RISK MANAGEMENT

FIN 562 Risk Management

Professor Mark Shore DePaul University Week 7 Lecture Notes

mshore1@Depaul.edu Twitter @shorecap

Due Diligence • The examples are related to money managers

• However, it can be applied to varying industries

• What can go wrong?

Dictionary Definition: Due Diligence 1) “law : the care that a reasonable person exercises to avoid harm to other persons or their property failed to exercise due diligence in trying to prevent the accident”

2) “business : research and analysis of a company or organization done in preparation for a business transaction (such as a corporate merger or purchase of securities)”

“the care that a reasonable person takes to avoid harm to other persons or their property”

The phrase can be traced back to the 1500s

Can you relate this to your firm or industry?

https://www.merriam-webster.com/dictionary/due%20diligence#note-1

Due Diligence of a Fund Manager Front Office • Research – understand their research process • Strategy – understand their strategy & risk mgmt. (manage

expectations) • Capacity Issues – estimate of limits to their AUM based on their

strategy & markets traded • Track Record/ Metrics Back office • Operational / back office • Know the firm • Backup plan / disaster recovery • Key Personnel Risk • Background of senior management • Regulatory issues of firm & individuals –from NFA BASIC https://www.nfa.futures.org/BasicNet/basic-search- results.aspx?rnd=5618.661775151415

Due Diligence Process • Due diligence of a manager is analogous to analysis of a

company or stock • Analysis of a company

• Product / Service – (Portfolio/ Front office) • Understand the product (portfolio) • Examine portfolio metrics • How does it compare to their competitors (Peers)

(Back Office / Operations) • Management – who are they? Backgrounds of mgmt? • Revenue – how is it generated? From AUM

• Will the revenue support their operations? • Size of the firm/ Infrastructure / info on firm • Add up the pros and cons and decide to allocate or not

(quantitative and qualitative information)

Importance of Operational Due Diligence • After 9/11 (2001)

- Does the firm have a disaster recovery plan? • After Madoff (2008) $65 billion stolen from investors & $18

billion in investor losses (Ponzi scheme) -Who are the auditors and administrators of the fund? -Potential conflicts of interest? - Are items handled internally or by third parties?

• After MF Global bankruptcy (2011/2012) about $1.6 billion in customer losses

-Does the fund have backup brokerage firms? • Operational due diligence has become as important or more

important than front office due diligence

Feffer & Kundro (2003): -Studied over 100 fund liquidations over 20 years: At least 50% of hedge fund failures are due to operational risk -Many of the investor losses could have been avoided with proper due diligence

**Ultimately: Ask yourself “Do I feel comfortable allocating to this manager?”

Operational Risk Alpha Video - “Risk of loss due to inadequate or failed processes,

people or systems or external events” - Financial risk is the symptom, operational risk is the

disease - Higher the leverage = higher financial risk - Higher the leverage = lower operational risk

- Less need for funding

- More conflicts of interest = More operational risk - Madoff had internal broker/ dealer business - Firms with their own fund administrators

Five Components of Due Diligence: Part 1 Understanding the Manager 1) Investors May:

-Look only at returns -Have the manager fill out due diligence questionnaire -(DDQ) http://www.managedfunds.org/wp-content/uploads/2011/06/Due-Dilligence- Questionnaire.pdf

-Full research/ operations due diligence process -Know as much about the manger as possible:

Utilizing similar techniques as investigative journalism

2) Know as much about the strategy as possible -Ask lots of questions about what makes their system work -Are there environments when the trading system doesn’t work?

3) Understand the research process: -How do they develop and test their ideas and strategies? -One person or a group involved in the decision process?

4) Onsite visit – go to their office 5) Hire a qualified due diligence team

Five Components of a Hedge Fund Due Diligence Part 2: Preparing for a Due Diligence Meeting

1) Properly explain the trading strategy – you want the investor to feel comfortable in their understanding & expectation

2) Audited Track Record – from a CPA 3rd party confirms the track record is real

3) Disaster recovery plan- what are your backup plans?

4) Background check on principals and senior mgmt. Hopefully, no surprises

5) Back Office Operations – How well can the manager run a business?

Five Components of a Hedge Fund Due Diligence Part 3: 1) Audit trail of the due diligence process – Why?

- If proof of due diligence is asked for - If a problem arises with the manager, you can prove you did your

homework - What facts / evidence can you show why you recommended the

manager? 2) Account size tested for the portfolio –

-If strategy tested with $1 million, but only $25k is needed? Does that change anything? -Will you get the same market exposure? -Do you have performance of a $25k account?

3) USE NFA BASIC 4) Any regulatory issues in previous positions?

-Could this be an ongoing “bad” behavior? A red flag? 5) Confirm, Confirm, Confirm!!! – Trust but verify

-Are the facts correct? For example website vs. database

Summary • These concepts can be applied to any function or

industry • What does it tell you about: Process Culture Behavior Any potential future problems? How can we mitigate those

risks now?

Enterprise Risk Management

Definition (COSO)

“Enterprise risk management is a process, effected by an entity’s board of directors, management, and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.”

Risk Management and Financial Institutions 5e, Chapter 27, Copyright ©

John C. Hull 2018

Risk Management

• What specific decisions are made to optimize the risk/return profile of the company

• What are risks?

• How can you mitigate the risks?

• Are the risks reasonable?

Reporting and Monitoring

• Problems: • Tend to be bifurcated into Qualitative and Quantitative

metrics • Focus heavily on past trends

• ERM Reports: • Should integrate Qualitative and Quantitative • Internal risk exposures and external drivers • Key performance and risk indicators

Key Elements

• Board involvement • Part of company’s strategy and help a company

achieve its objectives • Identify adverse events • Manage risks consistently with risk appetite

Risk Management and Financial Institutions 5e, Chapter 27, Copyright ©

John C. Hull 2018

Risk Appetite

• Regulators require banks to develop risk appetite frameworks

• How much loss at what confidence level are we prepared to risk

• What reputation risk are we prepared to take • What credit rating risk are we prepared to take • How concentrated should we allow our risks to become • etc

Risk Management and Financial Institutions 5e, Chapter 27, Copyright ©

John C. Hull 2018

Risk Culture

• Decisions should be made in a disciplined way • Both short term and long term consequences should

be considered • Sometimes decisions that are profitable in the short

run can have adverse reputational and legal consequences in the long run

• Examples: • Bankers Trust • Santander Rail deal • Abacus

Risk Management and Financial Institutions 5e, Chapter 27, Copyright ©

John C. Hull 2018

Risk Culture

• Typical: People do the right things when policies and controls are in place – Do what they are instructed and trained to do

• Good: People do the right things even when risk policies and controls are not in place. The best interest of the company and stake holders is paramount

• Bad: People do not do the right things regardless of risk policies and controls. They do what is in the own best interest.

Assessing Risk Culture

• Tone from the top • Risk awareness • Organizational incentives • Change Management • Communication and escalation

Major Risks

• Important to identify major risks and decide what action, if any, should be taken

• Alternatives: • Exit activity giving rise to risk • Reduce probability of adverse event • Modify plans to reduce risk • Transfer all or part of risk • Take no action

Risk Management and Financial Institutions 5e, Chapter 27, Copyright ©

John C. Hull 2018

Thank You