Managing That Risk: Hedge Fund Level
The hedge fund industry is bigger and higher-performing than ever before. But that also comes with several unique challenges. After all, rapid growth in an increasingly tech-dependant world comes at the cost of new risks.
Some of those risks are considered as part of the process. In fact, 84% of hedge funds use off-the-shelf risk analytics that form part of portfolio management systems. But with some estimates stating that as much as 90% of technology needs will be outsourced in the next five years, hedge fund vendor risk is just as significant as investment risk.
Here's why it's time for hedge funds to catch up to the curve on vendor risk management and a few easy steps to get started with your risk management program.
How Hedge Funds Use Third-Party Vendors
These days, all hedge funds rely on third-party vendors, even if you don’t realize it. That’s because technology is now integrated into all levels of asset management–and unless you build those solutions yourself, you need third-party vendors.
How hedge funds use third-party vendors depends on the hedge fund. Hedge funds purchase their risk and technology as a direct byproduct of four factors:
Asset manager’s background
For example, a large, well-established hedge fund may have the means for on-premise, traditional solutions, especially if those solutions were grandfathered in. But younger, smaller hedge funds don’t, which is why 9 out of 10 hedge fund startups rely on cloud-based solutions over traditional on-premise options. And while large hedge funds may have the means for on-premise solutions, many turn to outsourced options to drive innovation and sustain a competitive advantage.
What is Third-Party Risk Management?
This part is where third-party risk management is essential.
Third-party risk management is the process of identifying, analyzing, and minimizing risks associated with third-party solutions. These third parties may be vendors, contractors, suppliers, or partners.
Any outside party with a role in your company ecosystem can qualify for third-party risk management, though not all are created equal. A vendor who occasionally interfaces with your system is quite different from a vendor you rely on to do business.
Overall, third-party risk management is designed to help you understand what vendors you use, the risks attached to them, and what you can do to mitigate those risks.
Why Hedge Fund Risk Management is Essential
For hedge funds, risk management is more critical than ever before.
For one thing, more and more hedge funds are changing their service providers. 55% change providers for cost reasons, 20% due to AUM growth, and 19% due to investor concerns about service providers. New providers don’t just bring fresh bells and whistles. They also introduce new risks that have to be accounted for.
Worse, data breaches are on the rise–2021 was a record-breaking year for data breaches, and 2020 was a record-breaking year before that. In other words, data protection is more than just a marketing strategy–it’s an essential move for survival.
Unfortunately, the nature of the 21st-century financial industry means that you’re no longer just managing your internal risk behaviors. You also have to manage risk from every vendor you interface with. And if you’re not managing risk, you will lose clients.
That’s where third-party risk management comes into play.
Steps to Manage Third-Party Risk
Here’s the good news: managing third-party risk is entirely possible. You have to know where to begin and set up a sustainable risk management program. Plus, the basic steps stay consistent no matter the size of your hedge fund.
Here are a few steps to get started.
Know the Threat
First and foremost, you need to understand the threat that third-party vendors introduce to your fund. This isn’t an abstract concept–you have to be able to name and quantify those risks.
To do that, start by making a list of every third-party vendor your hedge fund uses. It doesn’t matter how big or small they are or their level of involvement. List every last one. An excellent way to do this is to break it down by department and function so that you don’t leave anyone out by mistake.
From there, classify each vendor based on their degree of interface with your hedge fund. A good way to think about it is how your ability to do business would be hindered if the vendor were gone. The absence of some vendors would grind your fund to a halt, while others would be a workable nuisance.
It would be best to break down how the vendor interacts with you and your data. For example, some vendors access a lot of private data daily, while others don’t interface with that data at all.
From there, you can classify vendors based on their risk level–low risk (vendors who have few interfaces and collect little or no data) to high risk (vendors with significant involvement who routinely handle private data).
Build a Plan
From there, you’re ready to build a risk management plan.
Compliance regulations are a good place to start. Keep in mind that this may vary based on where you operate–the EU’s General Data Protection Regulation is an excellent example of this. If you’re ever unsure, follow the rules based on the strictest regulation. From there, develop a plan with specific objectives to bring risk behaviors into compliance.
At this stage, you should also identify who is responsible for managing risk at your fund and what tools are available to them. If you don’t have a dedicated risk manager or they don’t have many tools to work with, now is the time to invest in tools that make your plan possible.
Your Partner in Vendor Risk Management
That’s where we come in.
At Privva, we’re experts in hedge fund vendor risk management, and we make it easier than ever to identify and mitigate risk across your entire organization. Risk shouldn’t have to be a headache–and with our tools, you’ll always know what steps you have to take.
Ready to invest in peace of mind? Get in touch today to learn more about our available solutions.