Putting security at board level helps Bendigo Adelaide Bank smooth its risk-management overhaul

High-level representation of IT and information-security interests helped smooth the delivery of a major data-consolidation project that has revolutionised daily analytics and risk management of more than 4 million customer records for Bendigo and Adelaide Bank (BAB).

Priorities during the global financial crisis had put credit risk data-consolidation efforts on hold after the merger of the previous Bendigo Bank and Adelaide Bank in November 2007. It took several years before the merged organisations were ready to revisit shelved credit risk data consolidation projects, with data analytics positioned as a key capability.

The bank's overriding goal was to enable a shift from the Basel II-compliant standardised approach of risk management (including credit risk, operational risk and interest rate risk) to the more complex advanced measurement approach (AMA).

“Our ability as we grow to be able to harness the information, turning raw data into information – and using that for decision making purposes and management of risk at a more portfolio and group level – is fairly important,” head of risk analytics Taso Corolis told CSO Australia ahead of a presentation at this week's SAS Executive Forum in Melbourne.

The AMA approach is more responsive to risk and less prescriptive, and allows the use of an internal ratings-based (IRB) approach in managing the amount of capital that must be balanced against institutional risk at any given time. AMA also requires stronger and more regular involvement of senior executives.

To build the IRB framework, more than a year ago the bank kicked off a partnership with analytics technology provider SAS, with technology and business experts embedded within BAB's offices and a project team charged with bringing the project to fruition.

“We had roughly 4 million customer records, spanning multiple systems, Corolis said. “We needed to bring the whole group data into the one structure, to have confidence that the data that we deployed would allow us to run our models flexibly and give us the ability to respond to the business.”

The bank's IRB approach is based on the use of around 35 different credit models, run monthly against every live account in the bank. New portfolios are being added on a regular basis, with an internal target aiming to have at least 90 percent of all the bank's data available to the systems.

“Data was absolutely imperative,” Corolis said. “It was the foundation piece for everything else. Yet the focus wasn't on delivering a solution; it was on what we were trying to achieve.”

This differentiation not only laid the groundwork for compliance with the AMA approach, but promised improvements to customer service as the bank would be able to become more responsive to customer requirements and changing market conditions.

Information security was critical to the project, involving as it did the centralisation of such a massive amount of information. “Our move to AMA framed some of the governance and accountability requirements,” Corolis said, “because at some point we're going to have to convince external parties around the purity of the process.”

To ensure that security frameworks were both robust and business-relevant, the project team not only leveraged the bank's internal security expertise but ensured that technology leaders had high visibility at the board level. For example, the head of technology sits on the bank's steering committee.

“We had strong representation from the technology services team to make sure the security outcomes and objectives were maintained,” Corolis said.

“We've worked with them to make sure that what we did didn't dilute security – not only because we are a regulated bank, but because having a clear bond with our customers means we don't want to compromise security in any shape or form.”

Indeed, while the analytics project has played an important role in improving the bank's IRB capabilities, its longer-term benefits will be measured in terms of improved customer service.

Since the project went live last October, the project team has worked closely with BAB's Customer Voice division to “make sure that we share our information and ultimately add better value to the discussions we have with customers,” Corolis said.

“We work closely to make sure we share our information, and ultimately add better value in the discussions we have with customers to better match their goals and aspirations.”

Tags risk-managementinformation-securityCSO AustraliaTaso CorolisBABBendigo Adelaide Bank

Show Comments