ibm risk framework

December 2009

Integrated Risk Management for Financial Institutions


Executive summary

There is a logical roadmap for implementing state of the art risk management, the steps

being: 1) co-locating information pertinent to risk from diverse internal & external, real-time

and non real-time, and structured and unstructured information sources for risk analysis;

2) linking the information from these diverse sources for better risk insight and presenting

this insight to the stakeholders in risk information; 3)leveraging the risk insights in

optimization of business objectives; 4) developing robust models for risk that continuously

adapt to the changing nature of risk; and 5) ability to analyze risk information and respond

to risk events in real time.

Most financial organizations have a highly fragmented approach to risk management

where different business functions such as finance, operations and risk management have

their independent efforts to manage risk, the different lines of businesses like consumer/

commercial lending, credit cards, deposits (savings, current, etc.) have their own independent

efforts to mange risk, and each type of risk such as insider fraud, credit risk or market risk is

handled independently in isolation. This fragmented and duplicative effort results in higher

cost and poorer quality of risk analysis.

The integrated risk management approach presented in this paper addresses the disadvantages

of fragmented implementation by creating a common platform based on proven IBM

hardware and software offerings. This common platform is capable of provisioning data

pertinent to risk analysis, integrating risk assessments in business processes to create the

intended business advantage, and disseminating risk assessments to the various stakeholders

in the organization. It creates common investments in technologies for real-time risk

management, high speed event analytics and advanced text analytics to gather risk informa-

tion from unstructured information sources. The industry data models for banking provide

a common business vocabulary to facilitate the integration of various middleware and

application components.

In this paper we first describe a common framework for supporting the various types of

credit, market and operational risks. Then we go into details of asset-liability management,

regulatory (compliance) risk, operational risks stemming from identity management and

access control. We also cover the technologies needed to support real-time risk detection

and mitigation.

Significant additional cost savings can be achieved by automating the risk management

lifecycle of developing, deploying and operating individual risk solutions. The quality of the

results produced by these risk solutions improves through automation of the tasks traditionally

Contents

2 Executivesummary

3 Differentkindsofrisks

5 Stagesofmaturityinrisk

management

7 Integratedriskmanagement

14 Implementinganintegratedrisk

managementsolution

19 Specificrisksolutions

32 Keyproducts

34 Automatingtheriskmanagement

lifecycle

39 Furtherinformation


performed by the data architects and database software developers to provision the data for

the risk solutions, and automation and simplification of the coordination/orchestration of

the several concurrent data movement and risk calculation processes in a risk solution.

1. Different kinds of risks

As recent events have demonstrated, a financial organization’s competitive advantage

depends heavily on its ability to handle various types of risks, especially in turbulent

economic times. Risks faced by an organization are of many different kinds. Some of

the key types of risk of concern to financial institutions are shown below in figure 1. At

a high level, the risks divide broadly into two categories, financial and non-financial.

Financial risk, as the name suggests, impacts the organizations ability to meet its financial

performance indicators such as capital reserve requirements, revenue streams from its

assets (loan instruments) and expenses from its liabilities (deposits). Credit risk in simple

terms arises from the defaults in payments by the banks debtors while market risk arises

from the fluctuations in revenue and expense streams because of changes in interest rates

associated with the income/expense streams, or fluctuations in the value of the financial

instruments on its books such as stocks, bonds, options and swaps.

Financial risks are not unique to banks or financial institutions. Non financial institutions

invariably extend credit on large machinery, or accept payment in terms of future income

stream from large projects. Hence they are subject to credit risk arising from the defaults in

payments. Business risks are not very well defined; however, two important and somewhat

interrelated categories are counterparty risk and systemic risk. Counterparty risk arises

primarily from the inability of market makers who create complex financial products

like derivatives and swaps, to cover their obligations during adverse market conditions.

Systemic risk deals with the instability in the over all financial system, as opposed to

defaults of individual actors. Two threads of systemic risk are widespread liquidity crisis,

when the market is unable to absorb assets priced at fair value due to adverse market

conditions, and widespread solvency crisis posed by deteriorating demand for financial

products (run on the bank, or all mortgages being prepaid).

‘It’snotthebiggest,thebrightest,or

thebestthatwillsurvive,butthose

whoadaptthequickest’

Charles Darwin.


Non-financial risk is broadly everything except financial risk, but we focus on two

categories, operational risk and regulatory risk. While in this paper we do not dwell on the

risks posed by conditions outside the control of individual business such as political

upheavals like revolutions and wars, extreme weather like massive floods and draughts,

pandemics, etc., prudent enterprises will be able to model and better forecast the

probabilities of these risks, and be better prepared to react to them.

Operational risk is defined in Basel II as risk of loss resulting from inadequate or failed

internal processes, people and systems or from external events. (External events are

political, weather, or pandemic etc.). This definition includes legal risk, but excludes

strategic and reputation risk. Our primary focus here would be addressing the gaps in

IT systems and applications that are exploited by customers and adversaries external to

the organization, as well as rogue employees to perpetuate fraud. We also cover the legal

and reputational risks arising from data theft or loss, or breach in information privacy.

Regulatory risk arises from non-compliance with internal governance and government

regulations, i.e., from failure to audit the actions to comply with the regulations, report

the results, and remediate gaps in compliance. Regulatory risk covers both financial and

operational risk and hence we deal with it separately.


2. Stages of maturity in risk management

Not all financial institutions are equally deft at managing risk. Their ability to manage

risk varies by their size, geography, sophistication in leveraging IT, and business strategy.

However, the following is a logical progression for most organizations for implementing

risk solutions.

• Easyaccesstoinformationpertinenttoriskassessment:The information pertinent

to risk exposure is often distributed across organizational boundaries, locked into

application specific formats and database schemas (physical schema designs) opaque

to a risk analyst. The first step most organizations take in implementing effective risk

management solutions is to create a centrally managed repository of trusted information

accessible to risk analysts. This includes correlation of information gathered from the

multiple internal and external sources to generate actionable insights. In this process

enterprise models for risk data at business, logical, and physical levels are defined to

simplify access to risk information and its analysis.

• Enterprisewideviewofrisk–Riskinsight: The trusted risk information above

becomes the foundation for developing an integrated enterprise wide view of risk

focused on the presentation layer to generate the relevant reports and dashboards for

the risk and finance executives and more granular reports for business analysts who

use the risk information for transactional decisions and portfolio management. This

further involves:

a. Definition of the relevant KPIs/KRIs for risks, particularly for the non-

traditional risks, for capital and finance groups such as relationship managers,

line of business executives, system owners, operation heads etc.

b. Simple ‘consolidation’ models for generating the above KPI/KRIs by aggregating

the trusted risk information. Rules of aggregation are often very complex.

c. Capturing risk information from internal sources in real time for intra-day

assessment of risk postures.


