EY Risk Management For Asset Management Survey 2013

Risk management for asset management
EY EMEIA survey 2013
Contents
Introduction1
Executive summary
Top 10 action list to achieve better risk management
10
Survey findings
14
Summary of findings 2013 survey vs. 2012 survey
40
Glossary of acronyms
42
Contacts44
Introduction
The biggest difference from 2012

is that the tidal wave of regulation
is even higher, and more tentative,
meaning that the impact of the
regulations is even bigger while
the detail is less clear. We expect
this firm to be caught with the full
force of Dodd-Frank registration,
Volcker Rule on covered funds
and OTC derivative measures
while the precise rulemaking is
still work in progress.
There is a big focus to ensure
that products should be priced
appropriately, and if we cannot
rely on the safety and soundness
of our intermediaries, this will
have a radical effect on our
business models.
The regulators are pushing
for the asset management
industry to become unviable at
a time when returns are falling.
Some are asking whether fees
levied should be reflective of
performance or risk. Others are
pushing for firms to be penalized
if the expected outcome is
notdelivered.
The cycle of cost growth, fee competition, squeezed margins and the need for greater
scale was a feature over 2012, and the trend was set to accelerate during 2013,
challenging asset managers to innovate to safeguard sustainable profits. Innovation
among European asset managers and asset servicers was becoming increasingly
complex, often driven by specialized entrants from the US. The asset management
industry was also ripe for consolidation, with smaller players the most likely targets.
As change was constant, the need for proportionate risk management in the form of
appropriate governance, risk appetite, embedded procedures and effective use of risk
management frameworks/KRIs was never greater in the current businessclimate.
Examples of innovation seen in the survey consisted of loan ETFs, post-RDR share
classes, portable alpha, LDI-variant and smart beta strategies. Given that successful
innovators stood to gain first-mover advantage, higher fees and greater customer
loyalty, innovation coupled with effective risk mitigation was seen as a vital source
of differentiation and/or a compelling route to direct market entry. In addition asset
managers and asset servicers were being impacted by a plethora of regulations with
varying effects, some significant and others contradictory. What these regulations had in
common, however, was a tendency to push up costs. The most successful firms proved
to be those that managed to keep their cost/income (C/I) ratio in the range 5565 in
thisenvironment.
For example, at a macro-prudential level, approaches were proposed to address the
need for provisioning high-quality capital to mitigate pro-cyclicality, particularly for
significant influence financial institutions (SIFIs), to reform risk management, to bolster
compensation practices and to strengthen crisis management procedures. Regulators
in the UK and Germany in particular were more keen to see evidence of advanced,
externally validated capital modeling and reverse stress testing (RST). In response, firms
recognized that extra capital provisioning and shoring up procedures would not come
free, and costs would inevitably need to be passed on to end investors.
At a macro conduct level, European asset managers remained keen to expand globally,
but as yet, there was no consensus on how to overcome the problem of fragmented
product regulations despite high-level agreements from G20 governments on the critical
issues to be tackled. Most argued the case that their interests were auto-aligned with the
interests of their clients, but to little avail. As the G20 deadline of 31 December 2012
expired, asset managers seemed challenged to handle more complexities than ever
before against a backdrop of competing regulatory approaches and desires for greater
transparency. The latter were anything but convergent.
Several respondents commented that if this process was left unmanaged moving
forward, competing regulatory changes could limit the industrys innovative zeal.
Recent topical examples included the use of substituted compliance involving entityand transaction-level tests (employed by the US regulators), third-country equivalence
tests/mutual recognition (employed by the EC/Trilogue processes), use of regulatory
colleges (in Europe, typically used when evaluating CCPs), and finally thematic reviews
undertaken by individual competent authorities such as the AMF or CNMV (for managing
conflicts in France and Spain, respectively) or CMVM for sale of complex products ahead
of MiFID II in Portugal.
Risk management for asset management EY survey 2013
The lack of decent-quality

collateral is our primary concern.
We are doing a lot of work around
SBL, repo and collateral because
we are worried about the position
of the banks, and the amount of
collateral shortfall runs into the
trillions of dollars.
Risk officers will need to do
a lot more than act as the
boundary between Portfolio Risk
management and Internal Audit.
As the investment management industry was maturing, tax was equally becoming an
increasingly complex issue, both in terms of reporting and at an investment portfolio
level. The proposed introduction of a financial transaction tax (FTT), in the potential
form of a directive spooked many asset managers this year, who were not at all clear
on the intended impacts, much less the unintended ones. There were several factors
at work, not least because FTT was presented as a tax information sharing scheme
(like FATCA) but also because the FTT would seemingly apply to cases involving a
riskless principal transaction (where the current understanding is that both parties
to the transaction will be liable to pay the FTT, giving rise to a cascade effect). Scenario
modeling will be key.
It was clear that running a successful asset management business was equally about
the need for sound risk management and innovation as sound returns and profitability.
Regulators had migrated from the mindset of tick-box compliance per the rulebooks to
feature two additional mindsets: a) firms to demonstrate that the products or services
offered did not lead to customer detriment under various market conditions, and b) firms
to provide evidence of the value-add per the fees being charged.
Given the open-ended and ongoing nature of these asks above, respondents in 2013
wanted to know how much is enough allocating FTE numbers and assessing the quality of
expertise required to keep pace with complex and shifting rules. There was a significant
desire for benchmarking effectiveness, fitness for purpose and market best practices.
Indeed counting resources, noting where they were located and measuring how they
would respond to a crisis became a functional pastime this year. Where some firms saw
challenges given the pace of innovation and regulatory impact, a top quartile of firms
expressed excitement at new opportunities, designing asset management solutions to
win share of mind and market.
Moving forward, we believe that careful thought about future developments and possible
improvements in risk management should be extremely valuable for firms of all sizes
and locations, covering active, passive, quantitative, alternative/hedge fund, real estate,
investment trust, LDI, SRI, ETF or other styles of managing assets. We also believe
that third parties, such as asset servicers, fund administrators, outsourcing providers,
transfer agents, platform providers and prime brokers who service asset managers, could
greatly benefit from this knowledge and thus serve their clients better.
In conducting this survey, we interviewed 54 heads of risk and chief risk officers
representing a selection of large, medium and small traditional and alternative
investment management firms (by AuM) operating in the UK/Ireland, France, Germany,
Luxembourg, The Netherlands, Switzerland and Italy. The survey built on the results
recorded during the four previous risk management for asset management surveys,
which were conducted from 2009 to 2012. Our interviews covered strategy, horizon
risk, risk appetite and governance, themed risk areas, such as investment risk, product/
conduct risk, prudential risk, counterparty credit risk, operational risk, tax (FATCA/FTT)
risk and reputational risk. The survey also covered practical areas, such as resourcing,
prioritization, risk monitoring, systems and controls, and data/management information.
Interviews gave respondents the scope to offer their full opinions under conditions of
anonymity. Once again, we are most grateful to them for their continued patience and
considerable support behind this endeavour.
We have also added EYs view of the Top 10 actions that we believe will help firms to
improve their risk management processes still further. Critical conclusions are featured in
the executive summary for ready reference by seniors, particularly from the boards, nonexecutive directors (NEDs) or the business. This survey complements the Compliance
Management for Asset Management 2012 survey.
We hope that you and your colleagues enjoy reading this report and that you find it
constructive and thought-provoking in helping your firm raise its game against your peers
and mitigate risks effectively to innovate, offering new products and services without fear
of reputational damage.
As ever, we welcome your comments, feedback and continued dialogue. If you would like
to discuss any aspect of the survey, please get in touch using the contact details at the
back of the report.
The direction of travel of

regulators and policy-makers is
that they work on the assumption
that the markets dont function
efficiently. What concerns me is
that regulation is becoming more
frequent, more evidence-based,
and it is insufficient that a firm
demonstrates lack of customer
detriment. Regulators want to see
that value was added, but then
our buyers are looking for strong
performance assetmanagement.
Pay and bonuses are all a

red herring. This is about
demonstrating the value of
intermediation to the regulator.
The current focus on sell-side
commissions, paying for company
visits or the margins of the
FX business all arise from the
samesuspicion.
Executive summary
EYs risk management for asset management
2013 survey offers a revealing insight
into the unique set of challenges currently
confronting our industrys risk management
professionals. In comparing the views of
more than 54 heads of risk and chief risk
officers at many of the most recognized
traditional and alternative asset managers
in the UK and continental Europe, the
survey provides indications about the future
development of the continued evolution and
strategic importance of the risk function for
asset management firms.
Executive summary
The sheer volume of current

regulations is the problem.
More research is needed on
how dangerous this situation is
becoming, given that regulation
comes from a huge political
agenda. In the UK, we are losing
the notion of a relationship with
the regulator. Given the spate of
thematic reviews, the narrative
remains be afraid, be very afraid
under the FCA.
1. Given the tsunami of new directives and regulatory measures

at global, regional and local levels, the gap between risk
management and regulatory management is narrowing; both the
regulators and NEDs were becoming critical drivers.
The world has moved on from

the historic view of OpR as
pertaining to people, processes
and systems; today, OpR can span
anything from counterparty CrR
oversight to business risk, which
we would see as strategy risk.
Another new feature in the survey was the interest of NEDs in the top horizon risks
impacting firms, arising from macroeconomic factors, geopolitical changes to regulations
at a local or regional level, or tax legislation changes. Leading firms were able to route
horizon risk outputs directly into their decisioning through their analysts and desk-heads.
Intrusive regulations and legal risks were the top two horizon risks on the radar, with
the AIFMD and UCITS V/VI measures representing regulatory implementations with the
highest priority and impact for asset managers in general. Satisfying the needs of NEDs
for guidance and challenge at board level was certainly a primary motivation behind firms
in the UK raising their game in this way.
Previous FSA visits had focused

on governance, platforms, ICAAP
and client assets/s166 client
money. This time around, the
3LD was hammered owing to a
lack of evidence of meaningful
challenge in existence and a need
for a stronger risk management
framework. The Business Risk
team was a particular focus
because the business had of
late de-emphasized the need for
business champions working with
the risk team.
Running a successful asset management business is equally about the need for forwardfacing, sound risk management and innovation as sound returns and profitability.
Respondents in this years survey commented how regulatory risk was now considered
to be the number one risk. Nearly every firm mentioned challenges that their firms
are facing by trying to comply with a torrent of global, regional and local/thematic
prudential and conduct regulations, applied in the form of rule-making, principles and
recommendations, sometimes over varying timelines and sometimes expressed at
citizens or entities located cross-border (extraterritorially). As a result, we noted how the
gap between risk and compliance functions was narrowing, with more risk professionals
involving themselves in regulatory reform and compliance issues.
2. Proving that investment risk was ring-fenced from bias and

conviction became a badge of honor in 2013. Responses were
varied when it came to the management of certain strands of
investment risk, e.g., risk budgeting, single portfolio views,
advanced risk metrics, sensitivity analyses and management of
model risks.
Investment risk arises from the promise of performance, which remains undelivered. A key
element of the overall investment risk framework is the clear identification, documentation
and communication of the clients risk appetite, as explained above. However, the
governance of the investment risk function is a critical component of this framework, taking
into account the different criteria that are used across different styles of asset managers.
Many of the larger firms claimed that their investment risk function was truly independent,
but this was in evidence only if there was qualified headcount located in the second line
of defense (2LD) able to provide effect challenge against bias and conviction decisioning
on the part of the portfolio managers. By contrast, many smaller firms still provided
investment risk monitoring from within the front office teams.
The top quartile of respondents in this regard featured dedicated investment risk
individuals with 1) the skillsets to analyze and support portfolio managers, and 2)
the personalities to challenge the business robustly and evidentially when called to do
so. Given the competition for this skillset, we discovered that many of the individuals
might need to be on remuneration packages more aligned to front office or banking.
Theleading firms provided deep technical analysis into investment risk issues, developing
investment risk parameters for products; conducting independent reviews and analysis of
investment risk within products, models and portfolios; and developing the reporting and
risk analytics capability to support portfolio managers. Respondents also commented on
the need to derive quality management information from interlinked systems (allowing a
single portfolio view to be drawn) a critical differentiator between firms in thesurvey.
Executive summary
We dont do things in Risk

and Compliance for the sake
of regulators, actually. We do
things because they make sound
commercial sense, and that
reputation attracts and retains
our clients.
3. Regulatory approaches showed signs of divergence. In the US,

there is the prospect of extraterritorial impacts. In France and
Luxembourg, competent authorities are focusing on liability. In
the UK, there is the prospect of more thematic approaches
for example, assessing the risk from asset management firms
outsourcing operational activities to external service providers
as part of complex international banking groups.
We have thought about the

AIFM/MiFID firm separation and
have decided for now to keep
the entities separate because we
dont think that dual registration
will be a constraint, but the
capital costs are a nuisance.
Many of the larger asset managers and entities that outsourced material functions to
third-party agents (TPAs) were considering the implications of outsourcing to external
suppliers, while deliberating on the activities they performed and deciding which
ones they would be able to continue in the event of the failure of a bank to which they
subcontracted. As a majority of the respondents depended on an outsourcer, transfer
agent or prime broker/fund administrator for conducting a critical operation, this hardly
came as a surprise. The results of this years survey showed that 56% of the respondents
were concerned about managing regulatory expectations around outsourcing risk in
particular, and despite the recent focus on living wills, majority of the respondents were
aware that their outsourcing agents maintained recovery and resolution plans without
having an opportunity to study the same.
Having prepared well in advance

for Solvency II and seen the
deadline pushed back a couple
of years, we are now in search
of last mover advantage. We
feel that some capital modeling
benefits to be gained from
Solvency II, but we also need to
answer a lot of questions around
whether the money could have
been spent differently.
There was widespread skepticism as to whether the failure of an outsourcing agent

per se was a realistic outcome, given that the failure of an investment or retail banking
entity would be the more realistic possibility, creating significant potential for banking
contagion. In view of last years scenario of modeling and contingency planning around
failures developing in the Eurozone, many respondents commented that they felt
prepared. Most had already devised adequate contingency plans that they felt to be
viable, robust and realistic in the event of a termination of outsourced activity under
any circumstances, including stressed market conditions. Responses were much more
tentative concerning the determination of risk under normal and stressed market
conditions, the commercials around step-in or warm second provider arrangements,
or the direction of travel that global custodians were taking to evaluate the liability
arrangements to cover cases of fraud and/or insolvency of any end agents, such as
sub-custodians.
4. Respondents commented on how they dealt with reputational

risks in different ways, some exercising management through
cross-functional and multidisciplinary approaches, while others
treated reputational risk more monochromatically, either driven
by events or powered by corporate communication.
Reputation risk for an asset manager can arise from a variety of contributions, ranging
from market risk, counterparty risk, operational risk, regulatory risk, fiduciary risk
or fraud. True reputational failures in asset management are hardly numerous
MorganGrenfell, Long-Term Capital Management, Gartmore and New Star are some
of the few that come to mind. Reputation is a fragile asset, as much about perception
as it is about fact which means that a reputation can be gained over a considerable
period of time and lost in considerably less time. Reputation is a wider concept than
brand alone, impacting ethics, trust, relationships and, above all, the ethos of a firm by
way of its culture, values, integrity and its confidence behind how these concepts are
communicated to clients and regulators.
Although reputational risk was generally seen as one of the most important risk types,
the survey showed that the explicit monitoring and management of reputational risks
were inconsistent to date. We found that reputational risk is usually owned by either
the CEO, the board, or both, but the processes were often driven and managed by risk.
This sometimes created a disconnect that impacted the effectiveness of managing
reputational risk. For example, many firms remained reactive to events, and only 24%
of respondents regarded reputation risk in a category of its own, potentially as both
an impact and a driver of new risks. Reputation worthiness derived from brand value
or goodwill was seldom considered at a bottom-up level for instance, by adopting a
reputational risk framework (such as what is offered by COSO or the ABI) and collecting
data on media hits (such as on news sites and blogs, as well as brand evaluations) to
assess the likely extent and impacts of reputational consequences. All of which left scope
for exposure and room for remediation.
HR are involved and leading the

