IMS Consulting

James Norris talks to Scott Wilson

Few things can be more damaging to the reputation of an institutional investor than hiring a third-party manager that fails. This is especially true when the weaknesses that caused the failure were operational and regulatory, and so easily identifiable and probably avoidable.

When a firm claims an expertise in selecting only the best managers available, it is not unreasonable for their customers and investors to expect it to have undertaken a more complete assessment of a manager's attributes than purely its investment risk decision-making processes. As the scramble for talent and returns heats up, institutions and funds of funds are not only increasing their exposure to alternative investment risk, but also increasing their exposure to operational and regulatory risks. Recent academic surveys of hedge fund failures indicate that operational and regulatory deficiencies are a prime cause of investment manager failures. Even where operational weaknesses are not the prime cause of failure, it remains the case that weak operational and control infrastructures increase both the likelihood and the impact of poorly implemented investment strategies.

The US Securities and Exchange Commission has recognised this, while in the UK the Financial Services Authority's recent discussion papers have also underlined the glaring opportunities for both fraud and manager failure provided by inadequate regulatory and operational control infrastructure.

However, the regulators are not entirely blameless if the standards of operational and regulatory control fall below their expectations. The SEC has only just got round to regulating hedge funds, and it is almost four years since the UK's financial watchdog decided to end its policy of regularly visiting the offices of hedge funds. Prior to November 2001, a new hedge fund would be visited before authorisation, three months after it and then, all being well, once a year afterwards. The aim was to ensure that hedge funds had established adequate compliance procedures, and subsequently had adhered to them.

Since then, hedge fund managers and the assets they manage have multiplied at an alarming rate. Yet, the FSA's no-visits policy is unchanged. In other words, small teams of investment professionals in the UK are managing more than £100bn of assets on the basis of regulatory trust. The FSA puts hedge funds and other small investment managers in the lowest-risk category. And even the fact that hedge funds are today handling an increasing amount of money for the man in the street, for example his pension fund, this has not persuaded the FSA to review its policy.

Scott Wilson, director of compliance specialists IMS Consulting, says, "I think the FSA is currently taking broadly the correct approach. It is an approach on two fronts: one is to focus primarily on the large hedge funds who either alone or together, present the greatest market risk. The FSA can probably monitor 80%-90% of hedge fund assets just by monitoring around 10% of the managers. The second front is that, in respect of this focus, the FSA is moving away from the minutiae of the individual rules to focus more on the wider business management and operational systems and controls within managers: how they are structuring and managing their organisation, in particular its growth, how they are controlling their risks and how they are supporting the investment process."

In certain areas, and not just for hedge funds, the FSA is proposing a relaxation of much of the detail of rules that are time-consuming and lack significance. Wilson says: "There appears to be a regulatory appetite to move away from enforcing compliance with highly prescriptive rules towards a more principles-based approach of looking at the adequacy of the overall compliance and control environment. This much broader concept gives managers a lot more flexibility because many of the rules and regulations just don't fit well with small managers. After all, the FSA can't design rules to suit every kind of business. At the same time it gives the FSA greater scope to determine the standards it expects."

However, Wilson does have reservations about the FSA no-visits policy. He says: "My one criticism is that the FSA does not visit hedge funds as a matter of course. The FSA focuses on the big institutional firms and the retail market, and it does not see hedge funds as falling within either category. Yet, many of the big hedge funds are very much institutional. This means every man, woman and child in the country is affected by hedge funds: their schools and colleges are invested in them, as are their pension funds and even the charities which prop up our withering healthcare system. Over the next 10 years or so, their exposure to hedge funds is likely to increase hugely, as will the corresponding impact of any failure."

