to access and manipulate
streaming information such as events from IT infrastructure or application logs, or trad-
Integrated Risk Management for Financial Institutions
Page 13

ing activities. Streams programs can analyze the market data in real-time, and apply
analytics to identify market risk. Pre-trade compliance is one area where analytics running
on InfoSphere Streams can provide proactive indications of market risk and mitigate
undesirable trading. Another capability of InfoSphere Streams is the ability to analyze
structured and unstructured content. Sentiment analysis can be applied to real-time feeds
of news data to provide additional insight into current market conditions.

Reporting & KRI dashboards: The third location of analytics is a BI system like
Cognos. The distinguishing characteristics of these systems is their ability to take large
volumes of operational data, either from the diverse sources of data from banking
operations from different LOBs and business functions, or outputs of the models in the
analytics subsystem, for aggregation and analysis. Typically the BI systems have dashboards
for the executives of the business functions (CFO, CRO, COO) and LOBs, and reports to
disseminate the results to the larger set of knowledge workers in the organization. Rules
engines like ILOG play an important role in aggregation and disaggregation of information.
For example, aggregation of risk or disaggregations of income stream into individual
tranches of an SDO have complex rule sets. Statistical packages like SPSS also play a
key role in predicting the KRIs (Key Risk Indicators) based on past observations. XML
technologies and accompanying XBRL standards are critical for filing reports to regulatory
Integrated Risk Management for Financial Institutions
Page 14

agencies to comply with various regulations. Entity Analytic solutions like Identity
Insight provide the ability to reconcile multiple source system representations of a single
individual into a unique entity and then assess both suspicious associations as well as the
nature of their financial activity via complex event processing.

Text Analytics: Text analytics, the fourth location of analytics, deals with extraction of
information from documents filed as unstructured text, and the fusion of this information
with rest of the structured information. Typical steps preceding the fusion step are
discovering the entities in each document preceding the fusion step and establishing the
relationship between these entities. Entities can be people, roles and responsibilities,
corporate actions, places of work. Relationships could require composition of relationships
from different documents. Finally, relationships discovered in unstructured information
should be fused with information in structured sources to get a more complete view.

4. Implementing an integrated risk management solution


In the past, IBM’s customers invested in information technology with the goal of automating
business processes. Such automation provided savings in operational costs, better response
times and often enabled more customized or more flexible processes. Information
management products and solutions, data bases, data integration products, content
management technologies, and other software products, were designed to address the
needs of business automation. While automation focuses on executing individual business
transactions (internal or external), analytics and optimization look across all transactions,
often across different business units, to derive business insights and make optimal business
decisions. Analytics and optimization is inherently harder than automation because of
expanded magnitude of data involved, the diversity of the sources of data, existence of
data in multiple modalities (structured, unstructured, the latter being text, voice, or even
images), and greater complexity of computations performed on this data.

Optimization solutions require even a greater array of products and capabilities than
automation as highlighted in figure 7. Figure 7 is an extension of figure 3 with three new
components, text analytics, front-office enablement, and the storage/server and system
management component. Customers are finding it quite challenging to buy the above
products separately and integrate them into an analytics solution in-house, and to
integrate the analytics solution back into their existing IT environment. IBM has
responded to this requirement by developing the IBM Smart Analytics System (ISAS)
which packages the following functionality:
Integrated Risk Management for Financial Institutions
Page 15

• Analytics Software Options


o Cognos 8 Business Intelligence suite to deliver a complete range of business
intelligence capabilities with reporting analysis, dash-boarding and scorecards
with a single, service-oriented architecture

o Robust and scalable multidimensional analytics with InfoSphere Warehouse


Cubing Services

o InfoSphere Warehouse Text Analytics & Data Mining to unlock the value of the
text content with unstructured analytics and for data discovery, detection and
prediction on structured data

• D
 ata Warehouse Software: InfoSphere Warehouse, InfoSphere Warehouse Advanced
Workload Management, and Tivoli System Automation

• Hardware/OS: IBM Power 550, IBM System Storage DS5300, AIX 6.1

The key attributes of ISAS are that it is pre-integrated with a single point of support and
it is factory tuned for analytics workloads. The hardware, system management, middleware
and analytics components integrated in ISAS are highlighted in yellow in figure 7. The
products underlying the highlighted components are listed in green lettering. Customers
and ISVs will find significant time savings in avoiding the task of integrating the
constituent pieces of ISAS in-house and configuring/tuning these pieces. Furthermore,
ISAS is scalable in terms of both capacity and function. As additional warehouse capacity is
needed for the risk analysis activity, the warehouse and underlying storage can be scaled.
As new analytic functions are needed, be it mining or predictive analytics or text analytics,
they can be added as need arises. With new regulatory requirements for financial risk
management appearing at a good sustained pace, and the unknown nature of the analytics
capability and capacity needed to comply with them, customers and ISVs will find it
convenient to start with a small but adequate ISAS footprint with easy growth at
predictable cost as need arises.
Integrated Risk Management for Financial Institutions
Page 16

