16

Role of the Risk Manager

“Fearing failure, he did not try to win.”

John Keegan about General McClellan (Commander of the Union Armies, 1861–62)1

In this chapter, we discuss the role of the risk manager overseeing portfolios of illiquid assets. While the recent financial crisis and the subsequent regulatory changes have caused a shift in investors' attitude towards risk management for illiquid assets, the adoption of new risk management standards has often been relatively slow. This inertia may be attributed to a combination of factors. A key reason may be sought in the fact that while the value of risk management for minimizing downside risk is largely uncontroversial, the boundaries with compliance have sometimes remained vague. However, as we have emphasized throughout this book, risk management is not just about protection against downside risks. Instead, risk management deals with the question of whether portfolio risk is adequate, which includes upside risk as well. Risk managers in the investment industry, and especially in alternative assets, cannot just focus on risk avoidance; instead, their chief responsibility is to ensure an adequate degree of risk taking, which is consistent with the institution's risk appetite and expected returns.

16.1 SETTING THE RISK MANAGEMENT AGENDA

Risk managers are tasked to develop specific policies, including quantifying the appetite for risk and setting risk limits accordingly. To monitor and report key risk exposures and to develop early warning indicators, appropriate risk metrics need to be defined. The risk manager intervenes in the investment process by allocating economic capital to investment activities based on risk and by setting incentives through risk-based performance measurement. To support this process, the appropriate methods and data management and analytical systems need to be put in place.

The management of risks in illiquid asset classes has frequently been perceived as falling into the remit of the compliance officer. This type of “risk management” is based on the argument that the inability to deal with operational risk2 and/or the failure to comply with legal and regulatory requirements poses the main risks to the organization. As a consequence, the risk manager's role is widely perceived to be centred on these areas. In this book, however, we focus on financial risks and largely ignore functions related to compliance and operational risk, which we consider as separate tasks.

16.1.1 What risk taking is rewarded?

Among academics and practitioners, it is widely accepted that risk taking is rewarded. What is less clear, however, are the mechanisms through which risk taking can be translated into higher returns for illiquid assets. In principle, two channels are relevant for this discussion. One channel involves the risk-adjusted pricing mechanism, where the downside risk is quantified and the investor requires a premium for taking the risk when purchasing the asset. This implies a major role for risk management to quantify the risk, which should be reflected in the price of the asset.3 A second channel, and one that plays a particularly important role in the context of alternative investing, refers to risk taking by searching for overlooked niches and opportunities in the market. Generally, failure rates are high and only sustainable if balanced by more predictable sources for financial gains or by a sufficient number of wins. Risk management can do little to mitigate risks for individual transactions, but its main value is in keeping the portfolio of funds in balance.

16.1.2 Risk management: financial risk, operational risk or compliance?

The risk management agenda is generally set by institutional investors, who allocate the major part of their portfolio to traditional assets where risk-adjusted pricing is the main mechanism to balance risk and rewards. However, for primary investments in limited partnership funds, a risk-adjusted pricing mechanism does not exist (Mathonet and Meyer, 2007), arguably contributing to the widespread confusion about the role of the compliance function versus the role of the risk management function. Sharon (undated) argues that merging the risk management and compliance functions would create a vacuum in the sense that there would be no oversight of risk management whereas compliance would need to deal with a complex task it is conceptually not made for. Managing risks is not just about assessing and quantifying all that could go wrong, but, perhaps more importantly, understanding all the things that need to go right for the investment strategy to be successful. Clouding the boundaries between risk management and the compliance function reduces their value and is ultimately dangerous. Clearly, compliance is an extremely important function in a modern regulatory environment. Ensuring conformity with regulatory requirements and dealing with operational risk is fundamental to good business practice, but it is not the management of financial risks in the sense of seeking a trade-off of risks versus rewards in a market.

That risk management is often reduced to focusing on issues which could contribute to failure has often led to the marginalization of this function as an overhead to the business process, not a contributor to its success. It is, however, rather the taking of calculated risks at a portfolio level that is the driving force behind successful investing and cannot just be a box-ticking exercise of all the things that have and might go wrong in individual transactions.

