How can small asset managers optimise operational risk management?

Operational risk is a key issue for any business, but the stakes are often higher for financial services firms due to the scale of assets under their management.


Chief executives worldwide ranked operational risk as their biggest concern in KPMG’s 2017 CEO Global Outlook report, but are asset managers prepared for the ever-evolving threats to their processes, people and systems?


Banks, insurance companies and other large financial institutions often have prescriptive guidance from regulators and well-established risk frameworks in which to operate. The same cannot always be said for smaller-scale asset managers, which typically face unique challenges when trying to combat operational risks.


Let’s examine some of the problems that asset managers must overcome with best-practice operational risk management, as well as potential solutions for optimising their approach.

Operational risk challenges facing asset managers

Disruptive technologies, third-party lapses, cyber security issues and employee errors are all common problems for chief risk officers (CROs).


But risk professionals at smaller asset management firms often face additional problems, including:

  • Small numbers of support staff compared with the scale of assets under management;
  • Unique or unusual investment offerings;
  • Flat organisational structures, making it more difficult to establish lines of defence; and
  • A global reach, despite being boutique or mid-sized firms.

Last year, EY polled UK asset managers and found operational risk was the main risk category keeping CROs awake at night, beating even liquidity and regulatory issues.


A frequent concern among small to medium-sized asset managers is vendor oversight. Many businesses rely heavily on third-party providers for data and systems solutions, among other crucial day-to-day services.


Vendor disruptions or regulatory breaches can therefore have a devastating knock-on effect for asset managers.



Building a better operational risk framework

It’s not all bad news for smaller asset managers. One benefit they usually have over larger counterparts is they tend to have fewer products and operate in a smaller number of markets, which often reduces the regulatory burden.


They also have more flexibility than big firms to quickly implement process and system changes where necessary. But what steps should small and mid-sized asset managers take to improve operational risk management?


Here are some strategic tips offered in a Broadridge and Sifma whitepaper to get you started:


Understand your culture: Any operational risk management plan must be tailored to an asset manager’s internal culture. Analysing how your employees interact and operate is a crucial element in building protocols that will work effectively in any given environment.


Establish your risk tolerance: The business’s tolerance for operational risk will depend on the hazards it faces, the resources available to manage these problems and whether or not proposed measures will minimise business disruption.


Identify risk priorities: A risk map can help asset managers categorise high, medium and low areas of priority. This process should also incorporate an evaluation of the people, key systems and upstream or downstream dependencies.


Organise lines of defence: The three lines of defence is a classic risk management approach, but setting up such a model at small asset management firms could be difficult. Nevertheless, this or a similar framework should be introduced to monitor and remediate risk.


Conduct risk self-assessments: Does the business currently have the controls in place to handle hypothetical risks that affect similar firms within the industry? Identifying risks isn’t enough; organisations must accurately analyse their preparedness level against possible dangers.


Introduce KRIs on projects: KRIs – or key risk indicators – measure the risk level of a particular activity. They give asset managers early warning signs when undertaking a new project or process change. KRIs are typically used in conjunction with key performance indicators.


Plan escalation protocols: Regardless of an asset manager’s preparedness level, operational risk incidents will still occur. Businesses need efficient, delineated escalation processes in place to ensure matters are resolved quickly and transparently.


Enforce incident and error review sessions: When things go wrong, try to use these occasions as learning opportunities. Are there systemic problems with current operational risk frameworks that need addressing? Is the issue likely to arise again in the future? These questions must be asked and answered.


Complete remediation and tracking: If corrective actions are required, establish who is responsible for carrying this out and set a deadline for completion. Once finished, the changes must be monitored to show they are working, otherwise more adjustments may be required.

Do you have the necessary risk skills at your firm?

Operational risk is an ongoing concern for asset managers at a time when the industry is undergoing a shake-up.


The Financial Conduct Authority recently published final proposals for a series of reforms in order to boost transparency and provide better value for investors. As a result, asset managers may need to strengthen their risk and compliance teams to ensure they don’t fall foul of new regulations.


If you would like to discuss your operational risk recruitment needs for the asset management sector or other industry segments, please give me a call on 0207 936 2601 today or contact me via email at


Image: wutwhanfoto via iStock