A Good Crisis – Analytics, Regulation and Resilience – Alba x Quantifi Whitepaper
Authors
- Jack Goss, Director, Professional Services
Jack is responsible for Professional Services and oversees all client related activity including implementations, product customizations and pre and post sales support. After graduating from economics at Cambridge, Jack started work for Henderson Global Investors as an Investment Analyst after which he moved to Rail-Pen as an Investment Manager. Jack then transitioned to Imagine Software where he was Head of Consulting (EMEA) and specialized in quantitative implementations. Jack holds numerous financial qualifications including a master’s degree in quantitative finance from CASS business school.
- Jeff Simmons, Senior Advisor, Alba Partners
Jeff is an accomplished leader with over 25 years of expertise in managing crisis situations and mitigating organisational risks, having held pivotal roles such Chief Risk Officer at MUFG and Head of Risk Capital Management at the Royal Bank of Scotland. He excels in designing and implementing comprehensive risk management frameworks that safeguard assets and reputation during critical times. With a strong track record of navigating complex regulatory landscapes, Jeff has developed and executed strategies that ensure business continuity and resilience. His proven ability to lead through uncertainty, coupled with a focus on aligning risk strategies with corporate objectives, has enabled him to successfully drive organisational stability and long-term success.
Introduction: Characteristics of Crisis
A crisis, by definition, is never “good.” However, in Financial Services, we often prefer crises where we can retain a significant degree of control. We say “significant” because crises, by their very nature, inherently involve elements of unpredictability and require a degree of flexibility in our responses.
While no two crises are identical, there are recurring patterns and characteristics that provide valuable insights. These similarities, both in the nature of the crises themselves and in the ways we respond to them, merit discussion. This whitepaper aims to first outline the principal characteristics of a crisis and then examine typical responses. We will explore how these responses might be refined to address crises in a more structured and effective manner.
Crises demand quick decisions, which require smart people across teams to operate on information they trust. This information is often a blend of raw data and analytics, both of which must be accurate, timely, and actionable. The role of analytics, in particular, is crucial. It transforms disparate data points into insights, enabling decision-makers to navigate uncertainty with greater confidence and agility. Without reliable analytics, the margin for error increases significantly, amplifying the potential impact of the crisis.
To fully understand how crises—and the corresponding responses—have evolved, we must first identify the key characteristics that define them. These characteristics serve as the foundation for our analysis.
It is important to note that a “crisis event” is not always easily quantifiable. What constitutes a crisis in one area may be viewed as an opportunity elsewhere. From a complexity perspective, crises do not always result in zero- sum outcomes. This nuanced nature requires careful consideration, beginning with a clear definition.
A crisis is commonly defined as “a time of great danger, difficulty, or doubt when problems must be solved, or important decisions must be made.” In this whitepaper, we will unpack this definition from a Financial Services perspective, delving into its core elements to better understand the challenges and opportunities inherent in managing crises.
Time
The first characteristic is that of time. In a crisis, time has three very important influences on the severity and outcome of a crisis.
1. The speed at which it happens or is identified
Some crises are “slow burn,” others may happen in an instant. It may be that the signals of the impending crisis have been well telegraphed (a Gray Rhino event), but appropriate action was not taken. The invasion of Ukraine by Russian forces can be thought of as well telegraphed, but it still took the world by surprise. COVID, however, impacted the globe over the course of just a few weeks.
2. The duration of the event
How long, for example, does the crisis last, if in fact, it has an end at all? How long does it take for the aftermath of the crisis and the actions taken as a consequence to become part of “normal”? The Global Financial Crisis (GFC) took some months to play out as new and complex information came to light and multiple decisions were required. COVID, in contrast, though it lasted almost two years, had limited impact once operations and living patterns adjusted within the first few weeks of its emergence.
3. The time frame in which decisions are required
In some cases, there is a requirement for almost instant decision-making (the flash crash, 9/11, Enron, etc.), while in other cases, there is in fact the “luxury” of time where analysis and collective decision-making can be performed (UBS/Credit Suisse, for example).
How long, for example, does the crisis last, if in fact, it has an end at all? How long does it take for the aftermath of the crisis and the actions taken as a consequence to become part of “normal”?
Threat
The second element is that of danger; we read this as impact in Financial Services. At the core are, again, three different characteristics of “a threat” to a Financial Services company. Please note that these are NOT in priority order, but we will let the reader make their own conclusions as to the order organisations will tackle a crisis as it arises.
