Rethinking Risk Management

Lean Management: A New Zeitgeist in Risk Management


Rethinking Risk Management: Lean Management: A New Zeitgeist in Risk Management Comment

Banks can greatly benefit from a leaner and more integrated approach to risk management. This article addresses how banks can constantly evolve to an efficient and productive process, by focusing on data, infrastructure, process, and – most importantly – people.

In the aftermath of the global financial crisis, banks around the world were restricted by increasingly tighter regulations and faced a grim outlook of a prolonged period of low interest rates and limited revenue growth. Although the situation has improved, banks continue to consider ways to restore profitability. As a result, reducing operational cost has once again become a focus. By eliminating inefficiencies in their business processes (e.g., cost of maintaining so called legacy systems), banks will drive performance.

Moreover, these limitations often affect the risk management activities of banks as well. On the one hand, risk management is frequently viewed as a pure cost center that should be kept at a reasonable size. On the other hand, the current "regulatory tsunami" requires significant investments in risk management. A recent survey by KPMG, conducted on behalf of the Federal Association of German Banks, shows that the cost to implement and comply with the latest regulations – just for the German banking sector – will reach €2 billion per year.1

How can a bank build a better and more capable risk management framework and, at the same time, keep costs under control? The answer to this dilemma is to take a more integrated approach to risk management that embraces the concept of the "lean" management school of thought. This will help a business better understand the relationship between risk and capital.

What is lean management?

The concept of "lean" describes a holistic and sustainable approach to managing the key processes of an organization. It represents a business strategy based on creating value for customers (internal and external), while eliminating wastes and deficiencies in the process. Every activity in the processes of an organization that does not add value – or worse, destroys it – is a waste. Lean management, however, is not only about continuous improvement of business processes, but also about respect for people. Only by uniting purpose, process, and people can an organization obtain sustainable change and business excellence.

The idea for lean management can be traced back over centuries, but was properly developed and implemented in the production system of Toyota Motor Company in the 1950s and 1960s.2 It allowed Toyota to produce better quality cars with fewer defects at lower cost, resulting in better customer satisfaction. This helped the firm to outsell the "Big Three" US automotive firms in their home market, and eventually become the world’s biggest automotive producer.3

Figure 1: summarizes the typical types of waste in an organization’s processes and the positive impact that addressing these deficiencies can have on their business [Source: Moody's Analytics]

Figure 1: summarizes the typical types of waste in an organization’s processes and the positive impact that addressing these deficiencies can have on their business [Source: Moody's Analytics]

Waiting is one key waste and eventual cost in banking processes – waiting for colleagues to make a decision, waiting for IT systems to deliver data or produce results, etc.

  • Conveyance is another key waste. Banks must avoid creating processes that disrupt the linear, sequential flow of data, paperwork, or other information.
  • Over processing occurs if banks establish complex processes to create the services required by their internal and external clients.
  • Closely related to the idea of processes is the unnecessary movement of people. Organizations must ensure that their work areas are logically organized to prevent negative outcomes (e.g., waiting).
  • Defects (e.g., incorrectly captured data in a bank’s system) occur for multiple reasons. Organizations must create processes that are less likely to produce defects, as well as create instructions and policies that prevent defects.
  • Not using employees’ creativity, skills, and knowledge is probably one of the biggest wastes in today’s people-driven banking industry.4

Identifying and removing wastes and deficiencies, perfecting business processes, and building a learning culture that strives for continuous improvement, can significantly increase a bank’s efficiency in areas such as client satisfaction, reacting to sudden market developments, or risk management.

