09:23 AM
The Marriage of Compliance and Risk
The financial crisis has caused great upheaval throughout the global markets, and the post-fallout form of the market is yet to take its final shape. Equally uncertain is the eventual regulatory framework that will give it structure and boundaries. What is certain, however, is that regulation is changing, becoming more wide-reaching and more in tune with a global marketplace, with an inevitable impact upon asset managers, not just in terms of the compliance tools they put in place, but even in the way the firm is structured to address compliance and risk.
One of the pieces of current legislation that is attracting substantial amounts of attention, and is likely to serve as inspiration for future regulatory moves, is the European Commission’s UCITS IV. Designed to remove existing administrative barriers to the cross-border marketing of UCITS funds, the framework promises to generate a greater choice of investment funds operating at lower costs and to improve investor protection by making sure they receive clear, easily understandable and relevant information.
Here in the US, the Securities & Exchange Commission (SEC) is now extending its remit beyond the regulation of OTC and exchange-traded derivatives. Driven by growing calls for ready availability of public price information and market transparency, the securities industry has found itself the object of increased scrutiny from regulators striving to protect investors and tackle concerns over market integrity.
Ultra-high speed trades, known as flash orders, are one of the trading strategies to have aroused the scrutiny of the SEC. Flash orders give a group of high-frequency traders a blink-and-you’ll-miss-it sneak preview of buy or sell orders before they become visible to the entire market. Some industry insiders fear that this could give an unfair advantage to those investors who have access to the premium-priced technology that enable flash trading.
In response to these concerns, the SEC proposed a ban on flash trading in mid-September this year, with a second vote by commissioners required to finalize the ban. The practice was then swiftly prohibited by Nasdaq. But the flash-trading controversy has also attracted the SEC’s attention to high-frequency trading, a split-second stock trading strategy. Recent estimates suggest that high-frequency trading by hedge funds, investment banks and other players accounts for as much as 70% of all trades in US stocks, with The Tabb Group estimating that profits on high-frequency US equity trades were as high as US$8 billion last year.
The SEC has also started to voice its concern over the growing popularity of dark pools - venues where stock trades are obscured from public view with a veil of anonymity, allowing traders to hide their intentions from the wider market and thereby avoid moving the market. The Commission is currently considering whether dark pools could impinge on the quality of publicly available information and in effect create a two-tiered market that would not treat all participants in it fairly.
While the future shape of the post-credit crunch US regulatory landscape is still emerging, a heightened awareness of governance and risk issues is motivating ever-closer monitoring from the likes of the SEC. As asset management firms juggle these new, tighter regulatory requirements, new legislation is filtering through to the organisational structure of asset management firms.
In the good old pre-sub prime days, it was common practice for legal, internal control, compliance and risk management departments to be rigidly separated, leading to a fragmented view of the nature and extent of the firm’s risk. This decentralized approach may offer accurate local assessments of compliance and legality but, almost inevitably, this breaks down when considered at a wider level.
To adopt an effective response to these new, probably more conservative ratios, compliance and internal control departments will need to work more closely with their counterparts in legal. Not only that, they will need to work specifically with risk and audit teams to ensure that definitions of high risk and low risk are widely disseminated and embedded into all aspects of a trading organization’s operations. Just as the international regulatory bodies are entering into a period of closer co-operation, collaboration and communication, so individual firms must adopt a similar spirit of openness within their organizations and break down current silos of data and activity.
Naturally, certain firms will find this easier than others. But it is not unknown for legal to be situated on the fourteenth floor, internal controls on the tenth and risk management on the fifth, so that even the physical structure of the firm is a barrier to a more unified approach. Communication is only triggered by a shutdown in systems or risk events so big that they make it to the front pages of the media. In other words it is external pressures that cause these teams to come together, and overcome the inherent barriers to a unified approach to risk management.
And of course these different departments have different ways of looking at a portfolio. Those working in internal control look at legal ratios in a different way to the lawyers. Each department has a different set of boxes to be ticked. They may also have different systems, with little co-ordination between each one. On top of this is the risk department, identifying and defining risk, following up contracts and looking at exposure with yet another set of tools. The result is that there is no aggregate view of the portfolio, and no unified reporting mechanism.
As the pressure from new legislation builds, the cracks in this operational structure will become increasingly apparent. What the current crisis has illustrated so well is that risk itself is not confined to individual departments. Managing price risk or market risk is in fact one element in managing operational or enterprise risk in an environment where reputation and demonstrable controls have become business-critical assets. If firms are to make effective decisions about risk, in terms of managing individual portfolios as well as safeguarding their own futures, they need to reassess the role that compliance and risk tools play in their organizations.
It is no longer a question simply of looking at trading as an isolated activity, and managing pre, post and intra trade compliance on individual transactions. Instead, the entire firm needs to align itself around risk management, and view itself as a series of highly interconnected decision-making units. It needs to select the compliance tool that can assist in the breakdown of traditional operational silos, and can provide legal compliance as well as support the development of risk policy.
That means it must offer an aggregate view of the portfolio, and the different ratios that must be followed up. It should also support the firm’s ability to define internal risk policy and limits via additional ratios that may even be more restrictive than those specified by the regulators. For example, by restricting the amount of sub-prime assets held by a portfolio to one percent. In other words, it must support not only client mandates and regulatory rules, but also in-house rules and risk management policies.
There is also increasing pressure from clients, who are far more conscious of the need for stringent compliance and risk management: not only are mandates becoming more complex as investors look to hedge all but the safest of positions, but fund managers must meet demands for greater reporting and transparency from clients demanding to know what positions they hold. Clients are making it a regular practice to understand how their assets are being compliance tested, and in their regular visits to asset managers throughout the year, are now asking for compliance and risk to be part of the groups that they visit. Furthermore, growing pressure to deliver best execution can often seduce firms into using one-off applications to improve execution quality that are not fully integrated into their compliance program.
But more than ever, this marriage of compliance and risk must take place on a global basis to ensure that national silos do not develop to replace the operational ones. As international regulation becomes more homogenized, so must the systems that support it, to ensure that the minimum risk standards of the most conservative jurisdiction can be applied across the portfolio with ease. A global implementation of a compliance system that offers an aggregated cross-asset, cross-location, cross-legislation, and cross-funds view, with comprehensive audit trails and reporting functionality will eventually become the minimum requirement for effective operational compliance and risk management.
What asset management firms need to come to terms with is that the role of compliance has changed. The view that it can only compromise performance, and that the two requirements are diametrically opposed to each other needs to be abandoned. Today, compliance is a key risk management metric that plays a crucial role in performance, and will increasingly be seen as top of the list of priorities from potential and existing clients. Getting the right system in place demonstrates to prospects and the market at large that compliance and risk management is taken seriously.