Do you allow employees to work remotely?
Do you have a policy for valuing hard-to-price assets?
Do you allow multiple parties access to your compliance system?
Do you have a procedure to mitigate risk?
Look familiar? These are questions drawn from questionnaires that asset-owners — pension plans, endowments and insurance companies, among others — often require fund management shops to complete, before they decide whether or not to invest funds with the shop.
The questions might sound reasonable, but they barely scratch the surface of what is needed to get a concrete idea of how their potential fund manager will handle an operational glitch — whether an everyday error or a stop-the-presses catastrophe. The fact that these questions can be answered with a simple yes or no — without a smidge of clarification — is just the beginning of what’s wrong with them.
According to consultants and risk management experts who spoke with FinOps Report at a recent event co-hosted by the trade group Hedge Fund Association (HFA) and educational organization Investment Management Institute (IMI) in Greenwich, Connecticut, many asset owners don’t even know how to phrase the right questions, much less know if the answers are adequate or true. Here are examples of better questions that will at least provide fodder for discussion and verification:
How do you manage your cybersecurity risk?
How are you prepared for a pandemic?
How do you value your hard-to-price assets?
How do you approve or change access to your compliance system?
How do you manage your processes and controls for risk management?
The lack of awareness and expertise in operational due diligence isn’t surprising, considering that asset owners are primarily focused on growing their investment returns. As a result, operational issues might accidentally become an afterthought, as shown by the easy questions asked about the mundane, yet complicated post-trade process. But that shortsighted stance could have serious ramifications for the asset owner, warns Samuel Won, managing director of risk management advisory firm Global Risk Management Advisors in New York.
In the everyday category of operational glitches are errors in net asset valuations, miscalculations of market and credit risk, breaches in investment policies and mistakes in following mandatory regulations to name just a few. The cost of these mistakes for asset owners can equate to losses that are just as substantial for asset managers — up to and including redemptions by unhappy investors and potential fines from the Securities and Exchange Commission, Financial Conduct Authority (FCA) and others. If a regulatory agency decides that financial penalties for operational slip-ups aren’t sufficient punishment, it can punish C-level executives at the fund management shop with temporary or even permanent bans from the industry.
The more extraordinary events — such as cybersecurity breaches — should be just as important to asset owners, because even seemingly rare events like pandemics are within the realm of the possible. And security breaches, in particular, have the potential to wreak havoc with operations that are critical to investment performance.
Ask More, Not Less
What is a better approach? For starters, once asset managers provide basic information about how they handle operations, asset owners need to validate whether the fund manager’s assertions about its capabilities are true. “We have moved from a process of simply asking for the names of the service providers or other facts such as the existence of an SEC audit or code of conduct,” says David Russell, senior investment strategist for investment consultancy Investment Performance Services in Newtown, Penn.”We contact all the service providers ourselves, asking for the exact results of any SEC or other audit and ask to see either the entire documentation on the code of ethics or at least a table of content to verify it exists.”
Merely knowing which systems or third-party firms are used won’t cut it. “A fund manager might be relying on brand-name technology providers, custodians and fund administrators, but unless its operations staffers are equipped to correctly use the software as well as test applications and connectivity appropriately, they will miss costly glitches,” cautions Gigi Szekely, director of compliance for IMP Consulting, a Boston-based consultancy for asset managers specializing in testing compliance and other post-trade systems. “The asset owner needs to be reassured there is a testing process in place which proves results are accurate, must be ensured that staff are trained in the technology, and should receive reports on any exceptions and material violations to policies.”
Digging into the Details
Last but not least comes the clincher: what will the fund manager do when it uncovers an operational error. “Asking about the escalation process has become a common question for investment risk management, but not operations,” says Won.
It should be. Asset management firms need to be able answer specific specific questions on the “disaster recovery” for multiple middle and back-office functions, asset management operations managers tell FinOps Report. They suggest several areas to investigate, such as what do you do if you discover you missed a deadline for a corporate action? What do you do when you have missed a margin call for a swaps contract? What do you do when you have breached an investment limit or policy? What do you do when you discover you have mispriced an asset? Last, but not least, what do you do when you suspect a cyberbreach has occurred?
Small mistakes can cost asset owners plenty, if they add up, says Won. For example, even if a money manager does book an income or dividend payment correctly, it might forget to make a decision about the compensation it wishes to receive from a corporate merger, reorganization or tender offer in a stock it holds. Custodian banks, which process such activity, will simply select cash as the default option — bad news for the asset owner if a a combination of cash and securities could have been worth more.
Presumably, asset managers know that they must compensate investors for operational mistakes that reduce the value of their holdings. However, they must also have well-crafted and tested procedures in place to deal with an error. Those policies should include how they will calculate the potential loss or effect on investors, who will be notified of what information and when, and how the risk of the same error will be lessened or eliminated in the future. “One of the most revealing questions to ask is: what was the last mistake you made, how did you uncover it; how did you correct it and how will you prevent it in the future,” says Russell.
No Fuzzy Answers
Asset owners should be suspicious if the answer to a question seems superficial or even a brush-off. Even a story about a problem that has since been solved can seem a little too canned. Hearing hesitation about an answer, as in “let me get back to you on that,” should be a red flag that either the fund management shop doesn’t have the right procedures in place, the right documentation of those controls and oversight, or even the right staff members at the table, cautions Szekely. Granted, the portfolio manager might know about how to mitigate investment risk, but the chief operating officer and chief technology officer as well as the chief compliance officer are the ones who should be able to rattle off the answers on operational and compliance matters. In fact, both sides need to bring qualified executives to the discussion.
For investors bringing in a consultant for third-party testing of applications and workflow management or evaluations on the operational prowess of a fund management firm makes sense. However, investors shouldn’t presume that their operations consultants are knowledgeable and adept at operational due diligence. Asset owners should ask their consultants about their experience with the role of operational due diligence in selecting and monitoring an asset manager.
However, the most thought-provoking questions and stellar analysis of operational procedures, controls and oversight will do little, if asset owners aren’t willing to make tough choices. Even when asset owners learn about a fund manager’s operational deficiencies, they don’t always walk away from investing. “Far too often investors are swayed too much by a fund manager’s past performance or pedigree and do not give operational soundness as much weight in their ultimate selection of a manager as they should,” says Won.
Not only do asset owners need to ask the right questions, but they also need to understand the answers and grasp the importance of operational risk management. Great performance results sound ideal, but uncontrolled operational risk in the fund management firm can have nasty and unexpected effects on returns that looked promising.
Case in point: in 2014, San Diego-headquartered Western Asset Management was hit with a US$22 million fine for not immediately fixing a coding error related to the designation of an asset class which caused investors a US$17.4 million loss. The mistake occurred in 2007 when a back-office executive changed the designation of an asset class from asset-backed to corporate securities, thus allowing pension plans to purchase the assets that should have been disqualified for them. By the time the mistake was corrected in 2009, the securities in question had tanked in value. Western Asset Management didn’t tell investors of their financial loss until 2010.
Could an asset-owner have avoided being hurt by this scenario with more operational due diligence and monitoring of Western Asset Management? Maybe, maybe not. However, if asset managers learn to expect probing operational questions from investors that demand answers, at the very least it might motivate them to do some deferred housekeeping to better control their operations risk and improve their response to risk events. That would be a win-win for everyone concerned.
Leave a Comment
You must be logged in to post a comment.