• Riskoptimizationandcontrol: Risk optimization and control refers to the enterprise’s

ability to exploit its understanding of its risk posture to maximize revenue and profit.

For this, analytics has to be integrated in strategic decisions in finance, business

modelling and planning, and strategy- execution alignment. Analytics also has

to be integrated into operational processes such as capital allocation for minimum

capital requirements. Analytics at the granular level is integrated with decisions at the

transactional level such as loan or credit approval, increasing credit limits, stopping or

flagging fraudulent financial transactions on credit cards, or money laundering efforts.

• Riskmodelingandscenarioanalysis:In risk insight, the collection of the right

subset of data from a diversity of sources, establishment of linkages across it, and ‘some

analysis’ performed on the aggregated data generates the risk information needed at the

decision points in risk control processes. In risk modeling, predictive and descriptive

analytics, that is regression approaches and data mining, are deployed to develop:

a. The analyses performed in the risk insight step to assess financial risk (credit,

market, counterparty, liquidity, and/or interest rate risk) and operational risk.

b. Models that predict outcome of various risk mitigation actions on the risk

posture of the enterprise thereby enabling the selection of optimal action.

c. Additional models or extensions to existing models to understand the

consequences of improbable events (stress tests required by regulatory

authorities). Computational environments separate from those used for

regular business are provisioned to execute the improbable scenarios.

d. Validation of the models with bank’s test data to address unique aspects of the

customer set or portfolio, and to continuously/periodically assess the adequacy

of the model.

The rationale for assigning higher maturity level to risk modeling is that these models

need not be developed in-house. They can be obtained from ISVs, particularly in case

of small and medium financial institutions.


• Real-timeriskinsightandcontrol:There are many areas of opportunity in real-time

risk controls. Blocking fraudulent monetary transactions such as credit card payments

and responding to movements in capital markets at sub millisecond latencies are

quoted often. However the most promising opportunities come from the ability to

analyze unstructured information being received from news wire and other sources and

factoring it in the decision processes. In addition to performing risk calculations and

acting on the results in real time, the models used for these risk calculations can be

tuned in real time using improved estimates of the macroeconomic indicators that are

typically the key parameters of the risk models.

3. Integrated risk management

IBM’s Integrated Risk Management approach offers four key capabilities shown in figure

2 below which support the first four stages of maturity discussed above. Real-time risk

insight and control, real-time analytics, is discussed separately in section 5.2.

• Aggregationofdatafromdiversesourcestoaddressthefirststageofmaturity. Most of the sources will be the various database systems used in daily operations.

However, data is also sourced from external sources such as watch list publishers or

rating agencies. It could be in unstructured format, examples being financial reports or

regulatory filings, and some data like market feeds may require real-time processing.

Results of risk analyses are only as good as the completeness & accuracy of data they

are based on. Hence, discovery, aggregation, and enrichment of this data by linking

data across various sources is an important capability of the risk management approach.


• Resultsofanalysisarevaluableonlytotheextenttheycanbeleveragedtofurtherbusinessobjectives.Typically the analysis results are used in the following

three ways:

a. By decision makers for planning and governance. To support the second stage

of maturity, BI tools like Cognos facilitate the consumption of analysis results

through easily configurable dashboards, scorecards and reports. Cognos has a

wide range of industry specific blue prints to accelerate the deployment of the

planning/governance capabilities.

b. B y knowledge workers in workflow mediated processes such as remediation of

risk exposure through appropriate portfolio adjustments. This and 2c below

address the third stage of maturity.

c. Through direct use in automated business processes, for example authorization

of credit or approval of a loan based on credit rating.

• Financialriskandanalyticsishighlydiverse.There is a wide variety of financial instruments and a variety of risks associated with each. Deep specialized domain knowledge is required to manage each type of risk for each of these financial instruments. Aggregation of the risks across instruments and risk types based on the correlations in risk across them is also a sophisticated analysis. To address the fourth stage of maturity, which in turn supports the second stage, IBM’s approach is to enable a wide variety of risk calculators and a whole variety of applications for pricing of financial instruments to operate cohesively in a single solution environment as shown in figure 3. The solution environment also provides feedback loop to monitor the validity of the risk

models as the economic/business environment changes.

• Current implementations of risk solutions involve integration of all of the above

capabilities individually for each customer in a traditional manner involving significant

programming to provision the right data and integrate the results of the analytics back

into business. IBM Research & Development Labs are working on advanced solutions to

automate much of this traditional upfront work in deploying the financial risk solutions.


In most financial institutions, risk is managed across following three dimensions. The

first dimension is the business function. The three key business functions are Financial

Optimization, Business Assurance and Exposure Control, managed by the CFO, COO

and CRO respectively. Broadly, while the CRO is interested in quantifying risk per say,

COO is concerned about its consequences on business operations, and CFO about the

consequences of risk on financial operations. The second dimension is the risk type,

i.e., financial risk, operational risk and regulatory compliance, which are managed by

different set of experts in respective risk types. Finally, the third dimension for segmenting

risk solutions is lines of business (LOBs) for financial risk. The above landscape for risk

management has led to a proliferation of risk solutions in financial institutions. The LOBs

or business functions have often implemented different solutions for the same type of

risk, either because of independent choices made at different point in time, or because

these solutions are specialized for a particular aspect of risk within the risk types listed

earlier. The plurality of risk solutions for each risk type causes unjustifiable expense,

and has not been effectively leveraged to improve the quality of risk assessments.

Consolidation of information provisioning for risk management

As the right side of figure 3 suggests, significant amount of the duplicated effort can be

eliminated if we break up each risk solution into its data provisioning, risk analysis, and

report dissemination parts, and re-aggregate all the data provisioning pieces and report

creation and dissemination pieces separately into a single data provisioning and report


generation framework. All data feeds get aggregated into the risk information warehouse

using the IBM banking industry data models and information integration middleware.

From the warehouse information can be easily provisioned for the ISVs, or the in-house

risk solutions, and to the aggregation functions for reports and dashboards. This approach

has been successfully implemented by IBM in several customer environments. As the

right side of figure 3 suggests, in an integrated risk implementation additional savings

are accrued by eliminating the risk solutions that are truly duplicative and retaining the

ones that work well on particular metrics or a particular scenario, even if it is duplicative

within a risk type.

