The final chapter considers the huge importance of risk and, in particular, operational risk that affects administrator and custodians as well as the risks faced by the fund itself and the promoters of the fund. Case studies look at risk events and how to establish a control framework to manage operational risks. Finally, we look at the possible future changes that will affect the custody and administration service providers.
Risk | Description | Associated risk type |
Accounting risk | This will occur when a business engages in accounting practices for the products or services that are either not suitable, are deliberately misinterpreted or are implemented incorrectly or do not comply with accepted market principles. The risk can also occur if there is doubt about the acceptable accounting standards or where there is conflict between different standards by the setting organizations. |
Audit, regulatory, reporting |
Action risk | The risk of an action being implemented erroneously, accidentally, in unsuitable situations or being authorized or undertaken by unqualified personnel. The risks that arise could create losses (costs, fines etc.), reputation damage (outcome and impact) and regulatory problems. |
Management, settlement, payment risk Regulatory and financial risk |
Audit risk | This is the risk that the audit process and people are unable or do not have the ability to, or do not understand sufficiently the processes and procedures being audited | |
Basel directives | Inability to demonstrate compliance with the requirement as set out by the Committee of the Bank for International Settlement | Regulatory |
Business risk | A risk that is derived from the specific services and products and are particular to the industry of the firm concerned. These risks are often sub sets of strategic risk and occur or originate from business units. |
Operations risk, Technology risk People risk |
Business continuity risk | The impact of internal or external events that in some way interrupt or curtail the operation of the business for a significant period of time or in some catastrophic financial or logistical way as to make normal or viable operation of business difficult. | Operations risk Client risk Counterparty/supplier risk |
Client risk | The risk of being unable to manage the processes associated with the services provided to clients. Money laundering Fraud Noncompliance with client regulation (Regulatory Conduct of Business Rules etc.)—key areas being suitability (Funds) risk warning distribution, client money/asset segregation. |
Operations risk People risk Regulatory (including fines) Reputation—Loss of clients/revenue |
Competition risk | A complex risk that can arise in a number of ways and is quite different from business risk, which is about internal decisions and actions. Competition risk could arise from the entrance of a new competitor or product into a market with potential loss of market share and or increase in investment/costs to compete. This is particularly the case where new competitors cherry pick profitable market segments, where they have or adapt to new technology and practices quicker, or can respond to changing customer requirements more rapidly. Examples here could be found in e-banking, socially responsible investment products etc. Competition risk can also apply to prolonged declining market share created by inability to change as well as by poorly managed mergers and takeovers resulting in massive loss of customers that in turn renders the strategic aims unobtainable and likely to entail severe losses for some period of time. |
|
Compliance risk | The inability to adequately comply with external regulations or internal rules and controls. This may be caused by lack of knowledge of certain markets, products and regulatory requirements, and/or oversight of business units involved. |
Regulatory Financial |
Counterparty risk | This is the risk associated with dealing with or taking services or products from another party. Includes: Ongoing support and enhancement of services, insourcing/outsourcing. |
Operations risk |
Country risk | Risk of clearing, settlement, and client money regulation not being as strong as in the UK/US Law. Infrastructure. Information distribution may be less transparent and or obtainable. Instability. Tax environment/changes. |
Operation risk Legal risk |
Credit risk | Risk associated with the default of a counterparty on an obligation. | Financial—Replacement loss |
Creeping risk | A risk that starts in one part of a business and then moves across and within the business potentially having a greater impact in other areas (Similar to a computer virus). | |
Custody/depositary risk | The failure to protect assets and any resulting benefits on those assets that are entrusted to the care and safekeeping of the firm. | Reputation, financial, regulatory |
Data risk | Occurs when data is incorrectly generated, updated, stored, or used. Corrupted or incorrect data in critical systems (including risk systems) can have a devastating impact. Unauthorized access, use or publication of confidential client or business data can have such an impact as to put at risk the very existence of the organization. |
Technology, control, fraud |
Demand risk (liquidity) | A risk where there is uncertainty about future demand for a product caused by uncontrollable or unforeseen changes in the market, for instance regulatory changes. It also manifests itself in situations where there is greater demand than can be satisfied effectively and efficiently causing delays and penalties to be incurred. Demand risk is relevant in terms of the passing of risk from one business unit to another, that is, the aggressive marketing of a product creating risk for the production team (meeting alterations “sold” by the sales team) or client support teams (delays in delivery, quality etc.). |
Strategic, operational, operations |
Documentation risk | As well as errors within and the ineffectiveness of legal documentation, there is the risk inherent in the publication of documents to the clients including correctness of information, suitability of the document (KYC and restricted product docs), confidentiality, and frequency requirements (regulatory, agreements etc.). | |
Fiduciary risk | Breaching either of the following:
1. A person legally appointed and authorized to hold assets in trust for another person. The fiduciary manages the assets for the benefit of the other person rather than for his or her own profit.