Figure 8 illustrates the additional details behind these components shown in figure 7
and figure 9 overlays the key IBM software products relevant to the risk management
framework on figure 8. An instantiation of the framework may not use all the products
illustrated in figure 9, however, the figure illustrates the breadth of the framework
capabilities. Added capabilities can be introduced in provisioning trusted information for
analysis depending on the latency, performance and other non-functional requirements.
The key ones are:

1. In memory relational database or in memory cache for risk data in relational format
that is not large but needs to be accessed at a high bandwidth

2. In memory fact and dimension tables for supporting high volumes of real-time OLAP
activity

3. Change data capture technology to keep the trusted risk information warehouse in
synch with operational data for real time applications like detection of payment frauds
where one typically wants to block the transaction in real time

4. Lineage and provenance information stored as part of operational metadata to establish


veracity of the information
Integrated Risk Management for Financial Institutions
Page 17

The industry data models shown in figure 10 provide the data models needed to create
the trusted information for risk in the data warehouse or relational/multi-dimensional
OLAP repositories or reference data for risk management. The reference data typically
is customers and business entities, accounts, financial products and securities (traded
financial instruments). Significant details of this data are obtained from external sources
and refreshed continuously. The requirements models of business solution templates
(BSTs) provide the physical and logical schemas for multi-dimensional or relation OLAP
repositories. Physical models can be used if these repositories are being created from
scratch. Similarly, application solution templates or ASTs provide the logical and physical
schemas needed for the datamarts used by various data mining applications and the data
warehouse design models provide the same for the main data warehouse.
Integrated Risk Management for Financial Institutions
Page 18

The industry data models also provide the glossary models that are the business level
terminology for the data described by the logical and physical models. The glossary
models help establish consistency in information across all of the risk solution components.
As shown in figure 10, in addition to helping deploy the initial instance of the risk
information repositories, the industry data models are also leveraged by data movement and
transformation tools such as IBM’s InfoSphere DataStage tools to facilitate the creation
of the ETL scripts needed to populate these risk repositories.
Integrated Risk Management for Financial Institutions
Page 19

5. Specific risk solutions


The integrated risk management (IRM) solution approach outlined in section 4 will
enable the wide range of risk solutions identified in figures 1 and 2, as well as most of
risk categories not listed in those figure 2. In this section we select asset liability manage-
ment (ALM) as an example of financial risk, identity management and access control as
an important component of operational risk and financial fraud, and GRC (Governance,
Risk and Compliance) reporting solutions and discuss how they are enabled by the IRM
solution approach. We also discuss the capabilities for real-time data/event management
and real-time analytics that are critical for real-time risk management solutions, typically
needed in payment fraud control and risk management in capital markets.

5.1 Asset Liability Management (ALM)


For retail banks, ALM has been for long at the heart of risk management. For them
financial risk is indeed a complex mix of business, liquidity, credit and market risks
that only simulation can help apprehend. Initially designed to calculate the long-term
effect on profitability and liquidity of short-term decisions, ALM solutions have evolved
significantly to become a universal decision-support tool for directors, treasurers, and
business line managers alike. Recently, the financial crisis has created a case for developing
ALM even further, making it more encompassing, more precise, and more granular.
A consequence is that ALM systems are likely to increasingly overlap with other risk
management systems, in particular:

• Funding liquidity management systems

• Treasury management systems

• Fund transfer pricing systems

• Systems for managing the interest rate and currency risks in the banking book

• Performance and Capital management systems.

It therefore highly likely that banks will revisit their ALM requirements and reconsider
the architecture to best support them. Any good ALM system comprises at least the
following functions:

• Aggregation of transactions and positions on a wide range of products, generating


risk equivalents when necessary (non-maturing products, undetermined cash-flow,
etc.);

• Projection of current positions and exposures under specific assumptions


(economic conditions, default probabilities, customer behavior, business
performance, rollover scenarios…)
Integrated Risk Management for Financial Institutions
Page 20

• Generation of market-coherent sets of scenarios (risk-neutral valuation constraints, etc.)

