ALI Solutions

July 29, 2010

Home › Company › News › Articles

Fixing Risk When IT Is Booked

BAI Banking Strategies
February 11, 2010
By Tom Miller

When a bank needs to improve risk management systems and IT is absorbed with other priorities, risk managers need to look at intelligent decision automation.

It is a bitter irony for the Information Technology (IT) leaders in our bank,” says the chief risk officer at a large U.S. bank. "The risk management innovation we need right now is exactly what IT wants to deliver. But IT’s plate is full. We’re going to have to find another way to get risk done."

Sound like your bank? The credit crisis and recession have magnified banks’ risk exposure. Many institutions find themselves in need of new and better risk management capabilities and look to IT to implement these solutions. But as the banker above laments, IT is often booked.

And no wonder. IT resources have been swamped by waves of regulatory and compliance changes, acquisition integrations and legacy infrastructure issues. Risk management transformation often has to wait in line while these other priorities get tackled.

But there is another way: meet your risk management needs without IT. It’s now possible to deploy intelligent decision automation technology that integrates, in a standardized way, with all types of data sources. Unlike traditional technology in the risk management category, these systems do not require the institution’s IT developers to write customized new code to interface with legacy systems. Instead, the code is easily configurable by the business unit at no loss of performance.

The Data Gap

Before describing how this risk management upgrade can be achieved, we need to look at five categories of data in terms of what banks have to work with today and what they need in the future.

Customer Data: As risk managers urgently try to decide which customers are creditworthy and to what degree, they begin by reviewing credit histories. But past credit performance doesn’t tell you how a customer is behaving today or how to gather that information for analysis and action. History is an unreliable indicator now that we have experienced a historic disruption of consumer credit. Risk managers need to be able to see the whole customer in today’s environment and be able to access relevant data about that customer. Much of it resides somewhere in the bank but most systems today do not make it readily available.

Data Updates: Accumulated financial data has traditionally been reported once a month. But life happens daily, hourly, in real time. When risk managers are trying to predict and prevent risk that costs the bank real money every day, monthly reports are bound to be anywhere from one to 30 days too late to be reliable.

Account Management: Behavior scores have long provided a dependable decision-making tool for portfolio management, but besides being based on past behavior, they often fail to take into account the entire customer picture. Risk is obviously a function of the whole customer, beyond what shows up in one account or group of accounts. Useful account management depends on a real-time, customer-level view of risk, which detects and reports signs of potential behavioral changes before they happen.

Strategy Testing: Conventional methods for shaping and optimizing portfolio management practices are increasingly too slow. Traditional champion/challenger testing, for example, lets managers know which risk strategies and tactics work best but they take time to implement and more time to assess. Advances such as pre-production strategy simulation are more suited for today; they can provide feedback and insight more quickly.

Analytics: For years, risk scores provided a fairly reliable indication of whether a credit customer could and would repay. But credit scores built on historic samples look backward (sometimes way back) at a time when history is a poor indicator of future probability. Today’s analytics must find ways to displace historical samples through more innovative event-based data and more experiments in design-risk models.

While these old analytical methods are not without value as a safety net for credit risk, they do hide a danger. Not only do high-risk customers leak through the safety net, but the net often catches low-risk customers and prevents lenders from maximizing what could be very profitable customer relationships. As we wrote in our previous article, Managing the Two Faces of Risk, the risk of running off good customers for bad reasons becomes as great as the risk of extending credit to those who default.

If a bank were starting afresh today to create the perfect risk management system, these five data needs could almost constitute its "requirements documentation," with IT instructed to build a system that incorporated all of them, integrated and connected.

