Risks and threats to asset management systems

By Alex Hammond | 28 February 2018

bobsguide takes a look at the plethora of geopolitical, regulatory, customer, operational and market risk challenges facing asset managers in 2018.

Whether it is a large and cumbersome regulatory environment (e.g. MiFID II, the General Data Protection Regulation (GDPR) and the Common Reporting Standard), uncertainty surrounding Brexit, growing customer demand for ownership and transparency of their investments, or increasingly turbulent markets, asset managers are undoubtedly operating in tough times. 

The buy-side and sell-side have also added complexity with a history of outsourcing. But a drive towards new technology which is streamlining, removing and replacing the need for outdated workflows, manual processes and the allocation of trust, will ultimately be of huge benefit to the industry as a whole, believes Robert Gibbs, Principal Consultant at GFT.

“By removing the intermediary layers of complexity, significant cost can be taken out. But the industry must work together to embrace the opportunity,” he says. “The regulators also have a major role to play in all of this. They cannot afford to lag behind in bridging the gap or using the new technologies, especially when the markets are demanding a level playing field and an equanimity of regulatory governance across borders.”

A big strategic threat is not embracing advances in distributed ledger technologies and blockchain, artificial intelligence (AI) and open ended computing offered by the cloud. “The result of being left behind, merely spectating as others implement transformational change is the risk of marginalisation. The buy-side and sell-side can get ahead by focusing on selective disruptive technology, rather than hiding behind excuses of re-prioritised budgets,” Gibbs says. “Ultimately, the direction of travel for the industry appears to be towards becoming a series of data management companies that also ‘do’ financial services/asset management.”

Tony Warren, Head of Buyside Strategy, FIS, agrees that emerging technologies are key here. “If you take the FIS Readiness Index and compare the Readiness Leaders with the rest of the industry, you’ll see why. Leaders outscored the rest of the industry by a longshot in their capabilities around automation, and these same Leaders are far outpacing their peers when it comes to growing both revenue and assets under management, and there is still a lot of room for improvement,” he says.

However, a 2017 survey by FIS found that fewer than one in ten asset managers have achieved full automation that incorporates robotics technology across most of the activities examined, which included portfolio management, risk management, compliance and post-trade processing.

“My expectation is that we’ll see these numbers change significantly in the next few years, with AI no longer being a fanciful innovation,” says Warren. “Robotics, AI and machine learning can be applied to asset managers’ operational environments today to add value almost immediately. The time is now to get ahead of the game, before you’re too far behind to catch up.”

Data privacy and security issues

As we touched upon earlier, one of the main risks is coming from regulatory pressures, from large-scale remediation works to comply with MiFID II, PSD2, SMCR and the big challenge of GDPR. These regulations require transaction reporting, data retrieval and management, and are enforced by huge fines for those who fail to comply.

The nature of the asset management business model leaves firms particularly exposed to data privacy and security issues. They collect and hold extensive data on their customers (as well as non-customers such as beneficiaries, next of kin, key contacts, etc.), with information often passed around a broader financial services group. Marketing and communications material is extensive and often relies on this data and firms are frequently a target of cyber attack or other information security breaches.

“Good data governance, compliance and control of risks (GRC) have always been essential to a well-run asset management firm, as the data handled is of great value,” notes Eric Green, Security Strategist, Cyber adAPT. “The role of the GRC teams are set to become even more important in 2018 as GDPR introduces penalties for companies which illegally process or store data without the subject’s consent, or do not report data breaches to the authorities within 72 hours of their discovery. The regulations will be a wake up call for everybody, not just firms based in Europe.”

Data breaches have always been a threat, but the risks and costs are growing. Clients’ busy lifestyles mean that they seek to manage their investments on the go but while desktop and mobile access to customer accounts brings greater ease, it also offers cyber criminals an increased number of access points.

And with the UK now accusing Russia of cyber warfare tactics following the NotPetya attack of 2017, attacks looking to directly disrupt business operations have become a very real possibility. “With no access to these systems, asset and wealth managers will be unable to do their jobs effectively – namely, monitoring and maintaining client assets,” says Edward Holdaway, Senior Financial Services Consultant, Heat Recruitment.

