Professional Documents
Culture Documents
15%
loss in ROE
Return on Equity (ROE) and Tier-1 Capital Ratio of Systemically Important Banks
Average of 14 banks, 2004-2013
ROE
20%
10%
0%
-10%
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
Source: Bloomberg
155
rules undecided
60% Finalized
Remaining rules
Finalized rules
235
155
70%
efficiency loss
$500
$4,000
$3,000
$400
$2,000
$1,000
$300
$0
$200
-$1,000
-$2,000
$100
-$3,000
-$4,000
$0
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
i.
www.executiveboard.com
100
50
35
30
17
16
15
12
0
Application
Information
Business Process Social Networking
Development &
Technologies
Technology
Outsourcing
Maintenance
Outsourcing (ITO)
(BPO)
(ADM)
Derivatives
Systems
Rest of
technologies
(average)
45%
Investing in
sourcing
2015 CEB.
Application
Maintenance &
Development
Business
Process
Outsourcing
Information
Technology
Outsourcing
45%
45%
44%
N = 1,266
Source: CEB 2015 Global FSI Survey
ii.
www.executiveboard.com
Atit Amin
Senior Analyst
Capital Markets
June 2015
Given the barrage of new regulatory standards, firms are spending large portions of their technology
budget on implementing and operating risk management and compliance functions. CEB projects that
global spending on risk management and compliance technology will hit nearly $45B with North America
and Europe expecting a 20% and 16% compound annual growth rates, respectively, through 2018
To reduce these costs, leading organizations are undertaking transformative business-led initiatives that
promote a flexible technology infrastructure and leverage outsourced service delivery solutions.
Some of these initiatives include leveraging data utilities, converging market and reference data and
outsourcing risk functions including KYC and list management.
Centralized data management will also be crucial to the success of these initiatives; however almost 70%
of capital markets firms either do not have a data management strategy or have not invested in it.
Additionally, moving to a business-led, vendor enabled model will also allow firms to further identify
opportunities for innovation and expanded capabilities which will be critical for continued profitability.
Executive Summary
In years past, risk management was traditionally dominated by financial and hazard risks, such as complying
with new regulation and managing against a lack of liquidity. Now that those risks can be transferred through
hedging and insurance, they have taken a backseat to strategic, operational, and reputational risks that
business leaders must proactively identify and manage. These business risks, if not managed correctly, can
dramatically affect an enterprises financial results, brand, and even ability to operate, thereby having a severe
negative impact on shareholders, customers, and employees. Additionally, the operating costs to manage risk
and compliance functions has dramatically increased and cutting costs will require a substantive shift across
business, IT and vendor teams.
Within the context of new regulatory requirements, capital markets firms cannot afford to practice risk
management the old fashioned way. Serving the sophisticated needs of future risk management principles will
require a broader change in the perception of risk technology. Instead of viewing it as a nice to have, highly
effective risk governance models position risk technology as business critical and a function that delivers
2015 CEB All rights reserved.
May not be reproduced by any means without express permission.
competitive advantage. As a result, CEB TowerGroup believes that risk management and compliance
technologies, built upon a flexible delivery model that promotes context-based innovation, speed-to-market,
and an agile workforce, is the best means of integrating the discovery, measurement, monitoring, and
management of firm-wide risk.
Exhibit 1: Dodd-Frank Progress Report (Top); Asset Managers Increasing IT Spending Per Regulation in 2015
(Bottom)
Rulemaking Progress as of December 1, 2014 (Top); Percentage of Capital Markets Firms Answering Increase in
Spend, Excluding Answers of Unsure, 2014 (Bottom)
Sources: Davis Polk, Dodd-Frank Progress Report, December 2014 (Top); CEB 2014 FSI Survey (Bottom).
To illustrate, an additional list of new regulatory safeguards that financial institutions are planning for include:
Data Reporting: Changes to reporting of census information, fund investment in derivatives, liquidity
and valuation of holdings, securities lending, and separately managed accounts.
