Our Viewpoint

Our Viewpoint

Today's Risk Management Challenges for Financial Institutions

March 21, 2013

Today’s economic conditions and uncertain outlook have led to a realignment of priorities and goals for all financial institutions. Risk management has always been among the highest responsibilities of senior management. But too often, the practice of risk management has been to apply the same tools and practices used in the past without critical examination to determine if they are still useful or appropriate in the current environment. A crucial component of risk management must include periodic reviews of risk management practices to ensure they adapt to the changing landscape.

Senior management needs to periodically review and “maintain the pulse” of the following areas:

  • Borrower and loan risk rating process
  • Exception and loan covenant tracking
  • Portfolio risk analysis and reporting
  • Procedures and policies

How is this accomplished? Data, data, data. The philosophical assertion, “Data leads to information, information leads to knowledge” is as true as ever for today’s financial institutions. The difficulties start when trying to design the necessary processes and procedures to collect the right data and to identify the correct technologies to implement and support those processes.

Start From the Top

The business and analytical needs must drive the risk-management framework; the reports, models and data. Too often this process gets turned around, and financial institution reports and analytical models get driven—not by the desired output—but by the data available. Financial institutions need to answer the following questions in order when developing risk management systems:

  1. What are the necessary risk management decisions?
  2. What information and reports are needed to inform my decisions?
  3. How do I measure the risk parameters that flow into my reporting?
  4. What data do I need to collect to perform my risk measurements?

Far too often, financial institutions try to develop risk management systems based on information that they already collect and store in an easily accessible format. A top-down review of risk management needs will allow for the identification of shortcomings.

The need to capture the data for good risk analysis will drive day-to-day financial institution procedures and operations. As an example, loan to value is a crucial risk factor in commercial real estate lending. For most institutions, the host system does not capture collateral-level data. For this data to be available for risk analysis, someone along the line must enter this data into a separate database for it to be available for risk analysis and reporting.

Bottom-Up Data Flow

Once the top-down risk-management framework is in place, the risk-management execution requires a bottom-up data flow. Risk assessments at the borrower and loan level are aggregated to the entire portfolio.

This requires consistent application of policies and procedures across the entire organization. Well-designed and implemented technology solutions will provide the mechanisms to enforce consistency and reinforce a common risk management culture.

Risk Rating

Borrower and loan risk ratings need consistent application for risk ratings to be useful. By capturing relevant data, the financial institution can develop objective models that minimize “judgment call” ratings that, historically, do not reflect the probability of default as accurately as necessary. The best practice is to develop a dual rating system that separates borrower ratings and loan ratings. This allows for identifying borrower-specific and loan-specific risk factors and leads to more granular analysis.

Objective risk rating models are easy to refine in changing conditions, whereas retraining personnel to adjust their habits and practices in applying judgmental models usually leads to a period of inconsistency, as financial institution staff become accustomed to the new thinking. Periodic reviews should be done by dedicated audit staff. Their guidance reinforces consistent risk rating practices across the organization.

Exception and Loan Covenant Tracking

Most institutions do not have systems that automatically track exceptions and covenants. Rather, this is a manual (i.e., time consuming, expensive and error-prone) process, where a person reviews a paper file and transcribes his findings into a spreadsheet that is later merged into a report from the host. A well-designed technology solution will automate this process, with the relationship and loan level data available to the portfolio analysis solution. This saves on the time, expense and errors inherent in a manual process.

Portfolio Reporting

Once the appropriate processes and systems are in place to gather data for risk management purposes, the next step is put that data to use. An important aspect in portfolio monitoring that is frequently overlooked is having the ability to compare data month over month or quarter over quarter to identify trends in the portfolio performance. Looking only at month-end data cannot provide the same level of management oversight as reviewing an entire year’s worth of data side by side. Data integrity is a key challenge when it comes to portfolio reporting; transferring data each month into a spreadsheet for reporting is no longer a best practice.


Senior management must understand their financial institution’s risk management framework and systems, and they must be prepared to adjust their practices as conditions change. Successful implementation of such a framework requires:

  • A consistent understanding among staff of the financial institution’s risk management principles and practices.
  • Robust and flexible technology systems that gather the relevant data and allow the financial institution to adjust risk-management practices as needed.


James Hartzog
Senior Commercial Lending Expert and Product Manager
James Hartzog