The advent of "lean" in the financial services industry

The term "lean" gained wider popularity in the financial service industry in the 1990s and early 2000s, when organizations around the world successfully imported concepts and solutions from lean manufacturing. Some financial institutions have experienced notable success, like Bank of America reporting more than $2 billion in benefits and BMO Financial Group, which credited up to $55 million in cost savings to its "lean" works.5

Financial services executives have increasingly understood that lean management is a good way to reinvigorate their business performance, particularly in customer-facing channels. They can reduce cost and improve how clients perceive their value through:

  • More automation (e.g., online banking, more ATMs, smart phones, etc.)
  • Fewer, but more efficient, bank branches
  • Improved and better tailored customer service

Lean management in banking

This first phase of lean management in banking focused on the interface between the bank and its customers, with the goal of improving the quality of retail banking services. For example:

  • Reducing the processing time of applications
  • Improving help desks
  • Increasing end-to-end productivity
  • Decreasing the complexity of products
  • Introducing a tier-system for branches

Banks must address a series of key challenges during this first phase to shift from product-centered organizations to more client-oriented end-to-end organizations. Most notably, they need to overcome silo structures within their organizations and redesign processes. Silos often foster resistance from managers, as most banks have evolved into a collection of rather rigid business lines and hierarchies over decades.

Observable trends in lean banking

The trend toward a leaner, more efficient bank did not stop with the retail business. Over time, it also reached other areas of a bank’s operations, more recently in wholesale banking and IT. In wholesale banking, the benefits of traditional cost-reduction measures, such as outsourcing and offshoring, have often been offset by rising salaries and the hidden cost of the increased complexity of their processes. Despite this, banks have tried to embed lean principles in areas such as trade execution, securities lending, or fund accounting – resulting in savings of up to 30%.6

When viewed from end to end, many wholesale products share similar features and workflows to which lean principles can be applied, such as:

  • Aligning operational teams
  • Balancing workloads
  • Establishing the transparency of information flows

IT is one of the most complex areas within financial institutions. According to the results of a large survey of firms in the Americas, Europe, and Asia, financial services institutions spend more on IT than any other industry. For example, banks’ IT expenses equal 7.3% of their revenues – nearly twice as much as other industries. On average, across all sectors polled, IT costs were equivalent to 3.7% of revenues.7 Other sources confirm the relatively high IT costs in banking. A leading consulting firm saw banks’ IT costs in 2012 range from 4.7% to 9.4% of operating income.8

The reasons for an increased use of IT in the banking industry can be diverse. Financial services firms have to fulfill exacting regulatory requirements, which translate into IT costs that do not contribute to the firms’ earnings. Furthermore, banks rely heavily on IT in their back offices and their distribution channels.9

Banks can implement the lean ideas within their IT departments through a more holistic management of IT architectures, reducing complex technologies across organizations. Due to non-organic growth, such as mergers and acquisitions, it is not uncommon for many banks to have multiple legacy systems that are connected via a myriad of interfaces. In addition to reducing this interface complexity to become leaner, banks can use a number of levers to further increase efficiency:

  • Use out-of-the box vendor solutions instead of customized applications
  • Reuse existing resources and results instead of reinventing the wheel
  • Develop an integrated data model and consolidate databases in one larger datamart, supported by standardized data elements across the business
  • Utilize advanced data profiling techniques to uncover behavioral trends and patterns
  • Standardize technologies within the bank10

A leaner IT architecture helps to significantly reduce the time dedicated to developing and maintaining IT applications. Once lean principles have been established, banks can then focus on automating back office tasks (e.g., digitizing work flows, automating or supporting decision-making), with subsequent increases in productivity. Studies have shown that implementing a leaner and better integrated IT architecture may provide a return on investment of more than 50 percent, a reduction in time-to-market of at least 30 percent, and additional organizational benefits, including better alignment between business and IT.11

However, given the current complexity of IT infrastructures in banks, there are still impediments to leaner IT.

  • Highly complex procedures that are difficult to automate
  • Maintenance of numerous legacy systems
  • Lack of internal resources and skills
  • Different understandings and priorities between IT and the business side of a bank in defining exactly what is needed in terms of data and reporting

Make risk management more integrated and leaner
Today, risk management is dominated by regulatory requirements that affect a variety of banks’ businesses. For example, regulations impacting a bank include the implementation of the Capital Requirements Directive and Regulation (CRD IV / CRR), the fundamental trading book review, European Market Infrastructure Regulation (EMIR), Basel Committee on Banking Supervision (BCBS) 239, revised reporting (COREP/FINREP), Dodd-Frank, stress testing, etc.