The threat to the organisation or its shareholders
Here we have an event that may or may not be specific to the organisation but can, through its impact, have significant consequences on that organisation. Archegos is a good example, where, though several Financial Services entities were involved, some were impacted more than others depending on the scale of their exposure. Others are indeed very specific to an organisation: BNP Paribas and Barings had localised Front Office “issues” which impacted them significantly, both from a financial and reputational perspective (let’s leave Regulatory sanctions out of this for the minute). Essentially, this is where the organisation’s “survival mode” really needs to kick into action.
The threat to its customers
Again, if we put aside any Regulatory protection that a consumer may or may not have, it is the responsibility of the organisation to ensure that its clients/customers receive the appropriate level of service. Recent IT outages are good examples where, though not directly the fault of the Financial Services organisation, it is their responsibility to ensure that mortgages settle as appropriate, salaries are paid on time, and cash is available through ATM machines.
The threat to the wider ecosystem, be that financial, geopolitical, or environmental
Here, we also have Regulatory oversight, given the Regulators’ role in financial and consumer protection. Regulatory sanctions play a large part in the “danger” element regarding this aspect of a crisis. The Ukraine invasion, the Greece EURO Crisis, etc., may have little impact on an organisation or the bulk of its customers, but the sanction dimension has to be rapidly incorporated into an organisation’s compliance framework. Climate risk is another good example where an organisation and its customers may elect to take action to mitigate a “crisis,” with the Regulator also playing a part.
Decision-making Process
The third element is that of the decision-making process and the framework that is required to support those decisions. We have spoken above about the time aspects of a crisis as well as the impacted parties; here, both elements come together to influence the magnitude of the decisions required. What is clear though, is that the key components of any decision are:
- There is always a common theme when it comes to decision-making in a crisis, and that is time constraints. Invariably, decisions must be taken within short time frames and could have large and significant impacts.
- Decisions taken in short time scales need good accurate and reliable analytics to support them. It is imperative that the analytics comes to the decision-makers in an appropriately summarised and “information- based” form. All resources, both system and human, are focused on this output, and decision-makers must be in a position where they can trust both the analytics and the underlying data used to create them. These decision-makers cannot, nor should they be, put in a position where they are receiving different or conflicting information. The most common cause of which is differing methodologies across disparate systems.
- The Response team is typically planned out in great detail; however, in the evolving world of crisis development, the war room composition changes. The events surrounding the UBS/Credit Suisse situation are a good example. What started off as a liquidity crisis in Credit Suisse quickly developed into a fast- moving merger/integration “crisis.” The response team had to change to reflect the fast pace of required decision-making, and its composition had to lie somewhere between a crisis management team and a team developed for mergers and acquisitions. There were, of course, numerous examples of this during the GFC and the Japanese Banking crisis.
Obviously, crises differ in the detail, with each one having its specific drivers, risks, impacts, and speed, but by simplifying them down into what are standard characteristics, it may enable organisations to be better prepared at the foundational level rather than at the reactive dimension.
Obviously, crises differ in the detail, with each one having its specific drivers, risks, impacts, and speed, but by simplifying them down into what are standard characteristics, it may enable organisations to be better prepared at the foundational level rather than at the reactive dimension. We will discuss the Regulatory perspective later in this paper; however, we know that in recent publications by the Global Regulators, there has been a particular focus on Operational Resilience and the ability for organisations to not only react to incidents but also ensure that they can withstand incidents. Resilience-related incidents are obviously significant given their potential impacts, but crises are not limited to just IBS-impacted ones.
Trusted analytics
Crisis resolution is distinct from most aspects of risk management in finance, where the focus is on risk appetite setting, risk detection, risk mitigation, and satisfying regulatory requirements. Typically, financial institutions emphasise proactive measures to manage and mitigate risks within acceptable levels and ensure compliance with regulations.
However, during a crisis, the approach shifts dramatically from prevention and regulation to immediate resolution and damage control. At the onset of a crisis, operations move into a ‘war room’ setting, which, in modern times, might be virtual. In this critical phase, the structured three-line defence model often collapses into a more dynamic and flexible huddle of key personnel tasked with crisis resolution.
Within the war room, the need for analytics undergoes a pronounced transformation compared to normal periods. During stable times, analytics often focuses on long-term trends, detailed forecasts, and comprehensive risk assessments, facilitating thorough and deliberate decision-making. The complexity of models and depth of analysis are prioritised to optimise performance and anticipate future opportunities.
In contrast, during a financial crisis, the urgency for immediate, reliable data increases dramatically. Decision- makers require rapid access to accurate information to navigate volatile markets and make quick, informed decisions. The emphasis shifts from extensive, detailed analysis to more straightforward, high-frequency data points that provide real-time insights. Trust in the data becomes crucial, as flawed or delayed information can lead to significant losses or missed opportunities. Consequently, the complexity of analytics is often reduced in favour of clarity and speed, enabling leaders to respond swiftly and effectively to the rapidly changing financial landscape.
