NEEDHAM, Mass. – Credit unions that find they are spending a growing share of their information technology budget on risk management are not alone. In fact, risk management is no longer a separate category but a major driver in the financial services market, demanding "a new discipline," according to TowerGroup senior analyst Victoria Garcia. "FSIs traditionally make money by assuming, transferring, pricing, and mitigating risk," Garcia says. Yet, she says, "very few institutions have a complete and real-time picture of their full operational risk profile," including: * Failures of processes and technology * Fraud * Resilience events * Non-compliance losses * Human error across the enterprise What better use of increasingly integrated IT capabilities, Garcia says, than to monitor this broad risk profile in real time? Monitoring, evaluating, and eventually targeting multiple risk factors simultaneously – this is the essence of the new management discipline, enterprise risk management (ERM), she says. The ERM philosophy, Garcia says in a new report, recognizes "the strategic importance of a holistic view of risk." Driving this view are Basel II standards for measuring adequate capital and the Federal Reserve's newly issued guidelines for meeting the international standards. But besides rules such as Basel II and Sarbanes-Oxley, Garcia cautions, FSIs face increasingly complex, diversified competition, growing margin pressure, and a climate in which corporate scandals hit the headlines. ERM requires what Garcia calls a "cultural shift" to align risk management with core business strategies. That means risk managers in today's credit unions must be conversant with IT managers and both must have the support of their CEO. "IT has always been viewed as an implementer of decisions made by business managers and rather as an afterthought," the TowerGroup analyst says. "In the case of ERM, IT is the backbone that supports the framework and the arteries that transport vital data to the enterprise level." FSIs with outdated core IT systems will need to spend more to implement ERM, but Garcia sees no alternative. "Managing risk across the enterprise demands data completeness and integrity that legacy core systems may not provide," she says. As vendor solutions increase in power, automated interfaces and data management will allow banks and credit unions "to perform risk management calculations in almost real time for the entire organization," Garcia says. Risk management spending on IT is increasing globally at a combined annual growth rate of 5.2%, the TowerGroup report says. Japanese and Chinese FSIs will continue spending most heavily in credit risk management, while North American institutions will continue to concentrate on operational risk, increasing spending at double-digit rates and claiming 35% of the risk management IT budget by 2008. Overall, TowerGroup estimates that risk management IT spending by North American FSIs will grow 6.4% annually from 2005 through 2008, when it will reach $9.2 billion. "North American FSIs are taking a leading role in driving strategies for ERM and investment best practices," Garcia says. "More U.S. institutions are adopting the Basel II framework for genuine business reasons, whether or not regulators mandate compliance." -

[email protected]