Financial institutions still have some way to go in building robust IT infrastructures to help them manage risk, a new report has found.

The report, ‘Observations on Developments in Risk Appetite Frameworks and IT Infrastructure’ was published by the Senior Supervisors Group, which is made up of financial services authorities from 10 countries, including the UK’s Financial Services Authority (FSA).

Articulating a clearly defined risk appetite for the firm and monitoring risk effectively through reliable access to accurate , comprehensive and timely quantitative information were two key areas that the group identified in its last report, ‘Risk Management Lessons from the Global Banking Crisis of 2008’.

For its latest report, the group assessed the progress that financial institutions have made in developing risk appetite frameworks (RAF) and improving IT systems to support these frameworks.

It concluded from its analyses: “While most firms have made progress in developing risk appetite frameworks and begun multi-year projects to improve IT infrastructure, financial institutions have considerably more work to do in order to strengthen these practices.”

 “We view these practices as crucial in providing the risk information that boards of directors and senior management need to make well-informed judgements – not only about risk management but also about their firms’ forward-looking business strategies,” the SSG added.

The main challenge for firms was the aggregation of risk data, to help firms respond quickly to market events and therefore reduce the potential for financial loss, according to the SSG. The difficulty is particularly apparent in organisations that have recently consolidated through mergers and acquisitions.

The SSG said that many firms have undertaken significant IT projects to carry out this task more accurately, comprehensively and quickly, but the group also said that many firms admitted that their risk data infrastructure requires more work to become as flexible as that of their more advanced competitors.

The SSG report said that especially for these risk data projects, senior management engagement was crucial for their success. This is in addition to clearly defining governance processes, for example, by appointing data administrators and clear data owners.

Meanwhile, the report advised that a move toward more automation and fewer manual processes would increase senior decision makers’ ability to rely on risk information.