Caveat Emptor? Regulation And Vendor Due Diligence.

With the banks apparently dealt with (!?) global regulators are now turning their attention to asset managers. The larger of these firms are being considered for Systematically Important Financial Institution (SIFI) status and the industry as a whole is under scrutiny for the way they conduct their business.

---

Given that the manner in which asset managers value the securities and other products they hold has crucial downstream significance for enterprise risk, consumer protection and the stability of the system as a whole, it is no surprise that regulators are casting a highly critical eye over this process.

It is clear – at least from the regulators perspective – that financial firms can employ third party vendors to help them meet their ‘fair value in good faith’ obligations, but they cannot delegate their ultimate responsibility in this regard and they must deploy regular and robust due diligence over the process.

What Constitutes Due Diligence Best Practice?

There is currently no globally accepted standard for vendor due diligence best practice. What is appropriate for each firm will depend on the type of fund or bank they are, the type of assets in which they invest and the regime under which they are regulated.

However, looking at the various guidelines, rules and enforcement actions associated with this issue, it is possible to establish some core principles to which any vendor due diligence program designed to satisfy the regulators should adhere.

• Independence - Due diligence should be independent of both the fund and the vendor – IOSCO states explicitly that ‘a third party should review the … valuation process at least annually’.
• Detailed Process Review - Analysis and review of the underlying procedures, methods, sources, documentation, etc. and these should be periodically revisited to ensure their continued appropriateness and effectiveness.
• Source Review - Line by line review of methods/sources per position (since there can be wide variations within asset classes, so simply stating that X vendor is used for all fixed income pricing is not sufficient). Again, these should be periodically revisited to ensure their continued appropriateness and effectiveness
• Exception Metrics - The position review should include detailed empirical data on key metrics such as vendor overrides, price challenges, challenge results, stale prices, tolerance breaks, comparisons of valuations with trades, alternative prices (if available), etc.
• Vendor Due Diligence - If a vendor is used for pricing, then there should be regular and detailed due diligence of their operations, processes, procedures, etc.
• Independent Model Validation - If an internal model is used then this should be periodically independently validated to ensure appropriateness.

Implementation of a continuous oversight process of this kind for valuation and pricing will help to reassure regulators that the fund is taking its statutory responsibilities seriously. Additionally, by identifying possible valuation risks associated with their investments, the scope for mis-valuation (either due to ignorance or fraud) is mitigated, protecting asset managers and banks from losses – both financial and reputational. This is therefore not only good practice but also useful insurance.