Compliance with each individual regulation requires a significant amount of initial and ongoing investment, resulting in de facto “fixed-cost items” on a bank’s profit and loss statement. In a business environment characterized by prolonged low interest margins and revenues under pressure, banks are forced to find ways to reduce operational cost – even in an area like risk management that currently requires a lion’s share of investments due to regulatory compliance needs.

To achieve this goal, banks are addressing their legacy structures (e.g., risk silos, outdated IT, rigid organizations), which are still very common in financial institutions. Much of the focus has been on the automation of risk management. For example, banks need the ability to better aggregate data and respond to reporting requirements. Some have begun to redesign their risk management units completely by doing the following tasks.

Breaking the silos between risk categories

Traditionally, risk management divisions have been aligned with the risk categories set by Basel II (i.e., market risk, credit risk, and operational risk). Each division used different information, data, systems, file formats, modeling systems, and resources to assess its risk category. They also developed their own hierarchies and reporting lines, often resulting in duplicated work.

Introducing an end-to-end data management framework

Instead of a variety of applications and databases that require banks to manage an extensive network of interfaces, some banks have begun to reduce the complexity of their IT infrastructures by reviewing the data flow, understanding the data needs, and introducing an end-to-end data management system.

Understanding risk management as a process rather than a static function and linking it with other processes within the bank

Similar to the introduction of end-to-end data management systems, banks are changing their view on risk management from being a static function to playing a vital role within an overall value-adding process.

Reducing waste and non-value-adding activities in the process

Banks are looking for inefficiencies and wastes, with the goal of reducing them wherever possible. Mitigating waste will result in risk management that uses the available resources in the best way possible, thus achieving its objective with a minimum of time and resources. Risk controls also become more effective. Valueless complexity obscures important sources of risk. The exercise of identifying value streams reveals the real sources of risk, allowing the organization to realign its controls so they are more targeted and effective.12

Empowering people with the goal of developing a new risk culture

Eventually, achieving more efficient risk management will require more than improving processes or IT systems – it will also require the help of human resources teams in risk management divisions. Empowering people with leaner management gives them the voice, structure, and tools to challenge long-standing assumptions – and the freedom to question how the organization does certain things and why. This helps simplify and root out valueless complexity at the operational level of the organization. As a result, the organization begins to simplify itself.13

What is needed for a leaner and more integrated risk management framework

In order to reap the benefits of more efficient, less resource-intensive risk management, banks will need to focus on four elements: data, infrastructure, people, and process (see Figure 2).

Data

Data is the foundation of every meaningful business decision. Data has to be accurate, which means consistent and free from material mistakes or errors. It has to be complete, providing sufficient granularity to identify trends and attaining a full understanding of underlying risks. Data has to be appropriate, by being relevant to risks in the bank’s portfolio and suitable for its business. Only if data fulfills these conditions, can it be transformed into information that is relevant for decision-making.

Infrastructure

More importantly, the ability to quickly access data on an enterprise basis requires an infrastructure that can grow with increasing business and regulatory demands. The Basel Committee on Banking Supervision, however, stated that: "One of the most significant lessons learned from the global\ financial crisis that began in 2007 was that banks’ information technology (IT) and data  architectures were inadequate to support the broad management of financial risks. Many banks lacked the ability to aggregate risk exposures and identify concentrations quickly and accurately at the bank group level, across business lines, and between legal entities. Some banks were unable to manage their risks properly because of weak risk data aggregation capabilities and risk reporting practices."14 As a consequence, banks have to review and redesign their infrastructure with a focus on efficiency and flexibility.

Processes

In line with the changes in the data and infrastructure frameworks of banks, processes will need to be critically reviewed and freed from value-destroying complexities and wastes, or challenged if they are redundant. In many instances, bank processes served a valid business purpose when they were originally established, but over time these purposes changed while the processes remained the same. A critical review can expose and reduce these costly inefficiencies.

People

People that understand the forces driving the idea of leaner, more integrated risk management and fully embrace its principles will be able to achieve productivity gains of "up to 20, 40, or even 50 percent of labor capacity that are possible in the first year."15 Lean risk management, however, can hardly be forced onto an organization. Instead, banks must encourage and help their people better understand it (e.g., by learning how another organization applied the same ideas, creating a shared understanding, and fostering the conviction to try it out in their own organization).

