Marsh & McLennan Advantage Insights logo
Conversations and insights from the edge of global business
Menu Search

BRINK News is transitioning to This Moment platform on as of March 31, 2023. Read the update here.


The Credit Risk Systems of Most Banks Are Not Fit for Purpose

As COVID-19 locked down many economies and financial markets erupted in turmoil, bank credit risk departments were faced with a deluge of urgent questions, some of them existential. How large is our direct and indirect exposure to oil and gas companies? For how long can airlines service outstanding credit lines? Will our commercial property portfolio hold up? Under what conditions will we consume our capital buffer?

Confronted with many time-critical analyses to complete, many credit risk departments (re-) discovered an unsettling truth: Credit IT and data infrastructure are not up to the job. Credit systems at many banks are monolithic and inflexible with complex and poorly constructed links to source systems. The data they contain is often inaccurate, incomplete and out-of-date.

As a result, completing even basic sensitivity analyses at a client or portfolio level can be a major headache, requiring extensive manual work. These delays can undermine decision-making and prevent decisive action.

The problem, however, is not new. Most banks experienced similar problems in the wake of the global financial crisis. So, why haven’t they managed to fix their credit risk infrastructure?

Too Hard To Fix?

Many banks have relegated their legacy credit risk infrastructure to the “too-hard-to-fix” bucket. Credit risk systems tend to be old and have evolved to comply with successive waves of regulatory requirements over a long period. The resulting legacy environment has become a Gordian knot that is simply too costly and too risky to untie. Credit risk infrastructure can contain thousands of daily data feeds, dozens of different processing environments and millions of lines of code.  

However, banks have become adept at workarounds to compensate for poor credit infrastructure. The low cost of labor has allowed banks to deploy large numbers of offshore staff to perform manual analyses and data remediation. In the short run, such an approach was easier and cheaper than replacing existing infrastructure. In the wake of the most recent crisis, however, this approach seems like a false economy.

The upside of sorting out the credit infrastructure mess looks more compelling than ever. The quality and efficiency of banks’ credit risk decision-making will improve across the board, allowing them to manage their capital more effectively. They will be in a better position to proactively manage clients, support the growth strategies of the front-line businesses and realize cost savings from the operational burden of manual work and data remediation.

To re-platform credit risk IT effectively, banks should learn the lessons from peers that have successfully transformed from old to new technology. We have condensed these lessons into the following five areas.

Know Where You’re Going

Banks must have a clear and detailed picture of the future credit risk IT architecture and how it supports the future state vision of the credit risk function. Without this north star, banks have no basis to assess whether proposed technology investments are moving toward a strategic solution or not. Agreeing on the architecture also forces banks to debate and resolve the key business trade-offs involved with more difficult architectural decisions. Unresolved core design questions can become highly politicized and block meaningful action to remediate deep-seated technology issues.

Credit officers and banks with sub-standard credit risk infrastructure are vulnerable in today’s highly uncertain and volatile world and will need to adapt a more modern architecture.

Deliver, Deliver, Deliver

Successful credit risk re-platforming is a complex and time-consuming exercise. For the largest multi-national banks, fully decommissioning critical credit infrastructure and switching over to a new environment can take years. Waiting until the end of the journey to deliver all benefits in a “big bang” always ends in disappointment.

Leading banks are following migration paths that deliver benefits from very early in the program, producing tangible improvements at regular intervals. In this way, they build momentum to ensure that all stakeholders continue to engage with and support the program.

Add Disruptors

Pioneer banks are looking to incorporate modern technology concepts — microservices, cloud storage, stateless calculators and data rules libraries — into their solutions. 

Risk teams tend to be conservative by nature, especially when it comes to adopting new technology. Many banks replace old systems with new systems that look very similar. Against the backdrop of rapid improvements in data management, storage and calculation technology, such an approach is not only expensive but also will put banks at a competitive disadvantage.

One successful bank is seeding experienced engineers from non-risk backgrounds as technology disruptors into the risk architecture teams to ensure that the new technologies flow into emerging designs.

One Dream Team

Traditional ways of working between risk and IT persist at many large banks — despite extensive efforts to adopt agile methodologies. This involves risk practitioners giving their requirements to change teams that act as go-betweens with IT. IT teams take these requirements and build or procure a system that is tested by the risk practitioners (or change teams). Defects are logged and passed back to the IT team for remediation. And the cycle continues through multiple iterations. This approach is not only lengthy but also often results in systems that are not fit-for-purpose.

Leading banks are employing a fully joined-up approach through the entire development lifecycle. Critically, credit officers, credit control staff, quantitative data analysts, IT architects, and other data specialists commit significant time through the entire design, build and rollout process — and are evaluated on the team’s success. Not only does this approach speed up decision-making but also it ensures that the new systems incorporate features that address the most important practical needs of the users.

Clean In, Clean Out

Innovative banks are addressing the perennial issue of poor-quality data as an integral part of their re-platforming efforts, putting in place data management mechanisms to use “golden sources” of credit risk data and ensure that data in these golden sources is correct. Inaccurate, incomplete and out-of-date data has long been the Achilles Heel of credit risk. New calculation engines, data repositories and reporting engines count for little if the data that they are using are of poor quality. It’s no coincidence that credit data has become a major focus for regulators.

Looking Ahead

Credit officers and banks with sub-standard credit risk infrastructure are vulnerable in today’s highly uncertain and volatile world. Banks that move to a more modern architecture will facilitate informed credit decision-making and enjoy a distinct competitive advantage. 

Mark James

Partner at Oliver Wyman

Mark James leads the cybersecurity practice in EMEA, and is a partner in Oliver Wyman’s global Finance & Risk digital practice. His work primarily involves partnering with clients in the financial services industry and in the public sector to tackle issues relating to technology, data, and operations.

Rebecca Emerson

Partner at Oliver Wyman

Rebecca Emerson is a partner in Oliver Wyman’s Financial Services practice. Her recent client work includes advising banks and market infrastructure players on wholesale risk management and treasury topics.

Get ahead in a rapidly changing world. Sign up for our daily newsletter. Subscribe