Questions to ask regarding a fit-for-purpose risk management and reporting system
The criteria for a fit-for-purpose risk management and reporting system come under three main headings – Comprehensiveness, Flexibility, and Appropriate Transparency.
Any risk system that is fit for purpose must be comprehensive on a range of levels – strategies and instruments, risk metrics/analytics and reporting.
- Strategies and Instruments: A risk system must be able to provide a consistent set of risk information for any strategy type from simple long-only to leveraged macro to structured asset portfolios. In addition it needs to be able to cover all asset classes – equity, fixed income, commodity, foreign exchange and alternatives, and asset types – cash, derivative and hybrid.
- Risk Metrics/Analytics: A risk system must provide a comprehensive set of market risk metrics but must also provide a full set of counterparty / credit and liquidity analytics to allow for full oversight of all portfolios.
- Reporting: A risk system must also provide appropriate and specific reporting to all levels of the risk chain, from fund manager to risk officer to board director. In addition it must provide all regulatory risk reporting in an efficient manner. For RiskSystem regulatory reporting click UCITS and Annex IV
A risk system that is fit for purpose should be flexible in its design, in its implementation and in its ability to scale.
- Design: A proper risk system is not a one size fits all solution. The look, feel, layout and reporting structure of the system should have the ability to be customised for all levels of interactions.
- Implementation: A risk system needs to have sufficient flexibility so that it can incorporate user defined risk metrics and methodologies appropriate for fund management, alongside standard definitions required for regulatory reporting.
- Scale: A risk system needs to scale both horizontally and vertically. Horizontally in that is can process large numbers of positions in a short amount of time, and vertically in that it can handle large numbers of distinct portfolios on an on-going basis.
A risk system that is fit for purpose should provide appropriate levels of transparency to an administrator defined set of users. This encompasses data security protocols so that any cyber risk is effectively minimised.
- Access Control: A risk system need to be able to give different levels of access to different user groups. Fund managers need position level data for their own fund, risk managers need position level data for all funds etc. Marketing may get portfolio level data for selected funds as an additional use of transparency.
- Cyber Security: All client data must be held securely on multiple locations to enable full BCP to be enacted if required. Any data flows over insecure networks must be encrypted. Information security policies and procedures should be in place and regularly reviewed.