discussions on remuneration in
the wake of AIFMD. This is the
first directive I can recall that
involves pretty much all the
functions within a company.
Remuneration is a huge focus
struggling to see where the
agreement lies between DoddFrank (disclosure, transparency,
clawback), CRD/AIFMD
prescriptions, FSA approaches,
and bonus caps recommended by
MEPs, for example.
There are too many options for
remuneration FSA, AIFMD, CRD,
UCITS V necessitating too many
systems. Conflicts will arise from
managers with personal interest
to be paid on performance not
linked to funds.
Executive summary
We see opportunities arising

from regulation and are building
a stockbroking capability offered
to clients who are prepared
to pay a premium which
could result in channel conflict
between products offered via
brokers vs. direct (e.g., platform/
stockbroking) if left unmanaged.
The founder is very blas about
the FTT, saying itll never happen,
but I am very concerned because
of its potential to shift models if
itdoes.
Value may be added, but
questions remain legally as to
when guidance become advice.
For example, investment guidance
is treated differently in Germany.
This is particularly relevant
when differentiating the offer of
ourbadged funds vs.
third-partyfunds.
5. The tail risk of FATCA-like measures in the US (and potentially

elsewhere), coupled with the political will to impose a financial
transaction tax across Europe, has buoyed senior management
to ensure that tax risk is managed effectively.
A majority of the respondents indicated that they thought tax risk was a key horizon risk,
although most thought that there would no longer be a high impact on their business
and operating models through the introduction of either FATCA or a Euro-FATCA on
account of the intergovernmental agreements (IGAs) in place. While firms in the main
were relatively well-advanced by way of preparations for FATCA, the general level of
understanding and preparation to manage risks arising from the potential introduction of
the FTT vs. the introduction of local FTT measures in individual countries, such as France
or Italy, was comparatively low. Even if their CEOs or boards remained unconvinced,
many CROs believed the prospect of an FTT Directive to be a potential game changer to
their business model.
Most respondents were perturbed by the prospect of the introduction of the FTT.
As currently proposed, the FTT would apply to secondary market transactions in
equities, bonds, fund units, and repos and stock loans, as well as entry into derivatives
transactions. There would be no exemptions for items such as intra-group transactions,
intermediaries/market-makers, stock loan or repo transactions. One of the biggest
concerns for respondents would be a cascade effect, whereby multiple charges would
bite where a number of brokers act in transferring securities between two counterparties.
Although it was envisaged under the draft Directive that the EU Member States would
transpose the relevant rules expressed under COM(2013)71 into their national law,
with the tax having a go live date potentially as early as 1 January 2014, only one
respondent was of the view that this would actually happen by that effective date.
6. Risk management is all about access to the right data. In 2013

risk management is increasingly about guarding your datatoo.
In 2013, we saw a shift toward more focus on data security and cyber risk. There
was increasing awareness among risk professionals of the importance of big data,
particularly from the point of view of innovation opportunity, of safeguarding data, or of
generating the supporting data to enable firms to conduct back-testing. Respondents still
differed as to the usefulness of data indicators. Supporters of KRIs expressed the view
that they were generally helpful, a good discipline to help the risk function decide where
to pay more attention to structural or significant changes and a good tool to summarize
issues for management, the board, the NEDs, the clients and the regulators. Managing
data was no longer an issue of merely managing static (reference) data or filtering
stale data, but as equal to the lifeblood of innovation and therefore the golden source of
economic value for the business.
Consultants are a real nuisance

as they introduce mandate risk
into the mix because of inflating
the expectations of plan sponsors,
pension funds and SWFs!
Recruiting skilled and
knowledgeable risk professionals is
quite difficult. [The functions] need
specialists without management
ambition. Remuneration and image
can be an issue.
Further, data security (whether concerning the firm, data warehouse, outsourcer or
surrounding hacking, impersonations or cybersecurity) was a new concern as reported
by 49% of the respondents. Historically, the focus was on the quality, robustness and
completeness of data. However, the percentage of firms experiencing issues with
flexibility/IT change requests remained quite high this year at 46%. Top-quartile
asset managers (by way of automated risk prevention) were able link their portfolio
management systems (PMS), order management systems (OMS) and general ledger
systems (GL) into a seamless system architecture, enabling them to perform whatif
scenarios according to model, product or portfolio criteria. The leading firms were
also digitizing documentation for on-demand retrieval of records for audit and
control purposes. It was little surprise, therefore, that this years survey found more
firms maintaining a wider range of KRIs/KPIs than ever before spanning traditional
investments, alternatives, real estate/private equity and multi-strategy.
For the part of reputation

risk that is seen as impact/
consequence, it is the function
responsible for the specific risks.
For the other, more isolated,
externally driven reputation risk,
it is at board level. A good, very
recent example was negative
publicity because of IT problems
within the bank.
Overcoming these challenges to be able to provide a holistic approach to risk

management that is so vitally needed is now of foremost concern and the rationale for
running this survey.
Reputational risk is considered

very important because it is the
only thing you have.
Top 10 action list to achieve better

riskmanagement
On the basis of the results of the survey and the experience of our own EY practice professionals, we have identified the top 10
actions to help firms better manage the risks they face. This list is not a definitive action plan, but we hope it will offer a useful starting
point for identifying the steps that would most benefit your firm.
The tone from the top percolates

the business to do the right
thing for clients. We survey every
client on a rolling three-year
basis, and our code of ethics is
imbued within our partnership
culture. The measures are tied
into the risk appetite and six
TCF outcomes, and we feature
mentoring for the business and
control functions, and adopt a
partnership liability approach to
risk as appropriate.
All respondents mentioned challenges that their firms were facing in trying
to comply with a torrent of global, regional and local/thematic prudential
and conduct regulations, applied in the form of rule-making, principles and
recommendations, sometimes over varying timelines and expressed at citizens
or entities located cross-border (extraterritorially). Most firms acknowledged
the particular importance of managing so-called third-country issues (i.e.,
measures that are dependent on private placement regimes, requiring mutual
cooperation agreements, arising from the function of regulatory colleges or the
consequences of extraterritoriality).
We are a midsize firm with a

simplified structure and we are
not looking to separate our UCITS
from our AIF or MiFID business.
Weve spent the last year
embedding the risk culture
between teams. We are much more
proactive than previously our
current focus is 75-25 forwardlooking to backward-looking, which
is a huge change. We started the
other way one year ago.
The regulators are forcing us
to think more about what is
appropriate for the end client.
I am really not happy about the
direction that the UK regulator is
taking during the FSAs fishing
trips. Conduct risk is a high
priority and firms dont just
have to evidence that they are
preventing customer detriment;
they also need to evidence that
they are adding value and also
paying attention to the needs of
their clients clients.
10
With more than 38 regulatory measures currently in process in the EU

alone, the quantity, types and intrusiveness of regulations have become
a critical issue for respondents. More firms should ensure that horizon
risk outputs are linked not only to control functions but to the business
(and particularly portfolio managers and analysts) to reinforce a
one risk approach.
When the risk management for ssset management surveys started in 2009, risk
managers functioned in an environment of one significant regulatory change
per year, and the notion of a regulatory reform function to help determine
horizon risks was rare. Now, as firms are confronted with incremental regulatory
changes every month, it is vital. In 2013, most firms had already taken the steps to
create and reinforce a one-risk culture across group/business unit and regional
structures, ensuring that risk management should align with how clients had been
sold products. When it came to managing the horizon risk radar, a best practice
idea consisted of routing the outputs not just to the control functions (2LD/3LD)
but to the portfolio managers and analysts to educate and inform the business of
the impacts of regulatory changes in parallel.
The profile and scope of the risk management function has been raised
and broadened, with the debate around remuneration coming to the
fore. Firms should revisit tolerances, limits and how they apply the
use test in practice.
A robust model for corporate governance and ethics goes hand in hand with sound
hygiene around effective risk management. The corollary is true too good risk
management reflects a good governance culture, and this is increasingly evident
to end investors and regulators alike. There was greater evidence of the risk
function being treated even more seriously this year. Not only was the skillset
broadening out from operational risk to feature investment risk and regulation
risk management, but there was more solid evidence of the use test being applied
in all its facets, particularly as far as scenario modeling (e.g., Eurozone, FTT) or
reputation risk modeling was concerned.
There was also more awareness in general (particularly among hedge funds)
regarding firms articulating their risk appetites effectively to allocate technical
resources to where they were needed (e.g., partitioned between the firm/
outsourcing agents) or to avoid shocks to future earnings. The CRO was continuing
to offer challenge to the 1LD as a critical friend but, equally, the CRO was
aware of when to apply judgments to tolerances (discrimination as per hard or
soft risk limits) and to intervene more forcefully when needed. This was amply
demonstrated in the product arena (see later, with earlier involvement of the CRO
in the manufacturing cycle or demonstrating their veto), but a minority of firms
indicated CRO involvements in strategic planning, M&A and setting budgets or
remuneration, a notable departure from the 2012 survey.
Given the greater potential risks from product mis-selling and regulatory intervention, it is even more important
to involve both risk and other control functions at the beginning of the product development cycle and to focus
on conduct risk, devising appropriate conduct risk frameworks that focus on ethics and behaviors to complement
traditional approaches.
Effective risk management should align with the strategic objectives of the firm and the manner in which investors have been sold
products. In this years survey, respondents confirmed that some European Member States were showing signs of adopting nonconvergent courses concerning product regulation and that they could no longer be certain of a consistent direction of travel. The
FSA/FCA were touting a product intervention approach. The AMF in France and the CBFA in Belgium were pushing for prescriptive
pre-screening, mainly in relation to product intervention around simple/complex products and execution-only (EXO) business. Other
EU Member States had introduced product safety warnings (e.g., color coding in Portugal or risk indicator measures in Denmark and
Luxembourg).
Moving forward, with the spotlight increasingly turning to the customer, it seems as if short-term national responses will need to be
managed against the backdrop of regional regulation. Given recent fines levied for mis-selling of products claiming to be guaranteed,
absolute return, leveraged, or structured to retail-classified investors, the notion of conduct risk the risk that an entity mistreats
its customers or clients, causing them detriment has come to the fore. It is clear that business and operating models may need to
accommodate multiple ways of conducting business across Europe over the next three years at least. It makes sense for firms to
revise their taxonomies and compile product characteristics, while shoring up suitability and appropriateness procedures provide the
neccessary evidence to regulators if called to do so.
More firms are becoming independent by ensuring that investment risk is ring-fenced from bias and conviction
on the part of fund managers or founders. There is still scope for performance improvement among the non topquartile firms when applying risk budgeting, single portfolio views, risk metrics, performance attribution, liquidity
management and treatment of model risks.
Performance is the promise that is not always delivered. Many firms claim that their investment risk function is independent, but this
is evidence only if qualified headcount located in the second line of defense (2LD) is able to provide effective challenge against bias
and conviction decisioning on the part of the portfolio managers, particularly if their decisioning contravenes regulations or the firms
stated risk appetite, or both. Firms should ensure that they can derive quality management information from interlinked systems
(allowing single portfolio views to be drawn) a critical differentiator between firms in the survey. It is also advisable to populate
the 2LD control function with FTEs familiar with the terminology of the portfolio managers (e.g., tracking error, TAA, expected beta,
CAPM, Sharpe ratio and sensitivity indicators DV01/IE01). Additionally, the appropriate level of remuneration should be an important
consideration when attracting (and retaining) appropriate technical skillsets to perform the investment risk function effectively.
The treatment of individual capital guidance (ICG) and capital allocation as per the ICAAP is a perennial focal
point. The optimization of capital and evaluation of insurance benefits is a key differentiator between asset
managers and a barometer of regulatory standing.
As greater capital charges often correlate with constraining the budget for innovation, it is vital that asset managers take steps to
optimize their capital provision, including seed capital provision. This years survey recorded a similar new normal of 135% to 175%
across 40 firms for ICG uplift scores relative to Pillars I and II capital and unwinding effectiveness/charges (the latter sometimes
spanning over 12 months). Firms should benchmark themselves to evaluate whether they should take advantage of waivers, such as
consolidation (diversification) benefit and the quality of insurance. Although effective optimization is far from trivial, leading asset
managers are already looking to compare themselves through capability maturity modeling on what other firms are doing as part of
their ICAAP/SREP processes, bearing in mind the type and combination of style factors that might give the regulator cause for setting
elevated ICG uplifts.
Regulators in the UK and Germany are in particular more keen to see evidence of advanced, externally validated capital modeling and
reverse stress testing (RST) procedures made specific to firms (not just proportionate to market conditions). Firms should be aware
of the need to model for regulatory sensitivities; legal entity restructuring, joint ventures, material outsourcing of critical functions at a
corporate level; qualifying NEDs or control function representatives from a governance perspective; managing client assets and money,
especially those carrying products targeted at retail-classified consumers from a conduct perspective; or firms manufacturing complex,
illiquid or non-fungible products or offering guaranteed or absolute return products to clients.
11
Top 10 action list to achieve better

riskmanagement
Our RCSA represents the risks to
the firm, linked to the prudential
risk; conduct risk models risks to
the client. Prudential regulators
are becoming more focused on
the former conduct regulators
such as the FCA on the latter.
We believe that vetter controls
make better client outcomes, but
need to persuade regulators that
our interests are aligned with
theirclients.
The gaps between aspiration and realization have narrowed considerably this
year, with several asset managers posting improvements in how they were able
to determine both intra-day and ex-post counterparty risk exposure. Firms should
continue to adopt a more proactive approach to counterparty risk management by
increasing the level of monitoring and close scrutiny per credit rating, CDS spreads,
tier-1 banking ratios, price movements, etc. There was welcome evidence of more
CROs than ever before involving front office colleagues taking responsibility for
counterparty risk management. Given the prospect of ad hoc political or legal
changes imposed at a local level (e.g., Cyprus), the credit risk of the client should
not be relegated to a negligible concern.
InvR sits in the second line of

defense and the focus varies
according to the 1LD and the
quality of people providing
quant support; remuneration
(such as paying for FTEs with
PM or quant skills or both) is
not a problem given the parent
compensationstructure.
The measurement and monitoring
of risk occurs both at the
aggregate level and at the factor
level. This is done for all active
asset types (EQ, FI, LDI) but not
done for index measurement
and risk monitoring is done daily.
Managing outsourcing risk is our
top risk priority, partly driven
by where the FSA was going,
although this hasnt been mirrored
by the SEC or BaFIN, which are
equally critical regulators for us.
We are at the stage of kicking
the DR tyres of our outsourcing
provider although really we should
be deconstructing their recovery
and resolution plan, aided by the
regulator. Asking us to evolve stepin processes is ridiculous, and we
are consulting the IMA on that.
12
Improved credit risk was a key focus in 2013, with more firms
upgrading risk systems to enable them to determine counterparty
risk exposure by using CDS spreads as well as CRAs. More firms
should run beauty parades to help assess the quality of their
counterparties under normal and stressed market conditions when it
comes to collateral management, repo or clearing.
It is recommended that firms that are expanding or are contemplating expanding

their footprint in alternatives, LDI, OTC derivative or synthetic ETF strategies
should conduct a study to look at acceptable forms of collateral if they are yet to do
so. The study should focus on the likely factors impacting the supply and demand
of quality, fungible collateral, and how asset classes might be priced to support the
demands for initial and variation margin by CCPs. Firms worried about any pinch
points should consult with custodian banks and financial market infrastructure
facilitators (such as Euroclear or Clearstream) as to the pacing of infrastructural
reform and contemplate whether to run benchmarking exercises such as a
beauty parade of their brokers and custodian banks to assess the quality and
appropriateness of collateral management, execution and primeservices.
Firms had strengthened the robustness of their operational risk