Standardized Integration

While starting afresh is rarely possible, there is good news: these needs can be met today. Some financial institutions are achieving success in risk mitigation by doing one or more of these things without commandeering significant IT resources or attempting to rip-and-replace existing IT infrastructure. That is because each of these institutions deploys intelligent decision automation that integrates, in a standardized way, with all types of data sources. Here are some examples:

One of the largest residential lenders in the U.S. developed a program to identify at-risk mortgage loans before they became delinquent. It enabled them to contact the customers through the channel deemed likely to appeal to them and offer customized treatments based on their net present value (NPV), which was previously calculated according to an expanded set of customer-related analytics. Early results showed a significant increase in customer response, including updated customer data that could be used to refine the likelihood of delinquency and to alter the treatment offered. In essence, this lender has quantified the long-term value of a customer relationship (via cash flow) and then determined how each potential treatment or change to the loan or account would affect the value.

Typically such an ambitious effort would require costly and time-consuming modifications to existing systems, training of employees regarding the system and policy changes and a significant amount of activity within the technology infrastructure. Instead, this lender simply configured a fully-packaged outsourced solution that included the analytic models, decisioning software, trained agents and loan remediation process through a third party-hosted provider.

The lender sent account records from its core system into this secure, hosted environment. There the loan evaluation and remediation was performed – the decisioning, the loan modification, the outbound treatment and all other services required – and the loan information was returned to the lender. The system’s security features allowed the lender’s IT group to be in full control of the information throughout the process, without being required to set up and maintain the system.

A credit card issuer was able to dramatically reduce risk by applying analytics to customers’ first-day transactions and then contacting those customers with individual, customized treatments and offerings. In the early days of the program, the issuer achieved a 31% reduction in balances more than 30 days past due and a 23% reduction in the number of such accounts. Charge-offs fell 13%. Just as important, the issuer was able to identify attractive, low-risk clients and create offerings to improve those relationships in terms of customer satisfaction and mutual financial value.

The breakthrough here was the ability to evaluate a specific event in real time and take action outside of the lender’s legacy billing systems, which are hard-coded into time-based, end-of-the-month procedures. It would have been virtually impossible for the lender’s IT group to isolate a new cardholder’s first-day transaction, let alone aggregate that transaction with other data from the card-holder’s application or credit bureau report. Nor would legacy systems typically allow a business user to rewrite risk policy on the spot and apply it to a particular customer.

Instead the issuer uses technology that sits outside yet complements the legacy systems and enables risk officers to evaluate customer accounts based on specific events and take action as events indicate. Most important, risk officers can, upon accessing the data, determine the appropriate modification policy for a particular account and put it into action immediately. If, for example, existing policy rules that new credit card customers who run up 70% of their credit line in the first hours of use should have a reduced credit line, a risk manager, seeing that information on a particular customer aggregated with credit bureau and application information, might instead decide to lighten the policy and let that borrower reach 90% of his or her line before making a decision. In today’s environment, where issuers must be as avid about finding good borrowers as they are about blocking risky ones, that kind of flexibility is essential.

One of the largest banks in the world faced three difficulties: an IT group consumed by legacy system updates and compliance coding, a patchwork of customer information systems strung together from decades of unabsorbed acquisitions and a pressing need to reduce its risk by getting more of the proverbial 360 view of its customers. With millions of customers acquired largely via acquisition, each captured in separate business units, each business line had only a blinkered, product-specific look at a sliver of each customer, even though most of their customers had more than one product.A

Recognizing the near impossibility of using internal IT resources to build the solution, this bank chose a middleware technology to leverage myriad sources of data throughout the massive organization and across business silos to create a reliable customer level score and policy. Now this information is easily integrated into the bank’s customer-facing system applications. Most impressive, they got this solution into production in 90 days, achieved immediate benefits and were able to plan a stable expansion of its use.

What we have described here – creating incremental, non-IT-intrusive solutions – is a virtue born of necessity, but it is still a virtue, recognized not just by business heads but also by IT. In the real world, where budgets and resources collide with reality, banks must mitigate risk where and when they can, one improvement at a time, one area at a time, even one customer at a time. This approach may be incremental, but it is progress in the right direction. It compresses learning about where risk resides and where it does not and it delivers considerable advantage to the innovators and their customers.

Mr. Miller is senior vice president of ALI Solutions, a predictive analytics company based in Austin, TX. He can be reached at This e-mail address is being protected from spambots. You need JavaScript enabled to view it .