Following recent regulatory changes looking at operational resilience, Paul Roberts, CEO at Milestone Group, investigates how firms have changed their mindset towards managing disruption.
In April, the UK’s Financial Conduct Authority (FCA) released their business plan for 2019/2020, where a key area of focus is the theme of operational resilience. This isn’t a new issue and follows on from previous regulatory notices, each moving towards increased operational resilience including: European Securities and Markets Authority (ESMA); Luxembourg Commission de Surveillance du Secteur Financier (CSSF); and Central Bank of Ireland (CBI). Operational resilience, or being able to prevent, respond to and recover from disruptions, is an area of non-financial risk that has climbed the risk league tables very rapidly since the financial crash.
The regulators use of the term ‘disruption’ is significant. Intuitively we know that an ‘outage’ can be severe but hopefully very infrequent. In practice, we tend to believe that infrequent events can be managed through skill and resourcefulness.
However, we seem to forget that ‘disruption’ happens more frequently than we would like it to. For financial services, where we are heavily dependent upon external relationships and technologies, our mindset has shifted from ‘it could happen’ to ’we expect it to happen’.
Operational resilience is an area of non-financial risk that has gained increasing prominence since the financial crisis particularly, as it’s noted by the regulators, where no conclusive action will solve the problem forever. Regulators are not asking firms to ensure they never have disruption, but rather that in the event of disruption the recovery is orderly and avoids significant impacts to customers and the wider economy. In summary, regulators are urging the market to do everything they can to protect themselves, their customers, and the market as an eco-system including future-proofing their technology. These types of risk are a step beyond what we normally think of as pure operational risk, as it points directly to the infrastructure interdependencies among financial services participants.
So how do firms best prepare for operational resilience?
There are different approaches to optimise operational resilience including; updating operating models, control frameworks, policies, and peoples’ skills. Firms should think first about resilience as a complete programme rather than a siloed approach. It should extend beyond internal functions to include those of external suppliers, achieving resilience across the operating model while maximising efficiency.
A comprehensive programme to ensure operational resilience should be applied across front, middle, and back-office functions independent of corporate boundaries. It should consider each embedded risk or potential failure point of this ‘interdependent system’ to ensure that when a disruption does occur, the ‘system’ responds to recover from technology, procedural and human perspectives. Key to this is adopting an approach that focuses firstly on areas of high impact to customers, and secondly on matters of internal risk and the appetite for risk.
The contingent NAV journey to operational resilience
One high-profile evidence point of true operational resilience is the ability to continue to calculate and publish a backup or contingent NAV under any disruption scenario, including a complete service provider outage. This fiduciary responsibility to investors has been amplified by regulators who are making it clear that the fund board remains accountable for timely delivery of accurate NAVs irrespective of whether there’s a failure to produce a NAV due to operational failure internally, or with a third-party provider.
Third-party administrators do not carry this fiduciary liability, and while many fund operators recognise this, few have addressed this need for operational resilience, and for those that have, there is a wide variation in approach and effectiveness.
The extreme option of full accounting duplication, where a shadow fund accounting process is run in tandem with a firm’s primary fund accounting process, is generally not favoured due to cost.
Tactical alternatives such as leveraging an existing IBOR, performance system, data-warehouse or spreadsheet-based method, attempt to produce an approximate NAV should a service provider become disrupted. While using existing tools appears attractive, this is outweighed by the practical limitations during a real-life outage event. The high dependency on human intervention and manual procedures raises concerns with regulators in the ability to effectively handle multi-day outages, and in demonstrating accuracy, reliability and transparency.
The new epoch of industrialising contingent NAV capabilities has arisen from the arrival of the purpose-built platform: one designed for the investment industry with specific capability to produce an accurate contingent NAV on-demand while providing industry best practice for oversight. When put to the test, the people who are best positioned to protect the firm, its clients, and the overall market during a NAV disruption are the same people who protect against NAV errors daily. That is, the oversight team.
Contingent NAVs are now seen as synonymous with an effective oversight and control environment. When armed with a purpose-built platform designed to allow this team to manage disruptions without stress, there is no ‘cold start’ when calculating a contingent NAV. With this approach, the oversight team are already familiar with the common platform and can also perform oversight on the contingent NAV during an outage, with automated approval and dissemination processes delivering a very effective operational contingency plan.
The proof is in the pudding
Leading global fund managers are now acting to insure against fund accounting system and third-party administrator outages by deploying a purpose-built and globally proven solution. Milestone Group’s pControl™ Oversight with Backup NAV provides an effective operational contingency plan to deal with limited or sustained service provider outages. The automated Backup NAV capability is fully integrated with Oversight, leading to an accurate, high-confidence and cost-effective solution.
The global trend of increasing regulator inspection in the area of non-financial risk is set to continue. For fund operators, the ultimate goal is to achieve a reliable contingent / backup NAV solution demonstrating resilience and protecting investors from the impact of disruption to NAV production, even over a multi-day outage.
©2019 funds europe