Print this
Trading and Risk Management Move On-Line

Banks and software vendors are racing to give away multimillion-dollar services at a fraction of their current value.

By Andrew Webb

By now, we all know about the possibilities Internet technology presents to financial institutions. Instead of the current client-server architecture, which forces companies to maintain local applications on thousands of servers and workstations, many banks are moving to adopt Internet technology, which centralizes these applications onto fewer larger servers and provides access via the humble browser.
But what if you took the next step and let somebody else run the whole thing?
That's the promise of the application service provider (ASP), an idea that proponents say will soon sweep through the financial world, freeing financial institutions from the hassle and expense of maintaining trading and risk management systems.

The question is, Who will provide this service for whom?

Derivatives software vendors are frantically transforming themselves into ASPs in order to offer their high-priced client-server packages to a wider user base. But banks are also getting into the act, building ASP applications that will allow their clients access to sophisticated technology previously beyond their reach. Banks are also using the same ASP model internally to revamp their technology base.

In the next 12 months or so, in fact, it seems likely that financial institutions will be able to choose from a wide variety of relatively inexpensive trading and risk management solutions that are likely to transform the way they do business.

Client trading and risk management

Some banks, particularly in the Nordic countries, have been using the Internet to service clients for some time. Others are still talking pompously about "security issues” as an excuse for their own inactivity. Although it's hardly a widespread practice so far, most participants assume it will only be a matter of time before banks start offering clients full-blown, Internet-based risk management services.

Add all those pieces together and it seems likely that the major banks will become the trading and risk management ASPs of the future. "If you're offering a custody and risk management service to your clients, you're already part of the ASP paradigm,” says Juan Lando, senior manager of risk management systems at Arthur Andersen. "I think banks will start to move into that space fast once they realize the potential opportunity.” Many banks that run major custody services on mainframes are quickly moving their operations to web-based interfaces and offering new services to clients.

Internet technology could create huge cross-selling opportunities and efficiencies. Clients could log on, inspect their portfolios in real time, apply their own choice of analysis to identify the risks in their portfolio, and then select and trade the appropriate instruments to offset those risks. "Web enablement allows banks working with corporate portfolios to interact more directly,” says Scott Stirling, vice president for sales and marketing at software vendor Kronos. "A single salesperson can cater to a greater and more varied number of corporate clients.”

"We deal with quite a few major clients whose small trades are done electronically, but whose big trades are still done over the telephone.”
—Simon Lack, Chase

Indeed, using Internet technology to provide one-stop shopping, particularly to larger clients, is arguably a necessity for banks that simply wish to hang on to their franchise. For them, disintermediation is more than just another web buzzword—it's a real threat. (See the "DumpYourDealer.com” series of features, August 1999). As more and more web services pop up offering everything from credit derivatives to interest rate swaps, the opportunity to deal directly with counterparties at a finer price will eventually prove irresistible to many institutional and corporate clients. The challenge for banks, therefore, is to make web-enabled trading and risk management a reality rather than a promise. While it could be cheaper to visit umpteen sites to get the best possible price, clients may prefer to do all their business through the convenience of a single bank interface if the pricing is competitive enough.

All this hasn't been lost on the ASPs, with some pitching their services to banks as a shortcut to this client nirvana. If your clients will be accessing your services and applications via the Internet, why reinvent the wheel? Cheaper by far is to outsource it to an ASP that will brand it as your own. That is precisely the strategy taken by Castlenet. The company, which currently offers TheBeast.com as a front-office pricing tool via an ASP service, is focusing its efforts on using its technology to build ASP applications for other financial institutions.

Creating a credible ASP, however, involves a blend of skills not currently found among the existing trading and risk management system vendors, and the marketplace is currently in something of a marriage broker's dream with everyone rushing about looking for suitable partners.

Providing multiple products and services integrated through a single web interface is something that runs counter to the culture of many investment banks, however. Investment bankers are traditionally product-silo-oriented, and at many banks the product businesses are doing their own separate e-commerce thing. "The risk is that you end up propagating the huge, horrible, internal complexity of your business onto your client's workspace,” says Octavio Marenzi, CEO of research group Celent Communications. "That's not doing it on the client's terms at all. The big challenge is to be able to drill across the product businesses in a way that targets and concentrates all the transactions that take place between a client and an investment bank into one common work space.” Ideally, clients should have to use only one browser interface for the individual products they use and for the analytics for functions that cross product boundaries. And that hasn't happened yet.

Still, there's a flip side to the one-size-fits all approach: If banks try to shove many products down their Internet pipe, clients for complex instruments may become confused and go elsewhere—or else take on transactions without really understanding them.

