The financial crisis, which presented a massive blow to the banking and capital markets sectors, now presents an opportunity for a profound change.

Leading up to the credit crisis, the financial services sector was at the mercy of a myriad number of risks. Risk managers were able to recognize established risks, but not necessarily emerging risks or risks in tandem because risk management frameworks evolved either to mitigate each risk separately or to handle risk in business silos.

Although operational risk management, in theory, connects three dimensions on which businesses run (i.e., people, process and technology), it was too loosely intertwined with transactional, control and other risk management mechanisms to be effective. This resulted in a gross oversight of enterprise-wide risk.

As the current market environment puts greater pressure on financial institutions, coordinated approaches to governance, operational risk and compliance are now mandated to help companies manage their risk exposure, while the availability of mature and flexible next-generation, third-party vendor solutions are being positioned to enable firms to adopt an "out-of-the-box" approach in replacing/consolidating in-house tools.

At the same time, the high degree of configuration and single "risk and compliance" approaches associated with these solutions help reduce technology customization and control the costs associated with risk review, audit and risk management operations. Celent expects that global IT spending associated with governance, operational risk and compliance activities will increase from US$1.4 billion in 2008 to US$1.7 billion in 2011, a CAGR of 6.6%.

Before proceeding with any "solution" implementations, firms should consider or work towards the following guidelines for success in order to achieve positive outcomes:

  • Risk-taking aligned with stakeholder expectations and business strategy
  • Management of risks operationalized across a cohesive life cycle
  • Functional and technology requirements, the "bare essentials"
  • Operational risk assessments linked up with performance and operational control data/metrics from multiple frontline processing and control systems
  • Clearly established functional applications architecture

From a supplier perspective, the forces of consolidation are by no means relenting, and the market will consolidate further. There is now a "get big or get out" theme at play. Firms and vendors alike need to position themselves in terms of purchasing or developing solutions. Significant investments are required in an end-user market, which is increasingly sophisticated in its demands. At the same time, requirements are broad and somewhat diverse depending on the flavor of regulation, industry standards and an organization's degree of balance between risk and controls.

Cubillas Ding is a senior analyst in Celent's securities and investments practice and is based in the firm's London office. For more information, visit