frameworks and the effectiveness of their outsourcing arrangements
under normal and stressed market conditions last year but needed to
respond to regulators during thematic reviews this year.
Most firms had already devised adequate contingency plans that they felt were
viable, robust and realistic in the event of a termination of outsourced activity
under any circumstances, including stressed market conditions. Many respondents
mentioned for the most part that they had i) agreed to definitions of critical
operational functions, ii) agreed to the materiality of such functions per the
investment business of firm, iii) agreed to the criticality of outsourced operational
functions as per and investment services/activities, iv) revalidated that they were
able to monitor and manage the effectiveness of functions carried out against
SLAs, v) catalogued SLAs effectively, particularly in the case of service provision
and/or outsourcing from third countries, and vi) ensured that catalogs featured
procedures from competent authorities in third countries.
Recent statements by the regulators, such as the FSA, expressed the belief that
firms boards should be able to demonstrate that they have in place an adequate
resilience plan that enables the firm to carry out IFCA-regulated activity if a service
provider fails. It is recommended that firms should: i) evaluate concentration
of risk under normal and stressed market conditions, ii) evaluate contingency
planning (such as step-in or standby arrangements) in the event of an agent
hitting financial problems, iii) perform parallel evaluation of the way in which client
assets and client monies were segregated and safeguarded, iv) evaluate liability
arrangements to cover cases of fraud and/or insolvency of any end agents, such as
sub-custodians, v) evaluate horizon risks that regulators might expect that conflict
registers/statements of ethics extend to cover third parties, i.e., to sub-contractual
agents or outsourcing parties.
Compliance measures involving tax, such as, the FTT should be treated concurrently with regulations, and
appropriate care and attention needs to be dedicated to client onboarding to ensure that correct and appropriate
treatments are applied.
Tax risk1 management came of age two years ago with the introduction of the FATCA, impacting risk and operations departments
just as much as tax professionals. While most felt comfortable with the scope of the IGA measures in place catering for country-percountry assessments, managing the ongoing BAU operational tax landscape for funds/fund managers was at least as important as the
big headline issues. Tax risk was cited as a current issue by 38% firms (up from 27% last year), which suggested that some tax teams
were not ensuring that tax risk was understood and embedded within the business or a lack of knowledge on the part of the CROs.
Operational tax risk covering the SLA relationships with service providers on a technical level, managing the plethora of tax rates
applying to investments (and CGT in particular, which could impact performance) proved key. From the data angle, firms should
re-examine legal entity identifier (LEI) indications to differentiate US financial institutions (USFIs) from foreign financial institutions
(FFIs) in case of the need to prepare for an EU-FATCA.
While firms in the survey were relatively well-advanced by way of preparation for FATCA, respondents seemed far more uncertain as to the
scope of local vs. EU FTT measures. Firms would be wise to apply the issuance, establishment and materiality tests and model the
known worst case impacts on equities, bonds, fund units, and repos and stock loans, as well as entry into derivatives transactions. Firms
should be on the alert for modeling intra-group transactions, transactions involving intermediaries and stock loan or repo transactions on
a what if basis. Scenario modeling will be particularly important in cases involving a riskless principal transaction, where the current
understanding is that both parties to the transaction could be liable to pay the FTT, giving rise to a cascade effect.
Resourcing should be weighted according to the scope of investment style of the firm, and quality of that
resourcing is paramount. Firms should be able to evidence and justify how resources are allocated and why, when
called to do so by regulators.
This years survey focused more deeply on the balance of risk resources across firms and how those resources were being counted,
partly in response to regulators posing deeper questions about skillsets and bench strength to cover all the countries where a firm did
business. While 37% of the respondents indicated an expansion in risk resources, majority of the firms (54%) remained flat in terms of risk
headcount, and the rate of growth of FTEs was not consistent across all firms. The number of FTEs didnt vary by overall style, AuM, or
size of existing team, and there was a degree of proportionality between the size of the core OpR resource team and scope of investment
risk resourcing (see Figure 13 on page 33). Diverse business lines (e.g., multi-strategy, alternatives or REIM) and country coverages
(particularly in Asia-Pacific) were considerations for deciding team size and capabilities.
10
Data security is paramount. More firms than ever before recognize that collecting, retrieving and evidencing quality
data is a differentiator, not just in terms of ensuring good regulatory compliance but also in terms of innovating
service offerings and improving client service.
More firms than ever before made reference to the importance of the risk function overseeing BCP (business continuity planning), a task
normally consigned to operations or IT. Indeed, the flexibility and resilience of the latter proved once again to be a major dependency when
delivering a sustainable risk infrastructure to respond to the challenges of regulation and demanding client mandates. Top-quartile asset
managers were either installing state of the art system components (such as Aladdin, mentioned by several respondents) or able to link
their PMS, OMS and GL into a seamless system architecture, enabling them to perform what if scenarios according to model, product or
portfolio criteria. They were also digitizing documentation for on-demand retrieval of records for audit and control purposes.
This year was also the year of big data, particularly from the point of view of either safeguarding data or generating supporting data to
enable firms to conduct back-testing or reverse stress testing. Several firms indicated that cybersecurity was an important and growing
theme for the risk function, not merely an IT issue. Opinions still varied considerably as to the usefulness of data indicators, such as KRIs
or risk data types such as business, investment risk, credit risk, operational risk, regulatory data or (especially) customer indications.
The latter included status-type information (e.g., used to qualify US persons or FTT establishment criteria) as well as taxpayer
indications, and were cited as particularly important components of legal entity identification (LEI) this year. Asset managers are
advised to design data taxonomies2 for their LEIs in particular and develop master golden copy records that feature a single version of
the truth, allying more closely with collaborators, such as asset servicers and prime service providers, if need be. Legal permissioning
around data privacy will become increasingly important next year.
Tax risk management can be thought of as the identification of business risks arising from an organizations tax-related activity
(across all taxes and all jurisdictions) and its effective management and control of those risks.
1
Firm-wide consistent nomenclatures behind specifying unique instrument or legal entity identifiers of parent/child relationships
concerning corporate entities or fund structures
2
13
Survey findings
There is a feeling on the part of

regulators and policy-makers
alike that the way the industry
operates is costing the European
pension fund industry far
too much.
Regulators and politicians are
driven by the fear of failure as the
overriding consideration.
The hard regulatory impacts
are AIFMD, UCITS V and the
entirety of Dodd-Frank; all are
transforming the way we offer
services to clients and the risk
governance and structures that
we operate by.
The Eurocrisis will stay
relevant and have the same
level of priority. There will be
new regulations, for us in the
Netherlands specifically also a
commission ban, so an impact on
business models, and there will
be more focus on disclosure and
transparency.
Managing complexities from overlapping regional and local regulatory

directives, the need to anticipate new horizon risks, the desire to
optimize capital and the need to mitigate reputational risks were the
prime motivations for maintaining a strong risk function, supported
by fit for purpose systems.
The backdrop to this years survey was macroeconomic structural uncertainty and
the significant escalation in the intensity and intended effects of global, regional and
local regulations. Some of the latter were reflected in political changes to measures
(e.g., AIFMD), plus the uncertain third country or extraterritorial implications arising
from rushing to legislation. The new mood was one of interventionism and prescription.
The importance of the risk function was underscored by factors that were broadly
comparable with the results of last years survey, with some departures (see Figure 1).
The pace of regulatory change, the desire to avoid reputational impact and the need
to manage complexity from overlapping measures were of the most concern in 2013.
An example mentioned by several firms was the relative chaos surrounding risk-based
supervision of money market funds in Europe, with a plethora of different supervisory
approaches, varying type and frequency of periodic reporting by funds, different
parameters triggering alerts to identify the risks and prioritize actions, and various
degrees of reliance on third-party agents to carry out the monitoring.
Figure 1: Why is the risk management function important in your firm?
Key:
Survey 2013
Key:
Survey 2013
Survey 2012
Survey 2012
Pace of regulatory change/increasing

regulatory interests
Management of complexity from

overlapping directives
Desire to avoid reputational impact
Desire to optimize capital and liquidity
Corporate restructuring focus

Keep up with market practices, e.g., ISDA, IMA
Management of concerns on data/cybersecurity
Remuneration focus
Increase in client interest and scrutiny
Firm needing to manage G20 gap risk
Business continuity issues, e.g., terrorism/fraud
Increased shareholder pressure for transparency

Concerns on levels of internal losses
14
88%
83%
3
4
5
Management of third-party arrangements
Offering personalized or differentiated

services to clients
Extreme event planning, e.g.,
redenomination in Eurozone
79%
60%
57%
Growing motivations for risk management included the firm (or parent) impacted by
a fine/regulatory sanction, the need to manage expectations around administering
remuneration, and business continuity issues (e.g., terrorism/fraud). The pattern was
broadly comparable with the results from 2012, with the need to manage extreme event
risk (such as events in the Eurozone) decreasing in relative importance.
As mentioned above, remuneration was a particular focus in 2013. Respondents felt that
there was too much complexity from different and changing models in circulation DoddFrank, CRD, Art. 107 AIFMD and FSA approaches. Respondents felt that the prospect of
moving from deferrals/LTIPs to capping bonus ratios to base salary could have widespread
impacts on economics of current models affecting incentives, domiciles of employees,
severance/mobility issues and FOR calculations by way of holding more capital.
Besides the traditional operational and counterparty credit risks,

the top risk categories of major concern to CROs were regulatory,
mandate, conduct and liquidity risks, with market and investment
risks not far behind.
The top 20 risk categories receiving special attention from CROs and their risk teams
were ranked as shown in Figure 2 according to the percentage of respondents making
reference to them. Regulatory risk the risk of failure by the company to meet its
regulatory requirements or manage changes in regulatory requirements with respect to
new legislation, resulting in investigations, fines or regulatory sanctions occupied the
top spot for the first time (up from 67% in 2012):
In 201213, we were involved in

the calibration of bonus amounts
but at the end of the cycle. In
201314, well be involved much
earlier in the cycle. Remuneration
will be a meld of Dodd-Franks
Say on Pay and CRD/AIFMD/
FSAregs.
Regulatory change/reform is a
significant focus. Dodd-Frank
is a big issue; AIFMD is a big
issue; we have more AIFMD
trusts (including investment
trusts) than UCITS. We apply a
US person screen there are
complications with tentative
versions, aggravated following
two acquisitions affecting PE
andbonds.
Figure 2: Top risk categories mentioned by respondents

76% vs. 67% in 2012
Regulatory risk
73%
Counterparty/credit risk
73% vs. 82% in 2012
(Pure) operational risk
64%
Conduct/mis-selling risk
63% vs. 36% in 2012
Investment risk
61%
Liquidity risk
56% vs. 24% in 2012
Outsourcing risk
52% vs. 40% in 2012
Mandate risk
48%
Business model risk
47% vs. 24% in 2012
Reputational risk
44% vs. 50% in 2012
Market risk
Tech data risk
38%
Tax risk
38%
32%
Country risk
Legal risk
22%
Correlation risk
21%
17%
Misc. risk
Fiduciary risk
Tech systems risk
(Other) fraud risk
12%
12%
10%
15
Survey findings
The main focus will be the new

regulation in Italy regarding due
diligence of client registration and
also UCITS VI, EMIR and ESMA.
Regulatory accelerators are
RDR in UK, Provisie Verbod in
NL and the direction of travel
is that all EU countries move
toward fees-based models.
We dont pay retrocessions
proportional to distribution
arrangements. Investors are
becoming more educated so
there is a drive toward clarity and
transparency; price is not the sole
determiningfactor.
There is a lack of clarity about
AIFMD; not just about letter-box
issues but how AIFMD will be
treated in each EU Member State.
We expect to have problems with
both PE and REIM.
Firms were doing more to assess emerging and external risks in

2013, with the pendulum swinging toward managing regulatory risk
inparticular.
A new feature in the risk management for asset management survey 2013 was the
depiction of the top horizon risks impacting respondents, arising from macroeconomic
factors, geopolitical changes, changes to regulations at a local or regional level, or tax
legislation changes. The top 15 strategic, regulatory, operational and technical risks
were categorized as shown in Figure 3. Intrusive regulations and legal risks were the top
two horizon risks on the radar, with the AIFMD and UCITS V/VI measures representing
regulatory implementations with the highest priority and impact for asset managers
in general.
The top horizon risks naturally correlated well with the top risks keeping CROs awake at
night and are represented in Figure 3 in terms of future risks. The interesting finding
was that a significant percentage of respondents cited the future cluster of reputation
risk (79%), mandate risk (52%) and tax risk (64%), all under the umbrella of strategic/
financial risks. Fewer respondents cited the cluster of collateral liquidity risks (48%),
business model risks (48%) and execution of corporate events (47%), all under the
umbrella of operations risks. The percentage of respondents citing technology risks as
critical horizon risks, such as data or system fitness, was somewhat lower (in the 30% to
60% range).
Figure 3:
Business risks cited by respondents
Strategic/
Financial
Financial
consequences
of capital
Mandate
risks
Regulatory
Threats to
reputation
Tax
risks
Legal incl. extraterritorial risks

Fraud/Money
laundering
Geopolitical and
macroeconomic
100%
Intrusive
regulations
Service
differentiation
Execution of corporate
restructuring /M&A
Collateral
liquidity risks
System
tness
Emerging
market risks
Operations
16
Model
risks
Data
tness
Technology
Top regulation categories receiving special attention in 2013
Priority for IMs
High
Medium
Low
National thematic
AIFMD
UCITS IV/V/VI
Product
FATCA
Reg.
EMIR
FTT
Client
money
SSR
RDR
MAD II
MiFID II
Bribery Act
Solvency II CRD III/IV
MLD III
PRIPs
Medium
Shadow banking
Likely impact on IMs
High
The direction of travel concerning risk appetite statements was

toward accounting for a greater scope of risk factors as well as a
move toward public disclosure of some elements.
A critical element of an asset managers overall risk framework is the clear identification,
documentation and communication of the firms appetite for risk3. A risk appetite
statement provides an articulated benchmark against which an asset managers risk
profile is reported, monitored and managed by the board, the audit/risk committee,
the finance committee and the risk assurance committee. Risk appetite also forms the
basis for the calibration and setting up of delegated authorities and financial limits for all
aspects of market, credit, liquidity and operational risk.
In 2012 a broadly similar behavior was recorded as compared with last year (see Figure
4). The results from the 2013 survey reflected an even greater inclination among both
traditional and alternative asset managers to accommodate more secondary and tertiary
risk factors under consideration, with a wide range in the approach and quality of the
articulation of risk appetites, without a corresponding increase in pro-activity when
revisiting risk appetites on a more periodic basis.
The CRO spends approximately