All the more reason one might think for the FSA to have a clear policy of enforcing higher regulatory and operational standards. As Wilson says, "it is not all about systemic market risk: Robert Maxwell's activities did not present systemic market risk, yet many pensioners lost money. It makes no sense for the FSA to dedicate so much resource to retail firms when a single hedge fund might indirectly manage retail assets equivalent to many dozens of such firms. The SEC decided 20 years ago not to regulate hedge funds because it considered them to be institutional investment vehicles, and institutions did not need the protection of the SEC. A couple of years ago they decided this was no longer thecase, when they realised that everybody was exposed to hedge funds. Something like 20% of all assets managed in the US are now managed by hedge funds. Looking at it the other way, if the SEC didn't regulate hedge funds, it would only be regulating 80% of the industry. From February 2006, the SEC will regulate hedge fund advisers and has stated that it intends to visit each and every one of them."

The regulatory effort of the SEC is focused on both the macro (market) risks posed by hedge funds and the micro (investor) risk posed by individual managers. By comparison, the FSA could be accused of encouraging complacency. Wilson believes the pre-FSA regulatory policy of routine inspection visits had the effect of keeping managers on their toes. Today, Wilson says, "managers no longer see poor compliance as a risk because they never expect to get a visit from the FSA. If they don't see it as a risk, their focus on asset gathering and investment performance is likely to take priority over infrastructural development to the extent it may never get done. So, the FSA is demanding a more sophisticated 'infrastructural' approach to compliance, but does not seem keen on testing or enforcing its new approach."

Following the scandals of Barings, Morgan Grenfell, LTCM and others, investment consultants, pension funds, funds of funds and other institutional investors have extended and enhanced the scope of their due diligence. They have been using either their own resources or hiring specialists to inspect the operational integrity of third-party managers. "It is perhaps because of a combination of perceived higher risk investment strategies with infrastructural immaturity that institutional investors remain wary of hedge funds managers, fearing the structural integrity of what are essentially the largest small companies on the globe: embryonic businesses managing ever increasing billions of dollars."

Wilson says, "The quality of a manager's compliance arrangements is highly indicative of the culture of the firm and its senior management's attitude towards their non-revenue related responsibilities. Once investors and their advisers grasped this fact, it became necessary to recognise these aspects as key ingredients of the due diligence and manager selection programme. We started performing regulatory due diligence in 1997 on behalf of Watson Wyatt: our focus then was on the large institutional long-only managers."

But it is the increase in popularity of multi-managers, hedge fund of funds and boutique managers, including hedge funds, that has driven the demand for this service. "We are having to apply ever more resources to this area, and our operational and regulatory risk due-diligence product is now one of our primary offerings. Our larger and more sophisticated clients need this kind of analysis before concluding on an investment decision, and often on a periodic basis too. In the event of a significant failure or high profile censure of a manager, it will be the culture and attitude of the firm that invested with them that will also come under scrutiny as well as the manager itself."

Marie Schöllin of Skandia Life uses IMS to perform operational and regulatory due-diligence on third-party managers. She says: "The reputational impact a manager may pose to our portfolio is a key consideration throughout the investment cycle. IMS has developed an approach to regulatory and operational risk assessment that in the first place diagnoses the risks involved and then assists in mitigating them."

Another of IMS' clients is the leading multi-manager, Russell Investment Group. Paula Burgess, Russell's head of compliance EMEA, says: "Russell employs managers all round the world. They vary considerably in size, style and culture. It is critical to us that we have the right fit. IMS has worked with us to make sure the components we view as most important are assessed with a degree of rigour that enables us to move forward with a better understanding of the operational and regulatory risks involved."

The smaller managers that are serious about attracting institutional money, Wilson says, "are beginning to accept that they have to institutionalise. One of the characteristics of institutions, theoretically at least, is that they have more robust infrastructural controls. In the larger hedge fund managers, we have started to see higher standards: proper organisation, proper business management, operational infrastructure controls and strong compliance functions. The smaller managers, for practical reasons, have a structural disadvantage although this does not mean there is nothing they can do to compete. But too many of them neglect this area until they either have substantial assets or fail. They do not seem to realise that they may have grown their assets faster had they paid proper attention to operational risk management and control. We talk to many investors and clients who cite these weakness as a significant reason for not appointing a particular manager, but as managers will know, investors are poor communicators and rarely pass this message back."