Portfolio Composition Risk and Controls: Mutual funds and ETFs may require a board risk
management program for liquidity and derivatives. Risk management requirements may include
2015 CEB All rights reserved.
May not be reproduced by any means without express permission.
updated liquidity standards, disclosures of liquidity risk, or measures to limit the leverage created by a
funds use of derivatives.
Dismantling Plans: Investment advisors will need to submit plans for a major disruption to their
business.
Stress Testing: The SEC may conduct annual stress tests on large funds and investment advisers,
similar to those conducted by the Federal Reserve on commercial banks.
Given this barrage of existing and new regulation, firms are increasing their spending on compliance
technologies as the post-crisis regulatory landscape shifts market structure and necessitate new governance
and reporting procedures. Per CEB estimates, capital markets firms have already incurred more than $20
billion in compliance costs since 2009, not counting additional layers of litigation costs and legal settlements. In
our opinion, the largest sources of compliance costs emanate from regulations that have altered, and in some
cases, created new market structure in both the equities and derivatives markets across the United States and
Europe.
For example, as the trading of OTC derivatives trading moves onto exchange-like venues, traders will have
much greater insight and access to information and trade data. With better tools and resources at their
disposal, traders will also have to respond faster to price volatility, and make efficient, informed investment
decisions. The shift from manual, human-based trading to screen-based execution raises the importance of
possessing real-time, streaming information and data flows, and up-to-the-second pricing, risk, and valuation.
As such, an optimal trading environment will require firms to have interoperable systems that can not only
integrate data through trading, risk and pricing but also incorporate the cost of centralized clearing and
settlement so portfolio managers and traders can assess the fully loaded cost of a derivative instrument. This
shift will require considerable enhancements to disparate systems, streamlined processes to ensure
processing time is not impacted and require more cross-team communication.
Moreover, regulation and compliance costs are rising for Change the Bank (CtB) initiatives and teams as they
prepare systems to comply with new standards and processes. The regulation will also impact Run the Bank
(RtB) teams as they ramp up to manage and support these more complex compliance and risk management
functions going forward. CEB projections indicate that global spending on risk management and compliance
technology will hit nearly $45B with North America and Europe expecting a 20% and 16% compound annual
growth rates, respectively, through 2018 (Exhibit 2). Furthermore, according to the Bureau of Labor Statistics,
compliance officer employment in the finance and insurance industry within North America is expected to rise
11% nationwide from 2012 2022.
Exhibit 2: Global Technology Spending on Risk Management and Compliance (Top); Global Technology
Spending on Risk Management and Compliance (Bottom)
By Region, Share of Cumulative Expenditure as of 2014 (Top); In Millions of USD 2008(P) 2018(P) (Bottom)
Source: CEB Analysis
And while the up-front technology investment will be significant and unavoidable, the project impact of some
regulation should diminish with technologies that can reduce costs and enhance control. Firms should examine
post-implementation cost-cutting and process improvement opportunities as part of compliance technology
enhancements to make the most of required changes. This can be achieved by implementing management
principles that enable technology and business teams to maximize returns, centralize and streamline risk data
management and reporting and outsource non-core risk and compliance functions all to reduce cost.
teams to experiment with new capabilities earlier in the lifecycle and thereby reduce costly testing cycles.
Additionally, as regulatory costs rise for IT teams, business-led risk and compliance provides an additional
40% of technology investment.
However, not all business-led IT spending is healthy; when poorly managed, it can drive up costs, risks, and
create data silos. Risks of business-led IT includes underestimating operational stability needs, weak vendor
management, and immature, duplicative siloed solutions. To reduce these risks, leading firms are playing to
the comparative advantages of the organization (Exhibit 3). In this ideal paradigm, business teams drive
innovation as they have the best insight into clients, products and competitors. Additionally, this model offers
flexibility as business teams are better able to control resources and make trade-offs between opportunities.