In the independent risk solution approach on the left hand side of figure 3, quality of risk

assessment suffers because each business function or LOB is using its own risk analysis

in isolation and not leveraging the risk analysis solutions available in other LOBs or

business functions, which may work better for some risk metrics or in some scenarios.

The integrated risk management approach shown on the right hand side of figure 3

provides an effective way to apply multiple risk assessment algorithms and aggregate

their results. If the financial institution is using in-house risk models, they can benefit by

leveraging data in the risk information warehouse which has been provisioned for other

risk solutions.


The integrated risk solution outlined in figure 3 also makes it easier to get the information pertinent to an enterprise wide view of risk as data from all LOBs is consolidated in the risk information warehouse and aggregated in route to reports and dashboards. The aggregation is far more complex than simple sums, as it could involve complex regulatory rules like applying haircuts to income streams, or require factoring in correlations, parameterized by business and economic outlook, that offset or exacerbate risks. Extensions needed to handle risk optimization and real-time assessment of risk are also

shown in Figure 4 but discussed in more detail in section 5.2.

Consolidation of risk analysis

Risk analysis happens at four different places in the solution architecture shown in figure 4,

complex high-speed event processing, analytic models, text analytics, and reporting and

KRI dashboards. Potential interactions between these four components are illustrated

in figure 5. Analysis happens at these different places because of the different kinds of

data analyzed (structured, unstructured, real-time, etc.), different nature of the analysis,

different programming model deployed in the analysis, and the different performance and

response time requirements for the analysis. .

Predictive/descriptiveAnalytics:As shown in figure 5, the ‘Predictive/Descriptive

Analytics’ subsystem has the high complexity analytics. It has a base layer of industry

neutral and domain neutral analytic capabilities such as ILOG business rules engine,

Identity Insight entity analytics, statistical packages like SPSS, and core data mining

algorithms for classification, clustering, and predictive analytics and regression etc. The

base layer is used by analytics modelers to build risk, fraud or other analytic models,

validate the models on an ongoing basis or tune their parameters. Some of these models

use patterns or features detected in real time streaming data. The definitions of those

patterns or features are deployed in complex real-time analytics subsystem.

The fraud detection engines and risk calculators may be provided by IBM or an ISV or

be developed in-house by the bank using the base layer. While the analytics subsystem

can be made extremely scalable for both the data persisted in the warehouse and in

terms of the computations involved in sophisticated risk models, the event processing

approach shown in figure 6 is more appropriate for the most extreme data rates (as in

real time market feeds for all financial instruments) and sub-millisecond response times.

IBM Smart Analytics System, described in the next section is a scalable platform for high

complexity analytics. A good example of complex analytics performed in the analytics

subsystem would be projecting losses due to fraud at enterprise level, or losses due to

credit risk exposure at an enterprise level.


Real-timeAnalytics:The “Real-time Analytics” subsystem has the complex and high

speed event processing to deal with real time data, often time series data like market

feeds or sequences of transactions on an account. Analysis can be done on an instance

of that data, or a collection of instances recorded over a finite time window, with some

context information from additional data sources (reference data). Analysis typically

involves detecting a pattern or features in the events received from many sources over

a time window . The pattern or feature being sought is defined or developed in the

‘Predictive/Descriptive Models’ box in Figure 5 by the analytics modeler using traditional

data mining techniques. Because of performance and response time constraints arising

from the volume of data involved, the patterns or features to be detected are embedded

in a procedural programming language like C or Java, and hence the development of high

speed event processing capability typically requires the involvement of the IT shop and

the standard software development practices.

For extremely high performance requirements like high speed trading or insider fraud

detection, InfoSphere Streams, IBM’s stream processing platform shown in figure 6,

enables detection of complex patterns occurring in information being received from di-

verse sources at speeds that are orders of magnitude greater than that of existing systems.

In addition to the highly scalable, high performance execution environment, InfoSphere

Streams also provides a highly usable programming environment to access and manipulate

streaming information such as events from IT infrastructure or application logs, or trad-


ing activities. Streams programs can analyze the market data in real-time, and apply

analytics to identify market risk. Pre-trade compliance is one area where analytics running

on InfoSphere Streams can provide proactive indications of market risk and mitigate

undesirable trading. Another capability of InfoSphere Streams is the ability to analyze

structured and unstructured content. Sentiment analysis can be applied to real-time feeds

of news data to provide additional insight into current market conditions.

Reporting&KRIdashboards:The third location of analytics is a BI system like

Cognos. The distinguishing characteristics of these systems is their ability to take large

volumes of operational data, either from the diverse sources of data from banking

operations from different LOBs and business functions, or outputs of the models in the

analytics subsystem, for aggregation and analysis. Typically the BI systems have dashboards

for the executives of the business functions (CFO, CRO, COO) and LOBs, and reports to

disseminate the results to the larger set of knowledge workers in the organization. Rules

engines like ILOG play an important role in aggregation and disaggregation of information.

For example, aggregation of risk or disaggregations of income stream into individual

tranches of an SDO have complex rule sets. Statistical packages like SPSS also play a

key role in predicting the KRIs (Key Risk Indicators) based on past observations. XML

technologies and accompanying XBRL standards are critical for filing reports to regulatory


agencies to comply with various regulations. Entity Analytic solutions like Identity

Insight provide the ability to reconcile multiple source system representations of a single

individual into a unique entity and then assess both suspicious associations as well as the

nature of their financial activity via complex event processing.

TextAnalytics: Text analytics, the fourth location of analytics, deals with extraction of

information from documents filed as unstructured text, and the fusion of this information

with rest of the structured information. Typical steps preceding the fusion step are

discovering the entities in each document preceding the fusion step and establishing the

relationship between these entities. Entities can be people, roles and responsibilities,

corporate actions, places of work. Relationships could require composition of relationships

from different documents. Finally, relationships discovered in unstructured information

should be fused with information in structured sources to get a more complete view.

4. Implementing an integrated risk management solution

In the past, IBM’s customers invested in information technology with the goal of automating

business processes. Such automation provided savings in operational costs, better response

times and often enabled more customized or more flexible processes. Information

management products and solutions, data bases, data integration products, content

management technologies, and other software products, were designed to address the

needs of business automation. While automation focuses on executing individual business

transactions (internal or external), analytics and optimization look across all transactions,

often across different business units, to derive business insights and make optimal business

decisions. Analytics and optimization is inherently harder than automation because of

expanded magnitude of data involved, the diversity of the sources of data, existence of

data in multiple modalities (structured, unstructured, the latter being text, voice, or even

images), and greater complexity of computations performed on this data.

