Risk Management For A Fund Administrator
The risks that an Administrator has to face are, on reflection, all fairly obvious and I am not sure that any one is more important than another because each one of them in extreme could take the business down. Therefore, I am just going to highlight some of them, on a random basis.
Firstly,
OPERATIONAL RISKS
Mispricing Valuation Errors
These include errors by the Administrator in the operation of its duties, such as mis-pricing or incorrect valuation of NAVs, which, in a large, actively traded fund, could result in substantial and unrecoverable losses. The typical example would be where a spreadsheet is being used and the information is incorrectly transferred from one spreadsheet to another. At worst, the error is only discovered by the auditor, at which point the Administrator has to go, cap in hand, to the Manager and probably will have to restate all of the NAVs, back to whenever the error occurred and, of course, that is bound to have happened in January of the previous year.
The Administrator will then have to assess, firstly, whether the fund has lost anything, perhaps because some shareholders redeemed at too high a price and, secondly, whether any redeeming investors had been underpaid because of an under-priced NAV. The one thing that you can be sure of is that the administrator is very unlikely to be able to reclaim any losses that have resulted from overpaying an investor on redemption.
These sorts of errors can be avoided with a good automated system and high quality staff and high quality checking. Failure to Follow Instructions
Another typical operational error occurs when an instruction from a shareholder to redeem is either mislaid or overlooked or, as can be the case, is acted upon, but on the wrong redemption date. This can result in losses, both to investor and the fund manager if, for example, there had been a substantial price rise after the event, which would have meant that, if the redemption had not been executed, the investor would have made a big profit and the manager taken 20% of that profit. These types of errors can only be avoided by strict procedures and crosschecking.
Communication Errors
Occasionally, and inevitably when the market is volatile, an investor may claim to have sent in its redemption instruction by fax. Sometimes these are blatant frauds and other times, they are genuine and faxes have been mislaid or have not been received. To avoid this, we, at Custom House, have now introduced a clause in our Administration Agreement and in the subscription and redemption forms of the funds that we act for, which states that any fax or e-mail instructions, indeed, instructions in any form sent in, other than by registered post or courier i.e. with a signed receipt may not be deemed, by the sender, to be have been received by us, as the Administrator, unless we have acknowledged receipt in writing.
Fraud
The third type of operational risk that can occur is an attempt at fraud, either by a member of staff or by a third party. Ultimately, it is very difficult to stop a clever crook, especially if he is not concerned, or has taken a calculated risk, with regard to getting caught with his hand in the cookie jar. So the only thing that you can do is to install very good procedures, particularly with regard to the payment of monies. This must be crosschecked by more than one, or even two pairs of eyes, very tight records kept and bank statements reconciled on a daily basis.
The next type of risks are
SYSTEMIC and IT RISKS
Viruses and Hackers
The obvious ones that we can think of in this day and age are viruses and hacking. These can be mitigated and, to a large, extent, prevented, by first class firewall procedures. Many e-mails are sent to me with documents attached as .PDF files, which I cannot open until it has been checked by our IT Department, in case it is tainted. We have had over 100.000 virus attacks over one weekend, all of which were repelled by the firewalls. I suppose its inevitable and I dread the day when some freaky genius introduces some virus or hacking method, which can avoid our firewall protection. The only thing you can do is, again, be rigid and maintain a very watchful eye for updates in that protection.
Disasters: Power Outages Fire, etc.
Next - Disaster Recovery, which I would include, largely, under Systems and IT. How would (or did) you fare, in the recent major blackouts in London, New York and Milan
As it happens, we would have been ok - we have a generator, which switches on automatically on a power-outage and which we test every week. That generator has enough power to cover three large Victorian buildings and all the equipment we have inside for 100 people, for a day and a half, on one fuel tank. We would, of course, be in trouble if we couldnt get any diesel and the disaster lasted for more than three days.
In the event of a disaster, such as a fire or gas explosion or, God forbid, a 9/11 situation, we have a Disaster Recovery site approximately 20 minutes to half an hour away from the office. This is designed so that it can be operational in four hours.
Systems Failure
We have forty workstations there, together with servers, which are connected directly to our main office. These are backed up on an almost continual basis so that, in fact, in the event of a systems failure with our office servers, they act as a backup, which automatically click in. Thus, in the event of a systems failure, we should only lose a few minutes of work. We held a site test the other day and, I am happy to say that, although we were guaranteed to be operational in four hours and I, therefore, assumed it would take six hours, we were, in fact, up and running in two hours.
