Chapter 17: Risk Management Policy

Search in book...
Toggle Font Controls
Create new playlist

Name your new playlist

Playlist description (optional)
Sign In

Email address

Password

Forgot Password?

or

Continue with Facebook

Continue with Google
Sign Up

Full Name

Email address

Confirm Email Address

Password

or

Continue with Facebook

Continue with Google

Risk Management Policy

The final chapter of this book is concerned with risk management policy, which links a firm's investment strategy with its organizational setup and its systems and procedures. Essentially, risk management policy sets the framework for a financial institution to coordinate and execute its activities and hence plays a key role in the decision-making process. There is a growing awareness that failures and near-misses within financial institutions have been caused, or at least perpetuated, by deficiencies in risk management systems and policies. Against this background, the European Securities and Markets Authority (ESMA, 2011) has recently identified three areas of particular importance for the management of financial risks:

(i) the establishment, organization, role and responsibilities of a permanent risk management function, including requirements in respect of its reporting to senior management and its functional and hierarchical separation from other operating units including portfolio management;

(ii) the establishment of a risk management policy and the process and frequency for the assessment, monitoring and review of this policy; and

(iii) the processes and techniques for the measurement and management of risk including the use of qualitative and quantitative risk limits for certain types of risk.

In many financial organizations, the development and implementation of an effective risk management policy has therefore been given high priority. Although regulatory initiatives have often been an important driver for financial services firms to upgrade their risk management tools, regulations usually set only a broader framework within which individual organizations design their specific policies. This approach recognizes that investors may differ substantially, for example, in terms of their asset and liabilities profile, their internal governance structures, their size and their asset portfolios, including their exposure to alternatives.

Within the broader context of regulations, this chapter aims to help investors design a risk management policy that takes into account the specific characteristics of investments in illiquid limited partnership funds. In pursuing this objective, we address the following issues. To what extent should a risk management policy be based on concrete rules as opposed to broader principles? What is the exact scope of an effective risk management policy? And how does a risk management policy fit into the organizational structure of the firm?

In addressing these issues, our discussion focuses primarily on the management of financial risks through appropriate policies. However, we do recognize the importance of operational risk for an effective risk management policy. As we emphasize in this chapter, for the management of financial risk to achieve its objectives, it is critical that it be supported by adequate reporting systems and a robust IT infrastructure. In fact, this discussion is consistent with recent financial regulations which consider operational risk explicitly.1

17.1 RULES OR PRINCIPLES?

17.1.1 “Trust me – I know what I'm doing”

In alternative investing, concrete rules generally do not exist, which explains why historically there has been substantial reliance on principles. Principles-based approaches specify desired outcomes and allow the charting of an organization-specific path to those results, usually based on self-regulation and confidence in the skills and experience of the investment managers. Principles are general almost by definition; they set normative goals with respect to, for instance, integrity and proper standards of market conduct. As Quintyn (undated) argues, principles-based approaches to corporate governance and regulation were historically the preferred modus operandi of the British banking system, which was managed as a “small gentlemen's club” through self-regulation, i.e. the use of “moral suasion”. Moral suasion was widely seen as “best practice” for guiding and supervising this system. In a number of ways, the alternative asset industry appears to have preserved this culture – at least until recently. While a principles-based approach is generally preferable in situations where it is difficult to set clear rules, the recent financial crisis has undermined the confidence in the former and resulted in tighter regulation in the European Union as well as in the USA.

17.1.2 “Trust but verify”

To be sure, a principles-based approach in and of itself does not necessarily result in excessive risk taking. In fact, it is conceivable that investment managers operating under such a system are too risk-averse, given the substantial amount of uncertainty in long-term investing. While rules are meant to provide clarity and certainty for a financial institution's management, their disadvantage lies in their rigidity. Importantly, regulation recognizes that risk management methodologies are generally proprietary and contribute significantly to the investment performance. For instance, ESMA did not consider it appropriate to provide advice on the types of risk management methodology to be employed. Given the governance structure, there is a broad range of systems that can be employed to facilitate the risk management process, with different methodologies potentially being applied in different situations.

