In the ultracompetitive word of capital raising in the hedge fund business, every small choice a manager makes can mean the difference between winning a mandate or losing it to another manager. One area potential investors are scrutinizing more than ever is a firm’s operational side.
FINalternatives recently asked Peter Sanchez, what investors are looking for when they conduct operational due diligence on a fund. He also discussed recent legislation and how it is putting pressure on firms to comply with a host of new regulations.
How has operational due diligence evolved recently? What areas are investors looking at most?
Operational due diligence has evolved considerably in the last 10 years. Thematically, we’ve seen changes grouped into a few broad categories:
First, operational due diligence is no longer a “tick the box” item for investors. They now bring the same intensive, hands-on approach that the largest institutional investors have been employing for years with traditional managers. Where 10 years ago operational due diligence would comprise a questionnaire and a phone call, we see an increasing number of on-site visits with us as the administrator. Also, descriptions of controls are no longer enough – investors are increasingly asking for demonstrations of our systems and practices so they can see our controls in action.
Second, investors are particularly drawn towards the issues that affect them most, and that means controls around who can move cash and the independence of valuation practices.
For cash, they want to see controls in place to help prevent errors and fraudulent behavior. Our process includes requiring the use of online tools, input/approval procedures that require two separate individuals to prepare a wire, and a review and validation by our own cash team as an independent check before the wire is released. Whatever the specifics, investors need to know that there are protections in place against operational errors or fraudulent activity.
Valuation follows a similar theme – investors want to understand the role of the administrator in valuation. Is the administrator sourcing prices from vendors or using models? How much of the portfolio uses manager marks or broker quotes? What checks/controls are in place to substantiate manager marks?
Overall, we’ve seen a bias towards vendor-sourced pricing over models, which aligns with our view on best practice. In general it all ties back to the investors key concern: “How do I know that my investment is actually worth what my manager tells me it’s worth?”
Are there any recent regulatory changes that have affected the way asset management firms must run their funds (in terms of operations and best practices)?
It would be easier to outline regulatory changes that don’t affect operations. The litany of recent regulatory changes to the hedge fund industry – FATCA, Form PF, CPO-PQR, AIFMD, EMIR, Trade Repository Reporting and others – all create new demands on managers who are trying to reduce administrative work so they can focus on their strategies. The impacts from an operational perspective include:
Rethinking Fund Expenses
We’ve seen managers attempt to support regulatory demands in house, often because they view the pricing set by administrators as too high and they want to save on costs. What they often find is that the level of resources required to support regulatory demands, and the costs of attracting and retaining talent, actually make in-house support more expensive than outsourcing.
More broadly, regulation is adding to the baseline costs required to support a hedge fund. It raises the threshold for market entry for new fund launches, and it changes the outlook of established firms when contemplating fund expenses and operating budgets. In both cases, regulation presents a new reality, and managers who adjust their financial management/budgeting process to account for the costs of regulation are better positioned to succeed.
Outsourced Solutions Mitigate, Don’t Eliminate, Front Office Burdens
New regulations are often broadly worded, subject to interpretation, and changing frequently as regulators issue new guidance. Moreover, many of the regulations stipulate that a manager can outsource the calculation and preparation of regulatory reporting, but accountability for the accuracy of reporting remains with the manager.
The result is that regulatory compliance is always a collaborative process. An administrator or third-party provider can help with data collection and reporting, but the regulations are changing and so is the industry consensus around how regulations should be approached. This means that there has to be a dialogue and agreement between the regulated manager and outsourcing partner.
We see best-practice managers approaching this as an evolving process rather than seeing each new regulation as something to solve for and move on. On a regular basis, manager and administrator work together – what has changed? Do we need to modify our reporting methodology? Are we prepared for forthcoming regulations? How do we monitor for compliance on an ongoing basis?
Whether it’s generating regulatory filings or managing investor and counterparty diligence requirements under FATCA, the common thread among all regulations is that they dramatically increase the amount of data managers must produce and maintain. The burdens of managing and retaining all this data, combined with the economics of doing it in house, are driving managers toward outsourced solutions.
What some managers are coming to realize is that the value of “big data” capabilities extends far beyond meeting regulatory expectations. Many managers are realizing those same principles – data aggregation, historical analysis, strategy and attribution tagging functionality, on-demand or real-time data retrieval – can have a positive impact on their investment strategy and their operations: what we call Operational Alpha™. So managers often start with the question “how do I manage my obligations?” which leads to a fundamental rethinking of operational and data needs, not only for regulatory purposes, but for how the firm uses and accesses data as part of its investment strategy.
What areas of operational due diligence don’t get enough attention?
As I alluded to before, we think the most savvy investors have an expansive definition of operational due diligence, and they are increasingly thorough. Some areas that are under-examined include being sensitive to the more subjective aspects of the manager/administrator relationship and assessing controls around key “hand-off” points between the two parties.
To that, I’d add three other items that I think are addressed by best-practice investors, but overlooked more often than they should be.
What is the manager’s maturity level?
The size and age of a firm factor into what constitutes “best practice” in terms of outsourcing and their operational controls. As it relates to maturity, you can think of it as a kind of arc:
• Launches and young funds under $500 million are focused on strategy, attracting capital, and building a track record. They tend to have a single fund and focus on a particular strategy, and given the complexity and expense of in-house operations, they look to outsource as much of the middle and back office as they can.
• As firms grow into medium-sized funds – let’s say between $500 million and $2 billion – they are adding new funds, they’re expanding their product set, and they may be outgrowing the administrator they launched with. The result is they start to build out operational capacity and start to bring in-house key functions that are close to alpha-generating decision making: collateral management; treasury management and liquidity optimization; regulatory reporting; and shadow accounting.
• As firms grow into multi-billion “mega funds,” the pendulum swings back. Now, they have multiple funds with different structures in different jurisdictions, varied regulatory requirements, multiple administrators, and dozens of broker, custodian, and OTC counterparty relationships. It’s too expensive to manage in-house, so we come back to the “outsource everything” concept except now it’s very different. The manager has expertise, and should have robust oversight and governance mechanisms to keep track of the administrators’ activity. It’s a form of co-sourcing – the manager has oversight, transparency, governance, and, ultimately, control, but the administrator supports the actual processing and data management activity.
Sharp investors and thoughtful managers recognize this concept and are framing due diligence in that context – “Do the controls make sense based upon who the manager is?”
Financial firms all talk about people, process, and technology. From our perspective, due diligence is heavily focused on last two items, but often lacks focus on the quality of the people. Process and controls are the core of operational due diligence, and technology is vital for good controls, but at the end of the day, it’s people that dictate the quality of both the processes and the technology.
Increasingly, we’re seeing investors come for on-site due diligence and engage with the specific individuals who service their assets. They want to meet the individuals who are supporting the fund they invest in. They want to get a sense of expertise, skill levels, and industry knowledge. And they’re not just interested in senior management – they want to take the measure of the analysts and associates who are doing the day-to-day work.
Managers are increasingly recognizing the value of hiring administrators with high-quality people, and best-practice investors include an evaluation of personnel in their due diligence assessment alongside systems and controls.
Press coverage of the Heartbleed virus in recent weeks has reminded us of the importance of IT security. While your standard due diligence questionnaire focuses heavily on operational controls, there is less focus on issues such as confidentiality policies, IT security, information loss prevention, and business resiliency. These are key areas that every investor should consider as part of operational due diligence. We have seen a bit more focus on these kinds of issues, but we’re still surprised at how often we’ll go through a full-day due diligence review with only minimal focus on security issues.