Collaboration and communication is only way for ‘risk management’
Risk management must be dealt with on a dual basis, using internal training and regulatory admin adherence to achieve the best results.
Andrew Putwain POSTED ON 9/28/2023 8:00:00 AM
Learning to live with regulations
“Always being expected to do more with less is a struggle.” That was the final comment at a panel discussion at Fund Operator Summit Europe 2023 last week on “How can investment operations professionals balance the need for innovation with risk management and compliance?”
The panel – which included Brian Digney, Research & Content Director, Standards Board for Alternative Investments (SBAI), Matt Giordmaina, Head of Reconciliations - Investment Operations, Man Group, Niall O’Toole, Director, Digital Transformation, InfraRed Capital Partners, and Darryl Cornelius, VP Head of Regulatory Projects, State Street Global Advisors – concluded that the industry was juggling too many balls. Without collaboration and communication between teams and regulators, the panellists said, they were liable to inadvertently fall foul of regulations.
“Regulatory change is key. Any organisation needs to understand that implementation of change is their responsibility first and foremost.”
The panellists focused on these ideas of collaboration and communication as the best ways to alleviate risk and compliance headaches. They also said these were important factors to build into a company’s culture; teams really needed to know why risk management, compliance, and regulatory adherence was so important.
One way of achieving the task was a two-pronged attack – teaching staff and working internally on due diligence and best practice, whilst simultaneously giving some team members the explicit responsibility to monitor regulatory adherence. If enough focus were put on the first prong – education and mindset – then the second would come as second nature, panellists said.
“Regulatory change is key,” said Cornelius. “Any organisation needs to understand that implementation of change is their responsibility first and foremost. A good legal and compliance team can no longer ‘get you out of trouble’ when it comes to reputational risk and now, as a business, you should be taking into consideration how will any regulatory change affect my clients – and whose responsibility is that?”
"The risks you choose to address will be different for small resource-crunched asset managers versus more sophisticated systems in place at larger organisations.”
Digney, coming from a different perspective due to his role at a standards-setting body, was keen to emphasise that regulatory adherence, whilst a large concern, was being designed by those in the bodies with the best intentions for everyone in the industry at its core.
He recommended a three-line defence policy. The first element was around the “need to know” aspect and whether the staff at a fund operator took the issues of risk management and compliance seriously. If not, this mindset needed to become front and centre.
The second element, he said, “really depends on your resources”. He added that “the risks you choose to address will be different for small resource-crunched asset managers versus more sophisticated systems in place at larger organisations.”
The third element, after the organisation had assessed its capabilities, was to change its mindset around the topic. “The mindset [is key] of understanding that risk exists and being able to manage it.”
Digney also highlighted the regulatory administrative burden and the importance of making sure aspects were properly resourced and teams monitored for burnout. “We’re constantly being asked to do more with less,” he said.
Internal versus external pressures
Both O’Toole and Giordmaina spoke about training their staff internally and having adequate resources to deal with regulators.
The panellists said that this risk management model, both internally and externally focused, worked for them, with Giordmaina commenting that any level of achievement meant “you just have to become really good at juggling”.
“It’s about assessing risks and setting the likelihood for impact, and continuing to monitor those things.”
Internally, Giordmaina said, he created focus groups and training sessions, which worked on addressing culture, root-case analysis programmes, and training on fundamentals that could help the staff know where to look for risk issues – to better address them. He focused on data, technological expertise, and creating “fundamental conditions for innovation.”
O’Toole said he did the same but kept regulatory adherence for risk management as a separate process of constant monitoring deadlines and paperwork. “It’s about assessing risks and setting the likelihood for impact, and continuing to monitor those things,” he said.
Due to these methods, he explained, he could ensure his team was never caught off-guard, whilst also building resilience.
Get the recent popular stories straight into your inbox