“Office of the Comptroller of the Currency said 11 of the 22 large banks it supervises have “insufficient” or “weak” management of so-called operational risk,” 

Reported by Bloomberg on 21 July 2024

The twin goals of minimising risk while maximising revenues lie at the heart of financial markets. Whilst traditionally seen as conflicting objectives, banks able to rapidly identify, assess, and mitigate risk on an enterprise-wide basis can be more agile and use this to their competitive advantage. These institutions can confidently pivot into new business lines, innovate, and grow revenue streams. 

And here’s the secret—it comes down to confidence—confidence in your data, confidence in your level of visibility, confidence in your ability to swiftly instigate effective controls, and confidence that you can do all of these things consistently across your enterprise.

Why limited transparency limits capital returns

Firms can’t fix what they can’t see. So, when an institution lacks the level of transparency required to effectively monitor and control a particular activity, the default risk-limiting protocol is to minimise exposure. This often means decreasing volumes, exiting relationships, and even selling off divisions. These actions not only curtail current revenue streams but also make it increasingly difficult to onboard new clients or expand existing client activity in the long term.

In short, mitigating risk often means sacrificing current and future revenue opportunities. It also comes with the burden of greater oversight, compliance, and controls for the remaining business. While this is happening, the front office continues to be responsible for growing revenue and relationships. Eventually, it becomes an exercise of attempting to squeeze blood from a stone and penalising teams when this proves to be a near-impossible task.

So, how do we break this cycle?

Growing an enterprise requires client oversight and proper monitoring of that oversight.

For a firm to provide the necessary assurances that its new endeavours can be conducted safely, appropriate guardrails need to be in place. Guardrails that facilitate effective and proactive risk management, which in the post-trade environment include counterparty, payment, liquidity and operational risks. Whilst the intricacies of each of these risk types differ, the overarching risk management framework needs to consistently deliver real-time visibility into and control over all of the firm’s current activities, its obligations and level of exposure – enterprise-wide. This is often in contrast to the traditional approach of managing risk at the individual business level, which can be challenging to centrally coordinate. It should be noted that this traditional approach also doesn’t fully account for the interdependencies and impact felt across multiple interconnected areas.

“The overarching risk management framework needs to consistently deliver real-time visibility into and control over all of the firm’s current activities, its obligations and level of exposure – enterprise-wide”

The Legacy Challenge

Moving to an overarching or holistic framework can present challenges to some firms—especially large financial institutions. They depend heavily on many siloed, legacy post-trade systems and processes, which require numerous manual procedures. These not only restrict the firm’s ability to scale due to capacity constraints but also delay access to critical information, which is massively fragmented when it finally becomes available.

It’s this inability to provide risk, operations, business, and treasury teams with access to the critical real-time information they need that often lies at the epicentre of the problem. It’s why firms can’t confidently manage and put in place the appropriate risk controls that would facilitate business growth and expansion.

That said, immediately ripping out and replacing these vital legacy systems and processes is rarely an option. What’s needed is a pragmatic approach—a way to attain the necessary real-time visibility and control to safely conduct new revenue-generating opportunities using smart technologies that interoperate with those already in place. 

“The inability to provide risk, operations, business, and treasury teams with access to critical real-time information often lies at the epicentre of this problem”

Here are the three critical components that I feel need to be in place to achieve this:

1. Confidence in Your Data

Firms wanting to grow their business safely need to start by providing users with data they can be confident in. This means providing access to real-time information and when an issue needs investigating, the ability to quickly and easily drill down to fully understand the factors that influenced it. To achieve this, firms need to expedite and automate their payment reconciliation processes and aggregate and normalise fragmented data.

“Firms wanting to grow their business safely need to start by providing users with data they can be confident in”

To provide this high-quality data, our Core-Payments® solution continuously reconciles inbound and outbound payments on a statement vs. ledger basis. This means users can quickly understand the firm’s actual position—not the expected position—at any point in the day. Furthermore, via a dashboard configured to their specific needs, users can view consolidated data across all payment flows and business lines. 

Core-Payments sources this data by interoperating with the firm’s many existing systems. This provides a fully aggregate view that delivers real-time insight into counterparty and liquidity exposures and operational data. Furthermore, users can drill down into each individual transaction and trace the entire transaction history using time-stamped data. 

This means users can be confident in the timeliness of the data they’re viewing and can make more informed decisions allowing for more accurate risk assessment.

“Users can be confident in the timeliness of the data they’re viewing and can make more informed decisions allowing for more accurate risk assessment”

2. Process Automation: Reducing Risk and Increasing Scalability

The second critical adjustment is to automate workflows and implement effective alerts. Manual processes simply don’t scale and are a source of operational risk. We advocate using smart, collaborative, and automated workflows governed by configurable rules and alerts powered by real-time payment information. 

These types of workflows provide a reliable, traceable, consistent, and transparent means of agreeing on processes. Furthermore, as each firm’s specific requirements differ, configurable rules mean these can be more easily accommodated. By powering everything using real-time data, the instant an issue occurs, the pre-set rules can kick in, and the relevant team members can be proactively notified.

Core-Payments’ no-code hold-and-release rules provide a great example of how counterparty and payment risk can be controlled more effectively and consistently. These rules are easily created and modified to immediately stop all required payments from being executed across all business areas and flows. This introduces a whole new level of enterprise-wide control and frees firms from the constraints of legacy systems and processes often managed at the individual business level.

“No-code hold-and-release rules provide a great example of how counterparty and payment risk can be controlled more effectively and consistently”

Using these rules, when faced with a market, geopolitical, or even counterparty-specific event, firms can identify their overall exposure immediately and implement no-code rules without delay. 

“This introduces a whole new level of enterprise-wide control and frees firms from the constraints of legacy systems and processes often managed at the individual business level”

3. Controlled, Orchestrated Payment Release

Far too often, payment instructions are processed simply because the payment happened to be the next in the queue—not because all preceding factors indicated it was the right thing to do. This can be a major source of payment, counterparty, and liquidity risk. For this reason, the third critical component is ensuring that firms can instigate automated, and controlled payment release. 

This varies in different situations. It might involve scheduling payments for specific times in response to a given activity, or only settling certain instructions on a payment-on-payment (PoP) basis. Additionally, it includes implementing automated, conditional controls to ensure counterparty payments are released only when the counterparty has fulfilled its obligations.

Putting in place these key capabilities enables capital market firms to manage risk consistently, effectively and proactively. With our Core-Payments solution, users can do so in real-time and achieve complete visibility and control of the end-to-end post-trade payment process across all business lines and payment flows. 

These capabilities empower firms to be more agile and do more with all clients across all segments. Ultimately, the appropriate level of firm-wide visibility and control enables banks to demonstrate to regulators that they can identify, assess and mitigate vulnerabilities and focus on growing customer activity across business lines with confidence.

“Firm-wide visibility and control enables banks to demonstrate to regulators that they can identify, assess and mitigate vulnerabilities and focus on growing customer activity across business lines with confidence”