Sep 25, 2008 (01:09 AM EDT)
SAS Institute: Banks Lack A Comprehensive Risk Management Strategy

Read the Original Article at InformationWeek

Business technology managers have long talked about the problem of "information silos," in which a business lacks the culture and infrastructure for sharing knowledge and data company-wide. Could that have been a fundamental problem of financial firms hit by the mortgage crisis?

That's one conclusion by SAS Institute, which counts banks and insurance companies as among its biggest customers of business intelligence software, including risk management. The company sponsored a survey of 316 financial services executives in July, in which 70% of respondents said that the losses stemming from the credit crisis were due to failures to address risk management issues.

Fifty-nine percent of survey respondents said the credit crisis had prompted them to scrutinize their risk management practices in greater detail, partly due to anticipation of closer scrutiny from regulators.

Among the challenges identified by respondents were data management and company culture, which hindered implementation of "comprehensive" risk approaches, said SAS Institute. Some financial services execs cited access to relevant, timely, and consistent data as a major obstacle. Almost half of the respondents said fostering a culture of risk management was the most widely encountered challenge.

SAS concludes from the survey and customer discussions that many banks have "very good siloed risk management, but not a true enterprise view of the risk," said David Rogers, SAS's global product marketing manager for risk, in an interview Tuesday.

A more strategic, company-wide approach to implementing risk management software and business processes, with dashboard views of company-wide risk issues for executives, would help protect financial firms against future miscalculations, he said. But it's not the only answer. Too many banks have made the mistake of focusing on profit and treating risk management as an afterthought, and haven't done enough to educate employees on the topic.

"You can't take risk management out and treat it as a separate thing," Rogers said. "It has to be part of the business and have the respect of the business unit managers."