1.1.2010 Ops Risk

HEDGE FUND OPERATIONS RISK -CONFIDENTIAL

1

Operations Risk Assessment Program

For Hedge Fund Managers

January 2010Developed by Scott Lane


2

• Background

• The Opportunity

• Risk Paradigm

• Institutional Paradigm

• A New and Comprehensive Approach

• Examples

Contents


3

• Basel II Definition for Operational Risk for Financial Institutions:“…the risk of loss resulting from inadequate or failed internal processes, people and

systems…”

• While Basel II applies to financial institutions, the principles can be applied to any financial services firm, including hedge fund managers

• Take Away from Basel II: Paradigm that Focuses on Processes, People, and Systems and Infrastructure

PeopleProcesses Systems and Infrastructure

Operational Risk

Background


4

• Institutional investors continue to demand ever more formalization and sophistication for operations risk management by hedge fund managers

• The Great Recession we are beginning to exit will only increase the importance of and scrutiny on operations risk

• Much more U.S. and European regulation of hedge funds expected

• Increased focus on risk management expected

• Fund managers will increasingly need to demonstrate that they are adequately managing their operational risks to retain and attract capital

• Consequently there is an opportunity to develop an integrated operations risk program that:

• Incorporates risk management principles and looks and feels like an institutional program

• Is a consistent approach to applying judgment, resulting in increased comparability of fund managers

• Not only assesses control design but also assesses and tests operating effectiveness

Background (continued)


5

The Opportunity

Develop Integrated

Operations RiskApproach

Hedge FundPractices

InstitutionalPractices

Need for Comparability

Risk Paradigm

IncreasedRegulation


6

Risk ParadigmOperations Risk Level

Resources Allocated to Mitigate Operations Risk

Risk Reduction

Resources:

Mix of people, processes, and systems are the hedge for operations risk

Equilibrium where cost of control measures balances operations risk

Question 1: is the operations risk adequately reduced / managed?

Question 2: has the optimal mix of people, processes, and systems been applied to manage operations risk?


7

Risk Paradigm (continued)

Low Automation

High Automation

• Routine transactions

• Highly liquid Positions

• Low judgment required

• Example strategy: Long-Short Market-Neutral Equity

• Automate everything

Systems

• Non-routine transactions

• Illiquid positions

• High judgment required

• Example strategy: distressed

• Automate to extent possible but limited


8


Lower Skills / Experience of

Operations Team

High Skills / Experience of

Operations Team

• Routine transactions

• Highly liquid positions

• Low judgment required

• Example strategy: Long-Short Market-Neutral Equity

• Hire seasoned at top levels, less experienced and skilled at lower levels

People

• Non-routine transactions

• Illiquid positions

• High judgment required

• Example strategy: distressed

• Hire seasoned and skilled professionals at all levels


9


• The mix of systems and people necessary to optimize control depends on the situation / investment strategy

• Key processes should be formalized, well documented, and communicated regardless of the situation

• The only question is whether those processes are executed and monitored by people or systems

Processes


10


> $10,000,000$10,000,000$1,000,000$100,000$10,000

Natural Disaster

Once a Decade

ComplianceOnce a Year

Level 3 Valuation

Once a Quarter

Level 2 Valuation

Level 1 Valuation

Once a Month

Transaction Processing

Once a Week

Freq

uenc

y / P

roba

bilit

y

Impact / Severity

• Borrowing from how credit risk is assessed, each operational area / operations risk driver can be assessed for the frequency of failure and the impact stemming from failure

• These assessments can then be aggregated to build a heat map of the entire operations of a firm Example Only


11

• Sarbanes-Oxley 404 has been executed by the PCAOB who issued the following guidance

• PCAOB Auditing Standard No. 5, An Integrated Audit of Control Over Financial Reporting That Is Integrated with An Audit of Financial Statements

• Top Down Approach to Scoping:• Identify entity level controls

• Control environment

• Routine vs. non-routine

• Identify significant accounts / risk areas

• Control Testing and Assessment• Design effectiveness

• Operating effectiveness

• Walkthroughs

• Key take away: apply a top down approach to identifying risk areas then assess both control design and operating effectiveness, not just design