What, he asks, happens if a well-timed cyber attack coincides with a market dip? Or if a hacker decides that sensitive client data is valuable enough to extort them for it? “Asset managers hold huge amounts of sensitive information – often personally identifiable. How does this then interact with GDPR or with data storage? As the industry increasingly moves towards digitisation, these risks are going to become far more pressing.”

The role of risk and compliance professionals

It’s no surprise, then, that Compliance Officers and IT risk management are more important than ever. As competition in the market continues to increase and margins are eroded, firms must move towards operating at peak efficiency in terms of operating processes, customer acquisition (and retention) strategies and data analytics and insight.

“Firms trading off the strength of their brand must also ensure that their reputations are not damaged as a result of an actual breach event or the perception of low security,” says Daniel Golding, Director in Linstock’s Finance, Risk and Compliance Practice and GDPR Lead.

“Firms focusing on value creation whilst also ensuring value protection must have an intimate understanding of the regulatory requirements governing asset management activity as well as the threats that their networks and information systems are exposed to, hence the current and increasing importance of compliance and IT risk management.”

FIS research found that asset management executives believe a range of digital, software and algorithmic trading expertise will be most critical as they strive toward their growth objectives for the next 12 months, and the role of the compliance officer and IT risk manager will intensify in tandem.

“New risk and compliance technology supporting complex investment strategies, decision making and future growth will emphasise roles supporting regulatory reporting requirements and combating cyber risk and market abuse and fraud,” says FIS’ Warren. “As regulation evolves and applies to a broader range of asset classes, these risk and compliance professionals will be called upon to ensure compliance is adhered to in a consistent and efficient way across the organisation.”

Post RDR (Retail Distribution Review), the importance of the compliance officer is at an all-time high and will gain increasing importance in the years to come, according to Heat Recruitment’s Holdaway. Given the recent changes regarding Defined Benefits schemes (most recently highlighted in the Tata Steel DB Scheme and the transfer repercussions facing a number of firms having handled this) the importance for full disclosure of information is of huge importance, on both a client level and (arguably more importantly) for any firm looking to handle business of this nature.

“Any Business Director, IFA or upper management would certainly argue that the compliance officer role is one of the most important within any wealth management/financial planning firm. Poor compliance functions will land a company in hot water. It has to a large extent throughout 2017/early 2018 and we will only see this increase in months and years to come,” he says.

Emerging technologies

One of the most difficult challenges now and for the future is digital innovation. As a sector, finance has been slower than others in recognising that bringing external expertise and technology in, rather than investing heavily in in-house IT and R&D efforts, is more advantageous, argues Fabrice Bouland, CEO, Alphametry.

“Operations, compliance and business requirements are more fluid than ever seen before and the growing availability of off-the-shelf hardware and software is allowing businesses to deploy technology whilst staying focused on their core propositions. This shift is further accelerated by cheaper and easier access to cutting-edge technologies, making secure service models over the web highly economical and valuable for users,” he comments.

There is indeed an abundance of technology for asset managers to tap into, although widespread adoption is something of a pipe dream right now. “From my perspective, if you go back three or four years to when blockchain was just emerging, some people thought it would ‘revolutionise’ the industry,” says FIS’ Warren.

“While there are some solid use cases being implemented today, there simply hasn’t been the widespread adoption that would allow people to quickly see blockchain’s value. Many revolutionary technological innovations in the past are aspirational, but the use cases need to catch up to the technology.”

“Today where we have robotics, artificial intelligence and machine learning as key technologies in asset management and across the financial services landscape, this technological aspiration is turning into an exciting realisation. When firms strategically place robotics-empowered solutions in their processing environments, they can realise quick wins with new levels of automation and operational efficiency as soon as they go live. Think of it as future-proofing your productivity,” he concludes.

Become a bobsguide member to access the following

1. Unrestricted access to bobsguide
2. Send a proposal request
3. Insights delivered daily to your inbox
4. Career development