The Future of Investment Compliance for Asset Owners: The Next Great Transformation · 2021. 1. 15. · THE FUTURE OF INVESTMENT COMPLIANCE FOR ASSET OWNERS: THE NEXT GREAT TRANSFORMATION

STATE STREET CORPORATION 1

The Future of Investment Compliance for Asset Owners: The Next Great Transformation

By: State Street Global Services – Performance Services

December 2014

THE FUTURE OF INVESTMENT COMPLIANCE FOR ASSET OWNERS: THE NEXT GREAT TRANSFORMATION


Contents

Introduction

Structure and Workflow of Compliance Programs

Data Integration

Common Program Challenges

The Future of Compliance



Introduction: Getting to Today

“We want to be at the leading edge, not following.” – Large asset owner

For most of the past decade, asset owners and asset managers allocated valuable resources to establishing and

improving their investment compliance programs. Objectives have ranged from simple execution of processes

allowing them to comply with investment policy requirements, to clear demonstration for audit purposes of strong

alert and fail management procedures. In many cases clients can now easily produce reports and matrices that

encompass any breaches and their resolution. Compliance reporting has evolved from obligatory reports quickly

filed away, to “at your fingertips” information showing more comprehensive compliance results to satisfy internal

monitors, auditors, investors and owners.

The importance and growth of investment compliance programs, the need for improved risk management, and

expansion of the regulatory environment have led to the necessity of expanded and refined compliance tools;

providers — big and small — have led the charge here. Most of the larger pension funds and asset managers

are now working with custodians and with a handful of leading compliance engines and providers for outsourced

compliance processing services, while smaller asset owner organizations have chosen either to use custodians

or to perform in-house compliance.

No matter what the approach, online tools have taken on greater importance, allowing users to track and modify

actions taken for each of their breaches and to perform trend analysis across their portfolios. Simple reporting

now allows users to capture a summary of the program and share it regularly. Corporations, pension funds and

mutual funds have all moved forward in their view of compliance and its importance in their overall risk

management programs.



This decade-long transformation, combined with recent market activity and investment instrument development,

has given way to a financial landscape that is quickly changing and highly regulated. Today’s compliance

programs need not only be auditor- and investor-ready, they must be able to prove themselves against current

and future regulations as well.

The Exercise: Getting to Tomorrow

We spoke with a set of North American asset owners and investment managers between May and December

2014 to get an idea of how they are managing their compliance programs to align themselves with new and ever-

changing market requirements. These conversations gave us a view into our clients’ existing compliance

programs and their plans to transform those programs to meet future requirements.

Specifically, our research sought to gain insight into the following:

Role of Compliance in the Organization

Daily Operational Workflow

Use of Online and Proprietary Tools

Reporting Needs

Audiences for Compliance Results

Asset and Instrument Coverage

Regulatory Requirements

Support Networks – Peer to Peer



To give us a more complete view of the investment compliance landscape, clients interviewed for this initiative

encompassed both current State Street Investment Compliance subscribers and clients using other services

and/or performing compliance in-house.

The initiative gave clients a unique opportunity to share their views on investment compliance services, influence

the future direction of our product offering, and provide input on best practices.

Based on the responses received, we’ve organized this report into four sections:

Section I Structure and Workflow of Compliance Programs

Team structure, roles and responsibilities, testing frequency, reporting uses and consumers of

information

Section II Data Integration

Performance information, alternatives and illiquids, risk statistics and derivatives data

Section III Common Program Challenges

Section IV The Future of Compliance

I. Structure and Workflow of Compliance Programs

While each organization interviewed presented a unique story, we found one interesting similarity: most were in

the process of overhauling or significantly tuning their compliance programs.

In the process, organizations are looking at the areas of:

Team Structure

Roles and Responsibilities

Measurement Frequency

Reporting Requirements

Consumers of Compliance Information

Based on our research, it seems that most organizations have similar goals, but are executing differently based

on their individual needs, circumstances and resources.



Team Structure. The size and shape of compliance programs continue to evolve. Some are small, with only a

single full-time employee responsible for day-to-day duties and program oversight. Others have spread oversight

across individuals that have compliance responsibilities along with other performance and risk-based duties. A

few have dedicated investment compliance teams with little or no non-compliance responsibilities. Common

among the participants we interviewed: a very small subset of clients said they had brought compliance

monitoring totally in-house; the rest had outsourced responsibility to a custodian or provider. The most standard

practice is that program oversight and alert management functions are held at the asset owner or manager, with

rules construction, maintenance, and daily and/or monthly compliance processing and reporting outsourced to

servicing entities.

