Looking Ahead: What to Expect for Investment Industry Operational Risks in 2021

By Vincent Molino, Head of Operational Risk Management Solutions

While 2020 presented challenges for the investment industry, it also forced many to reassess what it means to operate as part of an organization with physical separation, all while businesses were forced to make a sudden pivot into social distancing and remote operations. Even with the prospects of a return to normalcy coinciding with the rollout of various COVID-19 vaccines, many will remain at home carrying out work remotely and into the near future.

In 2021, we should consider the lessons learned from the previous year with a focus on identifying the challenges presented by a remote environment, while strengthening the ability of teams to operate together while physically distanced. Now that nearly a year has passed, and many have adjusted to remote work, what trends are apparent, and what bearing will they have on operational risk in the year ahead?

• Virtual fundraising will remain – While investment fund capital raises and marketing saw a slowdown just as the pandemic set in – buyout fund capital raising was down in Q1 2020 by 50% in the U.S. and 70% in Europe1 – asset managers and some investors appeared to settle into virtual fundraising as the year progressed. 

Virtual fundraising was most prevalent between investment managers and investors who had worked together previously, as opposed to investors initiating new investment relationships. In-person fundraising will likely return in some capacity when it’s prudent to do so, and employees return to their offices in large enough numbers, with travel restrictions having been lifted. However, face-to-face meetings will likely remain lower than pre-pandemic levels.

Many firms are already publicly announcing that remote work will be a permanent part of their operations, with virtual capital raising likely to continue playing an important and ongoing role. As the industry continues to gain comfort with virtual fundraising, a thaw will likely set in for those investors that chose to freeze new investments with unfamiliar relationships. For those investors that were unable or unwilling to pursue due diligence on unfamiliar investment managers by remote means, adaptation to a new business environment will be needed.

• Regulators will refocus – In 2021, global financial regulators will likely turn an eye to those initiatives not completed in 2020, with potential new U.S. regulations to consider under a new presidential administration.

One key regulation that the SEC passed in December 2020, and that registered investment advisors will be required to comply with in 2021 through mid-2022, is the valuation rule, which requires fund managers to designate an entity responsible for determining a fund’s fair value, and comply with other rules included in the regulation.2

While some compliance deadlines for global regulations were extended as the pandemic set in, examination schedules may be resumed, with investment managers and asset allocators alike renewing attention on their compliance efforts, to ensure their processes meet the expectations of regulators. In addition to responding to new regulations and complying with deadlines for existing ones, investment firms will have to consider the implications of a fully remote or hybrid office environment when it comes to their compliance oversight processes.

• Cyber risks will continue to grow – Many investment firms spent most of 2020 implementing new remote work practices, settling into a new normal while making ongoing adjustments to their remote operations. Leadership teams across many industries had been occupied with the challenges of making sure their businesses could operate in the new environment. As reported in an IT security survey, 85% of chief information security officers (CISOs) across various industries believe they sacrificed cybersecurity in order to quickly allow employees to work from home.3

Conversely, a number of investment managers and their investors enhanced their focus on cybersecurity controls as a result of operating in a remote environment. Unfortunately, even the concerted efforts of many in the investment industry to strengthen their cyber protocol was undermined by the recent disclosure of one of the largest data breaches in history which penetrated the software, systems and companies many investment firms depend upon. The timing of this breach is certain to add to the impact and intensifying emphasis on cybersecurity of remote operations, and debate regarding the benefits of cloud computing.4

Looking to move forward in 2021, investment firms can begin to reduce operational risk by introducing a range of enhanced processes, such as evaluating technology infrastructure to support a remote environment, developing additional training to identify and escalate compliance issues, and considering the expertise of independent third-party cyber assessment firms in evaluating new cybersecurity risks.

In addition to these tactics, engaging with an operational risk management specialist presents a strong opportunity to facilitate a third-party review of front-to-back operations, in identifying risks and providing solutions for remediation.

Operational risk management specialists can conduct a gap analysis, help develop enhancements that strengthen operations, or benchmark to industry best practices. When practicing risk management in today’s environment, such projects can effectively be implemented virtually if the specialist team requests the right documentation, conducts thorough interviews, and has experience working with diverse investment organizations.

Investment firms can also benefit from engaging in an operational due diligence project for internal use, with the potential for external distribution to fulfill third-party due diligence requirements. Within recent years, there has been increased interest by investment managers to self-commission such reports due to requests by investors.

Alternatively, both investment managers and asset allocators can leverage operational risk management specialists for service provider assessments, which identify risks related to critical vendors. By applying a similar risk framework that is utilized for an investment firm’s due diligence, critical enterprise and service-level risks can be addressed when working with a third-party service provider.

Although 2020 has presented the investment industry with challenges that are unlikely to occur again soon, the insights and lessons learned over past months have presented a unique opportunity to address a business adapting to change. In order to facilitate such transition, the expertise of specialists in the operational risk field can provide the guidance needed to meet the demands of an evolving investment industry in 2021 and beyond.

1 FundFire, “When Offices Reopen, Will Face-to-Face Due Diligence Return?”, June 17 2020
2 SEC, “SEC Modernizes Framework for Fund Valuation Practices”, December 3 2020
3 Netwrix, “2020 Cyber Threats Report”, January 29 2021
4 Wall Street Journal, “Suspected Russian Hack Extends Far Beyond SolarWinds Software, Investigators Say”