As Covid-19 locked down many economies and financial markets erupted in turmoil, bank credit risk departments were faced with a deluge of urgent questions, some of them existential. How large is our direct and indirect exposure to oil and gas companies? For how long can airlines service outstanding credit lines? Will our commercial property portfolio hold up? Under what conditions will we consume our capital buffer?
Confronted with many time-critical analyses to complete, many credit risk departments (re-) discovered an unsettling truth: credit IT and data infrastructure are not up to the job. The crisis has laid bare the shortcomings of bank credit infrastructure. Credit systems at many banks are monolithic and inflexible with complex and poorly-constructed links to source systems. The data they contain is often inaccurate, incomplete, and out-of-date.
As a result, completing even basic sensitivity analyses at a client or portfolio level can be a major headache, requiring extensive, time-consuming manual work and painful reconciliations. These delays can undermine decision-making and prevent decisive action.
The problem, however, is not new. Most banks experienced similar problems in the wake of the global financial crisis. So, why haven’t they managed to fix their credit risk infrastructure?
Too Hard To Fix?
Many banks have relegated their legacy credit risk infrastructure to the “too-hard-to-fix” bucket. Credit risk systems tend to be old and have evolved to comply with successive waves of regulatory requirements over a long period, as much as twenty years in some cases. The resulting legacy environment has become a Gordian knot that is simply too costly and too risky to untie. Credit risk infrastructure at large banks can contain thousands of daily data feeds, dozens of different processing environments, and millions of lines of code.
To make matters worse, banks have become adept at workarounds to compensate for poor credit infrastructure. The low cost of labor has allowed banks to deploy large numbers of offshore staff to perform manual analyses and data remediation. In the short run, such an approach was easier and cheaper than decommissioning and replacing existing credit risk infrastructure. In the wake of the most recent crisis, however, this approach seems like a false economy.
The upside of sorting out the credit infrastructure mess looks more compelling than ever. Banks that invest in upgrading their credit risk infrastructure will enjoy a distinct competitive advantage. The quality and efficiency of their credit risk decision-making will improve across the board, allowing them to manage their capital more effectively. They also should be in a better position to proactively manage clients and to support the growth strategies of the front-line businesses. They should enjoy considerable cost savings when it comes to both operational costs associated with manual work and data remediation.
To re-platform credit risk IT effectively, banks should learn the lessons from peers that have completed a successful transformation from old to new credit risk technology. We have condensed these lessons into five recommendations.
New calculation engines, data repositories, and reporting engines count for little if the data that they are using are of poor quality. It’s no coincidence then that credit data has become a major focus area for regulators everywhereMark James, Partner
Recommendation One: Know Where You’re Going
Banks must have a clear and detailed picture of the future credit risk IT architecture and how it supports the future state vision of the credit risk function. Without this north star, banks are essentially flying blind when it comes to investments in technology upgrades; they have no basis to assess whether proposed investments are moving towards a strategic solution or not. Agreeing the architecture also forces banks to debate and resolve the key business trade-offs involved with more difficult architectural decisions (for example, one versus. many data stores). Unresolved core design questions can become highly politicized and block meaningful action to remediate deep-seated technology issues.
Recommendation Two: Deliver, deliver, deliver
Successful credit risk re-platforming is a complex and time-consuming exercise. For the largest multi-national banks, fully decommissioning mission-critical credit infrastructure and switching over to a new environment can take years. Waiting until the end of the journey to deliver all benefits in a “big bang” always ends in disappointment.
Leading banks are following migration paths that deliver clear and compelling benefits from very early in the program, producing tangible improvements at regular intervals during implementation. In this way, they build critical momentum to ensure that all stakeholders continue to engage with and to support the program.
Recommendation Three: Add disruptors
Pioneer banks are thinking out-of-the-box with respect to their future credit risk architecture and are looking to incorporate modern technology concepts -- microservices, cloud storage, stateless calculators, data rules libraries.
True to their mission to safeguard the bank’s balance sheet from the riskier (and potentially ruinous) instincts of front office bankers, risk teams tend to be conservative by nature, especially when it comes to adopting new technology. Many banks replace old systems with new systems that look very similar – reassuringly familiar to the risk and IT teams. Against the backdrop of rapid improvements in data management, storage, and calculation technology, such an approach is not only expensive but also will put banks at a competitive disadvantage.
One successful bank is seeding experienced engineers from non-risk backgrounds as technology disruptors into the risk architecture teams to ensure that the new technologies flow into emerging designs.
Recommendation Four: One Dream Team
Traditional ways of working between risk and IT persist at many large banks – despite extensive effort to adopt agile methodologies. This involves risk practitioners giving their requirements to change teams that act as go-betweens with IT. IT teams then takes these requirements and build or procure a system that is then tested by the risk practitioners (or change teams). Defects and suggested improvements are logged and passed back to the IT team for remediation. And the cycle continues through multiple iterations. This approach is not only lengthy but also often results in systems that are not fit-for-purpose.
Leading banks are employing a fully joined-up approach through the entire development lifecycle. Critically, credit officers, credit control staff, quants, IT architects, and data specialists all commit significant time through the entire design, build, and rollout process—and are evaluated on the team’s success. Not only does this approach speed up decision-making but also it ensures that the new systems incorporate features that address the most important practical needs of the users.
Recommendation Five: Clean In, Clean Out
Pioneer banks are addressing the perennial issue of poor-quality data as an integral part of their re-platforming efforts, putting in place data management mechanisms to use “golden sources” of credit risk data and ensure that data in these golden sources is correct. Inaccurate, incomplete, and out-of-date data has long been the Achilles Heel of credit risk. New calculation engines, data repositories, and reporting engines count for little if the data that they are using are of poor quality. It’s no coincidence then that credit data has become a major focus area for regulators everywhere.
Why wait?
Banks with sub-standard credit risk infrastructure are flying blind through the storms of today’s highly uncertain and volatile world. Without the infrastructure to facilitate better and more informed credit decision-making, credit officers are like pilots trying to navigate force 5 winds with faulty, unreliable instruments. Moving to a more modern architecture will enable better and more informed decision-making and greatly improve their chances of landing the plane safely.