Figure 2: Components of a leaner and more integrated risk management framework [Source: Moody's Analytics]

Figure 2: Components of a leaner and more integrated risk management framework [Source: Moody's Analytics]

A leaner, more integrated approach to risk management

The concept of lean management is about an embedded culture of understanding the client’s needs and requirements, while continuously striving to reduce waste and optimizing the performances of process, people, and infrastructure.

Despite gaining traction in the financial services industry in the 1990s and early 2000s, more progress still needs to be made. Banks have focused on the speed and quality of their services, especially on the retail side of the business. With the increasing need and cost to comply with regulatory requirements, though, risk management divisions are at the center of attention.
Risk management can greatly benefit from a leaner and more integrated approach and constantly improve a bank’s efficiency and productivity, by focusing on data, infrastructure, process, and – most importantly – people.

Dr. Christian Thun, Senior Director, Strategic Business Development, Moody's Analytics. Christian provides deep expertise on credit risk management, Basel II, and portfolio advisory projects and functions as a main contact for regulators and the senior management of financial institutions.Author:

Dr. Christian Thun, Senior Director, Strategic Business Development, Moody's Analytics. Christian provides deep expertise on credit risk management, Basel II, and portfolio advisory projects and functions as a main contact for regulators and the senior management of financial institutions.

Sources

1 KPMG, Impact of Regulatory Requirements, page 7, December 2013.
2 Brophy, A., Financial Times Guide to Lean – How to streamline your organization, engage employees and create competitive edge, p. 7, 2013.
3 Big Three = General Motors, Ford Motor Company, and Chrysler.
4 Brophy, A., Financial Times Guide to Lean – How to streamline your organization, engage employees and create competitive edge, p. 20-23, 2013.
5 Bain & Company, For banks in need – getting more from Lean Six Sigma, Guarraia, P., Schwedel, A., 2008.
6 Coxon, M., Oguz, T., Schulz, C., Wholesale financial services: Higher pressure means greater rewards from lean (2011), p. 93. McKinsey, Lean Management, 2011.
7 DB Research, IT in banks: What does it cost? December 20, 2012.
8 McKinsey on Business Technology, Breakthrough IT banking, Gopalan, S., Gaurav, J., Kalani, G., Tan, J., 2012.
9 DB Research, IT in banks: What does it cost? December 20, 2012.
10 McKinsey on Business Technology, IT architecture: cutting cost and complexity, page 26, Janaki Akella, Helge Buckow, and Stéphane Rey, August 2009.
11 McKinsey on Business Technology, IT architecture: cutting cost and complexity, page 27, Janaki Akella, Helge Buckow, and Stéphane Rey, August 2009.
12 McKinsey: The Lean Management Enterprise, One company in the eyes of the client, page 30, Marv Adams, January 2014.
13 McKinsey: The Lean Management Enterprise, One company in the eyes of the client, page 25, Marv Adams, January 2014.
14 Basel Committee on Banking Supervision, Principles for effective risk data aggregation and risk reporting, January 2013.
15 McKinsey: The Lean Management Enterprise, One company in the eyes of the client, page 30, Marv Adams, January 2014.

 

[Source: Published in Moody's Analytics Risk Perspectives: Integrated Risk Management - Volume IV | November 2014, www.moodysanalytics.com]

[ Source of cover photo: © Ivelin Radkov - Fotolia.com ]
Risk Academy

The seminars of the RiskAcademy® focus on methods and instruments for evolutionary and revolutionary ways in risk management.

More Information
Newsletter

The newsletter RiskNEWS informs about developments in risk management, current book publications as well as events.

Register now
Solution provider

Are you looking for a software solution or a service provider in the field of risk management, GRC, ICS or ISMS?

Find a solution provider
Ihre Daten werden selbstverständlich vertraulich behandelt und nicht an Dritte weitergegeben. Weitere Informationen finden Sie in unseren Datenschutzbestimmungen.