• Generation of multiple projections reflecting a vector of possible scenarios


(stress testing);

• Simulation of future cash-flows and asset values for a given projection;

• For a given projection and a selection of asset-liabilities items, analysis of various


matching rules (maturity, duration, hedging ratio, etc.) and reporting of resulting
gaps;

• Generation of related accounting entries, simulation of P&L and book values,


estimation of related statistical indicators such as Earning at Risk and Economic
Value, and production of prospective financial reports.

In order to address the above requirements, the ALM solutions need mechanisms to
calculate various types of risks associated with the assets and liabilities in financial
institution’s portfolios. As illustrated in figure 11, these various types of risks have to
be netted under consistent set of assumptions/scenarios. In addition ALM systems are
expected to have some capabilities to manage investment portfolios (Held to Maturity and
Available For Sale in particular), which may involve Credit Portfolio management features.
For an investment bank, or any financial institution active in derivatives or securities
financing, the ALM system should in addition be able to incorporate some elements of
Counterparty Credit Risk.
Integrated Risk Management for Financial Institutions
Page 21

When all the above is taken in consideration, one can imagine that an ALM system can
be as complex as one wants it to be! In order to balance usefulness, performance and
practicality, subtle trade-offs have therefore to be made. In particular, the flexibility of the
simulation engines, the granularity and comprehensiveness of the data, the sophistication
of the pricing analytics, the details in the MIS reports and the post-processing on risk
analytics shown in upper half of figure 12, have to be limited to realistic levels. Whatever the
choices made by a particular institution, it is likely that the requirements will continually
increase over time. It is therefore essential that the ALM system is built on foundations
that support future extensions, higher volumes, as well as faster and more complex
calculations. The risk management solution approach outlined in section 4 is ideal for
ALM solutions because, as illustrated in the lower half of figure 11, it allows the all
components of the ALM calculations, the different types of risks to the cash flows that
have to be netted, to be computed in one place. Furthermore, it allows the financial
institutions to define their own roadmap for implementing and evolving their ALM
solutions, incorporating the various types of risks calculations pertinent to ALM, as they
are needed, on a common investment of data foundation and reporting tools.
Integrated Risk Management for Financial Institutions
Page 22

5.2 Real-time risk analysis


Real-time risk analysis has two components. First is the capability to analyze large
amounts of data in motion and present the information in real time or set up the
necessary alerts. The second component of real-time analysis is the ability to conduct
large number of concurrent complex queries, including ‘what if’ analysis, in real-time.

Analyzing data in motion: This requires the data to be received, normalized, distributed
and analyzed using very high speed technology measured in micro seconds. The goal is
to be able to react to the data in real time, identifying and preventing fraudulent transactions
before they occur rather than reacting to them after the fact. The bottom half of figure 4
illustrates the components involved in analyzing information in motion. At the core of
this is Event Analytics, but there are a number of supporting systems and technologies
that contribute to the effectiveness of the analytics. These technologies are presented in
Figure 13 and are described below (Figure 13 depicts an algorithmic trading scenario).

To meet customer demand for real-time assessment of enterprise risk posture, financial
firms need connections to more venues and exchanges than ever before WebSphere
Front Office provides out-of-the-box access to dozens of direct exchanges, order books
and consolidated feed handlers and support for over 80 data feeds worldwide. Through
integration with IBM WebSphere MQ Low Latency Messaging, WebSphere Front Office
provides financial firms the ability to manage large volumes of market data while enabling
high-speed, reliable connectivity to real-time algorithmic and electronic trading platforms
at high throughput levels. The speed and throughput capabilities of Low Latency Messaging
enable the real-time detection (and reaction to) market and credit risks. Through its
features for latency monitoring, WebSphere Front Office supports Regulation National
Market System (RegNMS) in the United States for execution in equities markets and
Markets in Financial Instruments Directive (MiFID) in Europe, for execution within
all markets. solidDB is IBM’s in-memory database technology that provides high speed
access to data through its memory-based data management approach, high throughput,
high availability due to its built-in replication and failover capabilities, distributed
operation and flexible deployment. In-memory database technology provides up to ten
times the performance of traditional relational databases.
Integrated Risk Management for Financial Institutions
Page 23

Cognos NOW! At an aggregate business level the risk exposure changes constantly,
occasionally generating large exposures that can have catastrophic consequences. Active
monitoring of those exposures by risk class, trading position, asset class, customer, geo
or product enables the businesses to manage the ramifications of justifiably disconnected
risk bearing decisions. Cognos NOW offers an in memory real-time risk presentation
layer including risk dashboards, risk alerting, risk reporting and risk analysis. Part of
the Cognos Analytics and Performance Management suite, Now! supports an emerging
continuum of real-time to end of month/quarterly risk intelligence demanded by financial
markets and commercial banking businesses.

