Regulatory Challenges

Managers need to set up the right control framework

CHRIS KAYE, CO-COMPLY
Originally published in the March 2012 issue

Few would dispute that 2012 will present challenges to hedge fund managers on all fronts. If keeping the lights on in these turbulent times is not enough of a challenge, then dealing with increasing regulatory change may push some firms over the precipice. For both smaller and larger firms the tendency is to view the upcoming regulatory change as an information technology challenge, and if they solve the IT problem then they will comply.

But the regulatory challenges are wider than just IT. Hedge funds are facing underlying cultural changes in the way a firm’s compliance with regulation is viewed; from the perspectives of regulators, auditors, customers and international standards, things are changing. All these stakeholders are looking to have much closer relationships with hedge funds to understand their business: how they manage and implement regulation; how they govern the regulations; and how aware their employees are of the regulations that affect them.

Addressing several themes will be a necessary and major challenge in 2012. Among the more important ones we could include:

Reporting and disclosure
It is vital to stay on top of increased reporting and disclosure requirements. In 2011, rules have already come into force that require hedge funds and private equity managers with more than $150 million in assets or 15 clients in the US to register and disclose fund information to the Securities and Exchange Commission. Investors are also building into their management agreements more burdensome reporting obligations, requiring firms to disclose more about the risks they face and the impact these risks may have on their accounts. These reporting and disclosure obligations are growing in complexity and frequency, often requiring the coordination of different departments and individuals. This will inevitably present governance and oversight challenges to most firms, to ensure their reporting obligations are met within the strict deadlines set.

Effective governance
It is key to be able to demonstrate the effectiveness of governance and oversight. Increasingly, regulators and investors are focusing their attention on governance and oversight within hedge funds. The firm’s risk and decision-making bodies must be able to demonstrate they are operating to the principles of the firm’s rules and policies and they are aware of the risks and regulatory issues that affect them. The question is, however, how easy is it for a firm to demonstrate this? Meeting minutes may provide evidence that the decision-making bodies met on a regular basis, but is this sufficient in today’s heightened due diligence environment? How to establish that the board had up-to-date and appropriate information? What about verifying the actions that arose from the meeting, or proving the management of the risks identified?

Connecting compliance
Implementing technology and systems to comply with regulations across the firm is expensive, disruptive and today consumes much of the regulatory budget. A Bloomberg survey earlier this year found that 84% of respondents would increase IT spending on compliance and regulatory systems in the next 12 months. Although increasing IT spend is necessary to meet the requirements of new European and US regulations faced by hedge funds, technology is often viewed as the golden egg; the answer to compliance.

But is it really? The truth is employees are the first line of defence in any firm. They embody the firm’s objectives and culture and can impress in their understanding of the complex strategies that the firm pursues. But can they impress in their knowledge of the regulations that govern their day-to-day activities? Can a firm even demonstrate an employee culture that operates within the principles of the regulation, let alone the details of the rules? Regulators and investors now demand more than just simple evidence that a firm has issued a new policy and all the employees were informed, or indeed that a percentage of the employees attended a follow-up working lunch training session. Regulators and investors now want to see evidence that a compliance culture is embedded within the firm and that employees have a deep understanding of the principles of the rules under which they operate.

Managing regulatory change
With new regulation, such as the EU’s Alternative Investment Fund Managers Directive hitting hedge funds thick and fast, the challenge will be to manage the change in an orderly and co-ordinated manner. In late 2009, US-based consultancy Charles River undertook an impact assessment of the AIFMD on behalf of the Financial Services Authority and found that in its then current form, the hedge fund industry was facing costs in the region of €1.4 billion.

These are major change programmes and hedge funds are unlikely to have dedicated change management teams. The responsibility for managing regulatory change will often fall on the COO and head of compliance – in many instances one and the same person. Managing regulatory change, like any change, requires a base line to be produced of the current operation upon which the change will be delivered: the current policies and procedures that will be impacted; the training requirements of the employees; and the additional reporting and disclosure obligations that need to be owned. If a firm does not have an easily auditable baseline to work from, the risk increases that changes to operational controls will be missed or the overall control framework weakened.

Satisfying investor due diligence
Due diligence has grown in scope and breadth so that the firm’s regulatory control framework now features more prominently. However, implementing this framework on its own does not necessarily provide the ongoing audit trails required to meet the investor’s due diligence expectations. The regulatory control framework encompasses a diverse range of activities, many of which require interaction with the employees of the firm. Implementing the framework can often be proven through the firm’s policies and procedures, but demonstrating the ongoing operation of the framework is much more difficult, with evidence spread across emails, Excel spreadsheets and paper files. For example, simply verifying the adherence by employees to the firm’s personal trading policy may require looking at all three information stores; manually maintained spreadsheets which contain the master records; emails as evidence of the approval process; and paper files in the form of contract notes as evidence of the actual trade. This is not atypical of the resources available to a firm. Even if this data can be pulled together to provide a unified pack of information for each due diligence request, how can it demonstrate that the firm’s governing body has access to real-time information on an ongoing basis?

There is a single underlying principle that can help hedge funds of all sizes meet the challenge of these themes. Elevating the regulatory control framework from a necessary evil to a central operational platform will deliver benefits to all areas of the firm, from managing risk to meeting due diligence requirements.

The control framework can for the most part be regulator and jurisdiction agnostic and therefore enable the firm to quickly and easily manage new regulations, whilst ensuring the governance and oversight committees are kept appraised of their impact and risk. The good news is that elevating the regulatory control framework is not dependent on big technology spend or wholesale business process change. The winners in 2012 will be those firms who embrace the challenge, enabling them to get ahead of the curve and impress regulators and investors alike.

Chris Kaye is the founder and CEO of Co-comply, a compliance and governance software supplier to the institutional investment and hedge fund industries. It provides asset managers with a single platform to implement all of their compliance processes.