REPUTATIONAL RISKS
Client Verification (KYC)
The next risks to be considered are Reputational Risks. These can be reduced by trying to ensure that you only deal with reputable clients, in terms of fund managers and promoters. This can be done by carrying out checks on them and following up on references. It is a fairly small constituency that we work in in our industry and, therefore, this side of it should not be too difficult, although there is a tendency in financial circles not to tell anyone anything and to refuse to give a bad reference, in case you are sued. I personally find that absolutely reprehensible and am inclined to speak my mind. In fact, when I received an enquiry from a major brokerage house about one ex-employee, albeit several years ago in London, I responded that I was not prepared to give him a reference, but I could tell them he was a crook. You just couldnt risk doing that today.
I find it very sad that the litigious nature of the world that we now live in means that I am no longer allowed to give references that are, in fact, my own honest opinion about anybody because I am at risk of, at best, getting my knuckles rapped by the Head of our HR Department, or indeed our lawyers and, at worst, being sued.
Anti-Money Laundering
Another area where you can suffer Reputational Risk is if you were to find that you had permitted a client to invest in a fund, who then turned out to be a money launderer. This wouldnt be so bad if you had completed all of the anti-money laundering procedures that you are supposed to do. There is no doubt that the very substantial fines levied by the FSA recently on two major banking institutions have not helped their reputations and if an administrator was suddenly found to be handling a fund in which money had been invested by Osama bin Laden and the administrators staff were not aware, or hadnt checked the OFAC lists, or followed other procedures, then the criminal sanctions against that company that would, undoubtedly, be levied, would obviously be very detrimental to their reputation.
There are two final types of risks I am going to cover. EXPOSURE
Over-Dependence on One Large Client
The first is exposure, such as over-dependence, on just one client, so that, if that client leaves, you have a huge hole in your revenue stream. This cannot easily, or cheaply, be mitigated by letting staff go, because, in this day and age in Europe, that is an expensive proposition. The best way to mitigate this is to ensure that you have a diversified client base and try and make sure that no one single client is responsible for more than, say, 10% of your revenue, on an annual basis.
Over Dependence on One Fund Strategy
You should also take the same precautions with regards to being over-dependent on one strategy. For example, in the past two years, any administrator who acted for a high proportion of funds invested in merger arbitrage would have felt the pinch, as indeed, some administrators felt with regard to long only sector funds, such as tech stocks and, presumably, some administrators are going to suffer over the demise of market timing.
UNEXPECTED RISKS
Legal Expenses
This brings me to the unexpected risk, in which I would also include, for example, the cost that you might have to bear, not only with regard to legal fees, but also the application of resources, in defending an allegation made because the administrator is acting for, or has acted for a fund that is alleged to be involved in some nefarious activity. Again, I would give an example here of the market timing scandal, where I suggest many innocent parties are going to become embroiled. Costs may be incurred by having to respond to enquiries made by a regulator, because an investor in a fund was involved in some investigation totally separate from the fund or the Administrator.
Class Actions
The proliferation of class action suits in the United States on the back of an attack by a politically ambitious evangelist, like Elliot Spitzer, could result in an Administrator, who is merely carrying out his job, being embroiled in litigation, partially because the Administrator might be deemed to have deep pockets. Such a situation could result, as I say, in a high legal expense and allocation of resources, which are not productive. Probably, the only thing you can do here is to rely upon the indemnity clauses in the Administration Agreement with the fund and hope that the fund has assets and is prepared to meet them because no-one can afford to be properly insured anymore.
Business Continuity Plan
Under Business Continuity, of course, one should also have some contingency plan in the case of the unexpected, such as a flu epidemic, or the firms soccer team being involved in a bus crash or something similar, which may result in an absence of a substantial number of staff, which means that you must have to have the ability to replace and cover for that staff quickly.
Changes in Laws
Finally, other unexpected risks that are difficult to protect against, include changes of laws, including tax laws, or exchange control laws, which suddenly make a particular strategy, or fund jurisdiction redundant. For example, and this is purely hypothetical, because we didnt experience it, but I imagine that some funds could have suffered a massive drawdown, following the recent Italian tax amnesty, which allowed Italian residents to repatriate money, with no, or negligible, tax liability and that, presumably, has affected some hedge fund managers in Lugano, for example and resulted in some funds closing.
Post Cadbury, I could today spend 10 minutes just reading out the list of risks that an administrator has to prepare for so please remember that this is just a brief overview.
Thank you.