This simplicity is often surprisingly difficult to achieve. To illustrate this, consider the following examples:
- In a credit crisis, it is vital to have a clear understanding of current exposure to a troubled counterparty. While this understanding should have no ambiguity since there are no estimated parameters, it requires the ability to aggregate exposures from a wide variety of sources, including direct investments such as bonds, indirect investments via indices, and counterparty derivative contracts.
- In a liquidity crisis, it is essential to have a short-term projection of cash flow, which necessitates a real-time, multi-currency understanding of cash projections and the trade life cycle.
To build trust in any methodology or analytic takes time which is not available in a crisis. Financial institutions routinely employ advanced analytics, such as Monte Carlo simulations, scenario analysis, stress testing, and “what-if” analysis as part of their business-as-usual processes. These tools are essential for ongoing risk management, enabling organisations to assess potential vulnerabilities and make informed decisions under normal conditions. The continuous use of these methodologies in everyday operations helps institutions build a deep familiarity and trust in their analytic frameworks.
This trust can only be built through both a broad and detailed understanding. Broad, in the sense that everyone included in the war room, needs to grasp the fundamentals of the analytics being used. Detailed, in the sense that it is crucial to know exactly how the analytics react under stressed conditions and having a plan for if those conditions were breached. This detailed analysis needs creativity in imagining the possible as it is often more extreme than was previously imagined – negative oil future prices being a good example.
In essence, the seamless transition from routine risk management to crisis response is enabled by the prior integration of these advanced analytics into the organisation’s daily operations, ensuring that leaders can act decisively when a crisis hits.
How will AI change the preparation of crisis?
It is intriguing to consider whether the introduction of Artificial Intelligence (AI) will alter the situation described above. We believe this is unlikely. In the case of systemically important institutions, decision-making is likely to remain in human hands for the foreseeable future. Consequently, it is essential that humans trust the analytics used in these decisions. For a human to trust these analytics, they must have confidence that, given the time, they could independently reconstruct the analytical processes involved.
Ultimately, while AI may not replace human decision-makers, it can significantly support and enhance the quality of the data and analytics on which those decisions are based.
Nevertheless, AI can play a significant role in other areas. Specifically, AI can be utilised for pre-emptive data cleansing, ensuring that the data used for analytics is accurate and reliable before any crisis occurs. Additionally, AI can assist in identifying and mitigating potential data biases, thereby enhancing the overall integrity of the decision-making process. Ultimately, while AI may not replace human decision-makers, it can significantly support and enhance the quality of the data and analytics on which those decisions are based.
Where are the regulators on all of this?
Now, let us consider where the Regulators have been during these crises because what we do know is that they have not been taking a back seat, rather the opposite.
The Regulators (globally) have identified some of the key aspects of crisis management and have increased their regulatory demands and expectations in those areas.
The key area where they have identified weaknesses is that of data. Largely stemming from the relative chaos that was GFC, they started an initiative to ensure that data used to mitigate the impact of crises was of a good enough quality to make the right decisions. They required organisations to ensure that their data satisfied three main criteria:
- There was a robust governance framework around the architecture and infrastructure implemented to capture and store the data, including defined roles and responsibilities at the departmental and committee levels.
- There should be a documentation framework surrounding the data, including data dictionaries, process descriptions, and data lineage.
- All of the data should be controlled by a data quality management framework that includes Data Quality Indicators, Data control plans, and appropriate MI to support the analysis of data and data quality.
The resultant regulation, BCBS 239, attempted to encapsulate all of these characteristics in 11 principles to be adopted in January 2016. As of 2024, many banks in the UK are still facing difficulties in fully implementing the BCBS 239 principles. Common challenges include outdated IT systems, insufficient prioritisation by senior management, and limited resources allocated to improving risk data aggregation and reporting capabilities. Despite ongoing efforts, these issues have slowed progress, making full compliance difficult for most institutions.
The Regulators also saw the value in ensuring that organisations were prepared for the next crisis. We saw a wave of stress tests descend upon the financial services sector, starting with the CCAR and quickly spreading around the globe with the ECB, BOE, HKMA, etc. They were all designed to highlight potential vulnerabilities in capital structures and capital resilience when subjected to shocks. Stress testing spawned a whole industry within the sector, with significant investment being made in technology, data, and modelling capabilities. The main change, though, that stress testing brought to the sector was awareness by senior management of their vulnerabilities and, therefore, the proactive development of mitigation strategies. There was also, of course, the main driver of fear that they would be highlighted on the front pages of the financial press as having “failed” the stress.