This shift also plays to the strengths of vendors and IT teams by outsourcing deep, technical expertise to
service providers and freeing up internal IT teams to focus on building skills that will have lasting value to the
business. In this new paradigm, vendors provide subject matter expertise (SME) at a reduced cost and provide
efficient, scalable operations that are often unfeasible with an internal IT team. As firms move towards
outsourcing SME, IT teams can then focus on enduring skills such as bolstering service management, offering
a cross-enterprise perspective and consulting the business as they lead innovation initiatives.
Exhibit 3: Strengths of Technology Projects Led by IT, Vendors, and Business Line Leaders
Illustrative
Source: CEB Analysis
financial data is consistent throughout the business and reduce the cost of managing the divisions in silos.
According to CEBs Data Management Survey, 71% of business leaders are planning to converge market and
reference data in the coming years. This is particularly notable for risk management teams given the negative
impact inaccurate data can have on risk analytics and compliance. As firms break asset-class and business
line silos, a one-data approach will improve risk and compliance management, service, and cut costs (Exhibit
4). Firms that have already moved to a one data approach have seen improvements in risk analytics, data
consistency, as well as trade processing and reporting. In fact, three leading G-SIBs in North America
partnered with Cognizant to comply effectively with the BCBS 239 regulation related to risk data aggregation
and reporting. Post-implementation, the firms realized rationalization of enterprise risk data, developed data
traceability, lineage, and aggregation, created glossaries and process maps for gap analysis, and ensured
transparency and automation of regulatory reports for Basel and Fed exams.
Exhibit 4: Convergence of Historically Distinct Investment Analytics Technology (Top), Five Areas of Asset Class
Convergence that Offer the Highest ROI Potential (Bottom)
Illustrative
Sources: CEB Analysis
Additionally, Dodd-Frank requires firms to re-examine their standards, particularly around counterparties,
contracts and underlying securities. Yet, many firms report low standardization maturity, which amplifies the
challenges of Dodd Frank implementation and the ongoing maintenance of data standardization. Given this
challenge, leading firms are moving towards an outsourced security master model to ensure data
standardization and reduce overall maintenance cost. For example, Bank Vontobellisted on the SIX Swiss
Exchangeoperates in 21 international locations and manages a total of CHF 150 billion in client assets,
turned a data management initiative into a new revenue source by creating an outsource service. Their existing
systems reliance on specialists, along with new regulatory requirements and a multi-data provider model,
drove the urgency for change. To simplify their processes, reduce cost, and gain revenue, the firm outsourced
their security master services. The benefits of the project included an internal data management and BPO
2015 CEB All rights reserved.
May not be reproduced by any means without express permission.
strategy in a single platform which provided scalability to onboard more customers with different levels of
services as well as quality and efficiency improvements.
Institutions also display low maturity in risk data aggregation and reporting of several important types of risk
data. According to the CEB 2014 FSI Survey, almost 70% of firms either do not have a data management
strategy or have not invested in it. Low standardization maturity will amplify the challenges of Dodd-Frank
implementation, as it requires firms to reexamine their standards, particularly around counterparties, contracts,
and underlying securities. Furthermore, Basel III introduces several new principles that risk and compliance
teams will need to be prepared for including, but not limited to:
These principles are notable as they are ambitious and cover a broad set of risk aggregation and reporting
capabilities, shift focus towards data accuracy, completeness and timeliness, and require several IT-specific
capabilities, such as real-time and ad hoc reporting. It will be important for RtB teams to consider these factors
as they prepare their risk management and compliance functions for the future state. Building these
capabilities in-house can be costly and difficult to maintain therefore outsourcing opportunities should be
considered to scale for increased regulation and reduce operating costs.
2
3
JPMorgan Ramps Up Compliance and Controls IT Spending, Finextra, September 18, 2013.