If principles-based approaches are seen as too weak or ambiguous and rules-based approaches are too rigid and unable to keep up with the pace of change in the investment environment, what is the way out? New regulatory initiatives, such as Europe's AIFM Directive, appear to favour an approach that Quintyn has called a “principles-cum-rules system” for a governance-driven financial industry. Under this system, rules are used in support of the broad principles, to explain them or direct their implementation. Put differently, the regulatory principle is that every institution investing in alternative assets needs to develop and regularly update its own system of specific rules. This set of rules can then be assessed by external stakeholders, who “trust but verify”.

17.2 RISK MANAGEMENT POLICY CONTEXT

While regulatory initiatives such as the AIFM Directive, the Dodd–Frank Act, Basel III or Solvency II target different classes of investors in the financial industry, there is clear convergence between these regimes in terms of their general thrust. As long as investors' exposure to alternative asset classes was small, private equity and similar investments remained below the radar screen of the regulatory bodies. However, this has changed significantly in recent years. Perhaps not surprisingly, the new regulatory interest in alternative investing has prompted a considerable pushback by the industry (Acharya et al., 2011), albeit with limited success. Thus, LPs and GPs alike have begun to upgrade their risk management policies in compliance with new regulatory requirements.

Importantly, risk management policy has to follow a dynamic approach that reflects best practices, requiring a periodic review of the specific arrangements, processes and techniques. Many LPs have adopted internal models, which have to pass a so-called “use test”: this requires that the model is embedded within the system of governance, is a key tool in decision-making processes and is updated regularly to reflect the risk profile. Investors using internal models need to monitor their investment programme's compliance with the risk management policy and to act in case of deviations.

An effective risk management policy represents a holistic approach that links investment strategies, the firm's business plan, the organizational setting and the IT systems environment to ensure consistency of the overall process. For each of these areas, a separate document should be prepared that is consistent with the firm's overall risk management policy.

17.2.1 Investment strategy

Haight et al. (2007) define investment strategy as “the plan(s) and methods that will be employed to realize the investment return goals”. This, of course, requires setting clearly defined objectives that are to be pursued (Fraser-Sampson, 2006). A critical ingredient in this process is the explicit determination of the investor's risk tolerance, according to which certain return goals may simply not be attainable. Objectives should be consistent, realistic and clearly stated, using measurable criteria on the basis of which deviations can be determined.

Investment strategies are formulated under uncertainty – especially in illiquid asset classes where the investment horizon is 10 years or even longer. This does not mean that strategies are obsolete, however. In fact, strategy is about choice between different outcomes in the future, and while the range of outcomes tends to widen as the horizon increases in length, strategic thinking arguably gains in importance as a competitive differentiator. In this context, it should be made clear why a particular strategy is pursued and how this strategy may deviate from expected market developments to achieve excess returns, given the investor's risk appetite. Furthermore, a good strategy needs to spell out specific rules about strategic adjustments to market changes. Importantly, strategic planning is a dynamic process rather than a static set of instructions.

A useful framework for strategic thinking about investing and portfolio construction has been developed by Black and Litterman (1992). Although their model was designed originally for diversified portfolios of marketable instruments, its fundamental ideas are applicable to the context of alternative investing as well. The point of departure of the Black–Litterman model, which is based on a Bayesian approach, is the observation that investment managers tend to think in terms of weights in portfolios rather than balancing expected returns against the contribution to portfolio risk as assumed in the traditional CAPM (Cornelius, 2011).

The reference point in the Black–Litterman model is a market-neutral allocation to different asset classes and market segments (e.g., US venture capital funds, European middle-market buyout funds, growth capital funds targeting Asia). The expected returns from holding the market portfolio represent the market equilibrium. To deviate from market neutrality, investors must formulate explicitly their own return expectations and specify the degree of confidence they have in their stated views. This is precisely where risk management comes in: the optimal portfolio is simply a set of deviations from neutral market capitalization weights in the directions about which views are expressed (Cornelius, 2011).

17.2.2 Business plan

In its technical advice to the European Commission on possible measures of the AIFM Directive, the ESMA defines as an additional due diligence requirement for investing in a partnership interest the specification of a “business plan”.2 In the consultation process, the majority of respondents did not agree with the use of this term and proposed several alternatives. In the end, however, the ESMA decided to continue to refer to the “business plan” as no clearly superior and more appropriate term emerged from the consultation process. Despite this, the process helped clarify what a business plan is actually meant to be in the context of investing and portfolio construction. For example, an alternative term suggested by one respondent was “risk appetite statement”. Although perhaps not the most elegant term, it underlines the importance of the business plan as a tool that is closely related to the risk management policy of the firm. The business plan explains how the firm's investment strategy is applied in the market place to achieve the desired objectives. Given that investment decisions are made under uncertainty, the business plan has to specify the assumptions under which a particular strategy is developed.

