The marriage of compliance and risk

20 May 2010

By Steve Carrier-Simon,
Fidessa LatentZero.

With a new regulatory regime in the offing, and the promise of more stringent controls likely to be fulfilled, Steve Carrier-Simon of Fidessa LatentZero, looks at how asset management firms can prepare themselves by breaking down the barriers between legal, risk management and compliance teams.

The financial crisis has caused great upheaval throughout the global markets, and the post-fallout form of the market is yet to take its final shape. Equally uncertain is the eventual regulatory framework that will give it structure and boundaries. What is certain, however, is that regulation is changing, becoming more wide-reaching and more in tune with a global marketplace, with an inevitable impact upon asset managers, not just in terms of the compliance tools they put in place, but even in the way the firm is structured to address compliance and risk.

The US has already announced that it will be addressing the regulation of OTC and exchange-traded derivatives. Given the role of CDOs and other sophisticated instruments in the financial turmoil, it is perhaps not surprising that one of the pieces of current legislation attracting substantial amounts of attention, and is likely to serve as inspiration for future regulatory moves, is the European Commission’s (EC) UCITS III. Already we are seeing some pieces of legislation in the Asian region, for example, that are comparable to the controls laid out by the UCITS regulations.

Meanwhile, the EC has not been idle. UCITS IV will remove existing administrative barriers to the cross-border marketing of UCITS funds. The UCITS IV framework promises to generate a greater choice of investment funds operating at lower costs and to improve investor protection by making sure they receive clear, easily understandable and relevant information. The Committee of European Securities Regulators continues to publish documents on interpreting or following up on the ratios which are stated in UCITS III.
The UCITS directives are certainly having their moment in the spotlight: the underlying principle of UCITS III and the ratios it specified limited the spread of risk across a portfolio. It appears that future versions will add to that by imposing calculated limits, rather than establishing new limits in terms of investment.

However, like much financial legislation, UCITS will not be overly prescriptive. Asset management firms cannot expect the EC or local legislatures to define precisely what constitutes a risky instrument. Nor can either be expected to specify how that risk is to be addressed. Responsibility still falls to individual firms and is a key aspect of a successful investment strategy. Hence it acts as a competitive differentiator for investors demanding that comprehensive and provable risk and compliance controls be in place.
This is where new legislation may well have an impact on the organisational structure of asset management firms. Legal, internal control, compliance and risk management departments are usually rigidly separated, with the result that there is often a fragmented view of the nature and extent of a firm’s risk. This decentralised approach may offer accurate local assessments of compliance and legality but, almost inevitably, this breaks down when considered at a wider level.

To adopt an effective response to these new, probably more conservative ratios, compliance and internal control departments will need to work more closely with their counterparts in legal. Not only that, they will need to work specifically with risk and audit teams to ensure that definitions of high risk and low risk are widely disseminated and embedded into all aspects of a trading organisation’s operation. Just as the international regulatory bodies are entering into a period of closer co-operation, collaboration and communication, so individual firms must adopt a similar spirit of openness within their organisations and break down current silos of data and activity.

Naturally, certain firms will find this easier than others. But it is not unknown for legal to be situated on the fourteenth floor, internal
controls on the tenth and risk management on the fifth, so that even the physical structure of the firm is a barrier to a more unified approach. Communication is only triggered by a shutdown in systems or risk events so big that they make it to the front pages of the media. In other words it is external pressures that cause these teams to come together, and overcome the inherent barriers preventing a unified approach to risk management.

And of course these different departments have different ways of looking at a portfolio. Those working in internal control look at legal ratios in a different way to the lawyers. Each department has a different set of boxes to be ticked. They also have different systems: so one person might be following up cash ratios for Luxembourg in one application, while someone else checks UK funds and OTC counterparty exposure with another compliance tool, with little co-ordination between the two. On top of this is the risk department, identifying and defining risk, following up contracts and looking at exposure with yet another set of tools. The result is that there is no aggregate view of the portfolio and no unified reporting mechanism.

As the pressure from new legislation builds, the cracks in this operational structure will become increasingly apparent. What the current crisis has illustrated so well is that risk itself is not confined to individual departments. Managing price risk or market risk is in fact one element in managing operational or enterprise risk in an environment where reputation and demonstrable controls have become business-critical assets. If firms are to make effective decisions about risk, in terms of managing individual portfolios as well as safeguarding their own futures, they need to reassess the role that compliance and risk tools play in their organisations. It is no longer a question simply of looking at trading as an isolated activity, and managing pre, post and intra trade compliance on individual transactions. Instead, the entire firm needs to align itself around risk management and view itself as a series of highly interconnected decision-making units. It needs to select the compliance tool that can assist in the breakdown of traditional operational silos, which can provide legal compliance as well as support the development of risk policy.

That means it must offer an aggregate view of the portfolio, and the different ratios that must be followed up. It should also support the firm’s ability to define internal risk policy and limits via additional ratios that may even be more restrictive than those specified by the regulators. For example, by restricting the amount of subprime assets held by a portfolio to one per cent. In other words, it must support not only client mandates and regulatory rules, but also in-house rules and risk management policies.

There is also increasing pressure from clients, who are far more conscious of the need for stringent compliance and risk management: not only are mandates becoming more complex as investors look to hedge all but the safest of positions, but fund managers must meet demands for greater reporting and transparency from clients demanding to know what positions they hold. Clients are making it a regular practice to understand how their assets are being compliance tested, and in their regular visits to asset managers throughout the year, are now asking for compliance and risk to be part of the groups that they visit.

But more than ever, this marriage of compliance and risk must take place on a global basis to ensure that national silos do not develop to replace the operational ones. As international regulation becomes more homogenised, so must the systems that support it, to ensure that the minimum risk standards of the most conservative jurisdiction can be applied across the portfolio with ease. A global implementation of a compliance system that offers an aggregated cross-asset, cross-location, cross-legislation, and cross-funds view, with comprehensive audit trails and reporting functionality will eventually become the minimum requirement for effective operational compliance and risk management.

What asset management firms need to come to terms with is that the role of compliance has changed. The view that it can only compromise performance, and that the two requirements are diametrically opposed to each other needs to be abandoned. Today, compliance is a key risk management metric that plays a crucial role in performance, and will increasingly be seen as top of the list of priorities from potential and existing clients. Getting the right system in place demonstrates to prospects and the market at large that compliance and risk management are taken seriously.

Become a bobsguide member to access the following

1. Unrestricted access to bobsguide
2. Send a proposal request
3. Insights delivered daily to your inbox
4. Career development