5.3 Identity Management, Access Control and financial fraud detection/preventions


Identity management and access control are the first line of defense against insider
and external fraud perpetrated by misuse of IT infrastructure. A wide range of system
management tools are in use today to handle the first line of defense as illustrated in
Figure 14. While essential to protect the enterprise, traditional security is being hard
pressed to address those criminal elements attempting to defraud financial institutions.
A combination of malware hacking and infecting personal and corporate computers,
targeted phishing, VoIP spoofing, botnets, ATM card skimming, highly sophisticated
social engineering schemes, and other techniques are employed to bypass financial
industry security best practices. In isolation, it may be very difficult to differentiate
between a legitimate versus a fraudulent access.
Integrated Risk Management for Financial Institutions
Page 24

As a result, banks want to detect account break-ins, social engineering or insider fraudulent
accesses even when these first lines of defenses fail. This is done by monitoring transactions
for anomalistic patterns. As illustrated in Figure 15, this second line of defense depends
heavily on leveraging customer, merchant, location and employee profiles to build their
segment definitions, as shown in upper left corner of the figure. The segment definitions
are used to further model collective activity at all access points, including the web, ATM
machines, IVR systems, call centers or employee computers, to define the envelope of
expected transactional behavior, which is used to flag outliers (middle left).

Fraudulent transactions often have precursors (footprints) in access channel and LoB
events which can be analyzed to identify incipient fraudulent activity. To be most effective,
these events need to be analyzed in real-time. There are cases where access channel
(e.g., web, IVR, ATM, etc.) and applications needs to be monitored jointly since the
evidence of fraudulent activity is insufficient when monitored independently.
Organizationally this can be challenging since the security events are typically monitored
by the IT security organization, while the fraud detection and management is traditionally
handled by the LoB. Sophisticated fraudsters recognize and exploit the gap in security/
fraud detection due to this separation of duties. The more mature financial institutions
are recognizing that they need to combine both the IT security and application fraud
detection capabilities into a single solution if they are to effectively protect their assets.
Integrated Risk Management for Financial Institutions
Page 25

As shown in Figure 16, the ability to co-analyze access channel and application events is
one of the differentiating capabilities of IRM. Because of the speed and number of system
events, they have to be analyzed in high performance event processing engines in context
of application events in real-time leveraging the real-time capabilities discussed in section
5.2. In the past banking systems had been batch oriented. Lack of real-time detection and
patching of the security holes in the banking system did not pose a significant financial
risk. However, with the new types of payment mechanisms that result in increased cross
channels financial flows, including the acceleration of real-time payments and settlement,
the financial risks are increasing. It is possible for fraudsters to steal millions of dollars in
a matter of minutes. This increases the need for real-time fraud detection capabilities that
far go beyond the after-the-fact fraud detection and management solutions.
Integrated Risk Management for Financial Institutions
Page 26

IBM InfoSphere Identity Insight provides real-time fraud detection capabilities by


combining a distinguished entity resolution engine along with complex event processing.
By comparing the personal information from business transaction, the system verifies
whether the person is who they claim to be in addition to finding associations that may be
of particular interest or suspicious due to linkages to PEP, WatchList or internal banking
hot lists. The transaction data is then analyzed against all previous events for this entity to
determine if along with other activities this now qualifies as potentially fraudulent. Either
of these situations may generate an alert that should be investigated by the institutions
fraud investigation unit. The product includes a series of features (Perpetual Analytics,
Global Name Recognition, Business Rule Thresholds and Confirmation/Denial Scoring)
to ensure that false positives are minimized. Because the solution correlates both physical
attributes (name, address, SSN, etc…) along with digital attributes (cookie, email address,
etc…), it also lends easily to augmenting the Identity Management solution covered earlier
in the section.