Institutional Paradigm – Sarbanes Oxley


12

A New and Comprehensive Approach

People

Processes

Systems & Infrastructure

Standardized Operational Footprint for Comparability

Operational Area A

Operational Area B

Operational Area C

Test and Assess Using Institutional

Methods

Risk Paradigm of

People, Processes, &

Systems


13

A New and Comprehensive Approach (continued)

1. Define operational areas common across fund managers

2. Perform a risk assessment for each operational area, summarized via a heat map, to determine relative and absolute risk while considering the following for each area:

a) Probability or likelihood that an operational breakdown could occur (probability of error)

b) Impact or consequences if that area were to breakdown (severity)

3. Assess operational control design across operational areas considering controls composed of:

a) People

b) Processes

c) Systems and Infrastructure

4. Perform walkthroughs for moderate and high risk areas to ensure controls are operating as designed

5. Score each area and document work performed, conclusions reached

6. Apply this framework consistently to allow for comparability of fund managers


14

Example – Operational Heat Map• Whether outsourced or not, the operational areas (blue boxes) should be

common operational areas across hedge funds

• Sub-areas would presumably be fairly consistent as well but would likely vary to some extent

Marketing & Fundraising

Portfolio Mgmt Trading Settlement

Fund and Investor

AccountingRisk Mgmt Legal &

ComplianceHuman

ResourcesInformation Technology Office Mgmt Investor

Relations

Performance Presentations

Deal Sourcing Trade Execution

Cash Movement

Levels 1 and 2 Valuation

Liquidity Risk Regulatory Compliance

Hiring Process User Support Records Management

Investor Reporting

Due Diligence Facilitation - Prospective Investors

Underwriting & Initial

Investing

Trade Allocation

Cash Custody Level 3 Valuation

Credit & Counterparty

Risk

Portfolio Management

& Trading Support

Performance Measurement

Systems Maintenance

Vendor Management

Investor Liquidity

Monitoring

Terms & Structuring

Investment Tracking & Monitoring

Position Custody

Fund Accounting &

NAVMarket Risk

Entity and Alliance

Formation and Governance

Firing ProcessSystems

DevelopmentTravel

Management

Ad Hoc Marketing Analysis

Subscription / AML Process /

KYC

Business Partners & Alliances

Administrator Mgmt

Investor Accounting & Allocations

Managerial Reporting &

Analysis

Management Company

Disaster Recovery

Accounts Payable

Due Diligence Facilitation -

Existing Investors

MgmtExternal

Auditor Mgmt

Business Continuity Planning

Facilities Management

Green = low risk

Yellow = moderate risk

Pink = high risk

Example Only


15

Example – Risk Weighting

Operational Area Liklihood of

Failure Severity from

Failure Gross Risk

Score Risk

Weighting People Processes Systems Total

Marketing & Fundraising 2.00 4.00 8.00 8.3% 5.00 1.00 1.00 7.00 Portfolio Mgmt 3.00 5.00 15.00 15.6% 4.00 1.00 1.00 6.00 Trading 3.00 3.00 9.00 9.4% 3.00 2.00 4.00 9.00 Settlement 2.00 3.00 6.00 6.3% 4.00 2.00 4.00 10.00 Fund and Investor Accounting 3.00 4.00 12.00 12.5% 4.00 3.00 4.00 11.00 Risk Mgmt 3.00 5.00 15.00 15.6% 3.00 1.00 2.00 6.00 Legal & Compliance 2.00 4.50 9.00 9.4% 5.00 5.00 1.00 11.00 Human Resources 2.00 4.00 8.00 8.3% 2.00 1.00 2.00 5.00 Information Technology 2.00 3.00 6.00 6.3% 5.00 2.00 3.00 10.00 Office Mgmt 2.00 1.00 2.00 2.1% 3.00 2.00 1.00 6.00 Investor Relations 2.00 3.00 6.00 6.3% 4.00 1.00 1.00 6.00 Total Operations 96.00 100.0% 3.80 1.86 2.21 7.88