As well as this asset gathering disadvantage, Wilson also believes that the regulatory risk faced by hedge fund managers and small asset management firms is currently quite high. Wilson says: "I have no doubt that the FSA will take a much closer look at some of the larger hedge funds in 20056 and that they will take regulatory action against more than one of them. It is the historical approach: discipline a well-known manager in a particular sector and sit back and watch the rest of the sector scramble around addressing their compliance weaknesses. It hasn't happened yet, but it will. And hedge fund managers are such an easy target because most of them don't understand the subject. I don't understand why people who have never done compliance before all of a sudden think they can do it themselves. It is an expert's job. You need to know the rule, how to interpret it, how to implement it in the particular context of your business, how other firms do it and the emphasis the FSA places on it. Moreover, you need to understand the bigger regulatory objective and the FSA's overall expectations."

"Compliance has gone beyond the passive, box-ticking approach of merely obeying the rules. People forget that compliance is not only about checking whether the correct documents have been filed. Compliance is much more about business risk management: how you manage the business, how you build a proper governance infrastructure, how you implement controls. Bad compliance is believing that every now and again you should check what you're doing against a set of rules, rather than understanding that it is about behaviour and ethos, how you organise your company, about how you build a culture. It is defined top-down through the business. Bad compliance is when it is merely an overlay on the business process, when it is added retrospectively, as an afterthought, rather than being embedded in the business process. If compliance is embedded, more often than not evidence that you are achieving compliance it is as a matter of course."

The most obvious sign of a mature attitude towards compliance is the in-house compliance team. However, even this does not solve all the problems. Wilson says that, "in-house compliance resources tend to become isolationist and out of touch with what the regulators expect and what their competition is doing. However, some of the big hedge fund managers have recognised this and are hiring experienced external resource to perform benchmarking exercises."

For example, Wilson says, "in recent months, we have been asked by three of the top UK hedge fund managers to do a business review, and they all have in-house compliance teams. This is not because the management is dissatisfied with their in-house teams; not because they have a problem; it is because management wants an additional level of assurance that the compliance procedures are working properly and they also want a benchmark against their competitors.

For this, the external consultant is uniquely qualified because it will have a broader view of the market than someone who has been working inside a company for a number of years. "The consultant can provide an objective, benchmarking view of a company's compliance effort. A company may have had a compliance officer for two years but a lot can happen in that time. Elsewhere, other managers may have been advised differently. In the late 1980s, the pension fund industry held compliance meetings to discuss how they would approach certain issues, causing the industry compliance policies to converge and standardise. Nothing like that has happened for the hedge fund industry. For a start, only a few companies have in-house compliance teams – my guess is probably one in 30."

Thames River Capital, which manages long and long-short assets, used the services of IMS during its growth phase. Charlie Porter, chief executive of Thames River, comments: "Although we have a significant internal compliance and risk capability, we had IMS do a healthcheck project for us. The knowledge and practical experience they brought led to useful conclusions and deliverable recommendations."

The mere fact of the need for a 'market view' indicates that compliance has less to do with obeying rules, and more with obtaining an interpretation of the rules. Wilson says, "much of the value-add comes from a collective assessment of how the FSA responds to the industry's different approaches. We have developed an understanding based on many years of performing quite literally hundreds and hundreds of visits to investment managers internationally, an exposure that in-house resources just cannot have. The FSA has long since stopped saying that companies should comply with a set of individual rules. In a number of areas, for example with Senior Management Arrangements, Systems & Controls, the rules merely indicate that firms should use a risk-based approach to organising themselves properly, leaving wide open the question of how to implement the requirement. The SEC also expects firms to take a risk-based approach in developing its compliance arrangements. What we seek to offer is unrivalled experience of what the regulators expect."