When searching for overlooked niches and opportunities in the market, risk management has to provide decision-makers with an assessment of the potential for success, both quantitatively and qualitatively, and of the overall ability to cope with possible failure. Compliance has to ensure that those methodologies and processes are being followed in the manner intended, but risk management has to provide methodologies and processes in the first place to support decision-making for achieving the strategic objectives. In this respect, risk management plays a potentially far more important role than widely perceived and hence should be an integral part of the organization. For portfolios of limited partnership funds, the risk manager needs to help shape the investment strategy.

16.1.3 A gap of perceptions?

In the context of hedge funds, Lo (2001) finds that there is a gap between how institutional investors and alternative asset managers perceive the risk management agenda. Specifically, in explaining this gap, he emphasizes the very different perspectives that these two groups have on the investment process. Importantly, however, this is by no means just a phenomenon of the hedge fund industry, but characterizes alternative assets in general. Frequently, investment managers in alternative asset classes do not view risk management as central to the success but often see risk management as something that is imposed by regulation without adding any value. With the focus being on individual transactions, risk management – and the numerous compliance issues associated with it – is seen by many investment managers as costly and a potential drag on performance.

The perspective of the typical institutional investor is markedly different. Such institutions operate in a highly regulated environment and as fiduciaries need to understand a fund's investment process before committing capital to it. This investment process has to be institutionalized and should not be dependent on any single individual; risk management and risk transparency are essential for this purpose. The investment return of a specific transaction is not the overriding priority. What matters also is the fit within the overall portfolio, the consistency of the investment with the institution's objectives and notably liquidity constraints, and the degree of correlation with overall assets and liabilities.

16.2 RISK MANAGEMENT AS PART OF A FIRM'S CORPORATE GOVERNANCE

Regulation in relation to corporate governance as set out under Europe's Alternative Investment Fund Manager Directive (AIFMD) is instructive. Under this regulation, AIFMs are required to put in place appropriate conflict and liquidity management policies as well as a risk management function that is separate from the portfolio management function. Independence is viewed as necessary, as risk managers are hoped to be less “deal-driven”, more objective and detached from personal relationships, and more consistent, process-oriented and systematic. The philosophy behind this is that risk managers cannot provide effective checks and balances unless they are truly independent from the risk takers.

How can it be ensured that risk management is fulfilling its role in corporate governance? Basically, two approaches are conceivable. While the “democratic” approach favours investment decisions by a group of partners whose interests are aligned, including with outside stakeholders, the “hierarchical” approach foresees a risk management function with a clearly defined line of reporting.

16.2.1 “Democratic” approach

In a partnership – the typical vehicle for alternative assets4 – essentially all the partners have similar exposure to risks and rewards, are sharing risk aversion and risk appetite, and are managing risks and the trade-offs against competing long- and short-term objectives, discrepant priorities, conflicting interests and expectations of various stakeholders like investors, finance professionals and regulators. Arguably, the partnership itself is a response to the challenge posed by risks associated with highly uncertain outcomes that require experience and judgment and where the common direction of individual investment professionals needs to be rationally aligned with the firm's long-term interest.

But in such a setup, what is the role of an independent risk manager who either has no equity, and thus no say, or whose interests are fully aligned with those of the other partners? In this setting, there is a high probability that the risk manager will be focused on the downside: Ellis (2008), in his study on Goldman Sachs, a private partnership until 1999, quotes Bob Rubin who explained, “I can see for myself what could go right. Concentrate your analysis on what can go wrong. That's where you can really be most helpful.”5 Most investment managers would subscribe to this view and see risk management (read: analysis) as something done solely as an early-warning system for senior executives. The danger is that such a system is usually designed to give too many rather than too few signals. False alarms, however, may eventually lead the investment managers to decide to ignore the risk manager.

16.2.2 “Hierarchic” approach

In the hierarchical setup, which is typical for financial institutions like banks, insurers and pension funds, the primary responsibility for risk management is vested in the chief executive and overseen by the board of directors that has overall responsibility for ensuring risks are managed and there is an adequate risk management system in place. In many instances, risk managers report to the chief executive or to the CFO, and some have a direct reporting line to the board of directors.6

The risk manager cannot be subordinated to the investment functions, but it is not straightforward to draw a clear line: for example, is monitoring related to the investment function or to risk management and/or compliance? A factor that supports the first interpretation is that in the case of alternative assets, insights gained through monitoring are valuable inputs for due diligence related to the reinvestment decision. By contrast, the second interpretation could be justified by the fact that monitoring is also, and in fact to a large degree, concerned with the financial impact of changes in the fund's development, operational risk and ESG-related matters. What makes risk management for limited partnership funds particularly challenging as far as “balance sheet investors” are concerned is that the major part of their portfolios consist of traditional asset classes. As a result, there is limited interest in developing specific approaches for immaterial allocations to alternatives.