60% of his time on strategic topics
and 40% on daily, tactical topics.
We are appalled at the potential
for new shadow banking
regulation to be introduced in
such a way that it impacts both
our collateral management and
money market funds.
Products are reviewed against
macro-developments, such as
the Arab Spring or Eurozone
difficulties. We also ask, is
it a strategic product or an
opportunisticproduct?
The oversight of marketing and
NPPRs under AIFMD will require
a police force. But continental
Europe doesnt yet have a
compliance culture in the same
way, and who will have the legal
powers to police what needs
tohappen?
From a top-down perspective, statements or frameworks featured views of the board,

strategic/business goals, competitive environment, organizational culture, expectation
of local and regional regulators, reputational considerations, macro-economic and
market conditions, references to credit rating agencies and references to counterparties,
particularly in relation to dependencies, such as outsourcing, asset servicing or
primeservices.
Typically risk appetite statements must be transparent to top management and the board, with demonstrable processes to illustrate
whether risks are commensurate with the risk appetite. They should be augmented by: 1) risk control structures, which ensure that
any risks taken across the entity, business unit or group do not exceed risk appetite limits in any given day, and 2) well-established
stress testing approaches that determine the expected losses that would be incurred over different stress periods applied to the
strategy as well as the current business. Above all, risk appetite statements need to be powered by management information to
enable risk to be monitored by boards and senior management alike against a firms stated risk appetite.
17
Survey findings
We feel that we have good

metrics on the adjustment of risk
appetite, with tighter loss history
data, focus on capital, grasp of
financials, focus on RepR and
evidencing of TCF than a year ago.
Weve designed the risk appetite
to be practical, which results
in greater alignment when the
riskscrystallize.
The risk policy and risk appetite
are set at group level and set at
board level. Corporate-level risk
appetite is cascaded to feature
financial and non-financial risks.
A combination of quantitative
and qualitative statements and
complex scoring mechanism
underlies the cascading process.
Risk appetite and tolerances are
a mixture of quantitative and
qualitative elements. Regulatory
objectives are an area of only
limited value because if a metric
is flagged, actions have usually
already been taken. It is useful to
formalize what we are doing but
its always backward-looking, a
statement of what has been done
as opposed to a trigger process.
18
Figure 4: Risk appetite statements expressed in terms of specific risks (x-axis)

reflected against how proactively statements are managed/revised/circulated
(y-axis).
Pro-activity
Issued privately/at group
High
2012 survey
2011 survey
2010 survey
2009 survey
Pillar 3 disclosure
Trend toward semiannual revision
Qualitative and
quantitative limits
Zero-tolerance elements
2013 survey
Medium
Trend analysis
Emerging risks
Issued privately/at group
Revised annually
Monitoring and Reporting

immature or lacking
Low
Qualitative limits
Soft quantitative limits
Market
Investment
Strategic/model
Credit
Liquidity
Systemic
Operational
Legal
Correlation
Prudential
Regulatory
Concentration
Reputational
Fraud
Basis
Country
Mandate
Settlement
Fiduciary
Enterprise
(Depository)
liability
Conduct
Tax
Accounting
Primary/5
Secondary/9
Tertiary/10
Given that sound risk management should align with the way that investors have been
sold products, firms demonstrated an enhanced alignment of risk by setting quantitative
and qualitative (RAG score) risk tolerances for specific risk areas such as fiduciary or
conduct risk. Some firms assessed risk in terms of the broader impact on investment or
operational performance. There was also much greater evidence of the use test (see
next page) embedding the risk appetite in day-to-day operations, applicable across
prudential, investment, credit and operational risk areas.
The use test was a focal point this year, with firms showing a wide
variance in involvement of the risk function in key decisions and how
tolerances and limits were defined.
The more advanced firms in the survey provided ample evidence of deploying risk
parameter frameworks for portfolio (investment) risk, consisting of allowable ranges
for the applicable risk measures, calibrated for each model type, product or portfolio
depending on asset class. Every client portfolio could be mapped to the appropriate
model type/product and therefore managed in line with the appropriate risk framework,
with some exceptions such as real estate investment management (REIM) or private
equity. The management of counterparty credit risk saw a divergence between those
firms with hard limits on exposure and rating versus a softer limit/monitoring type
approach where action was ad hoc in order to take into account the market dynamics
at the time. Operational risk appetite still appeared to be the most difficult to articulate
and embed due to its limited quantitative data and, therefore, heavy reliance on
qualitativeaspects.
There was also more awareness in general (particularly among hedge funds) of firms
articulating their risk appetites effectively to allocate technical resources to where they
were needed (e.g., partitioned between the firm/outsourcing agents) or to avoid shocks
to future earnings. The CRO was continuing to challenge 1LD as a critical friend, but
the CRO was equally aware of when to apply judgments to tolerances (discrimination as
per hard or soft risk limits) and to intervene more forcefully when needed. This was
amply demonstrated in the product arena (see below, with earlier involvement of CROs
in the manufacturing cycle or demonstrating their veto), but a minority of firms indicated
CRO involvements in strategic planning, M&A, setting budgets or remuneration or client
onboarding (see Figure 5).
Figure 5: Comparison of use test components
Key: Survey 2013
58%
24%
46%
31%
30%
The use test is very helpful

several regulators are
emphasizing its use. Theright
values are paramount
governance and stress testing
must be appropriate, and an
easy escalation process must be
inevidence.
Involvement includes
Being informed of decision
Client onboarding
Appraisals/Remuneration-setting
Budget-setting processes
Post-implementation reviews
New product approval
Acquisition/Divestiture
Strategic planning
Risk involved in the following decision-making processes

Outsourcing decisions
69%
We spend time discussing the

appropriateness of the products
under various market, product
and client conditions and take
a TCF view as to can this product
be mis-sold? For example, there
is huge investor appetite for
high-yield products, and investors
dont always understand the
heightened risks. Regulators will
always focus on outcomes, so we
have to be prudent.
Formal risk assessment conducted

as part of this process with
assessment of impact on
the rms risk appetite
38%
63%
Exercising a right of veto
49%
61%
Key contributor to
decision-making process
71%
54%
Providing opinion
to decision-makers
Relative indicator
78%
We are keen not to apply a

risk appetite for investment
risk. A risk appetite is all about
governance do we have the
triggers going outside the normal
limits and expectations? For
example, private equity is a low
OpR because each PE deal is
structured and each of the PMs
do their own RCSA.
19
Survey findings
We are getting the risk framework

embedded its worth pointing
out that people need to make the
process tangible in order to relate
to it. The use test is applied to
some areas, such as changes to
mandates or other activities that
involve risk e.g., M&A.
Any unexpected losses from a
high-risk mandate means that we
raise the tolerance for loss more
the next time around.
Effective risk management should always align with strategic objectives of the firm and
the manner in which investors have been sold products. Most asset managers additionally
argued that their interests are ineluctably bound to the interests of their client investors.
In contrast, regulators had migrated from the mindset of tick-box compliance as per the
rulebooks to feature two additional mindsets: a) firms to demonstrate that the products
or services offered did not lead to customer detriment under various market conditions,
and b) firms to provide evidence of the value-add as per the fees being charged.
There was sustainable evidence of the risk function being involved slightly earlier in the
product cycle, either by setting the framework for guiding the product development
process or advancing the approvals processes for non-complex products. When
comparing the 2013 survey results against previous years, 52% of the respondents
reported a level of involvement under 30% along the product cycle (see Figure 6).
Most respondents made reference to post-launch product monitoring due diligence
duringinterviews.
Figure 6: The relative involvement of the risk function in the product life cycle
(excluding the seed capital processes)
Key:
Survey 2013
Survey 2012
Relative indicator
As far as product risk is

concerned, we have a de facto
veto. Our role is to act as a point
of escalation to the board if
procedures arent being followed.
Avoidance of mis-selling and conduct risk management were key

themes in this years survey, with more CROs involved earlier in
providing guidance and challenge within product development cycles.
0%15% in
15%30% in
Ideas/Sense check
Product
portfolio
idea
30%45% in
OpRisk
(input only)
Approval
process
(ExCo
sign-off)
Additional
analysis
45%60% in
60%75% in
Risk compliance
legal product
ExCo
second
sign-off
Working
group
analysis
Final sign-off
Go
live
Proving independence of investment risk management, free from

conviction decisions from portfolio managers or founders, was easier
than devising a consistent framework spanning traditional, alternative
and multi-strategy styles.
Investment risk is commonly defined as a positive or negative deviation from an
expected outcome. Asset managers typically regard investment risk as a measure of
the expected return given the level of risk tolerance relative to agreed-upon market or
internally set benchmarks. A key element of the overall investment risk framework is the
clear identification, documentation and communication of the clients risk appetite, as
explained above. However, the governance of the investment risk function is a critical
component of this framework, taking into account the different criteria that are used
across different styles of asset managers.
20
Most survey respondents commented that fund managers were tasked with reviewing each
portfolio on a daily basis as part of the ongoing investment management process. The
portfolio manager would often have the ability to review the outliers in cash instruments,
such as equities and bonds against the investment risk parameter frameworks a
particular focus for French firms. Exception reports highlighting portfolios that had moved
outside their designated investment risk parameters were usually generated on a daily
basis for the most automated firms, allowing the heads of desk to review the exceptions
for cash instruments each day, and the exceptions for more illiquid instruments, such
as OTC instruments to be reviewed on a monthly basis (or quarterly in the case of realestateassets).
Many firms also claimed that their investment risk function was independent, but this
was in evidence only if there were qualified headcount located in the 2LD able to provide
effective challenge against bias and conviction decisioning on the part of the portfolio
managers, (particularly if their decisioning contravened regulations and/or the firms
stated risk appetite). Client expectations could be managed by demonstrating that risk
management arrangements were free from conflicts of interest or conviction decisioning
on the part of founders, portfolio managers or desk heads. Of the respondents in 2013,
51% could attest the independence of the investment risk function (see Figure 7), and
the figures were notably higher in the UK compared with some continental European
centers.
Other points to note concern the large disparities in the way firms managed investment
risk. To a large extent, these were driven by the underlying investment style of the
firm. For example, 56% of the respondents demonstrated ready access to quant skills in
product engineering. Only 40% of the respondents demonstrated an advanced process
for risk budgeting (the process of decomposing the aggregate risk of a portfolio into its
risk factor constituents, using quantitative risk measures to allocate assets). Sixty one
percent of firms could demonstrate the measurement and monitoring of risk at both
an aggregate and a factor level, while 47% could demonstrate dynamic modeling (e.g.,
hedging portfolios in near or real time).
Some firms followed a direction of travel that enabled them to task a dedicated
investment risk and analytics team to support and enhance the investment risk
framework through a number of roles that included:
Investment objectives are laid out

in the prospectuses and linked
to hard limits; there is a specific
focus in UK around preventing
product mis-selling and client
assets/money. Both hard and
soft limits are used by both the
business and the Risk function;
Liquidity funding limits are
encouraged, there is a particular
motivation by UCITS and a similar
logic will be applied with AIFMD
inmind.
Investment risk is taken seriously
in Germany; it is the third most
important risk priority behind
outsourcing risk and data security
here. We have portfolio risk
management skills in the 2LD
able to provide challenge to
the 1LD. The job of InvR in the
1LD is to maximize risk adjusted
returns for our portfolios. The job
of InvR in the 2LD is to mitigate
unwanted InvR outside the firms
regular risk appetite.
Providing technical analysis into investment risk issues, covering portfolios, markets
and investment risk models
Further developing investment risk parameters for products, models and portfolios
for the various asset classes (traditional, alternative, cash, derivatives, multi-asset,
PE/RE, etc.)
Conducting independent reviews and analysis of investment risk within products,
models and portfolios
Developing the reporting and risk analytics capability to support professionals in
managing the investment risk within their portfolios
21
Survey findings
Top-quartile firms will be expected to demonstrate mastery across as many of these

advanced risk metrics attributes. Respondents indicated how particular attention would
need to be given to how they would manage fixed income, OTC derivatives, private equity
or REIM over the entire value chain, including client take-on (including the articulation of
explicit client defined investment risk parameters), during the new product development
process, over ongoing client management (e.g., while accommodating changes to client
mandates) and finally, during attribution of performance objectives and risk appetite with
each end client.
Figure 7: A comparison of some of the key themes to consider in managing
investment risk
Key: Survey 2013
22
60%
55%
Risk systems are fed out of

OMS/PMS/other
For funds w ith leverage through

derivatives, leverage checked daily
Differences in the metrics across

systems (e.g., BAR) modelled?
Type of liquidity metrics regulated

vs. segregated accounts
37%
Advanced treatment of model risk

management pre-regulatory interest?
62%
42%
Overall portfolio view by sytem

vs. desk/desk
Hard (e.g., credit ratings) and
Soft (e.g., tracking error, VaR)
risk metrics
Use of advanced risk metrics
in evidence
Advanced process for risk

budgeting in evidence
Expert (quant skilled) resources

to supplement core risk reporting
58% 57%
47%
40%
Investment risk in risk appetite
68% 66%
61%
56%
51%
Investment risk is treated

independently of PMs
Relative indicator
74%
Sophisticated InvR frame works used
Investment objectives and

limits applied are in line with
prospectuses. Hard limits are
applied to reg funds, with warnings
applied over concentrations,
aggregations and breaches; soft
limits are used internally. Overall
portfolio view is there.
Finally, the respondents mentioned that it was also advisable to populate the 2LD control
function with FTEs familiar with the terminology of the portfolio managers (e.g., tracking
error, TAA, expected, CAPM, Sharpe ratio, sensitivity indicators DV01/IE01). Many
commented how the appropriate level of remuneration should be an additional important
consideration when attracting (and retaining) appropriate technical skillsets to perform
the investment risk function effectively.
Whether dynamic modeling is used
Were seeing a culture change

in the Netherlands where
investment risk is not a dis-rating
anymore, and remuneration is not
seen as aproblem.
Respondents also commented on the need to derive quality management information

from interlinked systems (allowing single portfolio views to be drawn) a critical
differentiator between firms in the survey, with only 57% of the respondents claiming
their ability to carry this out. Sixty six percent of the respondents claimed intra-day
reporting from sophisticated risk metrics, featuring absolute/relative risk measures,
yield curve analysis or country concentration. Sixty two percent of the respondents
could evidence liquidity metrics for regulated and segregated portfolios on an ongoing
basis, including exposure to illiquid assets, concentrations of holdings or investors, and
commitments. Only 39% they of the respondents could claim that they made utilized
advanced treatments of model risk management pre-regulatory interest.
Evidence of measurement/monitoring
of risk at the aggregate/factor level
Investment risk is a particular

focus this year on REIM and
MMFs. We are rolling out
consistent processes across the
EU while maintaining our DubLux
fund range, with governance and
legal issues the focus.
Regulatory capital remained key due to cost pressures and added

regulatory focus. ICG uplifts in the 175% to 135% range remained
a new normal benchmark, with firms robustly defending their
diversification and insurance benefits.
There was more evidence that competent authorities were even more keen to see deeper
evidence of both the qualitative and quantitative capital processes being embedded in
BAU risk monitoring and mitigation processes. This was in stark contrast to the tick-box
process that used to be commonplace a few years ago. The evidence from this years
survey suggested that regulators were placing much more emphasis on governance,
RMPs from the ARROW process (in the UK), unwinding provisions over an extended
period sometimes beyond 12 months, reverse stress testing (RST), and the use test
(linking risk appetite statements to strategies and embedding frameworks through
appropriate incentives).
Regulators in the UK and Ireland in particular were more keen to see evidence of advanced,
externally-validated capital modeling and reverse stress testing (RST) procedures made
specific to firms, not just proportionate to market conditions. The correct individual capital
guidance (ICG) uplift is now a critical consideration, linked to setting prices/charges and
too big a number becomes an opportunity cost against innovation.
The results from the 2013 survey confirmed that the Internal Capital Adequacy
Assessment Process (ICAAP) used to calculate regulatory capital in the UK, Ireland,
Germany and the Netherlands was a manageable process for some firms while posing
significant challenges for others. The trend in the 2013 survey was broadly comparable
with last years survey, with a balance between firms who had managed to bring their ICG
figure down (at least four firms) vs. others who saw their ICG figure relative to Pillar 2
capital rise. The results from the survey also showed the spread in ICG figures recorded
for 40 firms between 2011 and 2013 (see Figure 8). The trend overall remained
elevated, with a new normal set at between 135% and 175% of uplift vs. the highest
capital derived from Pillar 1, Pillar 2, winding down and fixed overheads. Some private
wealth managers, hedge funds, multi-style managers and platform distributors were
particularly impacted.
Advanced risk metrics are

freely used for valuations of
OTC derivatives, inflation swaps,
TRSs, etc.; liquidity leverage is a
keymetric.
The overall structure and
process employed for ensuring
adequate oversight and control
of front office activities in Italy is
a combination of a limit control
system and a market abuse
monitoring process.
EPM is used; we also perform a lot
of correlation analysis, with a host
of quant staff looking at the LDI
aspect alone; various measures
are taken to model around
exposure to counterparty and
issuer and sensitivities to shocks.
There was slightly more discussion this year around firms looking to take advantage
of benefits from diversification (correlation) or insurance techniques to mitigate risk
thereby reducing the amount of capital that needed to be held. Figures in the 15% to
35% range for the former and 15% to 20% for the latter were not uncommon. The former
figure naturally depended on how scenarios/units of measure were defined, the modeling
assumptions used and the operational setup of the firm. The latter required a robust
mapping process along with a supporting claims history and an analysis of underwriter
concentration and financial strength.
For firms with elevated ICG scores, several factors were at work, such as:
The firm operated joint ventures, had material outsourcing of critical functions, or
had been through a significant corporate event, such as an M&A process
Ineffective governance, poor governance process qualifying NEDs, board members,
senior managers or control function representatives, or poor ARROW scores with
multiple RMPs
Complex, illiquid or non-fungible products being manufactured or distributed, or
models being operated; compounded if the firm operated a black box methodology
for valuations or was too reliant on specific third parties
Firms were responsible for managing client assets and/or money, especially those
carrying products targeted at retail-classified consumers
23
Survey findings
ICGs are not always the most

