Operational Risk White Paper: Tailoring the Right Model for Asset
Total Page:16
File Type:pdf, Size:1020Kb
Operational Risk Tailoring the right model for asset management firms OPERATIONAL RISK: TAILORING THE RIGHT MODEL FOR ASSET MANAGEMENT FIRMS Introduction The past decade has flooded asset managers with investment management firms or investment challenges and complications—from escalating managers of larger integrated financial cyber-attacks, service provider and exchange institutions. outages, and devastating natural disasters to insider trading allegations against certain hedge While banks and insurance companies have fairly fund companies, unprecedented regulatory prescriptive guidance from regulators for an changes with complex operational impacts, effective ORM program, the requirements and information security threats and controls expectations for stand-alone asset managers may required to protect that data, and the need for be less prescriptive. Some additional challenges more complex investment solutions to satisfy faced in particular by smaller asset management client needs. All of which are challenging to not firms may include: only understand but manage effectively. • Small number of support staff relative to assets Asset managers continue to look for solutions under management where there are limited that enables them to excel in the face of internal resources to cover operational risks; unexpected challenges. Many asset managers • Potential for inadequately established find that Operational Risk Management (ORM) independent lines of defense due to commonly could be the path to manage challenges and flat organizational structure of the industry complications. There is no single universal approach to Operational risk is defined as the ‘risk of loss developing an effective operational risk program. resulting from inadequate or failed processes, Each firm’s operational risk strategy will vary people and systems or from external events depending on a number of factors including: (BASEL II)’. Effective ORM should be considered a critical component of any financial firm’s • Complexity of the company’s operations; Enterprise Risk Management (ERM) program, • Uniqueness of its investment offerings; as it mitigates a variety of risks across multiple disciplines that may materially impact the • Requirements from local regulatory bodies; achievement of the firm’s corporate and strategic • Breadth of services, scale and global reach. objectives. Regardless of the pressure, firms should be able to proactively meet, contain and This paper will explore efficient and effective control these challenges via an ERM framework ways boutique and mid-sized asset management that includes Operational risk as a critical firms can, with limited risk resources, develop component. the most critical aspects of an operational risk framework including: The recent financial crisis has elevated the importance of how financial firms manage credit • Business model complexity assessment and market risks. And while there is a heightened • Methods for risk and control awareness of risk management in general, how to implement the best operational risk program • Vendor oversight and management can be elusive. A 2013 risk management survey conducted by Deloitte & Touche to gauge the While the size of the firm does not necessarily state of risk management noted that while most dictate what elements of the ORM framework financial firms rated themselves as effective in are the highest priority to implement, as the managing liquidity risk (85%), credit risk (83%) complexity of the operations increase, so does and regulatory and compliance risk (74%), only the sophistication of the tools necessary to 45% of the 86 respondents gave themselves a mitigate operational risk. We hope that you find high rating for ORM.1 Approximately one-half of this paper insightful in customizing the right the 86 financial firms surveyed were stand-alone program for your respective firm. 2 OPERATIONAL RISK: TAILORING THE RIGHT MODEL FOR ASSET MANAGEMENT FIRMS Finding the Value Determining Complexity Operational risk is inherent in nearly every A primary consideration for a firm to ascertain in business activity; it touches every department, building an effective ORM program is its business system and process. Large losses from operational model complexity. Larger, global firms may have risk events are well publicized. One need look increased pressures from various regulatory bodies no further than UBS/SOC Gen rogue trading, due to the products and markets in which they Knight Capital and Insider Trading cases. Small trade, but may have more staff and resources to losses from operational risk events tend not to execute risk management effectively. They may be reported publicly, however, they can erode have less agility in instituting new procedures a business’s ability to fully meet its strategic or systems, but more capital to hire external objectives and introduce adverse reputational and resources. Smaller firms may have less product regulatory consequences. Pervasive lack of controls complexity, but fewer resources with which to could also lead to regulatory fines and sanctions. manage operational risk. Process changes may For this reason, asset management firms should be easier to absorb, implement consistently and view a strong ORM program as an important implement in smaller or mid-size firms, but the means to reduce risk and avoid loss. Additionally, build-out may have to be phased due to the need clients and fund boards are demanding that to prioritize resources. firms demonstrate a sound ORM program and are increasingly inquiring about a firm’s ORM The matrix on the following page explores firm procedures and practices to ensure strong fiduciary complexity and basic questions to initiate realistic oversight and responsibility practices. But although discussions regarding ORM gaps. understood as an important business continuity effort, employing the appropriate operational risk tools, people, and processes may be challenging to implement, regardless of where a firm is in the complexity spectrum. 3 OPERATIONAL RISK: TAILORING THE RIGHT MODEL FOR ASSET MANAGEMENT FIRMS Level of Complexity BASE LEVEL INCREASING COMPLEX CONSIDERATION COMPLEXITY AS COMPLEXITY INCREASES Scope of • One country • Subject to oversight • Arm of a sell size • Do you have the Regulations • Asset Manager is a by more than one organization appropriate expertise private, stand alone country • Global operations, as you are covered entity • Asset manager is investments and by expanding a publicly listed customers means regulations? company wide applicable • Do you have a way regulatory to stay ahead of framework changing regulations from multiple regulators? Investments • Exchange traded • Public and private • Bespoke, illiquid • Do you have securities securities securities the systems and • Single currency • Use of derivatives • Use of leverage agreements in place and/or derivatives to monitor/limit central to new risks? investment • Where do/don’t these strategies new investments fit into existing processes and systems? • Do you have the right people for these new investments? Clients • Few or one client • Retail & institutional • Large number of and • Do you need to adapt • Institutional only • In more than one institutional clients your on-boarding (non-pension) country globally processes? • Well defined • Customers have • Heavy and/or • Are new clients needs strategy/limits/ different strategies/ varied reporting/ fully risk assessed goals/reporting goals/reporting due diligence before business Asset Manager Attribute Asset Manager needs requirements requirements commitments are (i.e. pension funds) made? Business • Registered • Multiple offices • Has publicly traded • How will you monitor Model investment advisor • Multiple regions/ funds people and processes • Centralized time zones • Securitizations, VIEs who are in different management with • Multiple and/or central to strategies locations/time zones? one or few offices changing business • De-centralized • What adaptations performing key strategies management does your vendor processes in house • Need for integration • Many and changing oversight process of multiple systems/ strategies need? vendors • Integration of • Where are your a large number critical dependencies? of systems and • Have changing vendors critical to strategies been business appropriately risk assessed? 4 OPERATIONAL RISK: TAILORING THE RIGHT MODEL FOR ASSET MANAGEMENT FIRMS are strong enough to have stopped the event Strategy from happening to them. (ID, assess, response Once a firm’s complexity is assessed, an and monitor) overreaching ORM strategy may be discussed 6. KRIs/KPIs: A Key Risk Indicator, also known as before tactical efforts are set in motion. There are a KRI, is a measure used to indicate how risky an some basic steps, elaborated later in this paper, in activity is, and the possibility of future adverse establishing a high-level, intuitive risk framework impact. KRIs give an early warning to identify strategy: a potential event that may harm continuity 1. Culture: Firms should have a solid and realistic of the activity/project. This differs from a Key understanding of their culture and what protocols Performance Indicator (KPI) in that the latter is and practices will work within said culture. meant as a measure of how well something is being done. Firms typically have a combination 2. Risk tolerance analysis: Firms should know their of both KRIs and KPIs that are incorporated into risk tolerance. What is a firm willing to undertake dashboards. in terms of