Both retail and institutional investors who have survived one or more economic recessions have learned that they cannot select their money managers solely on a demonstrated stream of at or above benchmark returns and that they need to include the underlying risk of their investment portfolio in the formula that calculates expected future value. However, the risk denominator in portfolio management analytics may be underestimated or misestimated because of the following three industry problems:
1. The traditional view of risk is disaggregated
The traditional view segregates risk into market, credit and operational. In most organizations, both public corporations that issue equity and debt to investors and privately-held asset managers that oversee investors’ money, the various aspects of risk are managed separately. For example, in some typical organizational structures, the Investment Officer is responsible for market risk; the Treasury Officer or CFO for credit risk and the COO for operational risk. Each analyzes and synthesizes risk separately and reports his findings to the Board or Management Committee, leaving them baffled to make sense of the holistic picture. However, risk is not additive or linear and often hot spots in one area may cause undetected issues in other areas.
Market, credit and operational risk were interrelated in one of the most notorious examples of risk mismanagement — AIG’s failure to meet its liquidity obligations which led to $170 billion government bailout. AIG was heavily involved in writing CDS with its exposure at the height reportedly reaching $440 billion (market risk), which exceeded what the company could pay in claims when the MBS it insured defaulted leading to a liquidity crunch (credit risk). Additionally, there were signs of inherent operational risks: AIGFP was a minimally regulated and separate hedge fund that leveraged the credit rating of the holding company to place big bets with little reserves. Each one of these issues separately did not pause “crash the car” risk, but in aggregate the market, credit and operational risk factors of AIG could have been lethal to the company and the economy safe for the subsequent government bailout.
2. Regulators are approaching the industry reactively
Significant regulatory tightening ensued after the 2008 mortgage crisis. According to some critics, regulators may potentially be looking at risk far more reactively by focusing on the problems that have already manifested than proactively identifying new risks that could cause the next business failure. For example, the Financial Stability Oversight Council (FSOC) so far designated three US financial institutions as Systemically Important Financial Institutions (SIFIs) – GE , Prudential and AIG and imposed on them increased capital requirements. However, the FSOC does not consider large asset managers to be SIFIs. There is some merit to the logic that asset managers do not require as strong of a balance sheet since they do not own the assets they manage and pass through the downside risk to their investors. Yet, it could be argued that the asset managers’ aggregate risk and that their investment processes and technology infrastructure pause systemic risk. For example, over a trillion dollars of passive investments including the iShares brand are managed on Blackrock ’s technology platform Aladdin. It is not hard to foresee the dramatic impact of a major failure of Blackrock’s platform on the US and global economy.
3. Operational risks is not adequately represented
To manage market risk better, most investors are well aware of basic portfolio hygiene principles including the value of diversification, the importance of looking at volatility driven asset correlation, rebalancing, the criticality of subtracting leverage when assessing quality alpha, the value of protecting for inflation through IL bonds or inflation-hedging assets such as real estate. I would argue that operational risk is as big if not a bigger driver of financial loss as market risk. According to Phillipa Girling, a leading expert on operational risk and author: “operational risk in the headlines in the past few years” is hard to ignore: Notorious examples include “egregious fraud (Madoff, Stanford), breathtaking unauthorized trading (Société Générale and UBS), shameless insider trading (Raj Rajaratnam, Nomura, SAC Capital), stunning technological failings (Knight Capital, Nasdaq Facebook IPO, anonymous cyber‐attacks), and heartbreaking external events (hurricanes, tsunamis, earthquakes, terrorist attacks).” (Operational Risk Successful Framework). Inadequately managed operational risk costs investors, corporations and tax payers billions of dollars: Madoff’s pyramid reportedly cost investors $18 billion and the 2008 government bailout cost taxpayers $700 billion. (New York Times Archives)
If the impact of operational risk is undoubtedly large, why do otherwise savvy investors often disaggregate or even completely miss operational risk from the overall expected value analytics of their portfolio and inadvertently accept more risk than they are comfortable with? Part of the problem stems from a lack of a well established methodology to clearly quantify operational risk and integrate it into portfolio management.
Imagine creating a unified industry-sponsored score for operational risk similar to a credit score or Moody’s bond ratings, which takes into consideration the fundamental elements of operational risks – people, process, technology, and external events, and quantifies them. That score would then be clearly available for investors along with the returns and market risk of the portfolio leading to a far more accurate valuation. Significant progress toward accountability and transparency could be made if operational risk were to be demystified.
How can investors make safer investments?
What could investors do in an environment of confusing regulatory requirements and limited transparency around operational risk? For starters, Investors can raise their awareness and employ alternatives to address the information asymmetry in the following ways:
1. Select asset managers that demonstrate commitment to operational risk management
Certainly some asset managers understand and are willing to invest in operational excellence and risk management. For example, in the 2014 Review of the Asset Management Industry, the Boston Consulting Group provides an overview of the shadow model where an asset manager can use two counterparties to manage their middle and back office. At Bridgewater Associates, I co-led the implementation of such a model where the firm aimed to create greater transparency, switchability and stay ahead of the regulatory bodies by outsourcing its back and middle office to both BNY Mellon and Northern Trust. FundFire published an article, Bridgewater Divides Industry with Latest Deal, describing the benefits and open questions about the model. It is still early to say whether the industry will embrace this model more broadly. Similarly to gain an operational excellence edge, Citadel and Tudor invested in a custom-built straight-through processing systems that integrate the trading platforms with the post-trade processes creating greater transparency and reliability. Both are aiming to commercialize their technologies and make these available to smaller money managers who may not be able to afford a large in-house technology development team.
2. Look for business partners that can help
Whenever there are potential gaps, new business models emerge and the industry evolves. There is an opportunity for emerging business models that approach risk holistically and try to identify trends and hotspots that transcend the traditional framework of market, credit and operational risk. Promontory and Wolters Kluwer , advisory and solutions firms with some of the leading risk experts, helCategoriesps organizations find the elusive right balance of risk and return. Actimize and AcordIQ, a company I co-founded to enable portfolio governance solutions for Chief Investment Office to enable greater transparency and holistic risk management.
3. Improve your investment due-diligence process
Investors are in the best position to demand greater transparency and accountability from money managers and one way to do that is to raise the standards of due-diligence. Here are some ideas how to conduct more comprehensive due-diligence into the operational risk of your portfolio and go beyond the typical cursory interview with the operations or compliance manager.
- Question consultants and current and former employees outside of the formal due-diligence process that can provide a view into an asset manager’s operations. Ask about the reliability and scalability of their technology infrastructure which could show signs if they can withstand market volatility events.
- Utilize social media to look for red flags of operational risk issues: Social media is pervasive and easily available. Of course, you need to weed through a lot of noise but at least you can get direction what questions to ask. Look for patterns of repeated concerns.
- Pay attention to people: Ask questions about turnover, talent management, role succession, experience level of key roles, and culture.
- Ask for an organizational chart: The organizational chart can tell you if the company takes checks and balances seriously. Look for signs of conflict of interest: Is the Chief Investment Office responsible for areas that should be overseeing him such as risk, compliance or treasury? Does an integrated risk function exist? Does the HR and Talent Management function have a seat at the executive table?
- Request to see the metrics the CIO uses to review risk holistically: Investors can get a view into how committed the CIO/ CEO is to risk management by the level of maturity and quality of the risk analytics.
- Visit the office: While client reports and meetings with the sales team are useful, these cannot tell you enough about how your money is really being managed. At the office, you will be able to meet the people who actually do the work and see the systems used to manage the investment and post-investment processes.