accurate indicator of good risk
management at a firm. Some of
the risks, such as pension liability
are not always expressed in
Pillar I figures, which express the
sum of credit and market risks.
The buyout of a pension fund
would affect ICG but not indicate
anything about the quality of
riskmanagement.
There is a diversification benefit of
around one-third within OpR, and
our insurance benefit is around
20%. The regulators are showing a
great deal of interest as to whether
insurers would really pay up.
A relative lack of rigor or challenge surrounding the amount of capital provisioned for
unwinding or insufficient commercial logic behind this
Other factors mentioned by the respondents in their scenario modeling included
thefollowing:
Modeling extreme event risk arising from say Eurozone member default, for example,
or imposition of currency controls or redemptions from critical clients (e.g., SWFs)
Modeling derivative market lock-down; stock market down over 40%; AuM down
over20%; over10% client redemptions by number
Lock-down of the repo or collateral markets under conditions of market stress
(elevated VIX index, high spreads in OIS swap curve, high CDS spreads)
Loss of founder, loss of desk heads or portfolio management team, loss of star fund
manager(s) or any of the aforementioned under investigation by the regulator
Other reputational scandals, e.g., mis-selling of products, major fraud scenario or
failure to anticipate changes to the same
Failure or instability of parent (e.g., bank or insurer) or material counterparty
collapse (e.g., on a Lehman/MF Global scale or failure of an outsource provider)
Front or back office errors that are significant (in excess of seven figures), such as
needing to reverse trade or corporate action error(s)
Figure 8: Comparison of known relative ICG uplifts (data drawn from 20112013)
Unexpected
score
The annual setup of ICAAP occurs

to the Dutch central bank (DNB),
and we certainly experience added
value for our own business.
Firms offering guaranteed or absolute return products, were exagerated if

offered to retail-classified consumers or where there was lack of challenge on
suitability
10 rms
20 rms
10 rms
Expected
score
The FSA ran an ARROW

review and were critical of our
governance and partnership
model. We need to consult with
the industry to offer better
pointers to the Audit Committee
and the NEDs.
100 110 120 130 140 150 160 170 180 190 200 210 220 230 240 250 300
Relative ICG uplift
Key
Medium entities
Large entities (by AuM)
Strong brand
Retail footprint (consumer protection)
Complex/Illiquid products
Strong distribution/platform dependency
M&A/Integration candidate/weak SYSC
Black box method/valuations
Market condence and nancial stability are key
24
400
500
Counterparty credit risk remained an area of significant focus; for

firms active in alternatives, LDI, OTC derivative or ETF strategies,
this vigilance extended to the supply and transformation of effective
(fungible) collateral.
This year, the gaps between aspiration and realization narrowed considerably, with
several asset managers posting improvements in how they were able to determine
counterparty risk exposure in particular. A quarter of respondents claimed that they
could be in a position to break down counterparty risk exposures by counterparty
and by product/fund structure intra-day (i.e., event plus 24 hours) vs. 24% in 2012
(seeFigure9). A further 40% of the respondents claimed that they could be in a position
to do this ex-post, a noticeable improvement over the 31% figure recorded in 2012.
Figure 9:
Can the firm break down exposures at will by counterparty and product intra-day?
2013: 21%
2012 4%
CP and product within 24 hours
2013: 25%
2012 24%
CP only, not intra-day

Neither/Dont know/Did not respond
2013: 40%
2012 31%
Respondents views with respect to counterparty credit risk management

71%
67%
54%
48% 51%
Relative score
OpRisk own the ICAAP process.

Risks are mapped by probability
and impact. We dont take
positions, and we have a wellstaffed product team with a
proper review process so we
dont expect to get hammered on
ourICAAPs.
Despite the delays, we reaped
benefits from starting our
Solvency II program because it
allowed us to further our ALM
work and sort out our data. We
think that the timetable may
go back into 2016, and there
is a chance it could slip back
stillfurther.
CP and product, ex-post
2013: 14%
2012 22%
The unexpected losses are

derived from ICAAP scenario
modeling. The latter are
calculated under both normal and
stressed scenarios.
52% 48%
38%
39% 34% 34%
45% 48%
29% 26%
Firm will operate more "cross asset class"

or take advantage of "cross-margin offsets"
Positive on FMIs facilitating collateral

upgrades and CT
Firm is worried about a future

scarcity in quality collateral
Signicant issues in participating

in the repo markets
Signicant issues in the pricing of

collateral to support im/vm calls
Firm ran beauty parade to ask brokers or

custodians how they would transform collateral
Firm conducted a study to look

at acceptable collateral
Firm/Parent runs CVA desk?
Credit risk of the client

is a growing concern
Extra vigilance to monitor segregation

of client assets/re-hypothecation
Front ofce takes more

responsibility for CpCRM
Centralized approval
to accept counterparties
Firm is maintaining daily triggers and

limits to minimize exposure
Tightening SLA controls and

re-examining haircuts for collateral
Extra vigilance
monitoring counterparties
Taking a more strategic proactive

approach to CpCRM
6%
25
Survey findings
Managing counterparty exposure

involves huge operational
complexity. Unlike the case of a
few years ago, we have to keep
track of collateral flying between
custodians, and the systemic
operational dependence on their
systems is concern for example,
their ability to manage the volume
of calls.
We have improved our
counterparty risk exposure
reporting to include more details
of smaller exposures. Our systems
can identify counterparty risk
exposures by counterparty and
product within 24 hours.
A daily check is run on all risk
metrics for all liquid asset classes;
property is monthly and HF
activity goes intra-day if market
conditions deteriorate; all are
coupled to monitoring CpR and
ensuring assets are collateralized;
there is a big focus on OTC
derivative modeling checked daily
or intra-day.
Despite quieter conditions in the Eurozone in comparison with last year, the vigilance
level for counterparty risk remained relatively high in this years survey, with 71% of
firms taking a more proactive approach to counterparty risk management by increasing
the level of monitoring and close scrutiny per credit ratings, CDS spreads, tier 1 banking
ratios, price movements, etc.
Respondents adopting a more strategic and proactive approach were placing weights on
brokers for collateral management provision as well as the traditional research and best
execution domains. Sixty seven percent of the respondents indicated centralized approval
to accept new counterparties, and 52% of the respondents commented how front office
colleagues were taking more responsibility for counterparty risk management (even if
the 2LD maintained ultimate oversight).
There were other points worth noting in the 2013 survey:
Virtually all institutional money managers commented how end investors such as
pension funds, ERISA funds and SWFs were tabling more questions about liquidity
risk under normal, stressed and extreme market conditions; 38% of the respondents
indicated specifically that the credit risk of the client was a growing concern,
particularly in the event of political or legal changes imposed at a local level.
Fifty one of the respondents indicated that they had tightened their SLA controls
and re-examined their haircuts for collateral effectiveness; 39% of the respondents
had conducted a study to look at acceptable forms of collateral (vs. 31% in 2012),
reflecting the extra attention that both Dodd-Frank and EMIR were commanding
in2013.
Fourty eight of the respondents were worried by reports in the press about a future
scarcity in quality (i.e., fungible) collateral, whether arising from lack of supply or
from infrastructural friction. Twenty nine percent of the respondents comprising
hedge funds, firms active in LDI, OTC derivative strategies or firms active in offering
synthetic ETF products were positive on the idea of financial market infrastructures
(FMIs) and global custodians tapping into collateral supplies at either a geographic
level (piped in from other regions) and/or supplied from standardized CSD facilities.
Thirty four of the respondents anticipated significant issues in the pricing of collateral
to support initial and variation margin (im/vm) calls vs. 37% in 2012, and 48%
expected to experience significant issues in participating in the repo markets to
raise cash to supply the necessary vm for CCPs, particularly firms active with LDI
strategies(compared with 54% in 2012). Provisioning collateral was seen to be a
game-changer.
Finally, 33% of the respondents were either running (or had run) a beauty parade
of their brokers and custodian banks to assess the quality and appropriateness of
collateral management, execution and prime services. Some factors for consideration
are shown below. Hedge funds remained active in looking to diversify their prime
broker relationships, but some traditional assets managers (e.g., running LDI
strategies) were also assessing their brokers to determine their suitability to provide
collateral transformation services also. Some criteria for consideration included:
Relationship strength
Strength of balance sheet; cost/income ratios
Thought leadership/research
Product coverage and market share/experience
26
New product setup/COBAM professionalism/interface capabilities

Cost/Fees (fixed/variable and explicit/implicit); flexibility of same
Quality of valuations and mark to market
Key person risks; quality of E/O resolution
Trade capture/confirmation and STP; utilization of industry standards
Collateral management and transformation expertise
Quality of asset segregation and client reporting
Robustness of business continuity planning (BCP)
Firms were relatively comfortable with their operational risk

frameworks this year, but many firms indicated that outsourcing had
become a critical thematic focus in 2013.
Operational risk renewal was a key theme for last years survey, with many firms
renewing their operational risk policies in expectation of greater levels of scrutiny or even
issue of formalized operational risk frameworks to come.
This year, things were different in the wake of the AIFM Directive, with regulators in
France, Luxembourg and Ireland showing greater interest in the prospect of depository
liability. The UKs Financial Services Authority (FSA) was assessing the risk from asset
management firms outsourcing operational activities to external service providers,
particularly outsourcing providers as part of complex international banking groups with
balance sheet exposure to activities other than the provision of outsourcing activities.
The common issue concerned the dependency of traditional and alternative asset
managers on a limited number of providers of custody, transfer agency, fund
administration or outsourcing services and the concentration risk. With the top four
US-headquartered global custodians representing some 73% of the global assets under
administration and constituting some 59% of FTEs, regulators shared a concern that if an
asset servicer, such as an outsource provider with a large share of the market, were to
face financial distress or severe operational disruption, asset managers would not be able
to perform critical and important regulated activities, thereby endinvestors.
Despite the Eurozone

uncertainties over Cyprus, we
are more comfortable with credit
risk, with bimonthly counterparty
risk meetings focusing on harder
stuff, such as the legal treatments
and netting. We already amassed
a great deal of knowledge
following the Lehman bankruptcy
and already simplified our
counterparty risk arrangements
during 201112 by focusing
on national governments and
countryrisks.
The credit risk of the client is a
growing consideration. We have a
slight exposure from our managed
accounts, but we do care about
credit risks to the fund and weve
strengthened our documentary
agreements, particularly where we
have advisory contracts.
There is existing momentum behind recovery and resolution planning (RRP) or living
wills to be created for banks regarded as significant influence financial institutions
(SIFIs) in many of the G20 jurisdictions. The RRPs involve a recovery plan (which
outlines actions designed to maintain the firm as a going concern and is triggered when a
financial institution is subject to extreme stress situations), coupled with a resolution plan
(which would facilitate its resolution in a controlled manner, with minimal public cost and
systemic disruption) triggered in the event of the failure of a financialinstitution.
The recovery plan sets out the framework and steps the institution itself would initiate
to recover from a stress situation. The resolution plan would provide authorities with the
information necessary to formulate, assess and execute a formal intervention using the
resolution tools available. In the event of a resolution, the resolution plan would provide
key information and data to assist an administrator and other relevant parties to take
control of the relevant components of the business and maintain operations sufficient to
protect consumers and the value of the business.
27
Survey findings
The biggest item keeping me

awake at night is improving the
BCP in our financial centres given
we are expanding furiously
already 150 people with a need
to move and making progress
of resilience testing. The normal
risks for a start-up are insurance,
BCP, firefighting and setting up
double data centers.
We are broadly fine with our
distribution platforms in the UK.
But we are not certain about
the standards among the bankassurers in the EU with respect to
their customer treatment [TCF]
and PRIPs.
The issue for small firms like us
is that the cost of indemnification
insurance to cover AIFMD and
UCITS V might be greater than
simply holding the cash and
boosting our OpR procedures to
manage the outliers.
In the UK, the FSA wrote to several asset manager firms stating that, on the basis of the
findings so far, they were not confident that effective recovery and resolution plans were
in place across the industry for the asset management sector as a whole, referring to the
outsourcing of regulated activities and/or activities that are critical or important in the
support of regulated activities as set out in SYSC 8.1.4/7/8R.
The results of this years survey showed that 56% of the respondents were concerned
about the comparative regulatory focus from outsourcing risk, and as the majority
of respondents depended on an outsourcer, transfer agent or prime broker/fund
administrator for conducting a critical operation, this hardly came as a surprise.
Amajority of the respondents were aware that their outsourcing agents maintained RRPs
without having an opportunity to study the same. There was widespread skepticism as to
whether the failure of an outsourcing agent per se was the realistic outcome, given that
the failure of an investment or retail banking entity would be the more realistic possibility,
creating significant potential for banking contagion.
Many of the larger asset managers and entities outsourcing material functions to
third-party agents (TPAs) considered the implications of outsourcing to an external
third-party suppliers with regard to the activities they performed and deciding which
ones they would be able to continue in the event of the failure of a bank to which they
subcontract. There was, however, a sharp demarcation between respondents looking at
Outsourcing 101-type checks and those taking due diligence to the next level as follows
(see Figure 10):
Respondents who felt that outsourcing or concentration risk was an issue mentioned
for the most part that they had
i) Agreed to definitions of critical operational functions
ii) Agreed to the materiality of such functions per the investment business of firm
iii) Agreed to the criticality of outsourced operational functions and investment
services/activities
iv) Revalidated that they were able to monitor and manage the effectiveness of
functions carried out against SLAs
v) Cataloged SLAs effectively, particularly in the case of service provision and/or
outsourcing from third countries
vi) Ensured that catalogs featured procedures from competent authorities in
third countries
There was less consensus around how firms would:
i) Evaluate concentration of risk under normal and stressed market conditions
ii) E
valuate contingency planning (such as step-in, standby or warm second
provider arrangements) in the event of an agent hitting financial problems
iii) P
erform parallel evaluation of the way in which client assets and client monies
were segregated and safeguarded
iv) E
valuate liability arrangements to cover cases of fraud and/or insolvency of any
end-agents, such as sub-custodians
v) Evaluate horizon risks that regulators might expect that conflict registers
statements of ethics extend to cover third parties, i.e., to sub-contractual agents
or outsourcingparties
28
The conclusions from this survey echoed concerns from some regulators at whether
firms would be able to transfer outsourced activities to another provider in short order
(in view of the considerable operational challenges inherent in such a transfer, the
probability that this could not be implemented swiftly enough to protect investors and
the potential for concentration risk in the supply of certain activities were a critical agent
of failure). They are also right to question how asset managers might realistically rely
on taking activities back in-house (in view of the capacity and abilities required, the
difficulties enforcing step-in rights under stressed market conditions, and the potential
for undue delay and/or operational risks arising that would be to the detriment of the
service provided to investors).
Officials at both the FSA/FCA and the AMF indicated their desired outcome over the past
year to ensure that there were effective recovery and resolution plans in place not just
for banks but for other systemically important financial institutions also. In view of last
years scenario modeling and contingency planning around failures developing in the
Eurozone, many respondents commented that they were prepared. Most had already
devised adequate contingency plans that they felt were viable, robust and realistic in the
event of a termination of outsourced activity under any circumstances, including stressed
marketconditions.
Recent statements by the regulators such as the FSA/FCA expressed the belief that
firms boards should be able to demonstrate that they have an adequate resilience plan
in place that enables the firm to carry out regulated activity if a service provider fails.
The broader issue that remains unaddressed is the relative lack of choice of independent
providers and whether applying RRPs to such entities would actually forestall contagion,
which lies outside the scope of this survey.
Figure 10: Responses from asset managers to outsourcing due diligence
Work in progress
Agreed to definitions of critical
operational functions
Agreed to the materiality of such
functions as per the investment
business of firm
Agreed to the criticality of outsourced
operational functions and investment
services/activities
Revalidated that they were able to
monitor and manage the effectiveness
of functions carried out against SLAs
Cataloged SLAs effectively, particularly
in the case of service provision and/or
outsourcing from third countries
Ensured that catalogs featured
procedures from competent authorities
in thirdcountries
To do ?
Evaluate concentration of risk
under normal and stressed market
conditions
Evaluate contingency planning
(such as step-in, standby
or warm second provider
arrangements) in the event of an
agent hitting financial problems
We were sent a Dear CEO letter

