Where is the Risk?Where is the Risk? Navigating Operational Complexities

Our Thinking / Operational Risk & Consulting

Where is the Risk? Navigating Operational Complexities for Investment Institutions, From Cybersecurity to Automation
Calendar20 November 2017

With assets under management in the region set to rise exponentially, the case for organisations investing in operational risk management is stronger than ever.

According to a PwC report, the Middle East market is expected to more than double between 2012 and 2020, with assets expected to rise to $1.5 trillion (Dh5.5 trillion) by 2020 from $600 billion in 2012 — 12 per cent at an annualised rate. It should be a business imperative that the risks associated with such growth are appropriately managed.

In recent years, operational risks have come to the forefront of the risks facing investment institutions, as evident in the fundamental paradigm shift since the global financial crisis. The dial has distinctly moved from institutions considering investment manager selection and investment returns in isolation.

The systematic meltdown of the financial markets in 2008, coupled with high-profile cases of fraud and internal control failures, has re-aligned focus on operational risk. Following the financial crisis, Madoff, UBS and JPMorgan Chase, the investment world has become more complex.

Financial regulators have become more focused. Asset allocators and investors expect an operational risk assessment to fully complement any investment due diligence exercise.

In short, investing has become more complicated, bringing a new degree of risks for investment institutions.

The successful navigation of these operational risks offers organisations the ability to focus on maximising alpha generation by implementing best-in-class oversight, processes, and controls. Investment institutions should seek guidance in identifying the risks within their organisations and implementing appropriate mitigating measures.

With assets under management in the region set to rise exponentially, the case for organisations investing in operational risk management is stronger than ever.

According to a PwC report, the Middle East market is expected to more than double between 2012 and 2020, with assets expected to rise to $1.5 trillion (Dh5.5 trillion) by 2020 from $600 billion in 2012 — 12 per cent at an annualised rate. It should be a business imperative that the risks associated with such growth are appropriately managed.

In recent years, operational risks have come to the forefront of the risks facing investment institutions, as evident in the fundamental paradigm shift since the global financial crisis. The dial has distinctly moved from institutions considering investment manager selection and investment returns in isolation.

The systematic meltdown of the financial markets in 2008, coupled with high-profile cases of fraud and internal control failures, has re-aligned focus on operational risk. Following the financial crisis, Madoff, UBS and JPMorgan Chase, the investment world has become more complex.

Financial regulators have become more focused. Asset allocators and investors expect an operational risk assessment to fully complement any investment due diligence exercise.

In short, investing has become more complicated, bringing a new degree of risks for investment institutions.

The successful navigation of these operational risks offers organisations the ability to focus on maximising alpha generation by implementing best-in-class oversight, processes, and controls. Investment institutions should seek guidance in identifying the risks within their organisations and implementing appropriate mitigating measures.

We see two main categories of risk, which investment institutions needs to proactively address — thematic and developing. Thematic risks are classic organisational risks, which largely remain unaddressed, including:

Governance: Relative informality and structure of governing bodies/committees limits the ability of key decision-makers to act decisively.

Automation: Failure within the investment and operations infrastructure to support automation introduces the risk of human error.

Guideline compliance: Inability to systematically code and monitor mandate restrictions continues to be problematic. However, the importance of investment guideline compliance is increasingly being recognised.

Cash controls: Non-existent or insufficient controls surrounding the process for authorising cash release increases fraud risk. 
* Technology: Connectivity between critical order management, execution and middle-office systems is poor.

Third-parties: Appropriate third-party and outsourced service provider oversight models are under-developed.

In addition to these risks, new and developing risks are emerging due to new technologies and regulations. Many organisations are trying to catch up with market best practice, but the bar continues to rise and market standards are increasingly more challenging. Emerging risks include:

Cybersecurity: The threat of successful penetration has become a key business risk. Repeated, successful cyber-breaches signal the sophistication of cyber-criminals, highlighting weaknesses within IT infrastructures.

Background checks: Risk of fraud, other criminal activity, or reputational damage arising from deficient or non-existing criminal and financial background checks on new hires.

Regulation: The industry faces a torrent of highly complex and impactful regulatory demands from global regulators.

To keep pace with this ever-evolving risks climate, investment institutions need to move away from the traditional and obsolete due diligence exercises that focus primarily on investments and alpha generation, which do not fully address the current risk environment.

Rather, organisations should conduct comprehensive risks assessments that include a thorough review of front-, middle- and back-office functions. That is, investment and operational due diligence, which focuses on the risks and costs of governance and execution that could result in alpha erosion.

We believe this holistic view in navigating the myriad operational risks is essential as the opportunities — and threats — to businesses in the region increase.

Nigel Morriss, Head of Operational Risk, IMETA

  Speak with a Mercer Consultant
We’re eager to speak with you. Please provide your details below.
*Required Fields