"None of this does anything to help with the usual risk management data issues. In fact, it probably makes them harder to deal with.”
—Peter Vinella, PVA International

The e-commerce case for larger individual transactions isn't proven either. Large wholesale clients are traditionally happy dealing with people. Thus far, most e-commerce initiatives have been driven by banks seeking to cut costs, not end users actively looking to deal in a different way. "Many big money managers and clients believe that they get the best service from the best salesperson who can cover them in the dealing room,” says Simon Lack, head of e-capital markets at Chase. "They feel this still gives them a competitive edge over and above the advantages that electronic dealing has to offer, so they aren't clamoring to change the status quo. As a result, we deal with quite a few major clients whose small trades are done electronically, but whose big trades are still done over the telephone.”

Others agree. "Although the average ticket size for electronic trades between bank and client will continue to move up, at the largest level I don't think people on either side will feel like totally giving up hands-on control for a long time,” says a fixed-income derivatives trader at a European investment bank. "Markets at the largest ticket size level are highly efficient already—there's not enough to gain and too much to lose by simply applying an e-commerce approach on a blanket basis.”

Is There An ASP In Your Future?
With application service providers crawling out of the woodwork in just about every walk of life, there's predictably no shortage of vendors promising great things in the trading and risk management arenas. At the moment, however, promising is as far as it gets.

The rationale for independent ASPs in the world of finance is certainly plausible. Sophisticated, complex, mission-critical applications that require continual upgrades and maintenance impose a substantial and costly workload on in-house IT departments. Off-loading all that aggravation to an ASP that then simply delivers the product direct to your headache-free desktop for a flat monthly fee must seem extremely appealing.

"We see the ASP approach as valid for some applications,” says Vincent Aubrun, director of technology at Summit Systems. "Certain users might not want to have the system in-house, because they lack the expertise or staff numbers, and they might not care as much—or at all—about the ownership of data.”

Outsourcing mission-critical applications, however, requires something of a leap of faith. Banks will happily pay for a derivatives trading or risk management system (albeit after extensive tire-kicking), because they have local control over it—if they have a problem with the application, it's a problem they can likely rectify on their own.

But if they opt to lease the application from an ASP, the variables change, and the bank has less direct control over its fate. If the application is accessed via the Internet, for instance, who is accountable for a communications failure? What can the bank do about a hardware failure at the ASP? A software bug that the ASP didn't spot? Centralizing the operational risks by using an ASP may reduce the number of worries, but at the same time so increase their magnitude that no real gain is made.

"You could put all your mission-critical systems for the entire enterprise in one major center, with a contingency center elsewhere, and obtain a cost saving,” says Alistair Mortimer, head of systems strategy for Abbey National Treasury in London. "However, the current state of technology, the cost of bandwidth and the risk is such that the game is currently not worth the candle in an enterprise-wide context. Nevertheless, that will change in time, so if the cost-benefit equation becomes compelling and we can value the security and business risk associated with such a strategy, then we will do it.”

Credibility will obviously be a major factor for potential ASPs and poses something of a conundrum for existing vendors of trading and risk management systems. While banks may be happy to buy a vendor's product to run in-house after testing, it's unlikely that they will be prepared to assume the vendor is automatically capable of becoming a mission-critical ASP, which requires a rather different skill set. As a result, existing software vendors may have to partner with big hitters such as established ASPs, ISPs or telcos. "While those vendors may be good at the analytics, they don't have expertise in delivering mission-critical infrastructure,” says Celent Communications' CEO Octavio Marenzi. "The ultimate question is, ‘Who can you sue?' So partnerships with companies with large balance sheets and rock-solid delivery capability seem inevitable.”

One vendor that is pitching hard for this market, and, moreover, doing so with some of its existing clients' active encouragement, is FNX Ltd. The company intends to link up with four principal partners, covering content, the back-office environment, risk management and infrastructure, and will go live with an ASP service in the third quarter of this year. The clients that have been pushing FNX to adopt the ASP model include several large European and Japanese banks and institutions. Their objective in using an ASP is to distribute their brand more efficiently and break away from the current model in which their revenues are more or less linearly correlated with the number of people who pick up the phones on their trading floor. The intention is to achieve this by using FNX's consortium to provide a one-stop institutional client's trading and risk management desktop of choice.

"We already have a web-based trading desktop available, which we are beta-testing with customers now—the next phase is to set it up within an ASP environment,” says Simon Moss, FNX's president. "We intend to have foreign exchange, foreign exchange derivatives, commodities, general-ledger and back-office services available on the web in March in an institutional client desktop, which will be followed in July by interest rate and fixed-income products.” FNX certainly appears to be putting its R&D dollars where its Internet technology mouth is—from this year on, it will expend no further resources on the conventional client-server versions of its products.