HSBC to Pay Record US Penalty, Wall Street Journal, December 11, 2012.
joined forces with SWIFT to develop and use a centralized due-diligence system designed to reduce the
burden of compliance and the rising regulatory costs associated with it. Bank of America Merrill Lynch, Citi,
Commerzbank, JPMorgan, Socit Gnrale and Standard Chartered are among the group to have signed an
agreement to jointly launch SWIFTs KYC registry, which is a type of secure electronic repository for the
masses of information required by banks as part of their due-diligence process on corporate clients all over the
world.4
The KYC registry offers a powerful if rare public example of how banks are working together to resolve
problems brought about by the regulatory onslaught. Under the agreement, the banks will participate in a
SWIFT-led working group to agree on the registrys processes, as well as the documentation and information
necessary to fulfill KYC requirements across multiple jurisdictions. In addition, the banks are to start populating
the registry with their own KYC data (Exhibit 5).
Similarly, banks are also outsourcing the storage of compliance data to help reduce costs through a shared IT
platform. Barclays, Credit Suisse, Goldman Sachs and JP Morgan Chase signed a memorandum of
understanding (MOU) with post-trade services group the Depository Trust & Clearing Corporation (DTCC), with
the aim of creating a shared repository for client reference data.5 The DTCC said the jointly developed data
platform will enable banks, broker dealers, asset managers and hedge funds to store information including
regulatory compliance data in a central library. Likewise, Cognizant has also worked with its clients to create
similar internal utilities or shared service models for reconciliation and reference data processing.
4
5
Major Banks Sign Up for SWIFTs KYC Registry, Bank Systems & Technology, March 4, 2014.
Banks to Develop Shared IT Platform for Compliance Data Outsourcing, ComputerworldUK, October 4, 2013.
The next step is to prevent execution risk that threatens a firms ability to gain maximum value from an
outsourced model. Firms often migrate to outsourcing services as an unsustainable short term solution to a
long term problem. To reduce value leakage, capital markets firms need to develop a sustainable outsourcing
plan that avoids the follow common failure paths across the sourcing lifecycle:
Strategic Misalignment: Sourcing strategy is not linked to long-term strategies and financial
objectives.
Unfavorable Terms: Lack of initial cost transparency leads to suboptimal contract terms.
Measures that (Dont) Matter: Choosing a vendor based on performance targets and SLAs that fail to
reflect the end-user experience.
2015 CEB All rights reserved.
May not be reproduced by any means without express permission.
Out of Sync Teams: Coordination is poor between external providers and in-house staff.
New Role, Old Skills: Retained staff lack sourcing management skills.
Static Performance: Inflexible contract terms limit the ability to adapt to evolving business strategy.
No Innovation: Organizations are unable to create incentives for vendor led innovations.
Conclusions
In part due to an accelerating confluence of new-to-world risk factors, risk management is only going to get
more difficult. There is a right way and a wrong way to respond. The best way to implement prudent risk
management principles without introducing unnecessary organizational drag is to have IT, risk, vendor and
business teams work together in delivering a flexible delivery model that promotes context-based innovation,
speed-to-market, and competitive advantage. The ability to manage risks must become an essential leadership
competencyon par with (and integral to) executing a strategy, launching a new product, and leading an
effective team. Risk management is not a discrete activity for business units to conduct separately from
strategy, business processes, and talent management; done properly, it is deeply embedded into all three of
those important activitiesnot slowing them down or adding more cost burden, but actually improving them.
Cognizant Technology Solutions commissioned CEB TowerGroup to conduct independent research and
analysis of compliance and risk management trends in capital markets. The content of this report is the product
of CEB TowerGroup and is based on independent, unbiased research not tied to any vendor product or
solution. Although every effort has been taken to verify the accuracy of this information, neither CEB
TowerGroup nor the sponsor of this report can accept any responsibility or liability for reliance by any person
on this research or any of the information, opinions, or conclusions set out in the report.
10