Mixing it up: Fifth Third Bank has followed a mixed policy of centralized and decentralized approaches to operational risk that lets the risk manager of each business line implement the standards and processes shaped at the home office in Ohio

Risk & Insurance, June, 2005 by Paula L. Green

RELATED ARTICLE: Vendors face consolidation musical chairs.

The number of operational risk vendors selling software to the largest commercial banks will shrink from about two dozen to less than 10 in the next three or four years says a consultant.

"There will be more and more pressure over the coming few years for (commercial banking) organizations to develop operational risk management approaches and in doing so to implement systems to support that," says Edward Niestat, a partner with PA Consulting Group, a systems technology consulting firm. "As they start making their choices, there's a game of musical chairs. There'll be less and less room for some of the outsiders."

Well-established systems include Comit Gruppe, Fitch, SAS and Algorithmics, which was recently acquired.

Though some of these firms have been in the operational risk management software marketplace for several years, none has been able to capture a dominant share of the marketplace, and that means opportunity for startups. "Right now the penetration is so low that there's a very low barrier for a new startup coming in," says Niestat. "But we'll see as some of these players start capturing 10 percent or 20 percent of the marketplace it becomes harder and harder for a new entrant to think that it can capture that."

New risk-based capital allocation requirements for banks also mean that banking institutions will place their bets by choosing one software system over another.

Asked if some banks have shown any predilection toward one software vendor over another, Niestat said: "Not yet. I'd say there are a few players--FitchRisk, Algorhythmics, RAFT Radar and Centerprise that seem to be relatively preferred but none so highly that you would say they are becoming anything like a standard."

The price of many of the operational risk software packages, based on the dominant Windows-Intel operating system-hardware platform, run into the hundreds of thousands of dollars. Choosing and installing a software package amounts to an expensive proposition for the banks, particularly the larger ones.

"Make sure the hidden costs are fleshed out before installation," says Rachel M. Floars, senior vice president of liability risk management for North Carolina-based BB&T Corp.

Tim Elliott, first vice president of operational risk at Detroit-based Comerica Bank, says it's often difficult to describe what operational risk managers need from their software. "It's very hard for a vendor to do something you can't describe," he says.

Vendors are competing for the business of the nation's largest banking institutions--San Francisco-based Wells Fargo & Co. or Charlotte-based Wachovia, for example--who need the most advanced risk measurement tools available to meet the strictest compliance codes.

Many regional banks, however, which are not required to meet such strict compliance standards, are also looking for cheaper, simpler software tools to help them manage risk.

--Cyril Tuohy

PAULA L. GREEN, a staff writer with a New York-based finance magazine, is a frequent contributor to Risk & Insurance[R]. She can be reached at riskletters@lrp.com.