by the FSA in December 2012.
As a result, the Board have taken
the matter seriously and wish to
know: 1) What counterparties
are used, and for what function?;
2) What is the legal definition
of service provision vs. what
is outsourcing?; 3) Interested
to know all cases of material
outsourcing arrangements.
We dont get where the FSA are

going with their thematic work
on outsourcing. It is unfeasible
to expect asset managers to
maintain multiple custodian
relationships on relative hot
standby. We expect that the FSA
are worried that the big global
custodians will be too big to fail,
but as they are the only providers,
we are we to go? Fraud and
failure at the agent bank level are
just as important considerations,
which might be taken care of
through AIFMD/UCITS.
Perform parallel evaluation of

the way in which client assets and
client monies were segregated and
safeguarded
Evaluate liability arrangements
to cover cases of fraud and/or
insolvency of any end-agents, such
as sub-custodians
Evaluate horizon risks that
regulators might expect that
conflict registers/statements of
ethics extend to cover third parties,
i.e., to sub-contractual agents or
outsourcingparties
29
Survey findings
We developed step-in
arrangements to wind funds
down in the event of XXX running
into trouble. Trying to do with
YYY is another matter; if YYY
went under, there will be banking
contagion, and we will no longer
be operating under normal
market liquidity as everyone
moves the same way.
Outsourcing has become a
key concern because of all the
questions raised by the FSA.
Assuming that cash and custody
are not going to be hugely
impacted by a custodian bank
collapse (no precedent), then
moving custody wont be too
difficult. If moving fund accounting,
that would be operationally more
difficult as there are 1020 pieces
of data per record that need to
be considered. If there is close
coupling with an administrator and
the firm needs to produce records,
then there are some 100 items
of data to be considered and the
greater the entanglement.
Reputational risk management was seen by most firms as a superset

or consequential risk rather than a discrete risk type in itself; active
RepRisk management techniques were rare.
Business reputation is established by gaining and retaining the confidence and trust
of the stakeholders in the business: customers, suppliers and employees, as well as
shareholders. Reputation is a fragile asset, as much about perception and the perception
of behaviors as it is about fact which means that a reputation can be gained over a
considerable period of time and lost in considerably less time. While reputation is one
of a firms intangible assets, it is often a valuable asset impacting the firms brand
value. Reputation is, however, a wider concept than brand alone, impacting ethics,
trust, relationships and the ethos of a firm by way of its culture, values, integrity
and above all, its confidence behind how these concepts are communicated to clients
andregulators.
Some definitions drawn from the wider context of various industries is instructive:
A companys overall reputation is a matter of perception among its various
stakeholders (investors, customers, suppliers, employees, regulators, politicians, nongovernment organizations, the communities in which the firm operates) in specific
categories (product quality, corporate governance, employee relations, customer
service, intellectual capital, financial performance, handling of environmental and
social issues). Harvard Business Review
The principal tenet of reputation is that it cannot be manufactured by an advertising
agency or created by a PR firm. Reputation is built as a result of ongoing interactions
between a company and its key stakeholder groups, where the experience of the
latter is consistent with the values the company claims to uphold, as well as with
the promises it makes through advertising and other marketing communications.
Opinion Research Corporation
Reputation risk is ultimately the risk of failure, which could lead to negative publicity,
costly litigation, a decline in the customer base or the exit of key employees and
therefore directly or indirectly to a loss of revenue. If a fund manager loses its brand
but retains its product manufacture and distribution, its asset management business
would collapse. EY
Actual reputational failures in asset management are hardly many Morgan Grenfell,
Long-Term Capital Management, Gartmore and New Star are some of the few that
come to mind. Reputation risk for an asset manager can arise from a variety of
contributions, ranging from market risk, counterparty risk, operational risk, regulatory
risk, fiduciary risk or fraud. Reputation management is, therefore, cross-functional
and multidisciplinary, rather than merely driven by issues or powered by corporate
communications.
Given that several asset managers had raised or changed their profile, brand or tagline
over the last year, it didnt come as a surprise that CROs were keen to attract (and
retain) clients who associated themselves with the values associated with changing
brands. The results from this years risk survey are illustrated in Figure 11:
30
The problem is that the

outsourcer is often part of a
global transaction service unit at
the bank, with lots of legal entities
sitting in different jurisdictions, in
both EU and non-EU centers, so
a concerted global approach is
notpossible!.
Figure 11: Managing reputational risk (and reputation risk factors)?
27%
19%
Dealing or corporate action/

rights errors
Fraud/rogue trader
Mis-selling specically
(or controls failure)
Redemptions/
loss of mandates
Model errors/inconistencies
Star trader(s) or PMs leaving
Breach of client mandates
23%
29%
13%
Reputational issue
with parent rm
29%
Contagion in markets
(e.g., Eurozone)
38%
63%
9%
CRO directly responsible
Basic methodology used for

measuring/managing RepRisk
16%
RepRisk actively
measured/managed
RepRisk as a separate category
Firm aware of RepRisk effects
24%
44%
58%
51%
Founder risk (leaving/

undue inuence
49%
Regulatory censure or nes
Relative indicator
90%
Although reputational risk was generally seen as one of the most important risk types,
the survey showed that the explicit monitoring and management of reputational risks was
inconsistent to date. Only 49% of the respondents claimed that they actively measured or
managed reputation risk at a macro-level, for example by considering the risk-adjusted
value of expected future earnings from loss of client business (new, or redemptions of
existing clients), the risk of loss in the value of a firms business franchise (extending
beyond the event-related losses), the decline in its share performance metrics, or
anticipated reduced expected revenues and/or higher financing and contracting costs.
The failure of the custodian

(as well as the outsourcer) is
receiving special attention
right now. Appointment of the
custodian is an activity mandated
by our clients, and we have
a third-party oversight team
featuring operations tasked with
modeling the eventuality.
The Dutch Regulator, the DNB,
are focusing far more on BCP
aspects more than outsourcing.
Firms dealt with reputational risks in different ways. A majority of the firms surveyed
treated reputational risk as derived from other risks, but only 24% of the respondents
regarded reputation risk in a category of its own, potentially as both an impact and
a driver of new risks. Some firms treated reputational impact as a multiplier when
assessing/quantifying other risks (e.g., operational risk). Reputation worthiness
derived from brand value or goodwill was seldom considered at a bottom-up level
for instance, by adopting a reputational risk framework (such as what is offered by
COSO or the ABI) and collecting data on media hits (such as on news sites and blogs,
as well as brand evaluations) to assess the likely extent and impacts of reputational
consequences.
The top reputational risk factors were posited as per ICAAP risk scenarios and
ranked as follows: Mis-selling specifically/controls failure (#1 factor); redemptions/
loss of mandates (#2 factor); breach of client mandates (#3 factor); as well as star
trader(s), PMs or desk heads leaving; regulatory censure or fines; model errors/
inconsistencies; contagion in markets (e.g., Eurozone); founder risk (leaving/undue
influence; dealing or corporate action/rights errors; fraud/rogue trader.
Many asset managers saw the increasing client mandate complexity specifically
as a growing concern. Fifty-eight percent of the respondents saw redemptions/
loss of mandates as a key contributor to reputational fallout, while only 51% of the
respondents saw breach of client mandates as a critical factor. There were also strong
words said about the role of pension fund consultants who were reported as driving
unnecessary complexity when it came to devising or inflating mandates.
31
Survey findings
We follow the ISAE 3472 process

to challenge our agent bank. The
latter have described their BCP and
DR practices, and described their
living will arrangements but not
circulated these for us to study.
We look at reputation risk as
a superset risk e.g., arising
from a poor media comment,
ICAAP scenarios, or a material
reputational event; RepRisk is
owned by the Exec Committee, the
CEO, CRO and Head of Marketing.
Events are managed as-is when it
comes to breaking news.
We have a single owner for RepRisk
an Investment Management
Global COO.
As seen in last years survey in regard to Eurozone preparations, a couple of firms

already had separate crisis committees in place with processes designed to respond
quickly to the type of high-profile events which could damage the brand. Other firms
relied heavily on parent entities to manage the overall interest of the brand or (even
more importantly for asset managers and insurers) the goodwill.
The introduction of the new financial transaction tax (FTT)

provisions in the EU at national levels in France and Italy posed new
challenges for asset managers and their servicers.
On 14 February 2013, the European Commission presented a revised draft Directive
for an EU financial transaction tax (FTT) for 11 participating Member States (Austria,
Belgium, Estonia, France, Germany, Greece, Italy, Portugal, Slovakia, Slovenia and
Spain). Although the initial 11 Member States indicated their enhanced cooperation,
the European Commission indicated that other Member States were free to sign up.
As currently proposed, the FTT would apply to secondary market transactions in
equities, bonds, fund units, and repos and stock loans, as well as entry into derivatives
transactions. Transfers of shares and bonds etc., would be taxed at a minimum rate of
10basis points. Derivatives contracts would be taxed at a minimum rate of one basis
point on the notional value of the derivative. Under the draft Directive, it is envisaged that
Member States would transpose the relevant rules expressed under COM (2013)71 into
their national law by the end of September 2013. Officially, the FTT directive carries a
go live date potentially as early as 1 January 2014.
There are no exemptions, e.g., for intra-group transactions, intermediaries/marketmakers or stock loan or repo transactions. A lack of an exemption for intermediaries/
market-makers means that where a financial institution transacts with another financial
institution on a riskless principal basis, both parties to the transaction could be liable
to tax. This will give rise to a cascade effect of multiple charges being applied across
a chain of brokers. There is also the issue of whether fund units (such as creation units
within ETFs) will be caught, giving rise to the serious prospect of double taxation.
The FTT differs from typical transaction taxes in a number of fundamental ways:
In-scope instruments: The range of in scope instruments is technically very broad in
particular, the inclusion of bonds and (all types of) derivatives. Some Member States
within the cooperation agreement countries may still press for exemptions.
Geographic nexus: The tax applies to (a) transactions entered into by financial
institutions established in the EU-11, (b) transactions entered into by financial
institutions with a counterparty established in the EU-11 and (c) transactions
enteredinto by financial institutions over financial instruments treated as issued by an
EU-11issuer.
Both parties potentially taxed: The tax applies to each party to a transaction (so long as
they are financial institutions) and will operate on the gross value of transactions.
Results from the survey are illustrated in Figure 12. Some points can be noted:
There were inconsistencies in how organizations appear to approach tax (e.g., tax
strategy defined but lack of KPIs and consistent approaches to tax transparency).
Only 22% of the respondents expected industry utilities, such as FMIs, to play a part in
tax collection and reporting which raised the question about alternative routes.
32
Figure 12: What is the state of readiness of asset managers looking to manage tax
risk and preparing to manage the FTT?
64%
Relative indicator
48%
52%
38%
53%
45%
45%
22%
17%
15%
12%
FTT implemented with

EC deadline of
January 2014
Industry utilities such as
FMIs playing in tax
collection and reporting
Some Member States may

charge > minimum FTT rates
Firm expects FTT consistently

implemented in EU-11
Member States?
Firm expects a signicant

impact from the FTT
Tax strategy is dened

with visibility at the board
and executive levels
Group tax have KPIs
that align to the overall
business strategy
High impact from FATCA
High state of Eurozone

redenomination readiness
Tax risk in rm's

risk appetite
Tax risk a key horizon risk
2%
Tax risk a current issue
RepR is treated as its own risk

type here and we classify it by
three types capital, liquidity
andfranchise.
Does the risk function have the appropriate quality and quantity of
resourcing to offer challenge to the business?
This years survey focused more deeply on the quality and quantity of risk resources
across firms and how FTEs were being counted. This was partly in response to a desire
among firms to benchmark their capabilities against peers and partly in response
to regulators asking more penetrating questions about the bench strength and
appropriateness of resources to challenge the business. While 37% of respondents
indicated an expansion in risk resources, a majority of the firms (54%) remained flat in
terms of risk headcount (see Figure 13). The rate of growth of FTEs was not consistent
across all firms while the number of FTEs didnt vary by overall style, AuM or size of
existing team, there was a degree of proportionality between the size of the core OpR
resource team and scope of investment risk resourcing.
We are extremely brandconscious, given our heritage. The

reputational impact could be a
financial impact e.g., arising from
a fine, but weve discovered that
the internal cost to investigate and
remediate can be three times the
fine itself.
Reputation risk is a focus
given recent corporate activity,
redemptions and a suspicion of
insider trading in the industry.
We focus on RepRisk arising
from events or scandals. The
big focal points are data security
at our outsourcing providers,
insider dealing and redemptions
ingeneral.
Figure 13:
1) FTEs dedicated to administering operational vs. cost/income ratio
(graduatedaccording to firm size)
20
Size of OpRisk team
15
10
60
Cost/income ratio
80
100
33
Survey findings
FATCA is no longer a priority.

Having lived through the
experience of spending resources
prematurely for Solvency II, we
will be cautious about getting
behind FTT too early in the
cycle. We hope that there will be
convergence when it comes to a
directive, perhaps using France as
the benchmark. There is no way
that the proposed deadline can
be met.
It may prove difficult to bring
the various national practices
together so FTT as a regulation
might not happen in practice at
least not as a regulation applied
across the EU.
2) FTEs dedicated to administering operational vs. investment risk

20
15
Size of OpRisk team
We treat RepR as one hit from

multiple triggers. We have a
World Monitoring Group which
comprises 40 people, including
risk officers, economists, market
experts, business leaders and
Corp. Comms. The Group devises
exit scenarios and we were
ready for the Cyprus crisis as
our Playbook was up-to-date and
ready to deploy.
10
10
20
40
100
Size of InvRisk team
The need to satisfy the diversity of business lines (e.g., multi-strategy, alternatives
or REIM) and country coverages (particularly in AsiaPacific) was a commanding
consideration for deciding team size and capabilities. Respondents universally maintained
that it was quality, not quantity, which counted, irrespective of the style of the firm, its
size by AuM or its geographic diversification.
Trying to draw detailed inferences of how different traditional and alternative asset
managers of different styles and sizes spend their time has to take into account the
subjective preferences of each CRO or head of risk. Scores ranging from high, medium/
high, medium, low/medium and low were normalized and then converted into the values
shown on Figure 14.
The changes to priorities in time allocations this year were recorded as follows:
The amount of time spent managing client mandate risk continued to rise from
9.1% in 2013 (vs. 8.6% in 2012). Clients, such as US plan sponsors or sovereign
wealth funds (SWFs), warranted more time and resources because several demanded
bespoke mandates, which required custom fiduciary, conduct and reporting
procedures.
The time dedicated to training 6.3% in 2013 (vs. 4.8 % of time allocation in 2012)
showed a significant improvement reflecting a general desire to up-skill resourcing
and a drive toward including more facets under the umbrella of risk management.
Examples of training included external and internal face-to-face classroom training,
online desk-based training, training in a simulated environment as well as external
operational risk qualifications administered by the PRMIA.
The time allocation for managing legal risk (e.g., arising from seeking interpretative
guidance on definitions, derogations, thresholds or materiality tests) continued to grow
8.0% in 2013 (vs. 6.8% in 2012 or vs. 7.1% in 2010). According to future projections,
this percentage is not expected to reduce any time soon and would demand a closer
coupling between the legal, compliance and risk functions moving forward.
There was no right answer to the exam question of what is the optimum size of the
risk control function in a typical firm, but firms are advised that they should benchmark
themselves internally at the very least and be ready to evidence their total control
footprint spanning the 1/2/3LD when called upon to do so by regulators or clients alike.
34
Figure 14: What are the relative priorities for risk management in terms of
1) time spent?
9.1%
9.4%
8.6%
10.5%
8.4%
6.3%
5.4%
8.2%
4.2%
9.0%
10.9%
9.8%
Policies and procedures

Risk monitoring
Training and induction
Internal remediation/mitigation
Internal audit
Risk reporting
Regulatory affairs, e.g., new regs.
Prudential issues (e.g., ICAAP)
Regulatory contact (ARROW, ICAAP, s166, etc.)
Management of risk modeling
Gen. risk mgmt./Client contact/Risk consulting
Mandate risk/governance
2) themed area?
5.7% 8.3%
11.0%
10.7%
6.5%
11.2%
9.2%
3.9%
6%
9.1%
8%
10.4%
Market risk issues

