Operational Risk – Too Important to Ignore
Sanusha Gokaran
Operational Due Diligence Manager,
STANLIB Multi-Manager
“It is not that I did not tell you the truth. It is just that you did not ask the right questions.”
Make sure you ask the right questions! This is the motto that our Operational Due Diligence (ODD) team live by.
Manager Research + Operational Due Diligence = Manager Opportuniy Set
While most investors focus on investment attributes when considering whether or not to invest in an asset manager, equally important is how the manager operates their business as we are essentially buying both the investment services as well as the operational, compliance and risk management support functions of the manager. This is the operational risk of the controls and procedures in place to prevent fraud and theft of assets.
Operational risk is the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events. Operational risk management seeks to identify, manage and mitigate non-market risk, focusing on three primary categories as described in the diagram below:
Operational, compliance and business risks that are not adequately addressed can contribute to poor performance or more drastically, an asset manager’s failure. Fully understanding our asset manager’s operational risks is integral to us making prudent investment decisions.
Given our fiduciary obligations, we cannot accept low operational standards simply because we are allocating to underlying asset managers. As a result, we expect that underlying managers, match our operating standards and mitigate business risks at the same standard that we do.
Historically, the robust analysis of an asset manager’s operational risks was an optional “nice to have”. However, as the asset management industry has grown and matured, this necessity has entrenched itself in the heart of a comprehensive risk analysis on a manager – known as the discipline of Operational Due Diligence (ODD).
Investors are increasingly recognising that weak business infrastructure creates an unavoidable drag on performance in that a manager with weak controls may not have the data, technology and operational efficiency to ensure optimal implementation of their investment strategy.
The outcome of a thorough ODD is that investors are more informed and therefore:
Investors no longer make decisions based solely on investment performance, but rather focus equally on the risk of operational failure, be it through fraud or error, as operational effectiveness is paramount and a mandatory component.
Investors are aware of the reputational and governance impact of investing in a manager that suffers a loss due to operational failure will likely exceed the impact of a loss due to investment underperformance. Recent scandals have emphasised the growing importance of adequate operational risk management in the minds of investors.
Investors demand improved transparency from managers with whom they are invested.
The STANLIB Multi-Manager ODD toolbox
ODD is the function we deploy to ensure that asset managers meet ever evolving and demanding requirements. A sound ODD process can serve as an effective mechanism to mitigate the risk of investing with operationally unsound asset managers. Vital considerations within our ODD process include review of a robust infrastructure, established service providers, a culture of compliance and strong governance. Designed to improve transparency, alignment and governance, different ODD procedures are adopted to assess various asset classes. We seek visibly operational infrastructures among asset managers of all strategies and sizes, from the large corporatised asset managers to smaller boutique asset managers, as we understand that a more sophisticated operational framework is required to support the investments that we select. We use systems, quality reporting and dashboard capabilities to provide an effective view of operational risks identified.
While there are numerous categories and sub-categories of risk covered by an ODD process, the following are paramount to STANLIB Multi-Manager in deciding whether to invest with managers:
A manager’s governance framework has become a “deal-breaker” in the investment decision process, since poor governance is a significant risk for investors and one borne without any reward. The presence of good governance is essential in terms of both crisis mitigation and problem resolution.
We attribute high value to asset managers that demonstrate quantified operational risks and supporting mitigation frameworks. For example, in the event of power cuts, building evacuations, or perpetration of fraud, the ability of a manager to demonstrate adequate measures to counter such incidents, reinforces the soundness of the manager’s operational risk framework.
The implementation of best practices starts with the structure of the organisation and requires constant evaluation. The absence of well designed and implemented policies, determining organisational structure, oversight, segregation of duties, staff, retention and turnover, service providers, influence and authority, documentation, conflicts, disclosure, are key indications of potential operational risks.
We expect to see a strong compliance culture, starting at the top and a robust compliance program including procedures, training and monitoring. Strong legal and compliance controls are paramount. The ever-increasing regulatory requirements of Treating Customers Friendly (TCF), Foreign Account Tax Compliance Act (FATCA), Protection of Personal Information Act (POPI), Common Reporting Standards (CRS), Solvency Assessment and Management (SAM), etc. require that the spirit of each of these regulations is deeply embedded in the organisation and understood and demonstrated by all. On compliance related matters, best practices should always exceed minimum disclosure.
Asset managers are expected to organise their internal affairs in a responsible manner, ensuring appropriate systems, procedures, controls and resources designed to mitigate and manage all risks to which its business is subject to and to ensure the safe-keeping of client assets, as well as the effective execution of its investment strategy.
An asset manager’s infrastructure should be appropriately tailored to their business. Asset manager’s systems, infrastructure and level of automation should be suitable to the requirements of their investment strategy and should provide scalability. Processes to ensure the security of data should limit access to sensitive applications or data to the appropriate personnel. There should be extensive system support (internal and external), and a regular review of the systems infrastructure.
The process of how an asset manager determines the value of investments is at the forefront of every risk review. Pricing is one of the most sensitive and important functions as there is room for manipulation, fraud, inaccuracy and errors in valuing assets. This highlights the importance of having a clear valuation and pricing policy in place.
Business continuity planning (BCP) refers to an asset manager’s ability to continue operating in the event of a disruption to its business. Disaster recovery (DR) relates to an asset manager’s ability to restore after a disaster event to the point where it was before the disaster occurred. BCP and DR planning should span all areas of the organisation. All asset managers need to implement best practice procedures and infrastructure in order to protect their business in the event of natural disaster, terrorism, pandemics and other disruptions.
Complete due diligence cannot be emphasised enough
Regulation aims to protect investors. The Financial Advisory and Intermediary Services (FAIS) Act puts immense pressure on the financial services provider and representative as it requires that thorough due diligence processes be followed, including:
Ongoing due diligence;
Communication of results to all financial advisers;
Regular update and review of due diligence data;
Carrying out due diligence consistently over all products;
Showing the client a due diligence summary prior to an investment being made;
Minuting in the Record of Advice; and
Keeping all necessary records to be produced should the need arise.
In the Edwafin case adjudicated by the FAIS Ombudsman and discussed on the FSB website (www.fsb.co.za), the FSB argued that they conducted verification by meeting various Edwafin representatives, visited its offices, attended product launches and contacted their clients to find out if they had been paid promised returns. However, the Ombudsman described these as superficial enquiries that did not amount to a proper due diligence with an independent and objective assessment of the Edwafin product and found that the FSB failed to conduct a proper due diligence investigation into a financial product before recommending it.
In conclusion
Sound operational risk management is a challenging discipline. The ODD team at STANLIB Multi-Manager carries a distinguished skill set and consist of ex-auditors, risk management practitioners, operational staff and independent members.
Not undertaking a proper ODD will expose clients to significant risks such as misappropriation of assets, fraud, regulatory penalties and reputational loss. Not only can this process help mitigate the risk of investing in the “wrong” asset manager’s, it can also serve as an effective mechanism to strengthen partnerships with asset managers, promoting a deeper level of transparency and dialogue.
