Considerations when implementing a risk management system, part 3

Continuing from my previous posts, I will address the next in our series of questions to consider when implementing a new risk management system. This is the final post of the series. As a reminder, I am summarizing some key points you should consider when selecting a risk system.

Here again are the questions I address:

Part One:

• Who are the Stakeholders?
• Why do you need risk?

Part Two:

• What are your options?
• Where do you need to see risk?

Part Three:

• How should you implement your solution?
• When should this take place?

---

How should you implement your solution?

Let's first address this point: Goodness of Fit does not apply to models only (Risk model selection). We have taken the time to identify the stakeholders, our analytical requirements, and what we need from a risk model. Now all we need to do is pick a model. Here are some things to keep in mind during the evaluation process.

• Do you really understand how the model is constructed and what the output tells you?
  As a risk practitioner it is imperative to have a firm grasp of how a particular model is constructed and how that model’s results are to be interpreted. It’s not enough to understand that a model uses pre-specified factors or principal component analysis to estimate risk. The reality is that any risk vendor worth its salt should be able to provide lots of details regarding model construction and interpretation. In the end, if you don’t understand the model how can you effectively communicate the results to your clients or apply them to your investment decision making process?
  
• Is the provider open up about their methodologies?
  In this day and age, if a model provider operates like a black box, I would look elsewhere. Certainly there may be elements of the risk model creation that are considered proprietary by a third party vendor, but there is really no excuse for a vendor limiting a client’s access to construction details. In my mind, the better you understand a risk model at a fundamental level, the better you can use it to understand your portfolio's risk.
  
• If you have questions, do they have answers?
  Documentation and transparency are important, but there will always be questions unique to your firm and risk provider needs to be able to help you answer and these questions. Ultimately behind every risk model there are people, and this means that during the model selection process you need to evaluate the relationship with the people behind the risk model as much as anything else. If you cannot have an open dialog with your risk provider you are not going to get the most out of the system.

Next up: data (unfortunately there is more to risk than risk models). Risk analysis requires an underlying set of data, which is to say, risk measures are only as good as the data they are based on. So we need to think about what data is actually needed to perform any risk analysis. This is one of the most overlooked points in risk analysis. It boils down to a simple question. Do I want to manage data or manage money? So what are the data sets we should be thinking about?

• Risk Model: Why we need this is should be self evident.
  
• Portfolio data, benchmark data, and pricing: As we all know, in order to generate portfolio risk we need portfolio and benchmark weights. That means we need portfolio and benchmark holdings and quantities and pricing to calculate accurate market values and weights. It is important that you are comfortable with the accuracy of the portfolio and benchmark data.
  
• Security-descriptive data: If there are securities (e.g., derivatives, unlisted, futures, trusts, real estate) in your portfolios that are not covered by the risk model(s) you use, you need a way to increase this coverage. One of the most common means is to supply security terms and conditions. Different firms have different levels of access to terms and conditions data. E.g., If you are Plan Sponsor you may not have a good source for this data and may have to rely on your managers to supply it. Where will you get this data if you need it and how will you store it?
  
• Fundamental and economic data: There are three good reasons to think about this type of data:
  1) To give a clear picture of portfolio’s current situation in a way that makes sense to people unfamiliar with risk, it is often helpful to include other data in the analysis to illustrate a point. For example, if you have underexposure to something like “size” or “value,” it may help your cause to include market cap or valuation measures along with your risk analysis to help with the interpretation.
  
  2) If you plan on optimizing, you will likely want to have the ability to incorporate market data into your models to tilt your portfolio(s) towards real world factors that are important to you investment process.
  
  3) If you plan on applying any stress tests, you will undoubtedly need market data to create the scenarios you wish to test (e.g., rising oil prices, decreasing interest rates, changes in trading volume).
  
• History and timeliness: Make sure that you have a good handle on what kind of history you need and will have access to as well as how often the data is updated. If you are concerned with historical ex-ante risk analysis or optimization, you will need historical data for the portfolio, benchmark, and risk model before you can move forward.

Choosing a risk provider is a big decision, but it should not be made in isolation, so consider the following. Risk models are no longer linked exclusively to the model providers; they are now available through a variety of platforms, integrated to varying degrees. Because of this you may have an opportunity to not only solve your risk needs, but to potentially also meet other needs or solve other problems at your firm unrelated to risk. This could mean consolidating services, saving money (or at least spreading the cost), and minimizing redundant processes.

Scalability and flexibility are particularly important because it may mean you can use one system for multiple purposes within a risk framework and potentially beyond. If you belong to a Risk Team, you may only care about risk itself, but many financial professionals wear multiple hats these days and are interested in several things (e.g., portfolio management, risk, performance, marketing). In the past, you may have needed more than one platform to meet all of these needs. Now if you can find a platform that is both scalable and flexible and still meets your core risk needs, there is a good chance that you can consolidate services, which in turn can lead to cost savings and distribution. In this environment every cost is being scrutinized so any service that allows you to get good value for cost is in demand.

Of course related to all of this is the data behind the scenes. Most investment firms would rather stay away from the business of managing data and stick to their core competencies. As such, make sure you understand how the platforms you are considering integrate data, from your own portfolio holdings to benchmark data to third-party data and beyond. You might find a system that does much of what you need but still requires you to plug in lots of different data sources to get the job done.

Kick the tires! You wouldn’t buy a car without looking under the hood and taking it for a test drive. Implementing a risk system can be difficult, so take advantage of trials, set some goals, and at the very least make sure you have satisfactory answers to the following:

• Is it easy to test out a simple situation?
  If you can’t get results for a domestic equity portfolio easily, don’t hold your breath when it comes to large multi-asset class portfolios.
  
• Is the support responsive?
  If you don’t get the help you need during a trial, forget about when you are client.
  
• How is the software?
  If you can’t use the software, you can’t analyze risk.

When should all of this take place?

There is no perfect timeline for selecting and implementing a risk system, but here is a rough guideline of how it often works:

1. Investigate the needs and requirements internally before anything else. Do as much leg work internally as you can before casting your net and looking at providers. Meetings and demos will be much more effective if you have a good grasp of what you think you need.
   
2. Look at the options available in the marketplace. Do some research about the model types you might be interested in. If possible, attend relevant conferences. Contact vendors and ask for information.
   
3. Meet with the providers and have them explain their solutions in the context of your needs. Risk providers have lots of experience; they should be able to do this and this may force you to re-evaluate your questions.
   
4. Narrow the field. Based on meetings, demos, and conversations, you should have some comfort at this point about who you think are legitimate options.
   
5. Request a trial of the top candidate(s). Keep your goals and objectives in mind. Start thinking about implementation. Perhaps part of the trial can be dedicated to moving forward in this regard.
   
6. Don’t lose focus. Circle back to your original requirements. Are you still on target or have you drifted away from your core goals?
   
7. Purchase approval. Depending on a firm’s purchase approval process this step can sometimes significantly delay or impede implementation. Costs should be discussed early so that there is no confusion or surprise at this stage.
   
8. Full implementation. Fully implementing a risk system may take a while, so create a reasonable time line and start simple or with the key portfolios.

Finally, anything worthwhile tends to be difficult, and I believe that implementing a risk system falls into the category of something that is worthwhile. If you have specific questions, please contact me.