2. A loan made on trust rather than against some security or asset.
|
|
Fraud risk | This is the risk that because of weak controls in respect of payments, asset movements, authorizations, access to systems, and static data in an organization, it is vulnerable to an act of fraud by an individual, group of individuals, or from external sources. E-banking presents potential for fraud if security over access and data is poor. |
|
H R Risk | See Personnel Risk | |
Insource Risk | A risk associated with the taking on of additional operational workload with inadequate resource, knowledge, and systems. | Operations risk Financial—compensation for performance Reputation |
Key performance indicators (KPI) | Indicators showing a change in performance that may be evidence of increasing or decreasing efficiency and effectiveness of processes and procedures often linked into KRIs. | |
Key risk | Identified as risks that could significantly impact on the achievement of the objectives of a business unit. Likely to be proactively managed by Head of Function/Department on a frequent (ie, monthly basis). Typically 15–20% of total risks. Firms develop key risk indicators to measure profile changes of the key risks. |
|
Key risk indicators (KRI) | The identification of risks and their indicators used in the risk management process. Important that KRIs are monitored for evidence of increasing or decreasing risk levels and also for their continued relevance. |
|
Killer risk | Identified as risks that could significantly impact on the achievement of firm, divisional and or strategic business unit objectives including a risk that’s impact is so severe that it would render the firm incapable of continuing in business or would make the firm so vulnerable that it would subject to takeover or wipe out by competitors. Typically 2–5% of total risks. Managed and tracked through key risk indicators. |
|
Know your client (KYC) | A risk control measure that demands the organization has adequate and up to date knowledge of the client, its activities, restrictions that apply to the client’s actual or potential business, and the suitability of products and services marketed and sold to the client. Also known as Client due diligence (CDD). |
Regulatory risk |
Legal risk | The risk associated with the business of a firm in a jurisdiction including areas like the Investment Manager Agreement, Prime Broker Agreement, and other outsource agreements. From an operations point of view it would be related to areas such as netting, agreements, claims etc. |
Settlement risk |
Limit risk | A risk that a control measure is accidentally or deliberately circumvented or is incorrectly set or is not reviewed and amended according to changed circumstances. | |
Loss database | A database that records incidents where a risk event has created a loss at or above a set threshold plus other statistics related internal and external risk events. | |
Management risk | A risk associated with the failure of management to be structured or operate effectively in relation to the business. Poorly trained, under resourced/overworked or ineffective managers and supervisors are a massive operations risk. |
Operations risk Reputation Regulatory |
Market risk | Risk associated with the transactions undertaken by a firm in a market/product. Mainly about price and liquidity but can also be related to other risk like legal and competition. |
|
Money laundering risk | A major risk for many organizations that can result in heavy penalties for individuals and loss of authorization to do business for firms for breaches of the regulations. Any organization covered by the Regulations must ensure effective controls over possible money laundering including making sure that employees are adequately trained. |
Regulatory risk Financial risk Compliance risk |
New market risk | This is the risk of operating in a new market environment where knowledge and experience may initially be low. It is also about the risk that procedures and controls are not immediately at the acceptable standard level of existing market usage. Can also apply to activity that is undertaken in emerging markets where the market infrastructure, practices, and operation is itself untried and tested. |
Operations risk Systems risk Settlement risk |
New product risk | This risk will manifest itself if the launch or the commencement of trading in a new product or when the launch or use of a new service is undertaken without sufficient infrastructure in place, including controls, systems, knowledge skills etc.), and prior training of personnel. | Operations risk Systems risk Settlement risk Project risk |
Operational risk | There are various definitions of operational risk. The Basle Committee define it as “the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events.” Most organizations would add in “loss of reputation.”