The theme of stress testing continued, making its way into the insurance sector and recently through the Operational Resilience lens. The key objective is the same though in principle, and that is to ensure that organisations are prepared for a range of plausible scenarios that can stretch their weaknesses.
Adherence to the stress testing requirements for those impacted organisations has been strict and complete, with the reality being that the regulators have requested them to run the scenarios. The scenarios are largely prescriptive, so differing interpretations across the sector are limited. Notable among the prescriptive nature is that of the constant versus evolving balance sheet. No matter what your opinion, the regulator sets the rules, and they must be followed. Debates over the impacts of drawdowns, revolving credit facilities, and credit migration tended to be simplified in the published methodologies.
We must ask ourselves, though, what of those institutions that were not required to perform the stress tests? In 2023, for example, a total of 57 Euro area banks under direct ECB supervision were included in the EBA sample. Some may have been excluded due to participation in other exercises, but this still left a large number who would either run the stresses voluntarily or, most likely, not at all given the technical and organisational costs.
Another positive aspect of the stress testing frameworks required by the regulators is that of “war room” style testing, especially around Liquidity and Operational Resilience. This has enabled organisations to fine-tune their plans, create their governance, and run them through “real-world” situations.
This leads us to the next steps in regulatory preparation regarding crisis management, and that is the impacts on the Second/Third tier organisations and the Non-Banking Financial Institutions (NBFI). From a systematic basis, they may not play a material part in the overall financial stability of a regime, but they would, of course, have their own crises or be swept up in other more widespread crises. The onus on them is obviously not as stringent as for some of the G-SIFIs, but they still have shareholders, staff, and customers to protect. The regulators are now starting to turn their attention to this next category of organisation. They have an advantage here in that they can leverage the work done by those organisations before them, perhaps relying on systems, methodologies, and data which are now available. A number of the issues experienced in the “early days” of stress testing and scenario analysis have now been resolved by vendors and data providers. SME assistance is readily available through change and transformation specialists; these same SMEs now have significant experience in Operating Models and Stress Testing frameworks. It is possible now for organisations to go from “not a lot” to “we are prepared” very quickly using this wealth of knowledge and systems capability. The disadvantage, though, is that there is a cost. It may be less expensive than 10 years ago, but it is a cost, nonetheless.
Conclusion
As regulators continue to raise the bar, organisations must focus not just on compliance but on developing operational resilience that goes beyond regulatory demands. Stress testing and scenario analysis are crucial tools that enable institutions to anticipate crises and respond effectively.
Ultimately, while crises will continue to evolve in nature and scope, institutions that invest in resilient systems, trusted analytics, and tried and testing decision-making processes will be better positioned to weather future disruptions. Effective crisis management is not just about reacting to events but about building the capacity to withstand and emerge stronger from them. Building trust in analytics and ensuring that decision-makers have reliable, real-time information are essential steps in crisis resolution.
Effective crisis management is not just about reacting to events but about building the capacity to withstand and emerge stronger from them. Building trust in analytics and ensuring that decision-makers have reliable, real-time information are essential steps in crisis resolution.
About Alba Partners
Alba Partners is a boutique consultancy specialising in change and transformation. With expertise spanning Financial Services and beyond, our proven track record in delivering high-impact projects for leading institutions sets us apart.
Founded in 2020, Alba Partners blends the agility and personalised service of a boutique team with the expertise and experience of top-tier consultancy. Our Financial Services practice has supported clients in navigating some of the industry’s most complex challenges across the trade lifecycle, including Dodd-Frank, MiFID II, Brexit, IBOR Transition, Operational Resilience, and Basel III. Additionally, we have successfully managed numerous mergers, acquisitions, exits, and divestments.
Headquartered in Edinburgh with key offices in London, Riyadh, Dubai, and Abu Dhabi, Alba Partners serves clients across Europe, the Middle East, and beyond. Our collaborative and flexible approach ensures that we deliver tailored solutions, aligning with each client’s unique requirements and goals.
albapartners.co.uk
About Quantifi
Quantifi is a provider of risk, analytics and trading solutions. Our award-winning suite of integrated pre and post-trade solutions allow market participants to better value, trade and risk manage their exposures and respond more effectively to changing market conditions.
Founded in 2002, Quantifi is trusted by the world’s most sophisticated financial institutions including five of the six largest global banks, two of the three largest asset managers, leading hedge funds, insurance companies, pension funds and other institutions across 40 countries.
London +44 (0) 20 7248 3593
New York +1 (212) 784-6815
New Jersey +1 (908) 273-9455
Sydney +61 (02) 9221 0133