Once, risk management and compliance were barely tolerated nuisances in the investment management world. Managers and advisors were only “encouraged” to participate in processes they felt were both simple and annoying. However, after the great financial crisis of 2008, these procedures and processes became an integral part of the investment process. With developments by the Department of Labor’s Fiduciary Rule, compliance and risk management directives were further cemented into the foundation of all advisory practices.
Great Financial Crisis: A Game Changer
Before the financial crisis, the market had experienced isolated dislocations and occasional company blow-ups due to poor management or illegal activities. While these incidents were devastating and impacted the lives of many, the breadth of the housing crisis in 2008 left no one in the country untouched. Those that thought their portfolios were diversified found their investments correlated. Those who assumed that their risk procedures accounted for and protected them from even the most unlikely scenarios found that they were gravely incorrect.
Some investment managers and financial advisors may argue that this crisis was unique, that we have learned from it, and that the likelihood of a repeat is low. For clients, even the smallest chance of a similar event is too much when the damage caused is so great. Therefore, clients are demanding more assurances that their assets are treated as safely as possible. In turn, money managers and advisors must design risk and compliance processes that are more effective at maintaining and mitigating risk, while also not restricting themselves from managing assets appropriately.
Risk and Compliance Guidelines
The CFA Institute, a professional organization, in conjunction with the Securities and Exchange Commission (SEC), has created several guidelines to make compliance directives as effective as possible. Compliance and risk management procedures should do the following:
1. Legal and Regulatory Requirements
First and foremost, compliance policies and procedures need to be developed to ensure all investment activities comply with laws and regulations. Federal laws that apply to asset managers will result in similar compliance reporting programs, but the specific internal controls of each manager’s program may differ slightly.
For example, tools that require each member of the investment team to “self-assess” their compliance are sometimes developed specifically for that manager or advisor. These programs will vary based on the size of the firm and the type of investments each firm engages in; however, most firms will be held to the same guidelines by the Department of Labor’s recent legislation.
2. Separate Function
Creating an independent function for a compliance team or manager – separate from the investment team – is a good way to allow a compliance team to implement the most effective procedures. A compliance officer should be responsible for designing, implementing and overseeing the procedures and policies.
For example, the compliance officer should ensure the client is the top priority by reviewing all personal and firm transactions. A risk manager needs to develop an effective risk tool that can create risk boundaries or guidelines, monitor the investments, determine the areas of potential risk and implement corrective actions. The compliance team and procedures should “regularly convey to all employees that adherence to compliance policies and procedures is crucial and that anyone who violates them will be held liable,” according to the CFA Institute.
3. Third-Party Verification
Client portfolio information should be verified by a third party to make sure it is accurate and complete. Not only does it enhance manager credibility but it can help to identify potential areas of risk. Third-party verification can take the form of an annual audit or through trade confirmations from a custodian.
4. Record Keeping
Keeping accurate and easily assessable records is an important requirement for several reasons. For compliance and risk purposes, the CFA Institute suggests that “Managers should retain records that substantiate their investment activities, the scope of their research, the basis for their conclusions, and the reasons for actions taken on behalf of their clients.”
Meticulous record keeping and transparency of information are both things highlighted in the Department of Labor’s Fiduciary Rule. Additionally, accurate records can assist the implement risk management in back-testing various risk scenarios to determine levels of correlation or other risk metrics.
5. Appropriate Resources
Qualified staff and adequate technological resources are needed to monitor investment actions. This includes the ability to thoroughly analyze and track investment decisions and actions. These tracking tools should identify that client interests are a priority and the services clients receive are within the purview of their agreement.
Internal controls are also required to prevent illegal activities with respect to the client relationship such as excessive gift giving and other questionable processes. The term “appropriate resources” does not just apply to the number of staff, but also the qualifications of the staff. Advisory practices have a responsibility to employ experienced and knowledgeable staff members, provide full disclosure, and implement money management tools that are approved by regulatory institutions.
In terms of risk management, advisors need appropriate resources, both human capital, and technology, to be able to competently perform the necessary research and analysis that are performed to make informed investment decisions. Technological tools can include software to perform analyses like Value at Risk (VaR) or stochastic models. A risk management process needs to also include regular portfolio monitoring—at the holdings level and for the overall portfolio – to make sure it is managed within the client’s guidelines. This is increasingly important as more sophisticated securities, such as derivatives or other alternative investments are used.
6. Disaster Planning
The financial crisis of 2008 highlighted the fact that a plan for management during a disaster and recovery is essential. Procedures developed to safeguard client interests could include having a backup offsite facility, creating secondary monitoring and trading systems and developing communication plans for employees. These plans should be developed by everyone within the company, reviewed regularly and tested firm-wide periodically.
The Bottom Line
Events like natural disasters, terrorist attacks, or market crashes used to seem unlikely, but the global nature of the markets has increased the likelihood of unusual occurrences, bringing to the forefront the need for strong risk and compliance processes in any organization. These processes, which will improve the diligence and care with which managers invest clients' assets, should enact procedures that are reviewed and tested on a regular basis.