Blog | Landytech

Best Practices in Investment Risk Management: 2024

Written by Landytech | Jan 8, 2024 9:30:00 AM

As market volatility returns with a vengeance, an institutional-grade risk function is now a critical factor in investors’ allocation decisions. 

For risk management, the ability to demonstrate extensive expertise alongside a deep understanding of the investment side of the business is crucial. As is a tailored approach to risk. So, what best practices do firms need to follow to achieve an institutional-level standard of risk management? 

There are two essential characteristics that allocators are looking for. One is independence of the risk management function. The other is a robust yet agile risk management framework. 

Here’s why they are so crucial, and how to implement them in your own organisation. 

Best practices in risk management

Independence of the risk function  

Risk is secondary to portfolio management within many investment firms. Managers may claim to have strong risk processes, but when the balance of power lies with investment teams, they often end up with the final say. 

To ensure the function has a strong voice in investment decisions, risk management needs to be fully independent. And the people in charge of risk management must maintain that spirit of independence. Risk should not be a tick-the-box exercise or a pure reporting function. 

However, independence does not mean isolation from the portfolio management function. Collaboration and open communication between portfolio managers and risk managers is critical if the firm is to optimise its performance and prevent future issues from emerging. 

A strong risk management framework 

Managing a portfolio’s exposure to several types of risks – using metrics such as Value at Risk (VaR), stress tests and leverage, liquidity, concentration, and credit risk – is essential to ensure the portfolio is managed in line with its performance objectives and the client’s desired risk appetite. 

A robust risk framework starts with a ‘Risk Management Process’ (RMP). This is an all-encompassing document that defines and explains the details of the risk management framework to ensure it meets best practice standards in coverage and structure. 

Investment managers also need to create a ‘Portfolio Risk Profile’ (PRP) for their investment vehicles. The PRP, which falls under the risk management team’s responsibility, contains all the product information and defines the product integrity. It provides an overall description of the investment style and strategy, alongside an approved list of instruments and the risk and performance targets. It should also assess and describe all the identified sources of risk. 

How to set up a risk management framework 

A strong risk management framework needs three lines of defence to ensure risk is controlled at multiple levels. 

First line: Fund manager 

Portfolio managers are the primary managers of investment risk. They manage portfolio risk on a day-to-day basis, leveraging their knowledge and experience of the market in which they operate. Before implementing a trade, the manager will assess the risk to gauge what impact the trade would have on the overall risk of the portfolio. By following the market and any sudden developments they can protect investors’ capital. 

Portfolio managers need to ensure the risk metrics and techniques they use are specific and appropriate to the given investment strategy. These metrics and processes should be shared and discussed with the second layer of risk oversight (the independent risk review) to provide feedback on the process used in light of industry standards. 

Second line: Independent risk review 

In addition to the internal risk management activity performed by portfolio managers, it is important to have a second layer of oversight that feeds directly to the management team. As well as serving as a valuable check, an independent risk function can recommend best practice procedures and processes based on their experience and promote those principles within the firm. 

Independent risk reviews can be conducted by a functionally separate internal risk team or outsourced to a dedicated third-party managed service provider. Whichever option is chosen, ensuring they bring appropriate risk expertise, and the support of a powerful risk analytics platform is vital.  

Employing a second line of defence, with someone independent from the fund manager or CIO and reporting to the COO/CEO instead, helps mitigate the incentive to take on risk. It also alleviates the relationship bias that may occur with an on-desk risk team. 

Third line: Group Risk 

The Group Risk function, which is best operated as an official sub-committee of the board, provides the ultimate oversight role. It takes information from the other two lines of defence, while adding an additional level of control. 

Group Risk runs the monthly/quarterly Risk Committee, attended by the portfolio and risk managers. The Risk Committee defines and approves the PRP document, and the hard and soft limits. On an ongoing basis, it reviews any documented breaches and soft indicator flags, as well as monitoring the overall investment risk. 

Risk and Reward

Risk management is a multi-faceted undertaking. It demands a combination of structured internal processes, robust independent review, sophisticated systems, and continuous, informed oversight. Adhering to best practices takes commitment and investment. But the penalties for risk deficiencies, and rewards for managing risk well, are too big to ignore. 

To learn more about risk management best practices and developing an institutional-grade risk function within your investment management firm, read this in-depth guide featuring insights from asset management and due diligence professionals.