Roles and Responsibilities. These days, chief executive officers (CEOs) are more closely tracking their

compliance programs and investment officers are making regulatory compliance a top priority. All of the

organizations interviewed listed their chief investment officers (CIOs) as the final reviewer of their compliance

reporting. Even five years ago, that was not the case.

If we use a public pension plan that has outsourced its compliance operations to a custodian or provider as an

example, typical roles and responsibilities might look like this:

Program Oversight and Authorization: Pension Plan

Guideline Analysis: Provider

Rules Construction and Maintenance: Provider

Rule Signoff: Pension Plan

Annual/Semiannual Rule Review: Provider with Pension Plan signoff

Daily/Monthly Compliance Monitoring: Provider

Alert Management: Pension Plan

Board/Management Reporting: Pension Plan

Measurement Frequency. In the asset manager space, daily compliance testing is the norm, and asset owners

are quickly moving in that direction. When looking at State Street’s North American investment compliance client

base, in 2010 about 60 percent of clients received monthly measurement and 40 percent received daily. In 2014,

that proportion has reversed. Today about 70 percent of our clients are on daily service while 30 percent receive

monthly monitoring.

Reporting Requirements. As noted earlier, the stature and role of compliance within organizations has

changed. Many interviewees mentioned strong interest and oversight coming from either their CIO or CEO.



Almost all compliance programs in the study stated a need for reporting that summarized the current status of the

compliance monitoring, complete with alert management details and trend analysis over a given time period

(often a 2-3 month historical period).

Consumers of Compliance Information. The position of users of this information within the organization has

also changed, with CIOs, CEOs, boards and committees consuming high-level reporting, with internal monitoring

teams and portfolio managers using next-generation reporting containing further details and trend analysis.

II. Data Integration

The provision of new information and next-generation reporting cannot be successfully implemented without

better and more comprehensive data. Organizations are making efforts to include more granular types of data

into their compliance testing and overall reporting. Unfortunately, they are running into roadblocks — more on

that shortly. For now, let’s focus on what organizations are including and what’s to come next.

Over the past few years, compliance professionals have been working to expand their testing to encompass

more investment types such as commingled and pooled funds. In the past, these were treated as line items in a

portfolio and were either excluded from testing or treated as a single security. Today, organizations are pulling

third-party data into their testing to account for the underlying holdings of that single line item; this gives them a

more granular look into what they truly own. Test results more accurately reflect the true weighting of an industry,

sector, issuer or security.

Many organizations aren’t able to secure all the data they need to accurately test

compliance as comprehensively as they would like. Firms are turning to custodians to help

them acquire more of what they need and working with their portfolio managers and other

providers to acquire more detail on private assets, hedge funds, and for risk and liquidity

information.

Compliance professionals are attempting to challenge their data requirements by going through this same

exercise again; performance analytics, alternatives and risk information are the next set of information that

programs wish to incorporate into their testing and reporting. Performance statistics are now being included in

tests with limits placed on each; many tests only treat these limits as warnings rather than true alerts, with most



clients looking at them as “information only” type rules. The same cannot be said for the inclusion of risk

statistics. Tracking error, for instance, is a key risk indicator that more compliance officers are including in their

testing. Some risk platforms and services are able to set limits around certain figures; however, they lack the

ability to add commentary to a breach or create an audit trail to close out or explain a breach. Compliance

systems do a superior job of this and provide a level of comfort to compliance officers that is unavailable on other

systems. Organizations are now asking, “When does a risk limit become a compliance rule?” and risk and

compliance functions are blending when organizations construct or retool their investment oversight.

Alternatives are also a complex data component that some organizations are beginning to include in their

compliance assessment. In most cases clients interviewed are still evaluating exactly what and how they want to

test private and illiquid assets. The unique data timing and transparency challenges presented by these assets

are becoming the next frontier for the most rigorous programs.

As noted, regulators are playing their part in transforming

compliance programs as well. The complexities and

leverage associated with derivative investments have led

regulators to try to surface and quell portfolio risk.

Regulators have instituted reporting requirements in many

arenas. And those funds not directly required to report

under these regulations have often instituted their own

leverage and exposure testing. Both movements have

required compliance professionals to challenge their data

providers to include more underlying data and issuer

information to allow their compliance testing to accurately

reflect holding concentrations, leverage and exposures.

Board reporting and investment committee presentation

materials are also changing. The majority of clients

interviewed have begun to include performance and

compliance in all standing material delivered to their

boards, committees and senior management.

Performance, risk and compliance are being viewed as

one in a complete risk management program.