Optimization solutions require even a greater array of products and capabilities than

automation as highlighted in figure 7. Figure 7 is an extension of figure 3 with three new

components, text analytics, front-office enablement, and the storage/server and system

management component. Customers are finding it quite challenging to buy the above

products separately and integrate them into an analytics solution in-house, and to

integrate the analytics solution back into their existing IT environment. IBM has

responded to this requirement by developing the IBM Smart Analytics System (ISAS)

which packages the following functionality:


• AnalyticsSoftwareOptions o Cognos 8 Business Intelligence suite to deliver a complete range of business

intelligence capabilities with reporting analysis, dash-boarding and scorecards

with a single, service-oriented architecture

o Robust and scalable multidimensional analytics with InfoSphere Warehouse

Cubing Services

o InfoSphere Warehouse Text Analytics & Data Mining to unlock the value of the

text content with unstructured analytics and for data discovery, detection and

prediction on structured data

• DataWarehouseSoftware: InfoSphere Warehouse, InfoSphere Warehouse Advanced

Workload Management, and Tivoli System Automation

• Hardware/OS:IBM Power 550, IBM System Storage DS5300, AIX 6.1

The key attributes of ISAS are that it is pre-integrated with a single point of support and

it is factory tuned for analytics workloads. The hardware, system management, middleware

and analytics components integrated in ISAS are highlighted in yellow in figure 7. The

products underlying the highlighted components are listed in green lettering. Customers

and ISVs will find significant time savings in avoiding the task of integrating the

constituent pieces of ISAS in-house and configuring/tuning these pieces. Furthermore,

ISAS is scalable in terms of both capacity and function. As additional warehouse capacity is

needed for the risk analysis activity, the warehouse and underlying storage can be scaled.

As new analytic functions are needed, be it mining or predictive analytics or text analytics,

they can be added as need arises. With new regulatory requirements for financial risk

management appearing at a good sustained pace, and the unknown nature of the analytics

capability and capacity needed to comply with them, customers and ISVs will find it

convenient to start with a small but adequate ISAS footprint with easy growth at

predictable cost as need arises.


Figure 8 illustrates the additional details behind these components shown in figure 7

and figure 9 overlays the key IBM software products relevant to the risk management

framework on figure 8. An instantiation of the framework may not use all the products

illustrated in figure 9, however, the figure illustrates the breadth of the framework

capabilities. Added capabilities can be introduced in provisioning trusted information for

analysis depending on the latency, performance and other non-functional requirements.

The key ones are:

1. In memory relational database or in memory cache for risk data in relational format

that is not large but needs to be accessed at a high bandwidth

2. In memory fact and dimension tables for supporting high volumes of real-time OLAP

activity

3. Change data capture technology to keep the trusted risk information warehouse in

synch with operational data for real time applications like detection of payment frauds

where one typically wants to block the transaction in real time

4. Lineage and provenance information stored as part of operational metadata to establish

veracity of the information


The industry data models shown in figure 10 provide the data models needed to create

the trusted information for risk in the data warehouse or relational/multi-dimensional

OLAP repositories or reference data for risk management. The reference data typically

is customers and business entities, accounts, financial products and securities (traded

financial instruments). Significant details of this data are obtained from external sources

and refreshed continuously. The requirements models of business solution templates

(BSTs) provide the physical and logical schemas for multi-dimensional or relation OLAP

repositories. Physical models can be used if these repositories are being created from

scratch. Similarly, application solution templates or ASTs provide the logical and physical

schemas needed for the datamarts used by various data mining applications and the data

warehouse design models provide the same for the main data warehouse.


The industry data models also provide the glossary models that are the business level

terminology for the data described by the logical and physical models. The glossary

models help establish consistency in information across all of the risk solution components.

As shown in figure 10, in addition to helping deploy the initial instance of the risk

information repositories, the industry data models are also leveraged by data movement and

transformation tools such as IBM’s InfoSphere DataStage tools to facilitate the creation

of the ETL scripts needed to populate these risk repositories.


5. Specific risk solutions

The integrated risk management (IRM) solution approach outlined in section 4 will

enable the wide range of risk solutions identified in figures 1 and 2, as well as most of

risk categories not listed in those figure 2. In this section we select asset liability manage-

ment (ALM) as an example of financial risk, identity management and access control as

an important component of operational risk and financial fraud, and GRC (Governance,

Risk and Compliance) reporting solutions and discuss how they are enabled by the IRM

solution approach. We also discuss the capabilities for real-time data/event management

and real-time analytics that are critical for real-time risk management solutions, typically

needed in payment fraud control and risk management in capital markets.

5.1 Asset Liability Management (ALM)For retail banks, ALM has been for long at the heart of risk management. For them

financial risk is indeed a complex mix of business, liquidity, credit and market risks

that only simulation can help apprehend. Initially designed to calculate the long-term

effect on profitability and liquidity of short-term decisions, ALM solutions have evolved

significantly to become a universal decision-support tool for directors, treasurers, and

business line managers alike. Recently, the financial crisis has created a case for developing

ALM even further, making it more encompassing, more precise, and more granular.

A consequence is that ALM systems are likely to increasingly overlap with other risk

management systems, in particular:

• Funding liquidity management systems

• Treasury management systems

• Fund transfer pricing systems

• Systems for managing the interest rate and currency risks in the banking book

• Performance and Capital management systems.

It therefore highly likely that banks will revisit their ALM requirements and reconsider

the architecture to best support them. Any good ALM system comprises at least the

following functions:

• Aggregation of transactions and positions on a wide range of products, generating

risk equivalents when necessary (non-maturing products, undetermined cash-flow,

etc.);

• Projection of current positions and exposures under specific assumptions

(economic conditions, default probabilities, customer behavior, business

performance, rollover scenarios…)


• Generation of market-coherent sets of scenarios (risk-neutral valuation constraints, etc.)

• Generation of multiple projections reflecting a vector of possible scenarios

(stress testing);

• Simulation of future cash-flows and asset values for a given projection;

• For a given projection and a selection of asset-liabilities items, analysis of various

matching rules (maturity, duration, hedging ratio, etc.) and reporting of resulting

gaps;

• Generation of related accounting entries, simulation of P&L and book values,

estimation of related statistical indicators such as Earning at Risk and Economic

Value, and production of prospective financial reports.

