looks at how Schroders and Thames River use compliance technology to handle onerous regulation
The next four months will see fund managers facing two weighty compliance deadlines. The first, on November 1, relates to the EU’s Markets in Financial Instruments Directive (Mifid) which has been regularly referred to as the biggest change to Europe’s securities market since the Big Bang back in the 1980s.
The second deadline belongs to the Bank for International Settlements’ Basel Committee and its updated rules on risk management and capital adequacy, commonly referred to as Basel II. After what feels like an interminable series of delays, the all important first deadline (for the institutions operating in jurisdictions where the guidelines have been interpreted and passed into law) arrives on January 1. Happy new year indeed.
While they represent a significant challenge to compliance departments, the two deadlines will not be anything new to most fund managers as the regulatory burden has increased enormously with each year since the turn of the millennium. This increase has not gone unnoticed by the vendor community.
There will also be the unresolved discussions about exactly what constitutes a compliance technology ‘solution’, an issue that has become particularly pertinent given that there is a growing trend for financial institutions to reduce the number of systems they are using for compliance and to look for single platform solutions.
“There are technologies that enable and support compliance – but no one technology will do it,” says Andy Lark, chief marketing officer at log management vendor LogLogic, warning against the idea there is a one-stop shop available for all compliance.
“Compliance is a by-product of effectively implemented controls and processes. Any vendor marketing the ‘one pill solves all compliance ills’ is leading you down the wrong path.”
Fortunately, says Lark, vendors’ opportunism is matched by the intelligence of their customers. “Financial institutions are very sophisticated purchasers of IT and understand that compliance isn’t about one technology or dashboard,” he says. “It's about a compliance system that integrates a range of technologies into a single and real-time view of IT and business controls.
“It is mostly the large sell-side banks that are associated with the highly siloed and home-grown approach to compliance that serves a specific and niche need but not the broader requirements of the bank,” says Lark. Instead banks should be looking not so much for a single platform but the right technology to automate and attest to IT controls. “It is about sophisticated reporting and alerting capabilities that move banks to continuous compliance,” continues Lark. “The objective is to create one set of controls and comply many times.”
For many buy-side firms operating in less varied markets than the majority of large banks, the task of setting up a single platform for all regulatory reporting and monitoring is an equally important goal and one that is also falling to third-party vendors to perform. “Our biggest clients find that they do not have enough time for all of their compliance requirements so they are outsourcing the monitoring or buying in the expertise,” says John Donohoe, chief executive of Ireland-based vendor Carne Global, which caters for both mainstream funds and the more boutique-like hedge funds.
The introduction of Ucits III funds has been a big factor in the development of compliance systems for fund managers, says Donohoe. He points to the presence of more credit-enhanced funds, a greater use of derivatives and the strict rules governing the types of investors that are eligible for Ucits funds as factors that have brought a huge complexity to the monitoring of investments.
“For a firm managing Ucits III funds, you need a comprehensive risk management and monitoring system to adhere to these regulations,” says Donohoe. “There is the issue of global exposure, position exposure and counterparty risk. Traditional systems do not handle this complexity that well and a lot of managers do not totally understand the rules.”
Added to this is the fact that each country in Europe has a slightly different way of interpreting the Ucits rules. Consequently more managers are basing the core of their European funds activity in either Dublin or Luxembourg, seen as the European hubs for cross-border funds, and concentrating their compliance activity in these regions through a single, consolidated compliance platform.
For some fund managers the need to address compliance monitoring has presented an opportunity to address wider operational issues, as with UK-based manager Thames River, which had been relying largely on manual processing of its trades. But with a growth in transaction volume and an increased compliance requirement due to Ucits III, Thames River invested in a system from Charles River that could manage its compliance monitoring and process its deal tickets.
“Previously both our order processing and compliance was done on a manual basis, but as these orders have increased we have invested in more automation and straight-through processing,” says Jeremy Charles, chief operating officer, Thames River. “Controlling our data is the be-all and end-all of fund management. If we can capture our orders better, then we can look at introducing more risk management and performance management.”
Other investment managers such as Schroders have taken a hybrid approach to the buy or build decision for compliance platforms. Back in 2000 when Schroders split with the investment banking division acquired by Citi, much of the institution’s group risk management function left with it, leaving Schroders to undergo a certain amount of reinvention in terms of managing its operational risk and compliance.
“We had developed a clear roadmap back in 2000. We felt that operational risk would be the next big thing and we knew what we wanted,” says Simon Cornelius, head of operational risk and compliance systems at Schroders. “We also knew that we did not want to build the system ourselves so we were asked to go out and buy a system off the shelf that would able to consolidate all of our operational risk and compliance reporting onto one platform. But we just couldn’t find one.”
Schroders then decided to approach a software company that could build the system on its behalf and settled upon Dublin-based Ci3, which gave Schroders the Ci3 Sword system, essentially an internal reporting tool able to monitor all of Schroders’ operational risks, including its regulatory requirements.
A number of managers throughout the firm are canvassed on a six-monthly basis as to what they view to be the significant risks facing their department and a series of measures are drawn up to manage these risks. Every month the team of managers will effectively sign off or confirm that they have fulfilled all of their risk management and compliance tasks through Sword. This information is then passed up the chain to the firm’s head-office in London, which is able to monitor its compliance requirements globally. It works on a combination of workflow and action trafficking, says Ci3’s Richard Pike. “It is not just the case that you get the traffic light, it also monitors whether these alerts are acted on.”
The regularity with which the risk controls and checks are updated can vary according to the clients’ discretion, as can the level of autonomy given to individual risk managers to take responsibility for their own compliance tasks. In general, says Pike, buy-side firms and asset managers tend to be more control-focused than their banking counterparts. Therefore, as with Schroders, a system of centralised controls are put in place and regularly checked. Banks, on the other hand, are far more varied in their business processes and the markets they operate.
“If you talk to fund managers off the record then they all agree that a centralised risk or compliance reporting platform makes sense,” says Pike. “But in many cases this view represents the perfect world and as soon as a regulatory deadline approaches, a two-track programme appears with the perfect world project always being the one left to slip.”
It has been an odd few years for the vendors of compliance software. The first years were spent convincing the market that software could play a key role in the compliance effort and the management of operational risk. Then, once that was achieved, they have had to remind customers that it is not simply a case of purchasing a compliance system, plugging it in and then sitting back.
“Putting in the software is the smallest part,” says Pike. “The cultural change is the big issue. There is often a big brother like perception of the way these systems work or are used – you are being monitored and asked whether you have completed your allotted tasks. By far the biggest obstacle has been trying to get the right data off the right people.
“We have often been asked to do over 80 presentations to 80 different people in order to have the business case agreed and signed off by all department managers before it can be taken to the board for approval. This is a sensible approach to adopt and to ensure buy-in. It may delay the process at the outset but it saves much more time in the long-run by ensuring that everyone is on board from the start.”
“The cultural differences and changes in regulation between countries can be a technical challenge,” confesses Cornelius. Consequently Schroders has not simply foisted the system upon all of its regional offices. “Our initial approach was to see which countries wanted the system.” After going live with the system in the London office in 2001, further installations followed in Luxembourg and Japan, three offices where there was already a strong group culture in evidence and a readiness to be early adopters, says Cornelius.
“If you are going to implement a new compliance system, then at least check first who actually wants it,” he says. “Often people do not object to using a new system. What they object to is not being told about in advance.”
© fe October 2007