A Comprehensive Enterprise Risk Framework Touches All Important Business Areas
The risk management function in asset management is central to the investment process and it should interact closely with all the major business areas of the firm. Five commonly distinguished areas of Enterprise Risk include market and liquidity risk, counterparty risk, model risk, operational risk, and technology risk. While individual business areas are the front-line owners of the risk they create, the risk management department is tasked with providing independent oversight and effective challenge to support informed business decision making.
A robust Enterprise Risk Framework helps ensure that risk exposures across all five pillars are identified, managed, monitored and reported in a comprehensive and timely manner. It begins by asking the question “What kinds of risks do we face?” and then by systematically building out an inventory of relevant risks. It is critical that the risk identification component of the framework relies on a detailed understanding of the individual steps in the investment process and then overlays an appropriate risk taxonomy to pinpoint which types of risks may arise at each step, what controls are in place, and what are the residual risks.
Market and Liquidity Risk
Managing market and liquidity risk is a primary concern for both portfolio managers and risk managers, albeit from slightly different perspectives. Portfolio managers generally strive to build portfolios that require minimal risk mitigation. They do this by building portfolios that maintain desired market exposures (i.e. minimize unintended market and factor bets) and keep leverage, liquidity, free cash and expected volatility within a desired range. Risk managers will generally put more emphasis on extreme outcomes by making sure that stress losses are consistent with risk tolerances and by managing exposures to crowded trades or illiquid securities. Generally, this is done by enforcing limits (e.g. on cash and leverage) and monitoring various risk metrics.
With the increasing use of complex quantitative models by asset managers, be it for alpha generation, portfolio construction, trading or reporting, model risk has become an increased area of focus. Model risk can be defined as the possibility of unintended outcomes arising from the design, implementation, and use of models. Model errors can result in unexpected exposures, misaligned strategies and unintended performance. Examples include coding errors during model implementation and erroneous data feeding into a model. Therefore, asset managers should establish a model risk management framework to oversee the integrity of the models that feed their investment processes.
Prime brokers, derivative counterparties, clearing banks and custodians are some of the most important relationships for an asset manager. The main goal of counterparty risk management is to protect the firm and its clients against financial losses or reputational damage that would result if a counterparty does not, or may not, fulfill its contractual obligations. To this end, risk mitigating arrangements should be set up, where possible, along with internal procedures to monitor for signs of weakness in the potential creditworthiness of the firm’s counterparties.
Operational risks associated with the execution of processes and the performance and conduct of the people responsible for their execution should be comprehensively understood, consistently assessed and effectively managed. The operational risk framework should be founded upon a detailed understanding of the processes that support the business ‘front to back’. This includes the risks inherent in executing each process, the controls in place to manage these risks and the residual risks after the effect of controls. It is also important to understand the varying operational risks associated with each of the products the firm offers. Asset managers often run a diverse portfolio of products and mandates, each of which can present a unique, and sometimes nuanced, set of operational challenges.
As asset management firms rely increasingly on advanced technology platforms to deliver financial products and services, managing technology risk has become increasingly important. The increased reliance on technologists to provide efficient, automated, and innovative solutions to enable business growth requires that risk managers understand the risks inherent in these process and work to manage these risks in a structured and disciplined manner. A robust technology risk management framework will likely comprise of four broad areas of focus: infrastructure risk, information security risk, data risk, and software risks.
Ultimately the effectiveness of any risk management framework depends on the quality of the team assembled, the soundness of the governance structure, a firmwide culture of risk awareness, and the breadth of risks that need to be managed.
This information is for informational purposes only and not intended to, and does not relate specifically to any investment strategy or product that AQR offers. The risk management process described herein will not always be successful. It is being provided merely to provide a framework to assist in the implementation of an investor’s own analysis and an investor’s own view on the topic discussed herein.