Counterparty/Credit risk issues
Operational risk issues
Prudential issues (e.g., ICAAP)
Investment/Product risk issues
Legal risk issues
Country risk issues
Settlement risk issues
Liquidity risk issues
Fiduciary risk issues
Regulatory risk issues
Fraud risk issues
If FTT comes out, it will be a

game-changer. For example,
money market funds which are
based on the preservation of
capital and liquidity, could well
become unviable. Much of the
proposed regulation is unclear
and likely to be applied extraterritorially.
FTT is a separate project, driven
out of continental Europe by
Operations, Compliance and Legal.
We will be heavily impacted given
that our parent is located within
an EU-11 country, and we shall be
exploring whether we need to ramp
up subsidiary status outside the
EU-11.
The complexity of the regulations is
having an effect on the governance,
resourcing and cost. We may
need to recruit staff to cope with
regulatory risk reporting as per
how we interpret the rules.
35
Survey findings
We are actively studying the C/I

ratio of our group and comparing
it to one of our North American
business units where the score is
22 points lower. We are using the
approach to benchmark where
we are and to assess the bench
strength of how our resourcing
should lie, for both the 1LD
and2LD.
Its all about the quality of the
risk resources, not just the size of
theteams.
Risk management is as much
an art as a science; with larger
teams, the art disappears and it
becomes more of a science.
Education around conduct risk
and avoiding conflicts of interest
is a significant focus right now.
There are also other themes
around risk culture (risk culture
is a big focus, with mandatory
training to build awareness
and ensuring that staff are
remunerated accordingly).
There was wide disparity in the fitness of purpose of systems and

deficits when handling change requests.
The IT flexibility of the firm proved once again to be a major dependency when delivering
a sustainable risk infrastructure to meet the challenges of custom and changing client
mandates. The resilience of business continuity planning (BCP) and cybersecurity were
both cited as critical components in this years survey, although respondents were not
specific whether this was in response to incidence of hacking, fraud or insufficiently robust
cloud computing arrangements. The results this year were polarized between firms whose
systems, controls and data were broadly fit for purpose vs. the remainder of firms that
were clearly struggling to cope with multiple business and regulatory changes.
There was also increasing awareness among risk professionals that managing data was
no longer an issue of merely managing static (reference) data or filtering stale data, as
equal to the lifeblood of innovation and therefore the golden source of economic value
for the business. More respondents alluded to a need to manage and safeguard big
data reflecting what Viktor Mayer-Schnberger, Professor of Internet Governance and
Regulation at Oxford University, referred to as the quantification and datafication4 in the
majority of global industries within his book Big Data; A Revolution That Will Transform
How We Live, Work and Think.
There was no particular behavior pattern for example, it was not always an advantage
to have a large banking or insurance group as a parent and a high cost/income ratio,
nor was it particularly guaranteed that a large AuM base would automatically translate
into having access to the best systems money could buy. Small wasnt always beautiful
either. Hedge funds and some smaller traditional asset managers were challenged to
keep abreast of the necessary scaling to their systems as they looked to serve more
demanding institutional clients, whether meeting, reporting, social networking or cloud
computing expectations.
Top-quartile asset managers (by way of automated risk prevention) were able to link
their PMS, OMS and GL into a seamless system architecture, enabling them to perform
what if scenarios according to model, product or portfolio criteria. They were able to slice
and dice real and synthetic portfolios to assess risks, evaluate yield curves, analyze credit
risks, analyze VaR and (decomposition of) track error or evaluate underlying NAVs.
Only 54% of the firms in 2013 could attest that their data, systems/controls and MI were
fully robust and fit for purpose, down from the 60% figure recorded in 2012 and well
down from the 68% recorded in the 2011 survey (see Figure 15). The percentage of
firms experiencing issues with flexibility/IT change requests was 46% this year, similar to
the results in last years survey.
36
atafication the notion that organizations today are dependent upon their data to operate properly and perhaps even to
D
function at all Information Week 25th Feb 2013
Figure 15:
Summary of system and data issues recorded in this years survey
1) Data-security-specific concern? 2) Taxonomy used? 3) Issues with IT flexibility?
12%
15%
29%
51%
49%
15%
23%
37%
Key throughout:
Yes
Partly
No
46%
24%
Dont know/Did not respond
The effectiveness of a risk management function depends on the ability of firms to

gather, analyze and report accurate and timely information that is relevant to the risk
teams, but equally relevant to the compliance, legal, internal audit, business, finance
and other functions within the firm. Leading firms were also digitizing documentation
for on-demand retrieval of records for audit and control purposes. It was little surprise
therefore that this years survey found more firms maintaining a wider range of KRIs/KPIs
than ever before spanning traditional investments, alternatives, real estate/private
equity and multi-strategy.
Respondents still differed as to the usefulness of data indicators. Supporters of KRIs
expressed the view that they were generally helpful, a good discipline to help the risk
function decide where to pay more attention to structural or significant changes and a
good tool to summarize issues for management, the board, the NEDs, the clients and the
regulators. Skeptics claimed that they merely reflected conditions in the past or present
and represented a poor predictor of events in the future because there would always be
data deficits when trying to model for every scenario combination.
The following types of KRIs were often identified as useful by respondents:
Different parts of the firm focus

on AIFMD so there is no unified
position, given that AIFMD
covers diverse areas, such
as remuneration, delegation,
valuation, risk management,
liability, reporting, marketing and
asset stripping.
[The CRO] is spending two to
three hours every week in terms
of face time with the regulator,
and that doesnt include the
preparation and research time.
The complexity of the regulations
is having an effect on the
business, on governance and on
resourcing and cost. This will have
a huge impact on systems we
are becoming data hungry and
concerned at our capacity to
meet the regulations and manage
change. We need to be in control
of our data, e.g., position data;
this translates in terms of fewer
mistakes (greater efficiencies) and
less untoward regulatory attention;
we are paying attention to cleaning
our start of daily records.
Business/Management data e.g., escalations, actions, sign-offs, permissions,

approvals, changes to approvals, write-offs, volumes, numbers, costs, ROCE, trends,
remuneration data, deferrals, de minimis exceptions, clawback data and LTIP data
Investment/Mandate risk data e.g., sector/market sensitivity/position limit
breaches, tracking error (and decompositions of the same), mandate breaches and
country risk downgrades, IMA breaches, changes to mandates, fund legal entity data,
SAA/TAA, risk parity and specific client instructions
37
Survey findings
There is a huge amount of

time being spent to achieve
compliance with regulations, e.g.,
building quarterly regulatory
reporting which does not result in
any extra performance.
50% of our funds are caught by
virtue of being non-EU AIFs and/or
non-EU AIFMs, and there are big
issues surrounding how to mark
(tag) funds, e.g., US-issued ETFs
are caught as an asset class under
AIFMD and we are hit by reporting
requirements which are quite
onerous by virtue of the data sets
that need to bereported.
Locating collateral is a significant
challenge; there are some
consistent data quality issues.
Market/Credit/Operational risk data e.g., trading limit breaches, counterparty limit

breaches, institutional and nominee data, fund structure (parent/child) data, errors
and omissions (such as descriptions, discovery dates/frequency of occurrences/
resolution dates/recoveries/responsibles), near-misses (against the firm/in the
clients favor), trading losses, material incidents, exceptions, stock lending/collateral
breaches, reconciliations, corporate actions, tax reclaims, proxy voting
Regulatory risk data e.g., authorizations, controls failures, remediations, OBIs and
PEPs, investigations, market abuse criteria, benchmark exposures, concentration
risks, basis and wrong-way risk data, reverse stress testing data, other performance
data (including information related to ALM, TCF, SRRI and others)
Customer indicia data (for US persons and potentially for EU-11 establishment
qualification as well?) e.g., natural persons, correspondence/in-care/hold mail
address details, POA details, beneficial ownership, established entities, home
state regulator, standing instructions, liabilities, estate or trust information and
unincorporated association information
Other customer service data e.g., taxpayer identification number (TIN), taxpayer
account data including balances, referrals, customer complaints, customer
compensations, contact frequency, waiting calls, missed calls and other TCF
outcomesdata
Coping with regulatory intrusion and cross-jurisdictional complexities

will be the primary challenge for asset managers and asset servicers
over the coming years.
There are also big problems

keeping up with onboarding when
clients can change their status
atanytime.
This years survey reflected no let-up in the pace, volume and intensity of changes to
global, regional and local/thematic regulations impacting asset managers and asset
servicers. Constant political interventions have created measures that sometimes appear
to work at cross-purposes (e.g., EMIR/AIFMD vs. shadow banking/CRD on collateral/rehypothecation).
Two key aspects keep me awake

at night the growth and breadth
of regulatory changes, and the
depth of regulatory changes.
It is little wonder then that we found that risk professionals in asset management are
anticipating signs of reg-fatigue over the next few years, stretched as never before
by the number of new measures and the constant changes to the same. Many seem
challenged to help their business and operations colleagues anticipate horizon risks,
understand the impacts of the same, and manage the complexity transfers from the
many and varied measures, while trying to support their risk colleagues in anticipating
extreme events, optimizing capital and liquidity, and minimizing the potential for
reputational risk.
The primary driver for the

future will be the need to design
products for the long-term
investor and to help build trust in
where the environment is going.
38
Figure 16 shows how the responses to the survey mirrored the regulatory concerns
ahead with regard to two types of regulatory concern:
Challenges arising from cross-jurisdictional complexities (82%) or complications
arising from compliance/legal risks (68%)
Challenges arising from increasing regulatory scrutiny (80%) or overlapping
regulatory measures (76%)
Figure 16: Top 20 future of risk management over the next three years
Key: Survey 2013
There will be cross-jurisdictional (ET) complexities
Regulatory scrutiny will become even more intense
New complexities from overlapping directives
82%
80%
76%
Compliance and legal risks will be a growing problem
68%
Factors such as FTT more inuential
64%
Focus on investment risk key
64%
Risk management function more strategic/predictive
63%
57%
Risk management more embedded in business

Client mandates will become more complex
and challenging
Greater challenges with third-party agreements
53%
48%
46%
Risk function will become more advisory

Managing expectations around conduct
risk a challenge
More functional convergence e.g.,
compliance/nance
Greater focus on extreme event, e.g., redenomination
Factors such as Dodd-Frank and/or the G20
more inuential
33%
FATCA more inuential
33%
43%
37%
35%
28%
Business will take more oversight/accountability

Increasing involvement in reviewing/
setting remuneration
Personalized/Differentiated service focus
27%
27%
12%
Risk function more commercially focussed

Financial crime will become a signicant area of focus
6%
There is differentiation between

regulated and segregated funds.
Regulated is monitored daily,
particularly for UCITS funds;
segregated is monitored weekly
or monthly at least, depending
on portfolio manager preference;
PE and property are monitored
monthly but reported quarterly.
A detailed spreadsheet is used
for equity, fixed income, multiasset and multi-manager on a
pan-geographic basis, but it isnt
appropriate for derivatives nor is it
used for longer-term investments,
such as PE or Property, which are
not super-liquid.
There are daily checks for setting
leverage and various ways
of doing so, such as various
sensitivity analyses. All positions
are drawn from the back office
system, and a data model is
used to normalize/standardize
theexposures.
Our approach is increasingly
more committee based, with
more judgment-based decisioning
and paper documentation in
evidence documentation
features limits, number of
systems, etc. We will create an
audit trail by paper to satisfy
thisregulation.
39
Summary of findings
2013 survey vs. 2012 survey
Figure 17 shows a summary of the findings from the 2013 survey in comparison with the 2012 survey to illustrate some of the trends
underway. Several of the benchmarks highlighted in the red fields came from respondents indicating that regulators were likely to
extend their direction of travel to cover new domains (such as conduct risk, collateral management/repo, FTT or extraterritorial
applications to US/EU-11 persons). The mood music for the next few years would seem to be intensive regulation, intrusive regulation
and cross-regulation as the new normal in the industry.
The broad consensus from this years survey was that a combination of greater regulatory activism and responding to client queries
represented the greater portion of their non-discretionary spend. The top quartile firms who had already differentiated through
extensive investments in systems over the 20102012 period were better able to evidence fit for purpose investment, credit
and operational risk management. In effect, these firms were better positioned to function and therefore deliver according to
their governance, risk appetite and USE test aspirations, and thus better positioned to innovate and function in a multi-regulatory
environment than firms that were late to the party in this respect.
Figure 17: Comparison of the results of the Risk Management for Asset Management Survey 2013 vs. 2012
Indicator
2013 result
2012 result
Delta/comments
Median involvement of CRO in product cycle
<15% In
(27% of firms)
<15% In
(24% of firms)
Increase in the percentage of firms bringing the 2LD functions

toward the start of the product cycle, but the number of DKs was
relatively high with some continental firms
% range in ICG uplifts recorded as the

newnormal
135%175%
130%170%
Some firms were able to lower their ICG scores vs. 2012 results
while other showed sharp rises with more complex treatments
% IMs who claim they can break down risk

exposures per Cp and per product/fund intraday vs. total for same ex-post
25% and 40%,

resp.
24% and 31%,

resp.
Significant investments behind counterparty risk management

recorded over the 20122013 period, particularly non-bank/
insurance-owned asset managers behind ex-post
Firm conducted a study to look at

acceptablecollateral
39%
31%
Reported shortages in the fluidity of (or access to) quality

fungible collateral are prompting more firms to focus in this area
Firm has run a beauty parade to ask

brokers how they might effect collateral
transformation
34%
35%
Comparable percentages of asset managers concerned at the

robustness of counterparties in effecting collateral transformation
(e.g., repo) in times of market stress
Rudimentary methodology used for

trackingand measuring reputational risk
impacts/outcomes
16%
11%
Growing awareness of the reputational impacts and outcomes

from trigger events, and usage of rudimentary trackers as per
share price and social media, particularly among brand-builders
Firm expects to experience a significant

impact from the introduction of the FTT
53%
50%
Rise in the number of firms expecting to comply with the new FTT
measures being introduced differentially by Member States
Trend in risk resourcing
Upward
(37% of firms)
Upward
(26% of firms)
Growth is noticeable, not just in numbers but in terms of a drive for

quality and beyond OpR mindset into business risk mindset
Average time spent on regulatory contact
8.2%
8.2%
Rise in the amount of face time that firms are spending with their
regulator in the UK; in some cases, the CRO spends two to three
hoursper week
Average time managing legal risk issues
8.0%
6.8%
Sharp escalation in the amount of time managing legal risk, arising

from extraterritorial measures e.g., Dodd Frank and FTT
Average time managing mandate risk issues
9.1%
8.6%
Mandate risk an even more important issue in 2013; hot spots

include PFs, institutional SWFs and ERISA funds
Average time dedicated to training

orinduction
6.3%
4.8%
Significant improvement reflecting a drive to raise the level of risk

resourcing and the standing of the function (6.7% in 2009)
% IMs with data, systems and MI fully robust/

fit for purpose
54%
60%
Greater systems challenges are not being met through comparable

investments in upgrades to systems and data quickly enough
% IMs focusing on data security and cybersecurity from a risk function perspective
49%
19%
Greatly improved awareness of data security, cybersecurity and

confidentiality; no longer relegated to being merely an IT issue
40
Definitions of specific risk types