In order to address the above requirements, the ALM solutions need mechanisms to

calculate various types of risks associated with the assets and liabilities in financial

institution’s portfolios. As illustrated in figure 11, these various types of risks have to

be netted under consistent set of assumptions/scenarios. In addition ALM systems are

expected to have some capabilities to manage investment portfolios (Held to Maturity and

Available For Sale in particular), which may involve Credit Portfolio management features.

For an investment bank, or any financial institution active in derivatives or securities

financing, the ALM system should in addition be able to incorporate some elements of

Counterparty Credit Risk.


When all the above is taken in consideration, one can imagine that an ALM system can

be as complex as one wants it to be! In order to balance usefulness, performance and

practicality, subtle trade-offs have therefore to be made. In particular, the flexibility of the

simulation engines, the granularity and comprehensiveness of the data, the sophistication

of the pricing analytics, the details in the MIS reports and the post-processing on risk

analytics shown in upper half of figure 12, have to be limited to realistic levels. Whatever the

choices made by a particular institution, it is likely that the requirements will continually

increase over time. It is therefore essential that the ALM system is built on foundations

that support future extensions, higher volumes, as well as faster and more complex

calculations. The risk management solution approach outlined in section 4 is ideal for

ALM solutions because, as illustrated in the lower half of figure 11, it allows the all

components of the ALM calculations, the different types of risks to the cash flows that

have to be netted, to be computed in one place. Furthermore, it allows the financial

institutions to define their own roadmap for implementing and evolving their ALM

solutions, incorporating the various types of risks calculations pertinent to ALM, as they

are needed, on a common investment of data foundation and reporting tools.


5.2 Real-time risk analysisReal-time risk analysis has two components. First is the capability to analyze large

amounts of data in motion and present the information in real time or set up the

necessary alerts. The second component of real-time analysis is the ability to conduct

large number of concurrent complex queries, including ‘what if’ analysis, in real-time.

Analyzingdatainmotion: This requires the data to be received, normalized, distributed

and analyzed using very high speed technology measured in micro seconds. The goal is

to be able to react to the data in real time, identifying and preventing fraudulent transactions

before they occur rather than reacting to them after the fact. The bottom half of figure 4

illustrates the components involved in analyzing information in motion. At the core of

this is Event Analytics, but there are a number of supporting systems and technologies

that contribute to the effectiveness of the analytics. These technologies are presented in

Figure 13 and are described below (Figure 13 depicts an algorithmic trading scenario).

To meet customer demand for real-time assessment of enterprise risk posture, financial

firms need connections to more venues and exchanges than ever before WebSphere

Front Office provides out-of-the-box access to dozens of direct exchanges, order books

and consolidated feed handlers and support for over 80 data feeds worldwide. Through

integration with IBM WebSphere MQ Low Latency Messaging, WebSphere Front Office

provides financial firms the ability to manage large volumes of market data while enabling

high-speed, reliable connectivity to real-time algorithmic and electronic trading platforms

at high throughput levels. The speed and throughput capabilities of Low Latency Messaging

enable the real-time detection (and reaction to) market and credit risks. Through its

features for latency monitoring, WebSphere Front Office supports Regulation National

Market System (RegNMS) in the United States for execution in equities markets and

Markets in Financial Instruments Directive (MiFID) in Europe, for execution within

all markets. solidDB is IBM’s in-memory database technology that provides high speed

access to data through its memory-based data management approach, high throughput,

high availability due to its built-in replication and failover capabilities, distributed

operation and flexible deployment. In-memory database technology provides up to ten

times the performance of traditional relational databases.


CognosNOW!At an aggregate business level the risk exposure changes constantly,

occasionally generating large exposures that can have catastrophic consequences. Active

monitoring of those exposures by risk class, trading position, asset class, customer, geo

or product enables the businesses to manage the ramifications of justifiably disconnected

risk bearing decisions. Cognos NOW offers an in memory real-time risk presentation

layer including risk dashboards, risk alerting, risk reporting and risk analysis. Part of

the Cognos Analytics and Performance Management suite, Now! supports an emerging

continuum of real-time to end of month/quarterly risk intelligence demanded by financial

markets and commercial banking businesses.

5.3 Identity Management, Access Control and financial fraud detection/preventionsIdentity management and access control are the first line of defense against insider

and external fraud perpetrated by misuse of IT infrastructure. A wide range of system

management tools are in use today to handle the first line of defense as illustrated in

Figure 14. While essential to protect the enterprise, traditional security is being hard

pressed to address those criminal elements attempting to defraud financial institutions.

A combination of malware hacking and infecting personal and corporate computers,

targeted phishing, VoIP spoofing, botnets, ATM card skimming, highly sophisticated

social engineering schemes, and other techniques are employed to bypass financial

industry security best practices. In isolation, it may be very difficult to differentiate

between a legitimate versus a fraudulent access.


As a result, banks want to detect account break-ins, social engineering or insider fraudulent

accesses even when these first lines of defenses fail. This is done by monitoring transactions

for anomalistic patterns. As illustrated in Figure 15, this second line of defense depends

heavily on leveraging customer, merchant, location and employee profiles to build their

segment definitions, as shown in upper left corner of the figure. The segment definitions

are used to further model collective activity at all access points, including the web, ATM

machines, IVR systems, call centers or employee computers, to define the envelope of

expected transactional behavior, which is used to flag outliers (middle left).

Fraudulent transactions often have precursors (footprints) in access channel and LoB

events which can be analyzed to identify incipient fraudulent activity. To be most effective,

these events need to be analyzed in real-time. There are cases where access channel

(e.g., web, IVR, ATM, etc.) and applications needs to be monitored jointly since the

evidence of fraudulent activity is insufficient when monitored independently.

Organizationally this can be challenging since the security events are typically monitored

by the IT security organization, while the fraud detection and management is traditionally

handled by the LoB. Sophisticated fraudsters recognize and exploit the gap in security/

fraud detection due to this separation of duties. The more mature financial institutions

are recognizing that they need to combine both the IT security and application fraud

detection capabilities into a single solution if they are to effectively protect their assets.