In order to allow a judgment about the risk/return profile of the portfolio, the business plan has to describe the broad investment universe and reflect on the investment manager's skills regarding selection and access to opportunities.3
Given the high degree of uncertainty in investment decisions, the business plan needs to give ranges of possible outcomes and simulate various scenarios.
Market developments need to be monitored continuously against the business plan in order to design adjustments as conditions change and new opportunities and/or threats emerge.4 If the original strategy in due course is found to be impossible to implement, changes need to be reported to the institution's senior governance and its investors.
The business plan helps investors monitor progress, but should also give indications as to the possible need for tactical changes in the broader strategy; in the extreme case, this monitoring process may suggest abandoning the original strategy altogether.

Whereas policies and strategies are designed for the longer term and are therefore typically revisited relatively infrequently (usually only every 3 years, sometimes after even longer intervals), business plans need to be updated regularly and whenever material changes in the investment environment occur. To regularly revise business plans based on rolling forecasts ensures responsiveness in the volatile market environment, and forces a forward-looking management.

17.2.3 Organizational setting

Investment firms have to establish, implement and maintain an organizational structure that allocates specific investment functions, responsibilities and duties as well as reporting lines within the organization. This organization needs to be documented clearly in order to ensure accountability in the investment process. In this context, best practices include:

The risk management and compliance functions should be independent from other operating units, including portfolio management. To be effective, they must have the necessary authority, resources, expertise and access to all information.
In cases where the risk management function is not functionally or hierarchically separate, the safeguards that allow for its independence need to be described. This has to cover the nature of the potential conflicts of interest as well as the remedial measures to deal with such conflicts if they arise. Importantly, from the document it should be clear why the measures can reasonably be expected to result in the risk management function's independent performance.
The organizational setting should ensure an adequate structure of supervision and remuneration with regard to different responsibilities. Furthermore, effective processes and procedures are required in terms of the exchange of information.
The risk management function is a permanent instrument that is charged on an ongoing basis with identifying, measuring, managing and monitoring all relevant risks the investment strategy is exposed to.

A conflicts-of-interest policy needs to include procedures to be followed and measures to be adopted in order to manage such conflicts. It has to describe how it is ensured that the safeguards are consistently effective.

17.2.4 System environment

A well-designed risk management policy also specifies the reporting vis-à-vis the firm's governance bodies and senior management and, where appropriate, supervisory institutions. Terms, contents and frequency of reporting depend on the nature, scale and complexity of the specific investment activity; there is no formulaic answer.

In order for the risk management function to be effective, it is important that all relevant investment activities are well documented. Only then will it be possible to demonstrate consistency with the business plan and identify any deviations from it. Specifically, the documentation of the investment process should include the minutes of the relevant meetings and any supporting evidence, such as economic and financial analyses that are undertaken in the context of the due diligence work. Importantly, this includes documents that are provided by the fundraising partnership (such as private placement memoranda) as well as internal research on a particular opportunity. These documentation requirements apply regardless of whether an investment opportunity actually leads to a capital commitment. Records must be kept in order to allow risk managers to identify any potential source – including potential conflicts of interest – that could lead to an unintended deviation of the portfolio exposure from the institution's defined risk appetite.

To a large extent, record-keeping will take the form of electronic records, which poses considerable challenges in terms of IT systems. Furthermore, risk managers have to carry out documented stress tests and scenario analyses at regular intervals to identify potential changes in market conditions and examine their potential impact on the portfolio. In addition, periodic back-testing is required to review the validity of risk measurement arrangements that include model-based forecasts and estimates. All this is necessary to ensure that the risks of positions taken and their contribution to the overall risk profile are measured accurately on the basis of sound and reliable data and that the risk measurement arrangements, processes and techniques are documented adequately.

