FCA finds gaps in funds' portfolio management processes

Out-Law News | 24 Jan 2020 | 1:38 pm | 2 min. read

Asset management firms must balance operational convenience with the potential risks of using a single provider for portfolio management services, the Financial Conduct Authority (FCA) has said.

The regulator has published its findings on asset managers' selection and use of risk modelling and other portfolio management tools following visits to 10 such firms of varying size and scale. The visits form part of the FCA's work on operational resilience, and was preceded by a questionnaire on firms' use of technology and cyber resilience.

While the FCA found examples of good practice at most firms, it also identified a few problems particularly around risk model oversight and contingency planning. The regulator has notified the relevant firms of any weaknesses it identified during its review.

The FCA's systems and controls handbook requires regulated firms to "ensure that [they] can continue to function and meet [their] regulatory obligations in the event of unforeseen interruption".

Asset management expert Elizabeth Budd of Pinsent Masons, the law firm behind Out-Law, said: "Although the review was limited in scope and depth, nonetheless the findings need to be considered carefully as this is all part of the FCA's focus on operational resilience".

"What seems clear is that no firm can assume that its current approach is sufficient to meet the risk control requirements of the regulator. Worst case scenarios, such as long outages from major providers, need to be analysed for their potential impact," she said.

"This report echoes concerns raised in the FCA's joint consultation on operational resilience which, whilst not expressly applicable to core investment firms, nonetheless will be of relevance to indicate the direction of travel," she said.

The firms visited by the FCA took a range of approaches to their use of portfolio tools. Some used an integrated package of tools from a single provider, while others used a suite of tools from different providers or built their own technology in-house. The single provider option was associated with simplified vendor management and easier implementation but also concentration risk and resilience implications; while building their own technology meant more flexibility around functionality and maintenance but higher costs.

Firms told the FCA that they recognised that compromises needed to be made when choosing one approach over another, bearing in mind the advantages and potential drawbacks.

Participating firms generally understood the impact that long service outages could have on their customers or markets, but had not generally given enough consideration to how they would manage different lengths of outages, according to the FCA. Firms tended to assume that service interruptions would be few and of short duration, with an implicit view that some providers were 'too big to fail'. Contingency planning and data back-ups were not always sufficient, with firms citing the prohibitive costs associated with building and maintaining the necessary fallback plans.

Oversight of models was challenging for some firms, partly because of the difficulties in building and retaining the necessary expertise. Several firms had adopted a 'framework' approach to oversight, involving checking that models are being developed or used in line with the agreed procedures rather than repeatedly reviewing each individual model in detail. In some firms, the number of models being reviewed in sampling exercises seemed too small to provide assurance of whether the model development and implementation processes were sufficiently robust.

Firms also noted the difficulty associated with changing front office technology suppliers, with several telling the FCA that the length of some commercial relationships was less a positive endorsement of the provider than a reflection of the difficulty of going elsewhere.