1. 10 actions to help firms better manage their risks.
2. 6 KRIs serving as a good tool for firms to summarise issues for management, the board, the non-executive Directors, the clients and the regulators.
REINFORCE AN ENTERPRISE ONE RISKS APPROACH
1. Firms should ensure that horizon risk outputs are linked not only to control functions but to the business particularly portfolio managers and analysts to reinforce a enterprise one risks approach.
2. Firms are facing challenges to comply with a torrent of global, regional and local/thematic prudential and conduct regulations, applied in the form of rule-making, principles and recommendations, sometimes over varying timelines and expressed at citizens or entities located cross-border (extraterritorially) especially “third-country” issues such as measures dependent on private placement regimes or requiring mutual cooperation agreements.
3. Firms should take the steps to create and reinforce a “one-risk” culture across group/business unit and regional structures, ensuring that risk management should align with how clients had been sold products.
REVISIT TOLERANCES, LIMITS AND ITS APPLICATION
1. A robust model for corporate governance and ethics goes hand in hand with sound hygiene around effective risk management as good risk management reflects a good governance culture, and this is increasingly evident to end investors and regulators alike.
2. Firms should revisit tolerances, limits and how they apply the use test in practice. The skillset should broaden out from operational risk to feature investment risk and regulation risk management and hopefully applied in all its facets, particularly as far as scenario modelling or reputation risk modelling is concerned.
4. firms particularly in the hedge funds industry should articulate their risk appetites effectively to allocate technical resources to where they were needed (e.g., partitioned between the firm/ outsourcing agents) or to avoid shocks to future earnings.
FOCUS ON PRODUCT DEVELOPMENT
1. There is an increase in fines handed out for mis-selling of products claiming to be “guaranteed,” “absolute return,” “leveraged,” or “structured” to retail-classified investors. These are the notion of Conduct Risk — the risk that an entity mistreats its customers or clients.
2. With greater potential risks from product mis-selling and regulatory intervention, firms should involve both risk and other control functions at the beginning of the product development cycle and to focus on Conduct Risk, devising appropriate Conduct Risk frameworks that focus on ethics and behaviors to complement traditional approaches.
2. With greater potential risks from product mis-selling and regulatory intervention, firms should involve both risk and other control functions at the beginning of the product development cycle and to focus on Conduct Risk, devising appropriate Conduct Risk frameworks that focus on ethics and behaviors to complement traditional approaches.
3.With the spotlight increasingly turning to the customer, effective risk management should align with the strategic objectives of the firm and the manner in which investors have been sold products. National responses need to be managed against the backdrop of regional regulation.
4. Business and operating models may need to accommodate multiple ways of conducting business globally and firms should revise their taxonomies and compile product characteristics, while shoring up suitability and appropriateness procedures provide the necessary evidence to regulators as required.
RING FENCE INVESTMENT RISKS FROM BIAS
1. Firms should ensure investment risk is ring-fenced from bias and conviction on the part of fund managers or founders especially when applying risk budgeting, single portfolio views, risk metrics, performance attribution, liquidity management and treatment of model risks.
2. Performance is the promise that is not always delivered. Many firms claim that their investment risk function is independent, but this is evidence only if qualified risk manager is able to provide effective challenge against bias and conviction decisioning on the part of the portfolio managers, particularly if their decisioning contravenes regulations or the firms’ stated risk appetite, or both.
3. Firms should ensure that they can derive quality management information from interlinked systems (allowing “single portfolio views” to be drawn and it is advisable to populate the 2LD control function familiar with the terminology of the portfolio managers (e.g., tracking error, expected beta, CAPM, Sharpe ratio and sensitivity indicators DV01/IE01). Additionally, the appropriate level of remuneration should be an important consideration when attracting (and retaining) appropriate technical skillsets to perform the investment risk function effectively.
OPTIMIZE CAPITAL ALLOCATION
1. The treatment of capital allocation as per the ICAAP is a focal point. The optimization of capital and evaluation of insurance benefits is a key differentiator between asset managers and regulatory standing.
2. As greater capital charges often correlate with constraining the budget for innovation, it is vital that asset managers take steps to optimize their capital provision, including seed capital provision. Firms should benchmark themselves to evaluate whether they should take advantage of waivers, such as consolidation (diversification) benefit and the quality of insurance.
3. Although effective optimization is far from trivial, leading asset managers should compare themselves through capability maturity modelling on what other firms are doing as part of their ICAAP processes.
4. Firms should be aware of the need to model for regulatory sensitivities; legal entity restructuring, joint ventures, material outsourcing of critical functions at a corporate level; qualifying Non-Executive Directors or control function representatives from a governance perspective; managing client assets and money, especially those carrying products targeted at retail-classified consumers from a conduct perspective; or firms manufacturing complex, illiquid or non-fungible products or offering “guaranteed” or “absolute return” products to clients.
IMPROVING COUNTERPARTY RISKS EXPOSURE
1. Firms should assess the quality of their counterparties under normal and stressed market conditions when it comes to collateral management, repo or clearing.