A big question for ASPs wanting to provide trading and risk management services will be targeting the right market. To most commentators, the largest banks are unlikely to jump on the concept for their own use for a while. "I think those who will be interested in this kind of service will typically be smaller banks, institutions and investment or money managers—not large broker-dealers,” says Celent's Marenzi. "The biggest hitters are not really cost-sensitive when it comes to their trading and risk management systems.” Juan Lando, senior manager of risk management systems at Arthur Andersen, takes a similar view. "The ASP model is appropriate for the smaller hedge funds and asset managers that don't have the resources to maintain their systems in-house,” he says. "The feedback I get from the larger players is that it is simply not relevant for their own internal use.”

This skewing of the ASP paradigm toward the smaller players could make for some interesting cultural changes among the major risk management vendors that have traditionally devoted their efforts to delivering cutting-edge analytics to the largest banks. If the ASP model takes off, they could be pitching to a different type of clientele. The twist in the tail here is that smaller participants may suddenly have the benefit of better technology at an affordable price. In the vast majority of cases, it's not the cost of the software license but the cost of the implementation that has been the barrier to their obtaining state-of-the-art risk management technology.

To some vendors, providing sophisticated analytics will be only part of the challenge. The other critical piece is offering solid benchmark data. "After you have been through 100 successful validations of your models in major implementations, you have the credibility to go out and claim that you have a risk data service where the data has been audited and verified,” says Michael Zerbs, vice president of research at Algorithmics. "Second-tier banks can't afford to rent large, sophisticated applications if they don't have the accompanying high-quality data. If you give them the data, the applications don't have to be large or sophisticated—they can be quite simple. All of a sudden, they can have high-quality risk reports at an affordable price.”

Others see the whole concept of ASP risk management services delivered via the web as missing a far more fundamental point. "None of this does anything to help with the usual risk management data issues. In fact, it probably makes them harder to deal with,” says Peter Vinella, CEO of PVA International, a consultancy.

Vinella alludes to the traditional risk management bugbear of having to consolidate data from multiple systems that use a variety of formats—especially inflexible legacy systems that were not originally designed to share their data with more than perhaps one other system. Although these legacy systems continue to be phased out (Y2K did have some backhand advantages), there are still plenty left lurking in dark but important corners of the securities industry.

Simply using an ASP obviously doesn't escape the expensive and laborious chore of making the necessary data conversions and consolidation in-house. In addition, clients will still have to upload this position data to their ASP—having first ensured that it is in a format acceptable to the remote risk engine. "In the event of a data problem, clients will probably find diagnosis and rectification harder, since they will have to be carried out remotely rather than locally, as was the case before,” says Vinella. "Simply raving enthusiastically about web-enablement and trying to pass the buck to an ASP won't do anything to help.”


Internal trading and risk management

While fully integrated web-based trading and risk management for clients may still be in the future, most leading banks have been quick to appreciate the virtues of Internet technology for their own internal systems. One of the earliest and most frequently cited examples of this has been Nomura's London office, where a complete ground-up rebuild of trading floor technology started in 1994. By coupling the use of Java for graphical user interfaces (only sparing use was made of conventional browsers because of concerns over maintenance costs) with a three-tier architecture and standard TCP/IP networking, Nomura was able to extract a number of benefits.

The three-tier architecture—consisting of a thin client, a middle tier containing the business logic and a third tier containing the data—has allowed for enormous flexibility. Software components can easily be swapped or added without having to take the whole system down and make alterations to a massive monolithic block of code. In addition, common software components, such as applications for printing deal tickets, can be re-used, rather than having to be continually reinvented. However, the additional flexibility comes at a price—namely, the administrative payload of managing myriad smaller distributed applications. Instead of having only a handful of major applications to keep tabs on, IT staff must keep track of all these individual components.

Although moving from client-server to thin-client technology may create enormous logistical advantages, Gordon Baker, principal consultant at TCA Consulting in London, doesn't see banks instantly revamping all their internal systems with Internet technology because of the need to realize commercial benefits as soon as possible. A phased rollout by product and functioin seems to be the most likely outcome.
"We already have a web-based trading desktop available. The next phase is to set it up within an ASP environment.”
—Simon Moss, FNX Ltd.

When it comes to risk management, the arguments in favor of using an Internet technology-based approach seem just as compelling. "When you compare it with the enormous cost of providing and maintaining individual offices with locally installed risk management systems, it's hardly a difficult decision to make,” says Kronos' Stirling. "Web-distributing the application is not only cheaper, it also allows much more flexibility for satellite offices and senior management.”