|
|
Operations risk | Part of operational risk it applies to the functions that deal with areas like clearing, settlement, payments, delivery of client services, custody, systems etc. Operations risk is the failure to provide the required process, procedures, and controls for the above. |
Operational risk |
Operational risk management (ORM) | The process of actively managing operational risks in a structure that adds value as well as reduces potential unnecessary losses. Often run by a risk group and usually has one or more operational risk managers in the structure. Likely to include audit and compliance in some capacity. |
|
Operational risk officers (OROs) | Name given to a person who is part of the group managing risk and is usually closely related to the business so that they can liaise with both the business and the risk managers on risk issues. Can also be called ORCs—operational risk coordinators. |
|
Outsource risk | A risk associated with the outsourcing of operational functions and processes. Risk is that you can outsource the function but not the responsibility. |
Operations risk Reputation risk Compliance risk |
Payment risk | A risk associated with the erroneous payment of monies. Often but not always associated with fraud it can be nevertheless a risk that is created by poor training, supervision, and procedures for making and or receiving payments. |
Fraud Reputation—errors on client accounts |
People risk | This is the risk associated with individuals or teams of people and is often about their potential as a source of risk and also their potential to be a significant contributor to managing some risks like operational risk. One obvious people risk is the level of human error in the processes, the knowledge levels both procedural and business, and the ability to work in environments particular to business units, products, services etc. |
Operations Financial and reputation risk |
Personnel risk | Different from people risk in so much as this may occur because of poor recruitment environments, uncompetitive remuneration, lack of or ineffective training and development etc. Loss of key personal is a major personnel risk. Employment Law is also part of this risk and includes areas such as Diversity in the Workplace Directives and training, unfair dismissal etc. |
Operations Financial and reputation risk |
Project risk | The failure of a project to be properly managed creating operational problems for the teams/areas of the firm affected plus over run of costs, late delivery of the project, failure to adequately test before roll out, failure to deliver to the project specification. | Financial risk Operational risk Business risk |
Regulatory risk | The risk of noncompliance with the regulatory environment where the business is operating. Particularly areas such as authorization, marketing and sales, conduct of business, client relationships, client assets etc. |
Compliance risk |
Risk event | The occurrence of a possible risk situation becoming an actual risk situation with resultant actual impact. | |
Standard risk | A risk that is identified and managed as part of the day to day business process by the boys and girls doing their jobs effectively and efficiently. Controls devised and implemented by managers and supervisors in the business. Monitored by risk managers from management information provided by the business but essentially not what the risk managers or OROs should be focusing on. |
|
Strategic risk | A risk that is associated with decisions and leadership, that is, the adoption of a working practice that is old, untried or ill thought out that results in unnecessary pressure, workloads, costs, and falling performance of people, systems, and the business. | Business risk Project risk |
Technology risk | The risk associated with the use of technology in a firm. Most obvious risks are: 1. Lack of knowledge of systems.
2. Inability to manage projects.
3. Lack of support for systems.
4. Lack of awareness of systems capability and scope.
5. Inappropriate systems for the business.
6. Old and outdated technology.
7. Access—hackers and viruses, malicious attack.
|
Operations risk |
Value at risk (VAR) | A technique used to estimate the probability of portfolio losses based on the statistical analysis of historical price trends and volatilities. | |
Workflow risk | Risk associated with workflow and processes covering:
1. Variable flow.
2. Under resourcing.
3. Pressure points.
4. Disruption.
5. Lack of knowledge.
6. Unnecessary complex procedures.
7. Poor technology.
8. Lack of STP.
9. Cross border processes.
10. Data sources.
| Operations risk |
Source: The DSC Portfolio Ltd This Glossary of Terms is compiled from various sources and is believed to be correct although no responsibility can be taken for any errors or omissions. This Glossary of Terms is compiled from various sources and is believed to be correct although no responsibility can be taken for any errors or omissions.
3.147.55.35