16.3 BUILT-IN TENSIONS

A narrow interpretation would see risk management merely as an addition to the toolbox of financial instruments with a focus on analysing and modelling risks. Thus interpreted, risk management helps price individual transactions, transforming risks into quantifiable return premia.

16.3.1 Risk managers as “goal keepers”

Risk managers are often seen as “goal keepers”, confronted with investment managers who seek approval for deals. There is no reason, however, to assume that the risk manager can make “better” investment decisions. If things go wrong, there will be immediate allegations that the risk manager should have been better prepared. Avoiding mistakes at the deal level is fundamentally a front-office job that needs to be fulfilled by the investment manager. This is particularly true for alternative investments, where there is generally no independent data source for verification. In fact, the full universe of investment opportunities is unknown: the risk manager only knows about the deals that are put forward, but does not know about the ones that were rejected. Consequently, the risk manager has a more conservative bias almost by definition and has limited scope for managing risk on the portfolio level.

16.3.2 Different perspectives – internal vs. external

For alternative assets, we can differentiate between an internal and an external point of view. Sometimes, risk managers are seen as presenting the “fair” view of outside stakeholders7 whereas it is the investment managers whose responsibility it is to identify potentially attractive deals, requiring them to take views that may be contrary to those held by external observers. In line with the idea that risk taking for alternative assets means doing different things or things differently, the firm's internal views on deals often does – and actually should – deviate significantly from the external standard assessment. This will, by definition, create tensions between outside stakeholders represented by the risk manager on the one hand and the investment manager and decision-makers on the other.

Clearly, the investment industry recognizes the need for risk management, and its corporate governance bodies support this function. “But when it comes to the crunch, resources are diverted to activities which have a direct and immediate impact on the bottom line” (NSM, 2008). This diversion of resources is usually due to deliberate decisions by the firm's CEO and board, highlighting that investment management and risk management are often seen as playing two different roles, which may collide in the short term. This is particularly true for illiquid assets where, as we discussed in Chapter 10, accounting presentation might deviate significantly from economic substance, which risk management should focus on.

16.3.3 Analysing and modelling risks

While risk modelling plays an important role in the investment process, it is important to recognize the limitations of models. Models, no matter how complex they are, can only be an approximation of the numerous interdependencies in the real world. In mapping the potential financial outcomes with a reasonable degree of plausibility, modelling illiquid assets requires both quantitative information and judgment. As an integrated framework, risk management has to look at the overall portfolio and therefore needs to model all the firm's assets and liabilities.

Risk measurement and the associated metrics should be used widely in the investment process. However, tensions are almost pre-programmed if risk metrics result in constraining investment activities (Holton, 2004). Golub and Crum (2010) refer to such cases: “For instance, if a risk manager finds himself or herself in conflict with a large revenue producer, the actions taken by senior management in resolving the conflict will speak a hundred times louder than simply mouthing slogans but not backing them with action.” A key challenge for the risk manager, however, is that he is expected to present an “irresistible, quantifiable” (Sher, 2010) business case that runs the risk of ignoring non-quantifiable, but potentially highly relevant, risk factors.

16.3.4 Remuneration

While the organizational setting of risk management plays a key role for the efficacy of this function, which is well recognized by regulators, in some jurisdictions compensation structures have become subject to regulatory interest. Potentially, this may have important implications for the “functional and hierarchical” independence of risk management and compliance. If the remuneration policy is not fully aligned with effective risk management, it is likely that employees will have incentives to act in ways that are detrimental to the organization's objectives. Consequently, regulators like the UK's Financial Services Authority (FSA) require that remuneration policies must promote effective risk management and do not create excessive risk exposure (FSA, 2010). Specifically, the FSA stipulates that a “firm's risk management and compliance functions […] have appropriate input into setting remuneration for other business areas. The procedures for setting remuneration should allow risk and compliance functions to have significant input into the setting of individual remuneration awards where those functions have concerns about the behaviour of the individuals concerned or the riskiness of the business undertaken.”8

Some regulators have also provided guidance in terms of the remuneration of risk managers themselves. The European Securities and Markets Authority (ESMA), for example, has declared that “those engaged in the performance of the risk management function are compensated in accordance with the achievement of the objectives linked to that function, independent of the performance of the other conflicting business area.”9 This suggests that the regulatory authorities put considerable emphasis on managing the conflicts of interest that might arise if other business areas have undue influence over the remuneration of employees within the control functions in general and to prevent situations by which the remuneration's structure of these same employees would blur their objectives (FSA, 2010). However, despite the importance of this dimension, incentives and compensation for risk managers still remains an under-researched area.