The key financial fraud detection capabilities of identity insight solution are illustrated
in figure 17 and they are shown in context of overall fraud detection and mitigation (case
management) in figure 15. The left side of figure 14 illustrates how multiple fake identities
of Linda Sweetheart entered through different channels with different names at different
time , while initially irreconcilable, eventually get resolved into a common real identity as
Integrated Risk Management for Financial Institutions
Page 27

the last entry shown in upper right is made. Furthermore, the figure also illustrates how
insider fraud can be detected by linking employees to suspicious customers. In general
Identity insight can discover social networks and analyze their collective transactions for
fraudulent activities like anti money laundering (AML)

5.4 Compliance
While compliance is a broad topic, in this section we focus on IBM’s capabilities in
facilitating compliance with regulations related to financial risk. As the Venn diagram in
at the top in figure 8 suggests, managing financial risks, financial crimes and operational
risks is an important part of regulations for financial sector. Risk postures and loss events
have to be detected, reported internally and in most cases to the regulatory bodies, and
case management or workflows to mitigate the risk or loss have to be undertaken. A fair
body of regulations also deal with collection, analysis, protection and reporting of
information, a set of activities broadly termed as Compliant Information Management.

Every piece of information has a lifecycle. Initially information is created (whether in


paper form or digital form). Then that information is developed – going through draft,
review and approval phases. At some point that information becomes less “active”
and then it may be archived or put under records or retention control. Even after that
happens, the information may become ‘active’ again. As an example, access to archived
Integrated Risk Management for Financial Institutions
Page 28

content may be required to satisfy an eDiscovery or audit request. As some point, the
information gets deleted or explicitly archived. Figure 18 shows the five phases of managing
information through its lifecycle for compliance. The first step is collecting the information.
The collection of the information requires that policies and rules by defined that identify
which content should be collected, as well as where and how it should be managed in the
ECM repository. Once the information is collected, advanced classification can be applied
to help analyze the information to differentiate non-critical documents from critical ones,
and define categories or taxonomies for how those documents should be handled. During
this process, metadata can also be extracted from the information that can later be used
for analyzing the information. Phase 3 in the lifecycle is records management. Ensuring
that information is securely managed and that appropriate retention policies are in place
is critical for regulatory and compliance related activities. In phase 4, the information is
made available to eDiscovery and auditory inquiries. Finally in phase 5, information is
either archived permanently or discarded. The products supporting each phase are
shown in blue rectangles.
Integrated Risk Management for Financial Institutions
Page 29

IEffectively managing this dynamic lifecycle from a compliance point of view requires
the capabilities that are integrated effectively in the integrated risk management platform
as shown in Figure 19. Some components pertinent specifically to compliance activities
are highlighted at the bottom of the figure. A key component of regulatory compliance is
the Inventory of Obligations, a collection of activities pertaining to internal audit, record
retention, and other activities that must be performed to comply with the various
regulations an organization is subject to. The inventory of obligations is a human-readable
repository. Using information metadata, advanced classification, business events and
business rules embodied in ZeroClick technology, information in an organization can
be automatically classified as targets of various compliance regulations applicable to
the different phases of the compliant information lifecycle. The compliance obligations
in the inventory of obligations are translated into a canonical (non-repetitive) set of
programmatic commands that can be executed automatically by a work flow engine like
FileNet, or information masking or archiving solution like Optim. The logs and results
of executing the record retention solutions or audit functions are presented in reports and
preserved as evidence. The IBM eDiscovery tools proactively search and analyze
information in response to audit, legal or regulatory inquiries.

Figure 20 depicts how different parts of the platform implement ZeroClick. IBM Content
Collector uses rules and policies to determine which information to collect, where to store
it and how to reference it. IBM Content Collector can access a wide range of information
sources, and can be configured to either move the information into an IBM ECM repository
or access it directly in its current location. IBM Advanced Classification moves through
the information, extracting critical metadata and identifying which documents are
critical. IBM Records Management automatically retains and categories information
according to retention policies.
Integrated Risk Management for Financial Institutions
Page 30
Integrated Risk Management for Financial Institutions
Page 31

All of this technology is supported by an active governance mechanism that automatically


implements security, control and access policies. All activity is monitored and audited and
can be evaluated while the information is being processed. In addition, the IBM ECM
platform is well integrated with other parts of the IBM portfolio to provide efficient storage
management, and the ability to do analytics on both the efficiency and the business value
of the process. For organizations who wish to implement the entire end-to-end solution,
IBM offers the Compliance Warehouse which is an integrated, end to end solution which
includes software, server and storage hardware, and business and technical services to
build the solution.