Liklihood of Failure People, Processes, SystemsOnce a week 5.00 Excellent 5.00 Once a month 4.00 Very good 4.00 Once a quarter 3.00 Good 3.00 Once a year 2.00 Fair 2.00 Once a decade 1.00 Poor 1.00

Severity from Failure> 10,000,000$ 5.00

10,000,000$ 4.00 1,000,000$ 3.00

100,000$ 2.00 10,000$ 1.00

Risk Risk Mitigation

• There are many ways in which one could rate operational areas and controls

• However, the key is to (a) have a consistent approach, (b) apply a risk weighting to the assessment, and (c) actually test the control design via walkthroughs to ensure the ratings assigned are indeed valid

Example Only


16

Example – Supporting Work

List of Attachments and Supporting Schedules [insert text]

Has the Control Design Been Tested (i.e., walkthrough) and are the Controls Operating as Designed? [insert text]

Summary of Analysis Conducted and Conclusions Reached[insert text]

System Rating

(scale of 1 to 5)

4

Process Rating

(scale of 1 to 5)

3

People Rating

(scale of 1 to 5)

4

SECTION: FUND AND INVESTOR ACCOUNTINGValuation:Is there a formal valuation committee? Who is on the valuation committee, is the ultimate decision making independent from portfolio management function?Are there minutes taken at the valuation committee?Is there a documented valuation policy?What is the most recent valuation level composition?How is level 1 pricing determined and supported?How is level 2 pricing determined and supported?How is level 3 pricing determined and supported?Have the external auditors provided any management letter comments on the valuation process?Have the external auditors noted an significant deficiencies or material weaknesses in the valuation area?How often are marks updated?Who is responsible for determining the marks and what are their qualifications?Who is responsible for supporting the marks and what are their qualifications?Approximately how many hours per month / year does operations spend on supporting valuation?What systems are used in the valuation process and how automated is the process?How may prices per position are usually obtained?When was the most recent price override by operations (that being operations overriding portfolio management)?Are any third party experts used in the valuation process? If so how close have their results been to management’s?Have there been any NAV restatements due to valuation?Have there been any significant estimate to actual variances due to valuation?

Example Only


17

Example – Comparing Fund Managers

Operational Area People Processes Systems Total Operational Area People Processes Systems Total

Marketing & Fundraising 5.00 1.00 1.00 7.00 Marketing & Fundraising 4.00 1.00 2.00 7.00 Portfolio Mgmt 4.00 2.00 1.00 7.00 Portfolio Mgmt 4.00 1.00 5.00 10.00 Trading 3.00 2.00 4.00 9.00 Trading 2.00 2.00 5.00 9.00 Settlement 4.00 2.00 4.00 10.00 Settlement 2.00 2.00 5.00 9.00 Fund and Investor Accounting 4.00 3.00 4.00 11.00 Fund and Investor Accounting 2.00 3.00 4.00 9.00 Risk Mgmt 3.00 1.00 2.00 6.00 Risk Mgmt 4.00 1.00 4.00 9.00 Legal & Compliance 5.00 5.00 1.00 11.00 Legal & Compliance 2.00 3.00 3.00 8.00 Human Resources 2.00 2.00 2.00 6.00 Human Resources 2.00 1.00 3.00 6.00 Information Technology 5.00 2.00 3.00 10.00 Information Technology 3.00 2.00 4.00 9.00 Office Mgmt 3.00 2.00 1.00 6.00 Office Mgmt 1.00 2.00 2.00 5.00 Investor Relations 4.00 2.00 1.00 7.00 Investor Relations 3.00 1.00 2.00 6.00 Total Operations 3.80 2.17 2.21 8.18 Total Operations 2.90 1.68 3.80 8.38

Difference 0.91 0.49 (1.59) (0.20)

DISTRESSED EXAMPLE LONG-SHORT MARKET-NEUTRAL EQUITY EXAMPLE

Risk Mitigation Risk Mitigation

• Once a standardized approach is applied, fund manages can be more easily compared

• The below example compares fund managers who aren’t even in the same investment strategy

• One has a focus on people (distressed) while the other has a focus on systems (LSMN) to manage their risk as would be expected

• Ultimately they have similar total scores but they take a different path to get thereExample Only

Economy & Finance

1.1.2010 Ops Risk