Outsourcing and risk management: time to redefine requirements?

Recent events have focused the minds of asset managers not only on the benefits but also on the risks of outsourcing. It may be time to revisit and recalibrate the strengths, weaknesses, opportunities and threats inherent in the business model. In this article, the author suggests six IT-architectural considerations for future risk mitigation in an outsourced back office environment.

by Marc Schröter, Senior Vice President, SimCorp

Download the article as pdf 

Over the last few years, there has been a trend for asset managers to move towards outsourcing part of their operations to their custodian or Third Party Administrators (TPAs).

Initially, these offerings covered back office processes such as asset servicing (corporate actions, income processing, tax services etc.), clearing services (actual settlement, fails management, clearing etc.), treasury services (cash and currency management) as well as fund services (fund administration, fund accounting, transfer agency etc.) and securities financing (lending and collateral management). Recently, TPAs have started to offer additional services such as performance and risk reporting as well as post-trade compliance reporting.

MOST COMMON AND SUCCESSFUL OUTSOURCING AREAS

It is generally believed that the most common and successful outsourcing areas are fund accounting and corporate events, whereas areas like pre-/post-trade compliance, investment analysis and performance are less likely to be outsourced.

Figure 1 shows a categorisation of some of the main functions of an asset management organisation. Some functions span front, middle and back offices and, in addition,there are often different definitions of what middle and back office cover.

In this definition, the front office covers investment decision and trade execution processes, whereas compliance control and risk management are considered an integral part of the investment decision process. Middle office covers post-trade activities such as trade confirmation, settlement and reconciliation as well as compliance, risk measurement and return and attribution analysis to form the basis of internal and external reporting (client, regulatory etc.). This information is also used intra-day as input for portfolio managers to support investment decisions and by managers to overview the total risk.

These front and middle office functions are generally considered less likely to be outsourced since they are core to the investment decision process and corresponding management. On the other hand, back office processes like corporate action processing, net asset value (NAV) calculation and fund accounting typically may be considered better suited to outsourcing, depending on the client’s target operating model1 (TOM).

As a result of outsourcing certain back office processes, many asset managers have now re-defined their operating model to a new scenario where parts of the operations are no longer carried out in-house. Accordingly, they have adjusted their enterprise architecture to reflect the new operating model.

A typical result of this model is an enterprise architecture with a number of trading systems in the front office and one or more TPAs taking care of all the back office operations. The front office system typically only holds minimum (intra-day) information which is uploaded on a daily basis from the TPA. In addition, there are typically a number of specialised systems covering specific middle office functions. Each of these systems are based on data fed from the TPA, the front office systems or other sources, see figure 2.

WHEN BANKS FILE FOR BANKRUPTCY WHAT YOU WANT IS OVERVIEW

At the end of business Friday 12 September 2008, most financial institutions knew that Lehman Brothers was in trouble. On Saturday 13, the US Federal Reserve (FED) called for a meeting on the future of Lehmans and, on Sunday 14, the International Swaps and Derivatives Association (ISDA) offered a special trading session to allow market participants to offset positions in various derivatives. On Monday 15, Lehman’s announced it would file for bankruptcy.

The recent financial crisis has highlighted other connected events similar to these. Moving into 2009, Citibank and Bank of America announced additional losses and with second phase bank rescue packages all over the world, there is a market situation where practically all financial institutions are at risk, no matter how large or small.

In this situation it is evident that financial institutions are very aware of the need to manage risk; counterparty risk, issuer risk, liquidity risk, market risk, operational risk etc.

However, risk management is not solely about access to systems with the correct theoretical models. Transparency and timely access to consistent information to produce a full overview of exposure are as critical.

Asset managers who have outsourced back office processes to a TPA rely on the services provided by the TPA as well as the quality of data provided to feed downstream systems. One of the main issues with an enterprise architecture, as shown in figure 2, is the duplication of data, which creates ambiguity in results produced. There is no guarantee that the same market data has been used for calculations, there is no guarantee that the same formulas have been applied and there is no guarantee that the results are produced with the same input parameters. This makes it very hard to have a consistent and consolidated reliable view across asset classes, portfolios, portfolio managers and TPAs. And if there is no consistent, consolidated view of exposure it is not possible to manage risk efficiently.

When ISDA opened up for that extraordinary trading session on Saturday 14, it was a unique opportunity for financial institutions to reduce their exposure towards Lehmans. However, to do so, required a full overview of their agreements and risks with Lehman. There was no time to manually consolidate data across systems and asset classes and there was no time to wait for the TPA opening up Monday morning to get access to the latest updated positions.

The problem boils down to the essential question asset management organisations should ask themselves: “Does our enterprise architecture provide the necessary information to manage investments and associated risk in a timely manner?”

The following sections discuss some of the critical issues that asset managers should be considering when reviewing their enterprise architecture.

SIX IT-ARCHITECTURAL CONSIDERATIONS FROM A POST-CRISIS PERSPECTIVE

1. INNOVATION AND GROWTH

For any asset manager an infrastructure that enables innovation and growth is a business critical requirement. Paramount is the flexibility to launch new products or move into new markets when desired. Launching new products means that the enterprise architecture must be able to handle all the administrative processes but also analyse exposure, risk and performance key ratios on these products. Moving into new markets means that the asset manager must comply with local tax and accounting standards and regulatory requirements.

The organisation should establish an enterprise architecture that gives suitable flexibility in these areas to support rapid time-to-market for new products and ensure they retain competitive advantage.