Best Practices Learned from the

Study

Use of centralized teams with

clear responsibilities

Data integrity focus, workflow

orientation (clear roles)

Compliance measurement

across public and private

assets

Rules and measurement at

portfolio, position, strategy

levels

Use of control rules (warnings)

Frequency – migrating to

weekly/daily

Collaboration with peers

(Council of Compliance

Pension Officers)

Consumers include portfolio

managers, risk team,

management team, board



III. Common Program Challenges

Most of the gaps our interviewees identified center on data. Whether third-party data, private equity, performance

characteristics, risk statistics, liquidity information or alternatives, many organizations aren’t able to secure all the

data they need to accurately test compliance as comprehensively as they would like. Firms are turning to

custodians to help them acquire more of what they need and working with their portfolio managers and other

providers to acquire more detail on private assets, hedge funds, and for risk and liquidity information.

Investment compliance and risk professionals are finding themselves linked when constructing or refining the

organization’s overall risk management program. The result of these conversations puts compliance

professionals in a new situation: their investment officers now want to see the “riskiness” of their portfolios and

how they measure up against current or anticipated limitations. Measures such as liquidity, tracking error and

VaR are all beginning to surface in compliance testing. Most organizations that are including them in their testing

are doing so using vendor data or custodial data from those that offer a risk-based service. Some of the risk tools

in the market are able to place limits around certain statistics; however, getting those tests incorporated into the

overall compliance results is often a manual process that sits in the client’s operations or the contracted

compliance back office.

A few interviewees mentioned that one area of manual calculation or testing lacking sufficient coverage was

Substantial Shareholder testing. This type of monitoring requires an entity to look across all of its investments

and ensure that they do not exceed foreign ownership limits in any one country. These limits often differ by

country; maintaining accurate limits information and executing required testing can be quite cumbersome. Some

firms are offering Law Cards supporting the maintenance of these limits; however, updating the restrictions in a

compliance engine is a manual process and normally not done by the same firm. There is appetite for a service

offering where both the maintenance of and measurement against country limits are executed by a single

provider.

Alternatives bring new challenges, with many organizations trying to figure out how they want them included in

their testing. The study seems to show that of those using alternatives in their investment portfolios, all have

begun to try to obtain more granular level detail on underlying holdings. The issues many are running into are

that it is extremely difficult to secure the needed information, and they are unsure of what they want to test. Early

best practices place the responsibility on the portfolio managers (often, external managers) to provide accurate

holdings data with underlying information in a flat file and delivered to the client. Currently, most organizations

testing these assets are using offline calculations, with a few able to directly upload the data to their compliance



monitoring system. There are no official common best practices when dealing with alternatives and many

organizations are curious as to what their peers are doing to fill the gap.

“We have a small team – we’re reliant on third-party support.” – Global asset owner

Collaboration with peers was another item that came up often in discussions. A small proportion of respondents

expressed little or no interest in sharing information with their peers or in identifying what others are doing in the

compliance space. The greater majority were keen on finding and using forums where compliance, investment

and risk management professionals could compare their programs and measurement concepts to expert peers.

Rules, new regulations and their treatment, data gathering techniques, compliance program composition and

reporting are all points of interest where collaboration is viewed as beneficial. Some organizations are part of the

Council of Compliance Pension Officers, but it is limited to the pension space; areas like insurance and mutual

funds, for instance, appear to lack the same type of forum.

These challenges and how they are met will drive the investment compliance industry through its next phase of

change.

IV. The Future of Compliance

The last decade has shown us many changes and evolutionary shifts in the investment compliance space. Based

on these findings and related conversations, we are in store for another transformation. Whether it’s driven by

organizational needs, gaps in data integration, an increase in the audience for breach results, the importance of

compliance in an overall risk program or a need for more information sharing within the industry, we begin to see

an emerging vision of the future compliance landscape.

Although a few respondents have pulled or kept their compliance back-office work in-house, the majority have

contracted it out to custodial firms or providers that supply a full back-office service. This continues to be the

trend and will be a key assumption in our model for how the compliance landscape is changing.



From the responses and content we have gathered, it is clear that the organizational structure of an entity’s

compliance team is the foundation on which the compliance program is created. As compliance has grown from

a small piece of an investment oversight program to one of the more important elements, compliance activity will

be less of an organization’s part-time focus and more a core function. Within this core function, compliance

teams will have greater authority, report to higher levels within the organization and comprise a greater share of

investment-related staff.

Given more authoritative roles, compliance teams will be empowered to ensure investment managers close out

or sign off on their alerts without the intervention of a CIO. Compliance testing will continue to move to daily

testing, with most organizations replacing the monthly testing schedule. The results will often be incorporated into

a daily/weekly report with officer signoff and CIO review; all alert management details will be documented online

and secured for audit.

The next component in building a strong compliance program will be augmenting the data required for testing.