Risk type
Definition
Business risk
Any risk to a firm arising from changes an asset managers business, including the risk that the firm may not be able to carry out its
business plan and its desired investment strategy. In a broader sense, it is exposure to a wide range of macroeconomic, geopolitical,
industry, regulatory and other external risks that might deflect an asset manager from its desired strategy and business plan.
Market risk
The risk of loss arising from fluctuations in values of, or income from, assets or arising from fluctuations in foreign exchange or interest
rates.
(Counterparty)
credit risk
Credit risk refers to the likelihood that a counterparty will fail to meet a contractual obligation that results in a loss in value to the other
party. A factor that may contribute to increased credit risk is concentration of assets held with a single counterparty.
Operational risk
The risk of loss resulting from inadequate or failed internal processes, people, systems or from external events.
Investment risk
Investment risk is commonly defined as a positive or negative deviation from an expected outcome. Asset managers typically regard
investment risk as a measure of the expected return given the level of risk tolerance relative to agreed market or internally set
benchmarks. Some of these are typically specified within the asset managers risk appetite, often expressed at a corporate as well as at
a client level.
Legal risk
The risk of a client, clients or counterparties taking legal action against the firm resulting in protracted litigation, financial loss and
reputational damage.
Country risk
The risk of investing in a country, dependent on changes in the business environment that may adversely affect operating profits or
the value of assets in a specific country. For example, financial factors such as currency controls, devaluation or regulatory changes, or
stability factors, such as mass riots, civil war and other potential events contribute to companies' country risks.
Liquidity risk
The risk that the firm, although solvent, either does not have sufficient available resources to enable it to meet its obligations as they
fall due, or can secure them only at excessive cost.
Regulatory risk
The risk of failure by the company to meet its regulatory requirements or manage changes in regulatory requirements with respect to
new legislation, resulting in investigations, fines or regulatory sanction.
Conduct risk
The risk that an entity mistreats its customers or clients, causing them damage. Historically used within the context of retail customers
but more recently also applicable to non-retail customers as well.
Fraud risk
Any risk of loss arising from a staff member, members or third parties acting in an inappropriate or dishonest manner resulting in a
financial loss to the firm (e.g., funds stolen) and consequential damages to its reputation.
Reputational risk
The risk of damage to the firms reputation that could lead to negative publicity, costly litigation, a decline in the customer base or the
exit of key employees and therefore directly or indirectly to a loss of revenue.
Strategic risk
The potential negative impact on earnings due to misjudged strategic decisions or lack of responsiveness to industry changes.
Concentration risk
The probability of loss arising from a concentration in asset classes or the credit risk characteristics of financial counterparties that
correlate positively.
Correlation risk
The probability of loss from a disparity between the estimated and actual correlation between two assets, currencies, derivatives,
instruments or markets.
Wrong-way risk
Wrong-way risk occurs when exposure to a counterparty is adversely correlated with the credit quality of that counterparty.
Basis risk
The risk that offsetting investments in a hedging strategy will not experience price changes in entirely opposite directions from each
other. This imperfect correlation between the two investments creates the potential for excess gains or losses in a hedging strategy,
thus adding risk to the position.
Tax risk
The tax impact of business risks arising from an organizations ongoing global activity. The uncertainty or risk to the firm by failing to file
accounting statements according to the appropriate tax standards or to abide by the appropriate tax treaties for the country.
Accounting risk
The uncertainty or risk to the firm by failing to file accounting statements according to the appropriate accounting standards (e.g., US
GAAP/IFRS) or with due care and attention with regard to the appropriate audition process.
Pre-settlement risk
The risk that an outstanding transaction for completion at a future date will not settle because one of the counterparties fails to perform
on the contract or agreement during the life cycle of the transaction beforesettlement.
Settlement risk
The risk arising from timing differences between the receipt and payment of funds or deliverable assets.
Custody risk
The risk of loss of securities held in custody due to the insolvency, negligence of fraudulent action.
Enterprise risk
The risk that an entity fails to meet its strategic, operational, reporting or compliance objectives and manage risk to be within its risk appetite.
Technology risk
The uncertainties associated with the implementation of new technologies including systems, software or networks.
41
Glossary of acronyms
1/2/3 LoD . . . . . .
ABAC . . . . . . . . . .
ABI . . . . . . . . . . . .
AIF(M)D . . . . . . .
ALM . . . . . . . . . . .
AMA . . . . . . . . . . .
AMF . . . . . . . . . . .
AML . . . . . . . . . . .
ARROW . . . . . . . .
AuM . . . . . . . . . . .
BCP . . . . . . . . . . .
CAPM . . . . . . . . .
CASS . . . . . . . . . .
CBFA . . . . . . . . . .
CC/I/RO . . . . . . . .
CCP . . . . . . . . . . .
CDO . . . . . . . . . . .
CEFs . . . . . . . . . .
CEM . . . . . . . . . . .
CMVM . . . . . . . . .
CNMV . . . . . . . . .
CoB . . . . . . . . . . .
COBAM . . . . . . . .
COSO . . . . . . . . . .
CRAs . . . . . . . . . .
CRD III/IV . . . . . .
CrR . . . . . . . . . . .
CSD . . . . . . . . . . .
CVA . . . . . . . . . . .
DPO . . . . . . . . . . .
DR . . . . . . . . . . . .
E&O . . . . . . . . . . .
EAD . . . . . . . . . . .
EC . . . . . . . . . . . .
EDF . . . . . . . . . . .
EI . . . . . . . . . . . . .
EL . . . . . . . . . . . .
EMIR . . . . . . . . . .
EPE . . . . . . . . . . .
E(PM) . . . . . . . . .
ERC . . . . . . . . . . .
ESMA . . . . . . . . . .
42
First, second and third lines of defense

Anti-bribery and anti-corruption
Association of British Insurers
Alternative Investment Fund (Managers) Directive
Asset liability management/modeling
Advanced management approach (risk methodology
for operational risk)
Autorit des Marchs Financiers
Anti-money laundering
FSAs Advanced Risk-Responsive Operating frameWork
Assets under management
Business continuity planning
Capital asset pricing model
Client asset rules (issued by the FSA)
Commission Bancaire, Financiere et des Assurances
(Belgium Regulator)
Chief compliance/investment/risk officer
Central counterparty
Chief data officer
Credit exposure factors
Current exposure method (for Basel II)
Comisso do Mercado de Valores Mobilirios
(Portugese Regulator)
Comisin Nacional del Marcado de Valores
(Spanish Regulator)
Conduct of business
Client onboarding and management (
aka Know Your Client)
Committee for Sponsoring Organisations of the
Treadway Committee (framework standards for ERM)
Credit rating agencies
Capital Requirements Directive III/IV
Credit Risk
Central aecurities depository
Credit value adjustment (for Basel III)
Data protection officer
Disaster recovery
Error and omission
Exposure at default (for credit risk)
European Commission
Expected default frequency (for credit risk)
Exposure indicator (for operational risk)
Expected loss (for all types of risk)
European market infrastructure regulation
(for OTC derivatives)
Expected positive exposure (for credit risk)
Enhanced (portfolio management)
Economic risk capital
European Securities Markets Authority
(formerlyCESR)
ETF/P/C . . . . . . . .
EVT . . . . . . . . . . .
EXO . . . . . . . . . . .
FATCA . . . . . . . . .
FMI . . . . . . . . . . . .
FOR . . . . . . . . . . .
FSA/FCA . . . . . . .
FTT . . . . . . . . . . .
FX . . . . . . . . . . . .
ICAAP . . . . . . . . .
ICG . . . . . . . . . . . .
ICR . . . . . . . . . . . .
IE01 . . . . . . . . . . .
IGA . . . . . . . . . . . .
IIF . . . . . . . . . . . .
im/vm . . . . . . . . .
IMA . . . . . . . . . . .
IMA . . . . . . . . . . .
IRA . . . . . . . . . . . .
IRB . . . . . . . . . . . .
KIID . . . . . . . . . . .
KI/P/R/CI(s) . . . .
LDA . . . . . . . . . . .
LDI . . . . . . . . . . . .
LEI . . . . . . . . . . . .
LGD . . . . . . . . . . .
LGE . . . . . . . . . . .
LIED . . . . . . . . . . .
LL . . . . . . . . . . . .
LTIPs . . . . . . . . . .
M&A . . . . . . . . . . .
MAR/MAD II . . . .
MI . . . . . . . . . . . . .
MiFIR/MiFID II . . .
NAV . . . . . . . . . . .
NED . . . . . . . . . . .
OBI . . . . . . . . . . .
O/E MS . . . . . . . .
OpR . . . . . . . . . . .
OR/M . . . . . . . . . .
OTC . . . . . . . . . . .
OTF . . . . . . . . . . .
Exchange-traded fund/product/commodity
Extreme value theory
Execution only
(US) Foreign Account Tax Compliance Act 2010
Financial market infrastructure
Fixed overhead requirement (required to calculate
Pillar 1 risk capital)
Financial Services Authority/Financial Conduct Agency
Financial transaction tax
Foreign Exchange
Internal capital adequacy assessment process
Individual capital guidance (FSA guidance about
minimum capital required)
Individual capital ratio
The change in present value of an asset or liability for a
1 basis point change in the implied inflation curve used
to value the asset or liability
Intergovernmental agreement
Institute for Institutional Finance www.iif.com
Initial margin/variation margin
Investment management agreement
Internal measurement approach (for Basel II)
Internal risk assessment
Internal ratings based (risk methodology for credit risk)
Key investor information document (for UCITS IV)
Key investment/performance/risk/
complianceindicator(s)
Loss distribution approach (for Basel II)
Liability-driven investment
Legal entity identifier
Loss-given default (for credit risk)
Loss-given event (for operational risk)
Loss in the event of default (for credit risk)
Limited liabilities firms
Long term investment plans
Mergers and acquisition
Market Abuse Regulation/Second Market
AbuseDirective
Management information
Markets in Financial Instruments Regulation/Second
Markets in Financial Instruments Directive
Net asset value
Non-executive director
Outside business interests
Order/execution management system
Operational Risk
Operational risk/management
Over the counter
Organized trading facility (new proposed MiFIR/MiFID II
venue category)
PCE . . . . . . . . . . .
PD . . . . . . . . . . . .
PMO . . . . . . . . . . .
POA . . . . . . . . . . .
PV01 . . . . . . . . . .
RC(S)A . . . . . . . .
RDR/PRIPs . . . . .
REIM . . . . . . . . . .
RMP . . . . . . . . . . .
ROI/ROCE . . . . . .
RRPs . . . . . . . . . .
RWA . . . . . . . . . . .
RW(F) . . . . . . . . .
SBA . . . . . . . . . . .
SBL . . . . . . . . . . .
SBR . . . . . . . . . . .
SCV . . . . . . . . . . .
SDRT . . . . . . . . . .
SIFI . . . . . . . . . . .
SLA . . . . . . . . . . .
SLRP . . . . . . . . . .
SM . . . . . . . . . . . .
SREP . . . . . . . . . .
SRI . . . . . . . . . . . .
SRRI . . . . . . . . . .
STP . . . . . . . . . . .
Ts & Cs . . . . . . . . .
TCA . . . . . . . . . . .
TCF . . . . . . . . . . .
TER . . . . . . . . . . .
TPA . . . . . . . . . . .
TSA . . . . . . . . . . .
UCITS IV-VI . . . . .
VaR . . . . . . . . . . .
Potential credit exposure (for credit risk)

Probability of default (for credit risk)
Project management office
Power of attorney
The change in present value of an asset or liability for a
1 basis point change in the nominal yield curve used to
value the asset or liability
Risk and controls (self) assessment
Retail distribution review/packaged retail
investmentproducts
Real estate investment management
Risk mitigation point/program (FSA ARROW
methodology)
Return on investment/capital employed
Recovery and resolution plans (Living Wills)
Risk weighted assets
Risk weight (function)
Scenario based approach (for Basel II)
Stock Borrowing & Lending
Shadow banking regulation
Single customer view
Stamp duty reserve rax
Significant influence financial institution
Service level agreement
Supervisory liquidity review process
Standardized model (for Basel II)
Supervisory review and evaluation process
Socially Responsible Industry
Synthetic risk/reward indicator (for UCITS IV KID)
Straight through processing
Terms and conditions
Transaction cost analysis
Treating customers fairly
Total expense ratio
Third party agent
The standardized approach (from Basel II)
Undertakings for Collective Instruments in
TransferableSecurities
Value at risk
43
Contacts
For further information, please contact:

Dr. Anthony Kirby
Gillian Lofts
Head of UK Asset
Management Regulatory
Reform
UK Asset Management
Leader
+44 20 7951 5131
glofts@uk.ey.com
+44 20 7951 9729

akirby1@uk.ey.com
Roy Stockell
Frank de Jonghe
EMEIA and Asia-Pacific

Asset Management
Leader
Partner, EMEIA Asset

Management
+32 2774 9956
frank.de.jonghe@be.ey.com
+44 20 7951 5147

rstockell@uk.ey.com
Craig Pond
Senior Manager
+44 20 7951 1440
cpond@uk.ey.com
We would like to thank all of the following who supported the survey:
Ratan Engineer, Oliver Heist, David Koestner, Zeynep Meric-Smith, Uner Nabi,
NigelNelkon, Valerie Nott, Derek Pennor, Amarjit Singh, Paul Stratford, StuartThomson,
WilldeVereGould, Julian Young, Annemieke Mollema, Lizette Bruidegom, RobertBopp,
Michael Eisenhuth, Steffan Malsch, Cindy Jimenez, Olivier Drion, Lisa Kealy, LaurentDenayer,
Francois Thiltges, Maurizio Grigolo, AntonioRiccio, Christian Dietz and Elizabeth Wynds.
44
EY | Assurance | Tax | Transactions | Advisory

About EY
EY is a global leader in assurance, tax, transaction and advisoryservices.
The insights and quality services we deliver help build trust and confidence
in the capital markets and in economies the world over. We develop
outstanding leaders who team to deliver on our promises to all of
ourstakeholders. In so doing, we play a critical role in building a better
working world for our people, for our clients and for our communities.
EY refers to the global organization and may refer to one or more of
the member firmsof Ernst&Young Global Limited, each of which is a
separate legalentity. Ernst&Young Global Limited, a UK company limited
by guarantee, does not provide services to clients. For more information
aboutour organization, please visit ey.com.
2013 EYGM Limited.
All Rights Reserved.
EYG no. EH0110
1369540.indd (UK) 09/13. Creative Services Group.
ED None
In line with EYs commitment to minimize its impact on the environment, thisdocument
has been printed on paper with a high recycledcontent.
This material has been prepared for general informational purposes only and is not intended to
be relied upon as accounting, tax, or other professional advice. Please refer to your advisors for
specificadvice.
ey.com

EY Risk Management For Asset Management Survey 2013

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

EY Risk Management For Asset Management Survey 2013

Uploaded by

Copyright:

Available Formats

Risk management for asset management

EY EMEIA survey 2013

Top 10 action list to achieve better risk management

Summary of findings 2013 survey vs. 2012 survey

The biggest difference from 2012

Risk management for asset management EY survey 2013

The lack of decent-quality

Risk management for asset management EY survey 2013

The direction of travel of

Pay and bonuses are all a

Risk management for asset management EY survey 2013

Risk management for asset management EY survey 2013

The sheer volume of current

1. Given the tsunami of new directives and regulatory measures

The world has moved on from

Previous FSA visits had focused

2. Proving that investment risk was ring-fenced from bias and

We dont do things in Risk

3. Regulatory approaches showed signs of divergence. In the US,

We have thought about the

Having prepared well in advance

There was widespread skepticism as to whether the failure of an outsourcing agent

Risk management for asset management EY survey 2013

4. Respondents commented on how they dealt with reputational

HR are involved and leading the

Risk management for asset management EY survey 2013

We see opportunities arising

5. The tail risk of FATCA-like measures in the US (and potentially

Risk management for asset management EY survey 2013

6. Risk management is all about access to the right data. In 2013

Consultants are a real nuisance

For the part of reputation

Overcoming these challenges to be able to provide a holistic approach to risk

Reputational risk is considered

Risk management for asset management EY survey 2013

Top 10 action list to achieve better

The tone from the top percolates

We are a midsize firm with a

With more than 38 regulatory measures currently in process in the EU

Risk management for asset management EY survey 2013

Risk management for asset management EY survey 2013

Top 10 action list to achieve better

InvR sits in the second line of

It is recommended that firms that are expanding or are contemplating expanding

Firms had strengthened the robustness of their operational risk

Risk management for asset management EY survey 2013

Risk management for asset management EY survey 2013

There is a feeling on the part of

Managing complexities from overlapping regional and local regulatory

Pace of regulatory change/increasing

Management of complexity from

Desire to avoid reputational impact

Desire to optimize capital and liquidity

Corporate restructuring focus

Increased shareholder pressure for transparency

Risk management for asset management EY survey 2013

Management of third-party arrangements

Offering personalized or differentiated

Besides the traditional operational and counterparty credit risks,

In 201213, we were involved in

Figure 2: Top risk categories mentioned by respondents

73% vs. 82% in 2012

(Pure) operational risk

Top 10 action list to achieve better risk management

Summary of findings 2013 survey vs. 2012 survey