Despite increased regulation, more sophisticated markets and better-informed investors, the risks of investing remain and, in many cases, increase over time, in both size and quantum. The ongoing accounting issues at Steinhoff have again highlighted this fact.
In recent years, operational risks have been at the forefront of the risks facing investment institutions, as evident in the fundamental paradigm shift seen since the last global financial crisis. The dial has moved distinctly away from a singular focus on investment manager selection and investment returns in isolation.
The systematic meltdown of the financial markets in 2008, coupled with high profile cases of fraud and internal control failures, has realigned the focus on operational risk. Following the financial crisis, the investment world has become more complex. Financial regulators have become more focused and the burden on asset managers to implement the tidal wave of emerging regulatory obligations is onerous. However, whilst the cost of implementing and complying with the new regulatory landscape is significant, it is dwarfed by the consequences of non-compliance.
Asset allocators and investors expect an operational risk assessment to fully complement any investment due diligence exercise. In short – investing has become more complicated, bringing new degrees of risk for investment institutions.
Successfully navigating these operational risks offers organisations the ability to focus on maximising alpha generation by implementing best-in-class oversight, processes, and controls. Investment institutions should therefore seek guidance in identifying the risks within their organisations and implement appropriate mitigating measures.
Two categories of risk
There are two main categories of risk, which investment institutions needs to proactively address – thematic and developing. Thematic risks are classic organisational risks, which largely remain unaddressed, including:
- Governance The relative informality and structure of governing bodies/committees limits the ability of key decision-makers to act decisively
- AutomationThe failure within investment and operations infrastructure to support automation introduces the risk of human error
- Guideline compliance An inability to systematically code and monitor mandate restrictions continues to be problematic – however, the importance of investment guideline compliance is increasingly being recognised
- Cash controlsInsufficient controls surrounding the process for authorising cash release increases fraud risk
- TechnologyThe connectivity between critical order management, execution and middle-office systems is poor
- Third partiesAppropriate third-party and outsourced service provider oversight models are under-developed
In addition to these risks, new and developing risks are emerging due to new technologies and regulations. Many organisations are trying to catch up with market best practice but the bar continues to rise, and market standards are increasingly more challenging. Emerging risks include:
- CybersecurityThe threat of successful penetration has become a key business risk; repeated, successful cyber-breaches signal the sophistication of cyber-criminals, highlighting weaknesses within IT infrastructures
- Background checksThe risk of fraud, other criminal activity, or reputational damage arising from deficient or non-existing criminal and financial background checks on new hires
- RegulationThe industry faces a torrent of highly complex and impactful regulatory demands from global regulators
To keep pace with this ever-evolving risk climate, investment institutions need to move away from the traditional and obsolete due diligence exercises that focus primarily on investments and alpha generation, and which do not fully address the current risk environment. Rather, organisations should conduct comprehensive risk assessments that include a thorough review of front-, middle- and back-office functions – that is, investment and operational due diligence – and focuses on the risks and costs of governance and execution that could result in alpha erosion.