Given the high dependence on financial models in institutional investing, operational risk has become an increasingly important concern, not least from a regulatory perspective. The ESMA (2011) stipulates, for instance, that IT systems and tools used for the computation of investments be integrated with one another and/or with the front office and accounting applications. Moreover, arrangements need to be put in place to secure essential data in the case of an unexpected interruption of the IT system. At the same time, a high degree of confidentiality must be guaranteed. It should be obvious that these IT requirements by far exceed the possibilities offered by simple spreadsheets.

17.3 DEVELOPING A RISK MANAGEMENT POLICY

A policy can be interpreted as a “statement of intent” for which governance bodies can be held accountable.5 It needs to be sufficiently forward-looking and stable for a period that is in line with the long-term orientation of an institution's activities in alternative assets. A policy needs to express the expectations of the various stakeholders in a language that accurately reflects their thinking. Procedures deal with the operational processes required to implement a policy. Depending upon the level of operational processes being described in the statements, the line between policy and procedures is difficult to draw.

17.2.1 Design considerations

A potential dilemma in designing a well-functioning risk management policy is to set restrictions that limit portfolio risk in a way that is consistent with the firm's risk appetite without imposing excessive constraints that result in an under-exposure to risk – with potentially significant effects on portfolio returns. Even apparently small restrictions can hamper severely the investment manager's ability to meet his defined objectives and lead to unintended consequences. However, to the extent that these restrictions are ignored, the lack of investment discipline may create significant and unforeseen risks. Thus, compliance with the risk management policy and specifically with its arrangements, processes and techniques should be subjected to permanent monitoring.

The broad principles of designing an effective risk management policy are already codified in the prudent investor rule (see Chapter 3). To repeat, these principles require that investments are made with judgment and care, taking into account the circumstances that prevail at the time of the investment decision. According to these principles, investment managers should act as persons of prudence – not speculators – as if they were managing their own affairs, considering the protection of their capital as well as the probable income to be derived from the investment.

In developing more specific policies, guidance may be sought in the “investment policy statements” developed by several US university endowments and public pension schemes, which have been long-term investors in alternative asset classes. Notwithstanding significant differences between the policy statements of individual institutions, there are a number of important commonalities with respect to governance issues (Mathonet and Meyer, 2007):

A risk management policy should contain details about the effective procedures and appropriate systems that are put in place to ensure that the actual risk profile of the portfolio is consistent with the risk targets.
The risk management policy should be laid out in a separate document that provides details as to how responsibilities relating to risk management are allocated within the organization. Furthermore, safeguards should be specified to ensure the independence of the risk management function.
The frequency of reporting should be determined in the policy document. It should be clear who the addressees are – the governance bodies of the institution and those charged with setting the risk limits. Furthermore, details should be given regarding the techniques and models used to monitor and manage different types of risk.
Roles and responsibilities are to be described in a transparent way. Any limitations concerning discretionary decisions by the institution's investment managers are to be stated clearly.

Furthermore, the risk management policy should address key issues in terms of the investment strategy and focus. This includes, but is not limited to, the following issues:

The risk management policy should specify the universe of permissible investments in terms of strategies as well as market segments. At the broadest level, it will need to be determined, for example, whether the permissible universe includes secondary funds and co-investments and perhaps even direct investments, in addition to primary fund investments.
Within the primary funds mandate, the risk management policy may introduce additional restrictions. For example, some investors may decide not to commit capital to funds investing in frontier markets. Investments that fall into the permissible universe should be guided by clear eligibility criteria. For example, are investments in first-time funds allowed? The definition of the permissible market universe and the eligibility criteria should be reviewed periodically.
To the extent that the definition of the permissible market universe and possible eligibility criteria are adjusted, the risk management policy should specify whether existing investments in the portfolio that are no longer consistent with the new policy should be subject to grandfathering or would need to be divested.
The risk management policy should clarify whether, and to what extent, overcommitment strategies are allowed. Similarly, it should be clear whether and to what degree illiquid portfolios may be leveraged.
As far as distributions “in kind” (i.e., shares in listed portfolio companies) are concerned, the risk management policy should provide guidance as to the liquidation of such holdings.
There should be clarity as to how performance is measured and which benchmarks are to be used.
To the extent that regulated investors use an internal model, as opposed to the standard model (e.g., under Basel III and Solvency II), its main features need to be explained in the risk management policy document, with a view to its underlying rationale, the assumptions made and the data used. The model needs to be validated by an external expert, with the validation process being documented appropriately.
Finally, the risk management policy should also address the issue of monitoring the compliance of funds where investments have been made with the terms specified in the limited partnership agreement.

