Home > Deposit Insurance > The Deposit Insurance Funds > Strengthening Financial Risk Management at the FDIC
Strengthening Financial Risk Management at the FDIC
Anticipating Future Needs – Horizon 3
As the FDIC moves over the next 18 months to implement the recommendations for Horizons 1 and 2, it also will need to consider the impact and implications of a possible future move to Horizon 3 – an environment in which risk to the deposit insurance system is not only monitored and measured in near real-time, but also managed in a more interactive, more fully-automated manner throughout the organization. The decision to move to such an environment will depend on the FDIC’s assessment of its future needs, and whether the benefits of an upgrade in risk management practices outweigh the costs to the Corporation and the deposit insurance system.
The kinds of potential benefits – individually or collectively – that the FDIC will need to consider include: enhanced institutional risk analysis; better knowledge management; enhanced public policy knowledge and positions; fuller understanding of risk-based pricing; better documentation; and a greater ability potentially to offload or hedge risks. The likely costs include substantial information technology (IT) expenses as well as organizational realignment considerations.
While the recommendations from Horizons 1 and 2 are being implemented, the FDIC will need to anticipate and assess its future risk management needs implied by an evolving deposit insurance environment. Specifically, the NRC, based on the advice of a cross-divisional team of managers and starting during Horizon 2, should annually assess the advisability and implications of moving to Horizon 3.
Horizon 3 differs from Horizon 2 on three principal dimensions: the degree of system access and availability; the timeliness of underlying data; and the size and importance of the risk group in the organization. At Horizon 3:
The potential benefits of moving to an integrated IT environment and investing in organizational and other changes contemplated in Horizon 3 are manifold. They include:
The current information technology (IT) infrastructure, and the likely infrastructure over the next 12 to 18 months, is characterized by a patchwork of computer programs, desktop spreadsheets, and individual analyses prepared by different researchers. This environment is conducive to exploring research issues and developing prototypes quickly, but it is neither automated nor user friendly, and it is not sufficiently flexible to support a Horizon 3 capability, even with the Horizon 2 modifications.
A move to Horizon 3 will require a substantial investment in IT infrastructure. Specifically, FDIC would be well advised to migrate all operational risk models from DIR onto an integrated IT platform accessible throughout the organization. Models under development would continue to be built and tested separately. Exhibit 3-1 provides an illustration of a sample well-functioning IT architecture in Horizon 3, including the manner in which data inputs might feed into the models on an automated basis to produce reports and analyses. In this type of environment, a single programming language standard (e.g., C++) should be employed, perhaps using a commercial risk management platform (e.g., Risk Vision, Summit, Sungard) as a core.27 Input and output data should be stored in a relational database (e.g., Oracle, Sybase) that continuously tracks inputs and outputs and creates an audit trail. Any of the potential hedging strategies described above will require further investments in systems and procedures to properly track and monitor performance.
The transition to Horizon 3 may additionally require a substantial reorientation or reorganization of the existing risk management organization. Typically a dedicated risk group of perhaps a half dozen professionals headed by a Chief Risk Officer would be assembled to handle the increased workload, which would include not only cutting edge analyses and ongoing synthesis, but also an orchestration of efforts to instill a risk management culture within the organization. If a hedging capability were developed, an individual with capital markets experience would be necessary to assist with evaluation and execution.
24 For example, in a recent interview with a large private sector financial guarantee company, the chief risk officer noted that making risk reports and supporting data available over the firm intranet resulted in substantially increased usage, positive feedback from users, correction of errors in the database, and vastly improved risk monitoring.
26 For example, many credit hedges on publicly traded banks involve, directly or indirectly, shorting the underlying bank’s stock. This activity, even if conducted only indirectly on the FDIC’s behalf, raises difficult questions for a bank regulator. For an analysis of reinsurance options available to the FDIC, see Reinsurance Feasibility Study, Marsh & McLennan (December 2001).
27 Once the basic models are prototyped, the FDIC might decide to migrate to an IT environment developed and maintained in-house, or to an outsourcing arrangement of some kind, or to an application service provider (ASP) model.
|Last Updated firstname.lastname@example.org|