• wblogo
  • wblogo
  • wblogo

FCA assesses asset managers' use of portfolio and risk management tools

Jonathan Wilson, Ellis Wilson Ltd, Director, London, 22 January 2020

articleimage

Hot on the heels of the British Financial Conduct Authority’s proposals for improving larger firms' operational resilience, to be found in CP 19/32, the regulator has published an assessment of the way in which asset managers use risk modelling and portfolio management tools.

The ten firms that its staff visited were of different sizes, operated on different scales and had different operating models and asset classes.

The FCA has been working in the fields of technology and "cyber-resilience." With this in mind, it wanted to find out how asset managers select, use and oversee the 'tools' (i.e. software programmes) and models that they employ, how they spot and manage relevant risks and whether they are able to respond to system failures or interruptions in service. The FCA spotted problems in processes and controls, particularly in the way in which firms oversaw risk models and planned for contingencies.

The FCA is worried that a significant technological failure could cause consumers serious harm and, if it affected a large enough group of asset managers, could also damage the integrity of markets. This is a reminder that "operational resilience" (see below) is not just a matter for the large firms. There are no detail rules in this area – firms must instead concentrate on standards and results.

What does the FCA think matters?

The answer to this question comes under several headings.

Strategy. Firms (no matter whether they develop their systems in-house or with one or more software providers) should consider strategy and the resulting trade-offs between functionality, maintenance, competitiveness and "operational resilience." Many firms told the FCA that they selected their risk models party because investment consultants and other intermediaries expected or wanted them to use various "modelling tools." The FCA inferred from this that those firms were not always fully committed to using those tools.

Resilience and recovery. Firms have not given enough consideration to different lengths of outages and the crucial role of portfolio management tools and associated services. They find it "prohibitively expensive" to build and maintain "fallback plans" to help themselves operate normally during extensive outages. These firms are weak in respect of the frequency, timing, synchronisation and storage of data back-ups.

Upgrades and patches. The FCA identified some tension between the need of firms to make the necessary changes quickly and their desire to test the upgrades properly. They were not always confident about the circumstances in which they could pass financial liability on to their providers. Some relied on testing by the vendor without a clear understanding of how these tests matched up with the way in which they were using the software.

Vendor management. Firms that involve end-users in the management of vendors seem better at assessing the quality of various services. The involvement of end-users also helps them make their systems more resilient, set priorities for overseeing various things and categorise the risks that various providers pose.

Model governance. This can be difficult because it is hard to build and retain technical expertise. The development and use of sampling models may be too limited to assure firms that they are developing and using models well. Triggers or circumstances which might allow portfolio managers to change or overrule model outputs are not always defined or written down well.

Replacing systems. Some relationships between firms and vendors last for too long because firms that want to dismiss their vendors face delays, cost overruns, data migration issues and problems with testing. They can overcome some of these problems by analysing gaps between desirable and real performance in detail, by moving change-programme contractors in-house and by operating old and new tools in parallel.

Where do we go from here?

The FCA plans to carry on looking at the arrangements that other asset managers make on the subject of "operational resilience." The regulator has explained elsewhere, in a paper called DP18/4, that operational disruptions to the products and services that firms and financial market infrastructures (FMIs) provide can harm consumers and market participants, threaten the viability of firms and FMIs and cause instability in the financial system. "Operational resilience" refers to way in which firms and FMIs prevent, respond to, recover from and learn from these operational disruptions.

The FCA suggests that the "first line of defence" from risks (management controls and internal measures of control) at each firm should be more involved than it is today in the development and the subsequent review and testing of arrangements to make that firm operationally resilient. It also wants to see the "first line" do more to influence the approach that the firm takes towards involving users in the way it manages its relationships with vendors. This suggests that the FCA has spotted a disconnection between the plans that firms have regarding operational resilience and the continuity of front-line services.

It is somewhat surprising that the FCA has chosen not to play the "senior manager responsibility" card, but it still seems prudent for senior managers at asset-management firms to consider the stability, the security and the suitability of the tools that they use to manage portfolios and risks and their control over them.

* Jonathan Wilson can be reached on +44 (0)20 3146 1869 or at jon@elliswilson.co.uk

Latest Comment and Analysis

Latest News

Award Winners

Most Read

More Stories

Latest Poll