5.5 Integrated Risk Solutions


To improve risk decision making and support the new risk management approach and
culture, risk information needs to be shared where needed, securely and efficiently
throughout the enterprise. Often referred to as risk intelligence, the information needs
to be tailored to the users needs and their risk knowledge. As a minimum it needs to
be timely, support repeatable analysis from one period to another, consistent between
groups, and of course accurate. Independent therefore of risk class, LOB, geography,
customer or customer segment, function (risk, finance, capital, LOB) etc, information
needs to be delivered in multiple forms of risk reports, risk dashboards, risk analysis, risk
event management, and risk scorecards (KRI frameworks). Supporting the Integrated
Risk Management approach IBM Cognos has developed the following key solutions:

FIRM (Finance & Integrated Risk Management), built with a number of universal
banks the services led solution supports credit, market, operational risk classes for
retail, commercial and financial markets business lines and includes risk dashboarding,
scorecarding, reporting, OLAP analysis, and event management, with extensions for
Office tools and mobile devices. FIRM has been implemented in many banks worldwide
and is a key component of IBM’s vision for risk insight and control across the enterprise.

Banking Risk Performance - Credit Risk is an analytic application using Cognos’


Adaptive Analytic Framework designed for retail banking risk management, finance
and senior management. It offers a full suite of 70+ ‘out of the box’ risk reports and
dashboards covering the six main risk areas: Basel II reporting, front end performance,
Back end performance, Financial Oversight and Originations Analysis. The application
is mapped to IBM’s Banking Data Warehouse and offers accelerated time to value and
return on investment.
Integrated Risk Management for Financial Institutions
Page 32

Risk Analytics and Scenario Modelling (to be launched in Q1 2010) – offers risk
analytics at the aggregate/portfolio level, leveraging the banks investment in multiple, highly
specialised and tailored risk applications. The solution offers risk quants, finance and
business analysts a ‘risk sandbox’ in which they can answer the ad-hoc risk analysis ques-
tions with confidence, re-use previous analysis and share the results throughout the bank.

Risk Adjusted Profitability – calculates RAROC daily by customer, delivers collaboration


and business planning to relationship management, lending, risk, capital and senior
management teams. It is a critical component to operationalise risk appetite and
performance management.

Relationship Based Pricing – creates the risk informed value of customer relationships
and incorporates account strategy/planning, offer pricing and business planning processes
throughout the enterprise. Loan book impact of aggregate and external macro events
inform the offers and loan book portfolio concentrations. It is a critical component to
operationalise risk appetite and performance management.

6. Key products
IBM offers Integrated Risk Management capability as part of its Banking Industry
Framework. The key information management and analytics products in the risk
management domain of the framework are:

Data management products:


• Banking industry data models for data (BDW) which have business glossaries, ER
diagrams and physical schemas defined for over 5000 entities for banks and financial
institutions. A significant set of those cover wide range of risk related definitions in
areas such as but not limited to: Market Risk, Liquidity Risk, Credit Risk, Operational
Risk, Capital at Risk (incl. risk aggregation), Positions Exposure Analysis, and
Counterparty Credit Risk. The models provide the foundation for interconnecting
other components involved in movement and transformation of risk data as discussed
next and illustrated in the figure 2.

• InfoSphere Information Server for data movement and transformation. It comprises


of Metadata server/workbench to track information, Information Analyzer to explore
known information sources, Data Stage and Quality stage to move and cleanse the data
and FastTrack to automate the overall data movement process.

• Exeros and Optim Data Relationship Analyzer to automatically discover information


in multiple independently managed information sources with different and often
undocumented information representations, and understand the business rules,
transformations and relationships that link them.
Integrated Risk Management for Financial Institutions
Page 33

• InfoSphere Warehouse, a subject oriented warehouse for large volumes of long term
persisted data, SolidDB in memory database for moderate volume data to be accessed
at high bandwidths, and Cognos Now, also an in memory database, for information
used in multi-dimensional analysis.

• InfoSphere Federation Server and Change Data Capture capabilities to provision


information outside the warehouse for risk analysis.

• IBM Content Manager for managing unstructured data in support of risk analysis.

Analytics products:
In addition to the aforementioned data management products, IBM offers the following
products to analyze the data:

• InfoSphere Streams for real-time analytics, scalable to very high volumes of data that
need to be analyzed with very low latencies. Specially suited for analyzing streaming data
(data in flight) as it offers a high level programming language to manage streaming data
and to specify analytics on them.

• WebSphere Business Events for complex event processing.

• Data Mining, Cubing and text analytics services from the InfoSphere Information
Warehouse.

• Specialized analytics like Identity Insight and Global Name Recognition for the ability
to reconcile multiple source system representations of a single individual into a unique
entity and then assess both suspicious associations as well as the nature of their
financial activity via complex event processing.

• IBM Content Analyzer to analyze the unstructured content to extract entities and the
relationships between them.

