This article was originally published in the Tabb Forum.
As we enter the New Year, one trend that we see clearly emerging is that hedge fund compliance risk management is being revised and reinvented, driven by a set of interrelated dynamics connected to regulations, operations, as well as their own cultural DNA and business focus.
Hedge fund firms are caught up in a tangled web of global regulations -- often overlapping and sometimes disparate -- that govern their business and their operations. Additionally, hedge funds find themselves adapting to what I call the "hedge fund chameleon" business model, in which funds wear, in certain instances, sell side clothing, resulting in their having to deal with new, or hidden, compliance risks
In reaction to the global financial crisis, the potential for insider dealing, plus various benchmark and FX debacles, the "buy side", especially hedge funds, found themselves in the crosshairs of new and far-reaching regulatory schemes. The extraterritorial reach of global regulations is no longer the exception, but the norm. One could easily make the argument that hedge funds are subject to a far more encompassing, complicated, and complex regulatory framework than their counterparts on the sell side.
Case in point, the sell side and the buy side are both equally subject to various types of market manipulation, market abuse, and market conduct rules including, the SEC Exchange Act, the Commodities Exchange Act, Dodd-Frank, MAR, MAD II, and MiFID II, along with other rules established by the Financial Conduct Authority (FCA), and the Securities and Futures Commission (SFC). The buy side, however, is further subject to numerous rules and regulations that are specific to the asset/fund management industry including, but not limited to, the SEC Advisers Act, UCITS, the EU AIFMD, and the FIEA in Japan. Collectively, this global regulatory framework has had a daunting effect, both resource intensive and capital expensive, on hedgies subject to multiple regulatory jurisdictions.
Consequently, hedge fund firms are faced with the choice of buying or building "siloed" risk controls at the "country/regional level" or, alternatively and preferably, "holistic" compliance controls at the enterprise level. The holistic enterprise model goes a long way in alleviating the regulatory extraterritorial reach issue while mitigating liability for those with both gatekeeping management responsibilities and corporate governance accountabilities.
In large part because of the structural changes to the markets brought about by either regulations (e.g. Dodd-Frank), or opportunities ( e.g. the voids created by banks de-risking and retreating from market making and providing liquidity), hedge funds have been aggressive not only in scooping up sell side prop traders but in becoming a bigger force as liquidity providers and in market making, particularly in FICC markets. Along with expanded roles come expanded compliance risks that in all likelihood were not initially contemplated by the risk systems/controls of the hedge fund community. These changes resulted in new risk assessments, gap identifications, and effective gap remediations via in-house development or by sourcing commercial vendors with proven FICC expertise.
Today's hedgies need a solution that not only covers all asset classes within and outside of FICC, but that also provides a holistic compliance framework that cuts across all buy side and sell side enterprise risk. Additionally, the solution should demonstrate that it recognizes that the risk at the strategy level (e.g. macro vs micro) and at the decisioning level (discretionary vs systematic) are indeed different from one another, requiring different risk analytics/controls. This approach may require a bigger spend, but in the end it will provide a much larger ROI than mere "tick the box" approaches could. To believe otherwise is perhaps a short sighted view over the long haul.
To borrow an old, and perhaps corny, cliché "good compliance is good business". The perils of non-compliance are well understood, and one not need to look any further than the sell side casualties that resulted from the regulators/enforcement authorities that began and continued post the 2008 crisis.
At this point in time, "good business" for hedge funds dictates perfecting risk controls with a holistic compliance risk infrastructure that connects the dots from an "intent" perspective, and that identifies risk and/or supports compliance risk analytics with an all-encompassing and sophisticated communications surveillance program. This approach is integrated with those compliance risk analytics that identify hidden risk through cognitive analytics which munch through big data (internal and external), through profiling, trending, behavioral deviation, and emerging, predictive ("before the fact") technologies.
There is an often cited saying that works well to describe past attempts to redefine compliance risk management: "the more things change, the more they remain the same". Happily, I am seeing abundant evidence that this current reinvention in the hedge fund domain is proceeding differently, and appears to be a real game changer of the sort that will bring enormous dividends to all compliance risk stakeholders. I believe this change will allow for the effective delegation and discharge of compliance responsibilities in compliance risk identification, deterrence, and prevention, whether you are focused on front, middle or back office functions.