2. Firms should continue to adopt a more proactive approach to counterparty risk management by increasing the level of monitoring and close scrutiny per credit rating, CDS spreads, tier-1 banking ratios, price movements。
3. Firms should consult with custodian banks and financial market infrastructure facilitators and contemplate whether to run benchmarking exercises of their brokers and custodian banks to assess the quality and appropriateness of collateral management, execution and prime services.
OPERATIONAL RISKS FRAMEWORKS & OUTSOURCING ARRANGEMENT
1. Firms should strengthened the robustness of their operational risk frameworks and the effectiveness of their outsourcing arrangements under normal and stressed market conditions and in order to respond to regulators during thematic reviews.
2. firms’ boards should be able to demonstrate that they have in place an adequate resilience plan that enables the firm to carry out regulated activity if a service provider fails. It is recommended that firms should:
i) Evaluate concentration of risk under normal and stressed market conditions,
ii) Evaluate contingency planning (such as “step-in” or “standby” arrangements) in the event of an agent hitting financial problems,
iii) Perform parallel evaluation of the way in which client assets and client monies were segregated and safeguarded,
iv) Evaluate liability arrangements to cover cases of fraud and/or insolvency of any end agents, such as sub-custodians,
v) Evaluate horizon risks that regulators might expect that conflict registers/statements of ethics extend to cover third parties, i.e., to sub-contractual agents or outsourcing parties.
APPROPRIATE TAX-COMPLIANCE TREATMENTS APPLIED
1. Tax risk management came with the introduction of the FATCA, impacting risk and operations departments just as much as tax professionals. Compliance measures involving tax should be treated concurrently with regulations, and appropriate care and attention needs to be dedicated to client onboarding to ensure that correct and appropriate treatments are applied.
2. Firms should apply the “issuance,” “establishment” and “materiality” tests and model the known “worst case” impacts on equities, bonds, fund units, and repos and stock loans, as well as entry into derivatives transactions. Firms should be on the alert for modeling intra-group transactions, transactions involving intermediaries and stock loan or repo transactions on a “what if” basis. Scenario modeling will be particularly important in cases involving a “riskless principal” transaction, where the current understanding is that both parties to the transaction could be liable.
ALLOCATION OF RISK RESOURCES
1. Resourcing should be weighted according to the scope of investment style of the firm, and quality of that resourcing is paramount. Firms should be able to evidence and justify how resources are allocated and why, when called to do so by regulators.
2. There should be a degree of proportionality between the size of the core operation risk resource team and scope of investment risk resourcing. Diverse business lines such as multi-strategy, alternatives or Real estate investment management and country coverage were considerations for deciding team size and capabilities.
DATA SECURITY
1. Firms should recognise that collecting, retrieving and evidencing quality data is a differentiator, not just in terms of ensuring good regulatory compliance but also in terms of innovating service offerings and improving client service.
2. Firms should place importance on the risk function overseeing BCP (business continuity planning), a task normally consigned to operations or IT. The flexibility and resilience of the latter proved is a major dependency when delivering a sustainable risk infrastructure to respond to the challenges of regulation and demanding client mandates. Asset managers should adopt system components or link their PMS, OMS and GL into a seamless system architecture, enabling them to perform “what if” scenarios according to model, product or portfolio criteria. Firms should also digitize documentation for “on-demand” retrieval of records for audit and control purposes.
3.Asset managers are advised to design data taxonomies for their legal entity identifier and develop master golden copy records that feature “a single version of the truth,” allying more closely with collaborators, such as asset servicers and prime service providers.
USEFUL KEY RISK INDEX
1. Business/Management data — escalations, actions, sign-offs, permissions, approvals, changes to approvals, write-offs, volumes, numbers, costs, ROI, trends, remuneration data, deferrals, de minimis exceptions, clawback data and Long Term Investment Plan data.
2. Investment/Mandate risk data — sector/market sensitivity/position limit breaches, tracking error (and decompositions of the same), mandate breaches and country risk downgrades, Investment Management Agreement breaches, changes to mandates, fund legal entity data, risk parity and specific client instructions.
3. Market/Credit/Operational risk data — trading limit breaches, counterparty limit breaches, institutional and nominee data, fund structure (parent/child) data, errors and omissions (such as descriptions, discovery dates/frequency of occurrences/ resolution dates/ recoveries/responsibles), near-misses (against the firm/in the client’s favor), trading losses, material incidents, exceptions, stock lending/collateral breaches, reconciliations, corporate actions, tax reclaims, proxy voting.
4. Regulatory risk data — authorizations, controls failures, remediations, Outside Business Interests and PEPs, investigations, market abuse criteria, benchmark exposures, concentration risks, basis and wrong-way risk data, reverse stress testing data, other performance data (including information related to Asset Liability Management).
5. Customer indicia data (for US persons) — natural persons, correspondence/in-care/hold mail address details, Power Of Attorney details, beneficial ownership, established entities, home state regulator, standing instructions, liabilities, estate or trust information and unincorporated association information.
6. Other customer service data — taxpayer identification number (TIN), taxpayer account data including balances, referrals, customer complaints, customer compensations, contact frequency, waiting calls, and missed calls.