• The ‘what-if analysis’ and scenario modelling capability provided by IBM Cognos TM1
products. A sample output from TM1 is shown in figure 3 below.

• Risk Analytics and Scenario Modelling (in development with customers) - provides
pre-built stress testing and scenario modelling for Counterparty Credit Risk and
Capital Requirements at an aggregate portfolio level.

• Predictive modelling capabilities through SPSS platform and ILOG business rules
management system.
Integrated Risk Management for Financial Institutions
Page 34

Business Intelligence products:


IBM Cognos8 provides risk solutions including Banking Risk Performance – Credit Risk
and Finance & Integrated Risk Management (FIRM) that together include:

• Risk dashboards that provide graphical user interface for senior management

• Risk reporting for production, ad-hoc and user self service delivers internal and
external disclosure

• Risk analysis across multiple dimensions for risk, finance, business analyst etc

• Risk scorecards identify key risk indicators, leading and lagging indicators, targets and
tolerances, owners of specific risk metrics and mitigation actions

• Risk event management delivers proactive alerting of risk events and break-out
conditions, both centrally and user defined alerts

• Office integration tools extend risk information integrity into PowerPoint, Word, Excel
etc.

Financial Performance Management products:


• Enterprise Planning and TM1 provide financial planning, budgeting, business modeling
and forecasting, in a range of applications that include:

o Risk Adjusted Profitability – calculates RAROC daily by customer, delivers


collaboration and business planning relationship management, lending, risk,
capital and senior management teams

o Relationship Based Priced – creates the risk informed value of customer


relationships and incorporates account strategy/planning, offer pricing and
business planning processes throughout the enterprise. Loan book impact of
aggregate and external macro events inform the offers and loan book portfolio
concentrations.

7. Automating the risk management lifecycle


In the preceding section we discussed how the integrated approach to risk management
can result in cost savings by amortizing the cost of provisioning data and disseminating
the risk assessments over a portfolio of risk solutions. This also resulted in a better quality
of risk assessment because each supported risk application had access to a richer set
of data as we broke down the barriers to information exchange imposed by IT
compartmentalization. In this section we dwell upon automating the risk management
lifecycle of developing, deploying and operating individual risk solutions and improving
the quality of their results by:
Integrated Risk Management for Financial Institutions
Page 35

1. Automating the tasks performed by the data architects in defining the representation of
the data in the risk information warehouse during initial development and subsequent
evolution of the risk solution.

2. Automating the tasks performed by the database software developers for transforming
the data and populating the warehouse, moving the data from the warehouse to the
risk analysis functions, and from the risk analysis functions back to the warehouse and
reporting/dashboard capabilities.

The automation is achieved by enabling the risk analyst to perform the data provisioning
and data transformation tasks, previously delegated to data architects and database
software developers, directly through business level interfaces. This can be achieved by
implementing an analytics integration approach as shown in figure 21. It is currently
being prototyped in IBM as project Hamilton. The automation solution consists of a
workbench, server and risk information directories. The server provides the automation
by interpreting the scripts produced by the workbench.
Integrated Risk Management for Financial Institutions
Page 36

The ‘Analytics Integration Workbench’ gives the risk analyst a business level view of the
information available to him for analysis and the data transformation and analytical tools/
algorithms available to him from internal sources as well as from the external sources. It
allows the analyst to specify end-to-end risk solutions by composing the data transformation
operations, analytics operations, and data movement at the business activity and business
information level. The interface for the risk analyst offered by the Analytics Integration
Workbench is shown in figure 22. On the left hand side of the figure are the separate
palettes for risk data sources and feeds, risk calculators, reports and other computational
components available to the risk analyst, which are described in business terms. On the
right side is the canvas for the risk analyst to compose the risk solution by dragging and
dropping the business level computational components from the palette. The workbench
defines a computational environment expected by the risk analyst and to a large extent
supported by the IT infrastructure. Three sets of data sources illustrated in figure 22 are:
1) Market data feeds such as currency rates, prices of liquid financial instruments, and
economic indicators like interest rates, unemployment figures, measured and forecasted
growth rates for the economy, etc.; 2) news feeds such as K10 submissions and other
corporate activity reports; and 3) portfolios (or banking and trading books).
Integrated Risk Management for Financial Institutions
Page 37

The analytics integration workbench reduces the time and effort spent by the risk analyst
and data architects in locating the risk information in banking operations databases. The
information not available to risk analyst is obtained on an exception basis, as depicted by
steps E1-E3 in figure 23, but once obtained, it is accessible by him and other risk analysts in
future without repeated involvement of the risk warehouse data architect or the database
software developers. Similarly, integration of risk analysis or fraud detection applications
from ISVs into the overall risk/fraud solution also becomes substantially easier as the
application providers provisions data for their applications, as shown in figure 23 in step
2, with the same ease as the risk analyst provisions information into the warehouse and
OLAP cubes, without significant involvement of the data architect or ETL developers.