As shown in Figure 16, the ability to co-analyze access channel and application events is

one of the differentiating capabilities of IRM. Because of the speed and number of system

events, they have to be analyzed in high performance event processing engines in context

of application events in real-time leveraging the real-time capabilities discussed in section

5.2. In the past banking systems had been batch oriented. Lack of real-time detection and

patching of the security holes in the banking system did not pose a significant financial

risk. However, with the new types of payment mechanisms that result in increased cross

channels financial flows, including the acceleration of real-time payments and settlement,

the financial risks are increasing. It is possible for fraudsters to steal millions of dollars in

a matter of minutes. This increases the need for real-time fraud detection capabilities that

far go beyond the after-the-fact fraud detection and management solutions.


IBMInfoSphereIdentityInsight provides real-time fraud detection capabilities by

combining a distinguished entity resolution engine along with complex event processing.

By comparing the personal information from business transaction, the system verifies

whether the person is who they claim to be in addition to finding associations that may be

of particular interest or suspicious due to linkages to PEP, WatchList or internal banking

hot lists. The transaction data is then analyzed against all previous events for this entity to

determine if along with other activities this now qualifies as potentially fraudulent. Either

of these situations may generate an alert that should be investigated by the institutions

fraud investigation unit. The product includes a series of features (Perpetual Analytics,

Global Name Recognition, Business Rule Thresholds and Confirmation/Denial Scoring)

to ensure that false positives are minimized. Because the solution correlates both physical

attributes (name, address, SSN, etc…) along with digital attributes (cookie, email address,

etc…), it also lends easily to augmenting the Identity Management solution covered earlier

in the section.

The key financial fraud detection capabilities of identity insight solution are illustrated

in figure 17 and they are shown in context of overall fraud detection and mitigation (case

management) in figure 15. The left side of figure 14 illustrates how multiple fake identities

of Linda Sweetheart entered through different channels with different names at different

time , while initially irreconcilable, eventually get resolved into a common real identity as


the last entry shown in upper right is made. Furthermore, the figure also illustrates how

insider fraud can be detected by linking employees to suspicious customers. In general

Identity insight can discover social networks and analyze their collective transactions for

fraudulent activities like anti money laundering (AML)

5.4 ComplianceWhile compliance is a broad topic, in this section we focus on IBM’s capabilities in

facilitating compliance with regulations related to financial risk. As the Venn diagram in

at the top in figure 8 suggests, managing financial risks, financial crimes and operational

risks is an important part of regulations for financial sector. Risk postures and loss events

have to be detected, reported internally and in most cases to the regulatory bodies, and

case management or workflows to mitigate the risk or loss have to be undertaken. A fair

body of regulations also deal with collection, analysis, protection and reporting of

information, a set of activities broadly termed as Compliant Information Management.

Every piece of information has a lifecycle. Initially information is created (whether in

paper form or digital form). Then that information is developed – going through draft,

review and approval phases. At some point that information becomes less “active”

and then it may be archived or put under records or retention control. Even after that

happens, the information may become ‘active’ again. As an example, access to archived


content may be required to satisfy an eDiscovery or audit request. As some point, the

information gets deleted or explicitly archived. Figure 18 shows the five phases of managing

information through its lifecycle for compliance. The first step is collecting the information.

The collection of the information requires that policies and rules by defined that identify

which content should be collected, as well as where and how it should be managed in the

ECM repository. Once the information is collected, advanced classification can be applied

to help analyze the information to differentiate non-critical documents from critical ones,

and define categories or taxonomies for how those documents should be handled. During

this process, metadata can also be extracted from the information that can later be used

for analyzing the information. Phase 3 in the lifecycle is records management. Ensuring

that information is securely managed and that appropriate retention policies are in place

is critical for regulatory and compliance related activities. In phase 4, the information is

made available to eDiscovery and auditory inquiries. Finally in phase 5, information is

either archived permanently or discarded. The products supporting each phase are

shown in blue rectangles.


IEffectively managing this dynamic lifecycle from a compliance point of view requires

the capabilities that are integrated effectively in the integrated risk management platform

as shown in Figure 19. Some components pertinent specifically to compliance activities

are highlighted at the bottom of the figure. A key component of regulatory compliance is

the Inventory of Obligations, a collection of activities pertaining to internal audit, record

retention, and other activities that must be performed to comply with the various

regulations an organization is subject to. The inventory of obligations is a human-readable

repository. Using information metadata, advanced classification, business events and

business rules embodied in ZeroClick technology, information in an organization can

be automatically classified as targets of various compliance regulations applicable to

the different phases of the compliant information lifecycle. The compliance obligations

in the inventory of obligations are translated into a canonical (non-repetitive) set of

programmatic commands that can be executed automatically by a work flow engine like

FileNet, or information masking or archiving solution like Optim. The logs and results

of executing the record retention solutions or audit functions are presented in reports and

preserved as evidence. The IBM eDiscovery tools proactively search and analyze

information in response to audit, legal or regulatory inquiries.

Figure 20 depicts how different parts of the platform implement ZeroClick. IBM Content

Collector uses rules and policies to determine which information to collect, where to store

it and how to reference it. IBM Content Collector can access a wide range of information

sources, and can be configured to either move the information into an IBM ECM repository

or access it directly in its current location. IBM Advanced Classification moves through

the information, extracting critical metadata and identifying which documents are

critical. IBM Records Management automatically retains and categories information

according to retention policies.


All of this technology is supported by an active governance mechanism that automatically

implements security, control and access policies. All activity is monitored and audited and

can be evaluated while the information is being processed. In addition, the IBM ECM

platform is well integrated with other parts of the IBM portfolio to provide efficient storage

management, and the ability to do analytics on both the efficiency and the business value

of the process. For organizations who wish to implement the entire end-to-end solution,

IBM offers the Compliance Warehouse which is an integrated, end to end solution which

includes software, server and storage hardware, and business and technical services to

build the solution.

5.5 Integrated Risk SolutionsTo improve risk decision making and support the new risk management approach and

culture, risk information needs to be shared where needed, securely and efficiently

throughout the enterprise. Often referred to as risk intelligence, the information needs

to be tailored to the users needs and their risk knowledge. As a minimum it needs to

be timely, support repeatable analysis from one period to another, consistent between

groups, and of course accurate. Independent therefore of risk class, LOB, geography,

customer or customer segment, function (risk, finance, capital, LOB) etc, information

needs to be delivered in multiple forms of risk reports, risk dashboards, risk analysis, risk

event management, and risk scorecards (KRI frameworks). Supporting the Integrated

Risk Management approach IBM Cognos has developed the following key solutions:

FIRM(Finance&IntegratedRiskManagement), built with a number of universal

banks the services led solution supports credit, market, operational risk classes for

retail, commercial and financial markets business lines and includes risk dashboarding,

scorecarding, reporting, OLAP analysis, and event management, with extensions for

Office tools and mobile devices. FIRM has been implemented in many banks worldwide

and is a key component of IBM’s vision for risk insight and control across the enterprise.