2. INFORMATION DETAILS LEVEL

Another key point to consider is the access to detailed portfolio information. Requirements differ across departments. The level of detail needed to match and settle a trade is very different from the requirements for handling portfolio accounting, which is again different from the requirements for performance attribution or risk management.

For example, if a global equity fund is managed by several external asset managers, the accounting department would need to see all trades in the same stock as one position, whereas the performance department would want to calculate return on each manager, hence splitting the stock position by manager. Pressure on returns has over recent years been the driver of a trend where many asset managers have started separate securities lending businesses, which brings a need for management of collateral. The recent market turmoil means that agency lending is changing as companies look to limit their risk from agencies and handle lending/collateral themselves. Further, the market situation has led to a situation where collateral is involved in almost all OTC contracts. This brings a significant requirement for asset managers to keep track of securities and cash at a much more detailed level than ever before.

Another example is the requirements for performance reporting according to time-weighted return (TWR). Whereas most portfolio key ratios (duration, market value etc.) can be calculated and reported based on the current holdings on the portfolios, carrying out a performance calculation requires details of any historic transactions in the portfolio as well as a full history of security classifications both for the benchmarks and the portfolios (for instance for Global Investment Performance Standards (GIPS) reporting).

All of these requirements may change over time. Given special circumstances, as witnessed during the recent market turmoil, there are likely to be new requirements for analysing portfolio risk for worst case market scenarios.

Asset management organisations must choose an enterprise architecture that gives access to portfolio information at whatever detailed level is required across different departments and business processes.

3. TIMELY INFORMATION

Another aspect to consider is whether information is available in a timely manner. Is it possible to get access online to updated positions and market prices? In situations such as the default of Lehman Brothers, it is not sufficient to know the exposure to Lehman’s as of last night – it is about knowing the exact exposure now.

Access to timely information is critical for both making investment decisions and managing risk. Asset management organisations should consider the implications of this when deciding on their operating model.

4. CONSOLIDATION AND CONSISTENCY

Once all the information is available at the required level of detail, the next task is to consolidate all the information. The calculation of exposure to another financial organisation should include every business with that organisation ranging from equity positions in the organisations stock, unsettled trades, derivatives contracts with the organisation as well as derivatives contracts with underlying assets issued by the organisation, lending agreements, cash and security collateral, bond issues and so on. It is necessary for risk assessment purposes to have a consolidated view of all these and at the same time ensure that there is consistency in valuation, using the same market data and price models. For example, it is important to be able to consolidate across asset classes that are managed in different systems, across different external portfolio managers that are managing different portfolios, or a sub-strategy within a portfolio, and across different custodians or TPAs that are each administrator of a part of the assets.

In solutions using different systems it can be difficult to ensure that the prices used for P&L calculations are based on the same input data as is used for the key ratio calculations. An example is to apply the same price haircut derived from liquidity risk in the P&L account as well as risk key ratio calculations.

The asset management organisation needs an enterprise architecture that ensures consistency in underlying data and valuation as well as the ability to consolidate information across the company. This addresses operational risk and provides a secure foundation as the basis for investment decisions.

5. QUALITY AND TRANSPARENCY

Much of the information used by asset managers as the basis for their investment decisions, assessment of risk and validation of compliance contains advanced calculations and these rely on the quality of underlying security, reference and market data. For example, if a stock split is missed or an equity re-classification not made (for instance from large cap to small cap) the performance attribution will be wrong. The decomposition of returns on structured products cannot be made, or trusted, unless the underlying security and market data are of the highest quality.

This information is very sensitive to the underlying market data as well as the calculations used to get to the data. Even in the best process, errors can sometimes occur. In that event it is important to have validation procedures and the necessary transparency to identify and correct the error. This includes full transparency of the input data used as well as the calculation models. If this is not the case, the system becomes a black box where the asset manager needs to trust the output data with little chance of validating if it is correct or not without a significant effort. The more advanced analysis the asset manager requires, the higher the demands on data quality and transparency.

It is therefore key for the asset management organisation to implement an operating model that ensures sufficient quality in the underlying data as well as transparency as to how the information has been derived.

6. FLEXIBILITY

The implementation of an outsourcing arrangement is typically a large project for any organisation. This creates a barrier to change in that once the outsourcing infrastructure is in place it is not easily changed. The requirements of an asset manager evolve over time and there is then a question as to whether the current TPA can meet these new requirements and if so whether it is covered within the service level agreement (SLA). The TPAs typically scale their business by standardisation of services, whereas asset managers may need customised services (data feeds and others) to obtain sufficient flexibility to scale their business by differentiating (from competitors) their services to their clients. While SLAs describe exactly the terms of the services to be delivered, there are nevertheless these two underlying forces pulling in opposite directions.

The asset management organisation should implement an operating model that on the one hand may benefit from cost efficient services delivered by a TPA and at the same time delivers the flexibility needed to diversify their own business.

What is clear is that the turmoil in financial markets over the last several months has thrown into sharp focus the vulnerabilities in risk management, data handling and business models across the asset management industry. Asset managers are wiser now than they were before and all are playing catch-up to enable IT capabilities to match what is now known in a world where the unthinkable happens.

Marc Schröter (M.Sc. EE, BA Finance) is Vice President and Head of Strategic Research at SimCorp A/S. More information on how the challenges can be met from an IT operational perspective can be found in the author’s white paper, ‘Extended Enterprise Data Management’.

Download the full white paper at http://www.simcorp.com/mitigaterisk