The risk information directories shown in figure 21 provide the linkages between the risk
information and computational components defined in business terms, the definitions used
by the risk analyst, and the descriptions used in the IT infrastructure in programming
terms. These linkages are established by populating the palette in the workbench from
the business glossary terms in the directory. In addition to the incremental approach of
populating the risk information directories one risk solution at a time, financial institutions
can also take a systematic approach of inventorying all data pertinent to risk analysis
across the enterprise, and all the risk analysis applications, and populating the risk
information directories with the gathered information. The advantage of this systematic
approach is that information and application discovery tools like InfoSphere Information
Analyzer, Exeros, and Optim Data Relationship analyzer can be used to drive high
efficiency in the discovery process.
Integrated Risk Management for Financial Institutions
Page 38

Financial fraud and risk solutions are composed of several IT components as illustrated
in figure 5. The data provisioning, analytics, dissemination of analysis results through
reporting tools, and integration of analytics in core business processes, and most importantly
the interaction among multiple concurrent processes that are part of the analytics solution,
are managed more or less independently with no coordination or formal specification of
the orchestration required between these activities. Naturally, the communication process
lacks formal capture of design agreements, is error prone and the resulting unverifiable
agreements are not amenable to reasoning for correctness at the overall solution level,
even by humans. Hamilton script mitigates these issues by capturing the comprehensive
description of all activities of all components of the risk solution and the orchestration
required between these activities in one place.

As shown in figure 21, Hamilton script is the output of the Analytics Integration Workbench.
In that sense Hamilton script offers a unified programming model for the analytics
solutions and creates an enterprise wide blueprint of the risk/fraud solution. The risk
analyst specifies the solution in business terms using the graphical interface as illustrated
in figure 22, and the analytics integration workbench translates it into the Hamilton
scripts. The script is executed by the analytics integration server and hence the script is
the architectural contract between the workbench and the server, or the business level
user (risk analyst) and the IT staff.

Expressing the risk and fraud solution as an interpretable script makes them flexible.
Hamilton script also enables the financial institutions to rapidly integrate several existing
fraud and risk solutions to create better quality solutions. For example, a solution can be
updated or enhanced easily to leverage new or additional analytics or new and additional
information sources by manipulating the script without necessarily requiring the intervention
of data architects or database software programmers. The IT implementations of data
and analytic services can be changed without impacting the risk solutions, the changes
being limited to the mapping tables contained in the risk information directories. As an
example of integrating several existing solutions, Hamilton script can enable several fraud
detection engines to exchange the results of their analysis and use an ensemble approach
to reduce false positives and false negatives in fraud alerts. Traditionally risk analyst would
invest significant time to explain the changes, enhancements or integration requirements
to data architects and database software developers, and the latter two would spend
significant time in making the required modifications or integration. Hamilton script
simplifies the task of expressing the change and integration requirements and enables
automation of most of it through the analytics integration server.
Integrated Risk Management for Financial Institutions
Page 39

8. Further information
In this whitepaper we briefly discussed the need for better risk management techniques
for the smarter planet which is increasingly more instrumented and connected, becoming
increasingly riskier for financial institutions to do business in, and hence presents an
imperative for financial institutions to use better techniques for risk assessments and to
better leverage those assessments in their business operations. We discussed a roadmap
for maturity in risk management and the imperative for integrated risk management for
improved quality of risk management and lower costs.

Though bulk of the paper was devoted to the integrated risk management approach,
a significant part of IBM’s integrated banking framework, and an experimental project
on automating the risk management lifecycle (section 7), there is far more detail to risk
management than what we could cover in this paper. We encourage the reader to visit
ibm.com/software/industry/frameworks/banking/riskmanagement.html for further
information or to contact their IBM sales representative to learn more.
Integrated Risk Management for Financial Institutions
Page 40

© Copyright IBM Corporation, 2009

IBM Corporation
Route 100
Somers, NY 10589
U.S.A.

Printed in the United States of America


12-09
All Rights Reserved

IBM and the IBM logo are trademarks or registered


trademarks of International Business Machines
Corporation in the United States, other countries,
or both.

 ther company, product and service names may


O
be trademarks or service marks of others

P23836

IIW03001-USEN-01