BankingRiskPerformance-CreditRisk is an analytic application using Cognos’

Adaptive Analytic Framework designed for retail banking risk management, finance

and senior management. It offers a full suite of 70+ ‘out of the box’ risk reports and

dashboards covering the six main risk areas: Basel II reporting, front end performance,

Back end performance, Financial Oversight and Originations Analysis. The application

is mapped to IBM’s Banking Data Warehouse and offers accelerated time to value and

return on investment.


RiskAnalyticsandScenarioModelling(tobelaunchedinQ12010)– offers risk

analytics at the aggregate/portfolio level, leveraging the banks investment in multiple, highly

specialised and tailored risk applications. The solution offers risk quants, finance and

business analysts a ‘risk sandbox’ in which they can answer the ad-hoc risk analysis ques-

tions with confidence, re-use previous analysis and share the results throughout the bank.

RiskAdjustedProfitability – calculates RAROC daily by customer, delivers collaboration

and business planning to relationship management, lending, risk, capital and senior

management teams. It is a critical component to operationalise risk appetite and

performance management.

RelationshipBasedPricing – creates the risk informed value of customer relationships

and incorporates account strategy/planning, offer pricing and business planning processes

throughout the enterprise. Loan book impact of aggregate and external macro events

inform the offers and loan book portfolio concentrations. It is a critical component to

operationalise risk appetite and performance management.

6. Key products

IBM offers Integrated Risk Management capability as part of its Banking Industry

Framework. The key information management and analytics products in the risk

management domain of the framework are:

Datamanagementproducts:• Banking industry data models for data (BDW) which have business glossaries, ER

diagrams and physical schemas defined for over 5000 entities for banks and financial

institutions. A significant set of those cover wide range of risk related definitions in

areas such as but not limited to: Market Risk, Liquidity Risk, Credit Risk, Operational

Risk, Capital at Risk (incl. risk aggregation), Positions Exposure Analysis, and

Counterparty Credit Risk. The models provide the foundation for interconnecting

other components involved in movement and transformation of risk data as discussed

next and illustrated in the figure 2.

• InfoSphere Information Server for data movement and transformation. It comprises

of Metadata server/workbench to track information, Information Analyzer to explore

known information sources, Data Stage and Quality stage to move and cleanse the data

and FastTrack to automate the overall data movement process.

• Exeros and Optim Data Relationship Analyzer to automatically discover information

in multiple independently managed information sources with different and often

undocumented information representations, and understand the business rules,

transformations and relationships that link them.


• InfoSphere Warehouse, a subject oriented warehouse for large volumes of long term

persisted data, SolidDB in memory database for moderate volume data to be accessed

at high bandwidths, and Cognos Now, also an in memory database, for information

used in multi-dimensional analysis.

• InfoSphere Federation Server and Change Data Capture capabilities to provision

information outside the warehouse for risk analysis.

• IBM Content Manager for managing unstructured data in support of risk analysis.

Analyticsproducts:In addition to the aforementioned data management products, IBM offers the following

products to analyze the data:

• InfoSphere Streams for real-time analytics, scalable to very high volumes of data that

need to be analyzed with very low latencies. Specially suited for analyzing streaming data

(data in flight) as it offers a high level programming language to manage streaming data

and to specify analytics on them.

• WebSphere Business Events for complex event processing.

• Data Mining, Cubing and text analytics services from the InfoSphere Information

Warehouse.

• Specialized analytics like Identity Insight and Global Name Recognition for the ability

to reconcile multiple source system representations of a single individual into a unique

entity and then assess both suspicious associations as well as the nature of their

financial activity via complex event processing.

• IBM Content Analyzer to analyze the unstructured content to extract entities and the

relationships between them.

• The ‘what-if analysis’ and scenario modelling capability provided by IBM Cognos TM1

products. A sample output from TM1 is shown in figure 3 below.

• Risk Analytics and Scenario Modelling (in development with customers) - provides

pre-built stress testing and scenario modelling for Counterparty Credit Risk and

Capital Requirements at an aggregate portfolio level.

• Predictive modelling capabilities through SPSS platform and ILOG business rules

management system.


BusinessIntelligenceproducts:IBM Cognos8 provides risk solutions including Banking Risk Performance – Credit Risk

and Finance & Integrated Risk Management (FIRM) that together include:

• Risk dashboards that provide graphical user interface for senior management

• Risk reporting for production, ad-hoc and user self service delivers internal and

external disclosure

• Risk analysis across multiple dimensions for risk, finance, business analyst etc

• Risk scorecards identify key risk indicators, leading and lagging indicators, targets and

tolerances, owners of specific risk metrics and mitigation actions

• Risk event management delivers proactive alerting of risk events and break-out

conditions, both centrally and user defined alerts

• Office integration tools extend risk information integrity into PowerPoint, Word, Excel

etc.

FinancialPerformanceManagementproducts:• Enterprise Planning and TM1 provide financial planning, budgeting, business modeling

and forecasting, in a range of applications that include:

o Risk Adjusted Profitability – calculates RAROC daily by customer, delivers

collaboration and business planning relationship management, lending, risk,

capital and senior management teams

o Relationship Based Priced – creates the risk informed value of customer

relationships and incorporates account strategy/planning, offer pricing and

business planning processes throughout the enterprise. Loan book impact of

aggregate and external macro events inform the offers and loan book portfolio

concentrations.

7. Automating the risk management lifecycle

In the preceding section we discussed how the integrated approach to risk management

can result in cost savings by amortizing the cost of provisioning data and disseminating

the risk assessments over a portfolio of risk solutions. This also resulted in a better quality

of risk assessment because each supported risk application had access to a richer set

of data as we broke down the barriers to information exchange imposed by IT

compartmentalization. In this section we dwell upon automating the risk management

lifecycle of developing, deploying and operating individual risk solutions and improving

the quality of their results by:


1. Automating the tasks performed by the data architects in defining the representation of

the data in the risk information warehouse during initial development and subsequent

evolution of the risk solution.