Data needs are driven by markets, strategies and the regulatory environment; with the lines between risk and

compliance beginning to blur and the increased complexity of investment instruments, organizational data needs

are being driven further. Liquidity testing, which has normally been contained within a risk service, is becoming

more important to compliance professionals, increasingly testing limits placed on the level of liquidity in a

portfolio. Mutual funds are seeking to ensure their portfolios can be liquidated quickly enough if faced with

potentially aggressive redemption demands. Once these liquidity rates are calculated, programs are looking to

test how close they are to regulatory and/or self-imposed tolerance levels. Tracking error and VaR are also

making their way into regularly scheduled compliance monitoring. This will lead firms to include alternatives and

illiquid securities, with the responsibility falling to investment managers to provide more granular information to a

compliance back office (custodian, provider or in-house).



Regulatory requirements, risk management, expanded and more senior consumers,

new and more complex data integration, proactive testing and a collaboration effort

by both service providers and clients themselves will drive the continued

transformation of investment compliance.

For the greater part of the past 10 years, compliance programs have been focused on post-trade results. As

firms’ need for “real time” information increases and they move to get ahead of trading before it happens, pre-

trade compliance for asset owners may become more commonplace. The need for post-trade results will still

exist, with the trend analysis, alert management and audit trails it brings. However, being proactive with

managing the risk to a portfolio will become an important step in the compliance process.

The transformation of investment compliance will be driven by increased collaboration between peers. There are

a few forums to share information and best practices; however, strides can be made to fully connect firms with

one another. New regulatory requirements should help push this along. The fact that many organizations will

have similar responsibilities should generate the need for a common place to discuss how to construct testing,

reports and necessary filings. Custodians, law firms and even the organizations themselves can play a part in

creating more online committees, conferences and community forums. These will give compliance and risk

professionals an opportunity to plan for and work with coming investment restriction.

Regulatory requirements, risk management, expanded and more senior consumers, new and more complex data

integration, proactive testing and a collaboration effort by both service providers and clients themselves will drive

the continued transformation of investment compliance.



Comparison of Compliance Capabilities Over Time

Study Characteristics

2004 2014

Organizations begin to outsource their

compliance operations

Majority of large organizations outsource

some or most compliance operations

Basic data sources: Holdings based with

few derivatives or complex measures

included

Holdings, transactions, derivatives and

complex data are included in testing

Testing done using spreadsheets and

early version compliance systems

Multiple software and service programs

available and most custodians have

automated online solutions

Reporting is summary based with little

underlying detail displayed

Reports include a summary along with

underlying alert details

Compliance for external managers is

mostly monthly certification signoff

based

Alert management available online with

commentary, attachments and signoffs

Testing reports are delivered via email or

mailed in hard copy

Full audit capabilities available for both

regulatory and internal organizational use

Little to no online reporting and fail

management capabilities

Reporting, fail management and results

detail stored and delivered via online tools

Sample Pool: 15 organizations with over $850 billion in total net assets

Size of Organizations: Less than $10 billion to over $150 billion

Type of Organizations: Asset owners, asset owner/manager hybrids

Regional Location: North America

Length of Study: May through December 2014

Staff Sizes: 1 to 4



Disclosures: Research method/Source: Reference material taken from client responses during interview process (described in the Introduction) along with general observations of industry trends and client behavior over time. Views and opinions expressed herein are those of the author(s) and they are subject to change based on market and other conditions and in any event may not reflect the views of State Street Corporation and its subsidiaries and affiliates (“State Street”). This information herein is for marketing and/or informational purposes only and it does not constitute investment research or investment, legal, or tax advice, and it is not an offer or solicitation to buy or sell any product, service, or securities or any financial instrument, and it does not constitute any binding contractual arrangement or commitment of any kind. This information has been prepared and obtained from sources believed to be reliable at the time of publication; however. it is provided “as-is” and State Street makes no guarantee, representation, or warranty of any kind as to its accuracy, suitability, timeliness, merchantability, fitness for a particular purpose, non-infringement of third-party rights, etc. This communication is not intended to be relied upon by any person or entity. State Street disclaims all liability, whether arising in contract, tort or otherwise, for any losses, liabilities, damages, expenses or costs arising, either direct or consequential, from or in connection with the use of this document and/or the information herein. No permission is granted to reprint, sell, copy, distribute, or modify any material herein, in any form or by any means without the prior written consent of State Street. Copyright © 2014 State Street Corporation, all rights reserved. State Street Global Services® is the investment servicing business of State Street Corporation (NYSE: STT), one of the world’s leading providers of financial services to institutional investors.

www.statestreetglobalservices.com SSGSNA-0018
http://www.statestreetglobalservices.com/

Documents

The Future of Investment Compliance for Asset Owners: The Next Great Transformation · 2021. 1. 15. · THE FUTURE OF INVESTMENT COMPLIANCE FOR ASSET OWNERS: THE NEXT GREAT TRANSFORMATION