Centralizing the risk management function and web-distributing it also allows for consistent measurement and analysis on an enterprise-wide basis. At the moment, derivatives traders are fond of arguing that they need sophisticated risk decision-making power on their desktop with their own home-grown risk models. But that approach may be on its way out. "If you want to calculate risk at the enterprise level, you need one central, consistent definition of what is risk and how to calculate it,” says Michael Zerbs, vice president of research at Algorithmics. "You can't afford to be using one model in one location and something different in another.”

Some major banks have been using Internet technology for risk management for a while. Chase, for example, completed the initial rollout of its GlobalNet global credit risk management system in March 1998. GlobalNet, which is written in Java and runs on Chase's intranet, is used to measure the bank's global credit exposure on derivatives and foreign exchange. The bank's international treasury division has also used Internet technology to build its own interest rate risk management platform (completed last fall), which allows it to aggregate risk across all the different trading rooms that it runs for the bank's international liquidity management. "We have used Internet technology for a lot of applications that require input from disparate sources, multiple simultaneous access and real-time updating, which is clearly particularly pertinent in the case of risk management” says Chase's Lack.

First To Market?

With Imagine's new ASP, all you need is a browser and a dream.

Announcements about risk management application service providers are a dime a dozen these days, with most scheduled to appear in the third or fourth quarter of this year. But at this moment, the first company to offer a full-strength risk management ASP is likely to be Imagine Software. Imagine plans to make all the features of its industrial-strength trading and risk management system available over the Internet in May or June. That would allow relatively smaller users to get the same high-end, multimillion-dollar trading system now used by Deutsche Bank, Bank of America and others.

Imagine is initially targeting hedge funds and smaller market-making institutions with three to 20 users. Although the system's functionality would certainly appeal to more sophisticated corporate treasury operations, the ASP product would be particularly attractive to derivatives-oriented institutional traders.

Recently released details of Imagine's offering, in fact, make a strong case for the ASP model. When all the functions become available, Imagine could deliver enormous cost advantages for smaller niche players in the derivatives market.

The most obvious advantages are in trading and risk management. Smaller trading firms have been besieged by demands for sophisticated risk management numbers from investors and regulators. Although software that performs simple value-at-risk analysis is readily available, most players simply haven't been able to afford systems that allow them to perform heavy-duty stress testing, scenario analyses and other functions.

When all the functions become available, Imagine could deliver enormous cost advantages for smaller niche players in the derivatives market.

That high-end software requires high-end hardware. "As much as hardware costs have come down through the years, these highly analytical real-time systems still require a lot of CPU power,” says Steven Harrison, president of Imagine. "That's especially true for some of the more sophisticated end-of-day risk numbers using VAR, Monte Carlo and simulation analysis.”

But the biggest cost savings would likely come from outsourcing enormously complicated middle- and back-office operations. Derivatives trading firms typically require teams of operations people to track and process corporate actions such as new issues, mergers, spin-offs, name changes and dividends. The personnel can range from back-office operations people to highly paid database and system administrators. Clients will be able to eliminate the heavy-duty hardware and live market pricing feeds necessary to power the system.

Data accuracy, of course, is an absolutely critical function. Dividends, both paid and forecast, must be accurately maintained. Firms that miss an event such as a merger would have holdings referencing securities that are no longer traded. And with the wrong data, P&Ls and risk analysis could be off by substantial margins.

Imagine's ASP promises to keep track of all market events for its clients, reducing costs dramatically through economies of scale. "There is a lot of value-added data that we can offer our users,” explains Harrison. "We'll be generating the implied volatility surfaces on all of the stocks that have options issued on them. We will be projecting dividends on all the stocks that pay dividends, and calculating term-structure volatility, correlations and betas for all of them. And people will have the ability to utilize our curves or override them with their own.”

Imagine's architecture uses a Java-based client and Corba technology to manage client-server communication. The company says it has taken great pains to optimize the amount of data so users will be able to get "acceptable performance” even from a 56K dial-up modem. It has also written its own tunneling protocols that make Internet traffic transparent to corporate fire walls.

The company has gone to great lengths to address two of the biggest concerns about ASPs—performance and security. It has signed up with one of the industry's largest hosting sites to guarantee a level of performance that trading firms typically demand. It will also allow users to access its system via a virtual private network, a technology that puts a software armor around the client-server connection to prevent intruders from decoding the information going out over Internet lines.

The other major security concern, user verification, has an even more high-tech solution. Imagine plans to give users a secured ID on a key chain or pass card. This gizmo, which looks something like a digital watch, generates a series of predictable random-number passwords that change every 30 seconds. Imagine will have a matching random number generator on its server to verify logins.

The promise, ideally, is of a new kind of connectivity. "When risk managers or traders are at the airport, they can get a quick check of the risks of their entire portfolio,” says Harrison. "When they're on the beach in the Hamptons, they can log in through their cellular modems and trade from the beach. The potential is endless.”

For more information, see www.imagineasp.com.