In sum, the risk management policy serves to outline internal controls, determining the remit of the investment managers and the criteria that are used to monitor the implementation of the investment strategy with regard to portfolio risk. Moreover, the risk management policy should provide specific guidance as to the communication of risk monitoring vis-à-vis senior management, the board and outside addressees, such as auditors and regulators.

17.3.2 Risk limits

Setting specific risk limits is a central responsibility of a well-defined risk management policy, with the risk manager tasked to monitor closely the compliance with such limits. Consistent with existing regulation, limits typically cover market risks, credit risks, counterparty risks, operational risks and liquidity risks. For illiquid assets, it is important to note that the enforcement of limits may be challenging as portfolios cannot easily be rebalanced, as we have already noted in Chapter 6. This is also recognized by the ESMA (2011), which clarifies that the breaching of a risk limit may not necessarily require immediate action by the investment manager.

Nevertheless, a system of risk limits requires procedures that, in the event of actual or anticipated breaches, trigger remedial actions in a timely fashion. Thus, risk managers need to monitor compliance with the risk limits on a forward-looking basis and alert senior management accordingly, taking into account that adjustments in illiquid asset classes will take a considerable amount of time.

More specifically, as far as liquidity risk is concerned, the risk management policy should address anticipated or actual liquidity shortages. In this context, it is particularly important to factor in the risk of market turbulences as a result of which liquidity may dry up literally overnight. This leads us back to our introductory discussion at the beginning of this book. In fact, as we emphasized in Part I, the Great Recession provides numerous examples where investors were essentially unable to liquidate their holdings in the secondary market (or only at extremely steep discounts) and could borrow only at exceedingly high interest rates. Putting in place a risk management policy that focuses on possible liquidity constraints will be essential for avoiding similar mistakes in the future.

17.4 CONCLUSIONS

In the final chapter of this book, we have presented the contours of a comprehensive risk management policy for investors in illiquid assets. To be effective, a risk management policy should be viewed as a holistic approach that links the firm's investment strategy, its organizational setting and its systems and procedures. This is one of the key lessons learned from the recent financial crisis, where risk management often had an isolated function, or worse, was embryonic or plainly non-existent.

In describing best practices in terms of risk management policies, this chapter started with a fundamental question about the pros and cons of a rules-based versus a principles-based approach. Advocating a hybrid model, we have then turned to the broader context of a well-functioning risk management policy, which is set by the strategic objectives of the firm, its business plan and organization. Finally, our discussion has focused on the design of a risk management policy itself, identifying some key pillars in terms of governance and investment strategy issues.

Importantly, the risk management policies we have outlined in this chapter should be understood as a generic framework. Within this framework, investors will need to develop their own policies and procedures in accordance with their specific regulatory environment, history and experience, their existing portfolio, ownership structures and resources. Putting in place a risk management policy that aims to help avoid the mistakes made in previous episodes is an evolutionary process, and as we continue to learn about the specific risks in alternative investing, risk management policies will need to be adjusted accordingly.

1 As far as Basel III is concerned, for example, regulatory capital is calculated for three major components of risk: credit risk, operational risk and market risk. Solvency II considers market risk, credit risk, liquidity risk, insurance risk and operational risk.

2 According to Wikipedia, the online dictionary, a business plan is a “formal statement of a set of business goals, the reasons why they are believed attainable, and the plan for reaching those goals. It may also contain background information about the organization or team attempting to reach those goals.” See http://en.wikipedia.org/wiki/Business_plan [accessed 23 January 2012].

3 The AIFM Directive's requirements regarding documentation of deal flow pipeline could be interpreted as such (see ESMA, 2011).

4 See http://www.businessdictionary.com/definition/business-plan.html [accessed 23 January 2012].

5 See http://en.wikipedia.org/wiki/Policy [accessed 23 January 2012].

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.

Table of Contents for Chapter 17: Risk Management Policy

Create new playlist

Sign In

Sign Up

Table of Contents for
Chapter 17: Risk Management Policy