Let the investor beware

© Rabia Elif Aksoy 123rf.com

In recent years, operational risks have been at the forefront of the risks facing investment institutions, as evident in the fundamental paradigm shift seen since the last global financial crisis. The dial has moved distinctly away from a singular focus on investment manager selection and investment returns in isolation.

Global crisis

The systematic meltdown of the financial markets in 2008, coupled with high profile cases of fraud and internal control failures, has realigned the focus on operational risk. Following the financial crisis, the investment world has become more complex. Financial regulators have become more focused and the burden on asset managers to implement the tidal wave of emerging regulatory obligations is onerous. However, whilst the cost of implementing and complying with the new regulatory landscape is significant, it is dwarfed by the consequences of non-compliance.

Asset allocators and investors expect an operational risk assessment to fully complement any investment due diligence exercise. In short – investing has become more complicated, bringing new degrees of risk for investment institutions.

Successfully navigating these operational risks offers organisations the ability to focus on maximising alpha generation by implementing best-in-class oversight, processes, and controls. Investment institutions should therefore seek guidance in identifying the risks within their organisations and implement appropriate mitigating measures.

Two categories of risk

There are two main categories of risk, which investment institutions needs to proactively address – thematic and developing. Thematic risks are classic organisational risks, which largely remain unaddressed, including:

Governance

The relative informality and structure of governing bodies/committees limits the ability of key decision-makers to act decisively

Automation

The failure within investment and operations infrastructure to support automation introduces the risk of human error

Guideline compliance

An inability to systematically code and monitor mandate restrictions continues to be problematic – however, the importance of investment guideline compliance is increasingly being recognised

Cash controls

Insufficient controls surrounding the process for authorising cash release increases fraud risk

Technology

The connectivity between critical order management, execution and middle-office systems is poor

Third parties

Appropriate third-party and outsourced service provider oversight models are under-developed

Emerging risks

In addition to these risks, new and developing risks are emerging due to new technologies and regulations. Many organisations are trying to catch up with market best practice but the bar continues to rise, and market standards are increasingly more challenging. Emerging risks include:

Cybersecurity

The threat of successful penetration has become a key business risk; repeated, successful cyber-breaches signal the sophistication of cyber-criminals, highlighting weaknesses within IT infrastructures

Background checks

The risk of fraud, other criminal activity, or reputational damage arising from deficient or non-existing criminal and financial background checks on new hires

Regulation

The industry faces a torrent of highly complex and impactful regulatory demands from global regulators

To keep pace with this ever-evolving risk climate, investment institutions need to move away from the traditional and obsolete due diligence exercises that focus primarily on investments and alpha generation, and which do not fully address the current risk environment. Rather, organisations should conduct comprehensive risk assessments that include a thorough review of front-, middle- and back-office functions – that is, investment and operational due diligence – and focuses on the risks and costs of governance and execution that could result in alpha erosion.