16.4 CONCLUSIONS

Despite disastrous financial losses, risk management still does not always play the key role it should. Indeed some, like Sher (2010), have claimed that there is “a huge ‘placebo effect’ in so much of what passes for risk management nowadays”. While risk management is generally regarded as an instrument that focuses exclusively on avoiding losses, few actually see risk management in a more symmetric way that can help maximize risk-adjusted returns, taking into account the risk appetite of the organization. As this chapter has argued, the risk manager can and should play a key role in shaping investment strategies, requiring that his functions are deeply embedded in the decision-making process.10

Unfortunately, financial risk management in the area of illiquid investments is still underdeveloped, and there remains considerable confusion as to how the precise role of the risk manager should be defined. In our view, risk management should focus on financial risks and minimize overlaps with compliance and operational risk management, which should be dealt with by separate business functions. In focusing on financial risks, the risk manager should take a portfolio view that considers both downside and upside risks – instead of concentrating exclusively on the potential losses of individual funds. To fulfil his role in helping build a robust portfolio, the risk manager has to be involved in the early stages of developing an investment strategy. This aspect of the function should be performed by a dedicated manager within the firm even when the risk management function is outsourced to a third party.

In assessing financial risks in illiquid investments, the risk manager will often have to blend quantitative data with qualitative information. In fact, at the beginning of an investment in a long-term partnership fund, risk management will need to rely primarily on risk parameters that are usually not quantifiable. Gradually, this will change as the investment matures and more hard data become available that allows a more quantitative approach. Importantly, as we have stressed in this chapter, the management of financial risk is an ongoing process that aims to ensure strategy adjustments can be made if unexpected events cause deviations from the planned risk profile of the portfolio. This process requires a clearly defined risk management policy aimed at ensuring the portfolio's risk exposure is consistent with the institution's expected returns and risk appetite. This leads us to the final chapter of this book, where we discuss best practices for setting a policy framework for risk management.

1 Keegan, J. (2009) The American Civil War. Vintage.

2 The Basel Committee defines operational risk as “the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events”. This definition includes legal risk, but excludes strategic and reputational risk.

3 See, for example, FSA (2010) where the remuneration principle “stresses the importance of risk adjustment in measuring performance, and the importance within that process of applying judgment and common sense. A firm should ask the risk management function to validate and assess risk-adjustment techniques, and to attend a meeting of the governing body or remuneration committee for this purpose.”

4 The Free Dictionary gives several definitions for partnership, e.g. “contractual relationship between two or more persons carrying on a joint business venture with a view to profit, each incurring liability for losses and the right to share in the profits” and a “relationship between individuals or groups that is characterized by mutual cooperation and responsibility, as for the achievement of a specified goal”. Source: http://www.thefreedictionary.com/partnership [accessed 7 June 2011].

5 According to the author, one of the most important units at Goldman Sachs is the commitment committee which focuses on making certain that the firm never makes a life-threatening bet, i.e. all the risks in every capital commitment decision should be fully identified, discussed and understood before any significant commitment of the firm's capital.

6 The OECD sees risk management in a corporate-wide perspective where the risk management system is adjusted continuously to corporate strategy and risk appetite and recommends that the risk manager report directly to the board of directors and not via the CEO. See http://www.oecd.org/document/49/0,3746,en_2649_34813_43063537_1_1_1_1,00.html [accessed 21 February 2012].

7 This is particularly true for asset managers having a client risk manager who acts as an interface between the investment team and the mandators.

8 See FSA (2010). Apparently, the FSA stepped backwards slightly from its original position where it required “significant input” (see FSA, 2009).

9 See ESMA (2011, p. 70) and also FSA (2009).

10 In fact, this is what regulators want to achieve when they put the “use test” requirement for risk models in place.