2. Automating the tasks performed by the database software developers for transforming

the data and populating the warehouse, moving the data from the warehouse to the

risk analysis functions, and from the risk analysis functions back to the warehouse and

reporting/dashboard capabilities.

The automation is achieved by enabling the risk analyst to perform the data provisioning

and data transformation tasks, previously delegated to data architects and database

software developers, directly through business level interfaces. This can be achieved by

implementing an analytics integration approach as shown in figure 21. It is currently

being prototyped in IBM as project Hamilton. The automation solution consists of a

workbench, server and risk information directories. The server provides the automation

by interpreting the scripts produced by the workbench.


The ‘Analytics Integration Workbench’ gives the risk analyst a business level view of the

information available to him for analysis and the data transformation and analytical tools/

algorithms available to him from internal sources as well as from the external sources. It

allows the analyst to specify end-to-end risk solutions by composing the data transformation

operations, analytics operations, and data movement at the business activity and business

information level. The interface for the risk analyst offered by the Analytics Integration

Workbench is shown in figure 22. On the left hand side of the figure are the separate

palettes for risk data sources and feeds, risk calculators, reports and other computational

components available to the risk analyst, which are described in business terms. On the

right side is the canvas for the risk analyst to compose the risk solution by dragging and

dropping the business level computational components from the palette. The workbench

defines a computational environment expected by the risk analyst and to a large extent

supported by the IT infrastructure. Three sets of data sources illustrated in figure 22 are:

1) Market data feeds such as currency rates, prices of liquid financial instruments, and

economic indicators like interest rates, unemployment figures, measured and forecasted

growth rates for the economy, etc.; 2) news feeds such as K10 submissions and other

corporate activity reports; and 3) portfolios (or banking and trading books).


The analytics integration workbench reduces the time and effort spent by the risk analyst

and data architects in locating the risk information in banking operations databases. The

information not available to risk analyst is obtained on an exception basis, as depicted by

steps E1-E3 in figure 23, but once obtained, it is accessible by him and other risk analysts in

future without repeated involvement of the risk warehouse data architect or the database

software developers. Similarly, integration of risk analysis or fraud detection applications

from ISVs into the overall risk/fraud solution also becomes substantially easier as the

application providers provisions data for their applications, as shown in figure 23 in step

2, with the same ease as the risk analyst provisions information into the warehouse and

OLAP cubes, without significant involvement of the data architect or ETL developers.

The risk information directories shown in figure 21 provide the linkages between the risk

information and computational components defined in business terms, the definitions used

by the risk analyst, and the descriptions used in the IT infrastructure in programming

terms. These linkages are established by populating the palette in the workbench from

the business glossary terms in the directory. In addition to the incremental approach of

populating the risk information directories one risk solution at a time, financial institutions

can also take a systematic approach of inventorying all data pertinent to risk analysis

across the enterprise, and all the risk analysis applications, and populating the risk

information directories with the gathered information. The advantage of this systematic

approach is that information and application discovery tools like InfoSphere Information

Analyzer, Exeros, and Optim Data Relationship analyzer can be used to drive high

efficiency in the discovery process.


Financial fraud and risk solutions are composed of several IT components as illustrated

in figure 5. The data provisioning, analytics, dissemination of analysis results through

reporting tools, and integration of analytics in core business processes, and most importantly the interaction among multiple concurrent processes that are part of the analytics solution,

are managed more or less independently with no coordination or formal specification of

the orchestration required between these activities. Naturally, the communication process

lacks formal capture of design agreements, is error prone and the resulting unverifiable

agreements are not amenable to reasoning for correctness at the overall solution level,

even by humans. Hamilton script mitigates these issues by capturing the comprehensive

description of all activities of all components of the risk solution and the orchestration

required between these activities in one place.

As shown in figure 21, Hamilton script is the output of the Analytics Integration Workbench.

In that sense Hamilton script offers a unified programming model for the analytics

solutions and creates an enterprise wide blueprint of the risk/fraud solution. The risk

analyst specifies the solution in business terms using the graphical interface as illustrated

in figure 22, and the analytics integration workbench translates it into the Hamilton

scripts. The script is executed by the analytics integration server and hence the script is

the architectural contract between the workbench and the server, or the business level

user (risk analyst) and the IT staff.

Expressing the risk and fraud solution as an interpretable script makes them flexible.

Hamilton script also enables the financial institutions to rapidly integrate several existing

fraud and risk solutions to create better quality solutions. For example, a solution can be

updated or enhanced easily to leverage new or additional analytics or new and additional

information sources by manipulating the script without necessarily requiring the intervention

of data architects or database software programmers. The IT implementations of data

and analytic services can be changed without impacting the risk solutions, the changes

being limited to the mapping tables contained in the risk information directories. As an

example of integrating several existing solutions, Hamilton script can enable several fraud

detection engines to exchange the results of their analysis and use an ensemble approach

to reduce false positives and false negatives in fraud alerts. Traditionally risk analyst would

invest significant time to explain the changes, enhancements or integration requirements

to data architects and database software developers, and the latter two would spend

significant time in making the required modifications or integration. Hamilton script

simplifies the task of expressing the change and integration requirements and enables

automation of most of it through the analytics integration server.


8. Further information

In this whitepaper we briefly discussed the need for better risk management techniques

for the smarter planet which is increasingly more instrumented and connected, becoming

increasingly riskier for financial institutions to do business in, and hence presents an

imperative for financial institutions to use better techniques for risk assessments and to

better leverage those assessments in their business operations. We discussed a roadmap

for maturity in risk management and the imperative for integrated risk management for

improved quality of risk management and lower costs.

Though bulk of the paper was devoted to the integrated risk management approach,

a significant part of IBM’s integrated banking framework, and an experimental project

on automating the risk management lifecycle (section 7), there is far more detail to risk

management than what we could cover in this paper. We encourage the reader to visit

ibm.com/software/industry/frameworks/banking/riskmanagement.html for further

information or to contact their IBM sales representative to learn more.

http://www.ibm.com/software/industry/frameworks/banking/riskmanagement.html


© CopyrightIBMCorporation,2009

IBMCorporation Route 100 Somers,NY 10589 U.S.A.

PrintedintheUnitedStatesofAmerica 12-09 AllRightsReserved

IBMandtheIBMlogoaretrademarksorregisteredtrademarksofInternationalBusinessMachinesCorporationintheUnitedStates,othercountries,orboth.

Othercompany,productandservicenamesmaybetrademarksorservicemarksofothers

P23836

IIW03001-USEN-01

ibm risk framework

Documents