Christophe Pessault (MEBS): Risk Management - Increased Requirements
According to Christophe Pessault, risk management specialist and member of the MEBS Executive Committee, “the past three years have really transformed the approach towards risk for Luxembourg-based management companies." Interview.
How are risk issues in investment funds evolving?
We saw little regulatory change between 2011 and 2018, i.e., since the implementation of the Circular 11/512 and the AIFM Directive. The publication of the Circular 18/698 in 2018 foresaw increased requirements for risk management. However, it was the publication of two new circulars concerning liquidity risk management in 2019 and 2020 which changed the game by offering management companies a certain challenge. Circular 20/752 published in 2020 focused on liquidity crisis simulations. It was initiated by ESMA with an implementation deadline set for September 30, 2020. Luxembourg had chosen to go a step further by publishing Circular 19/733 in 2019. This circular, which is based on the non-binding recommendations of IOSCO, covers the management of liquidity risks as a whole, i.e. from the fund’s design phase to the contingency plans to be implemented in case of liquidity issues. This circular also requires these plans to be regularly tested, like the BCP
(Business Continuity Plan, editor's note) and the DRP (Disaster Recovery Plan, editor's note) for IT. As a sign of the increased monitoring from regulators on this subject, it should be noted that ESMA launched a Common Supervisory Action on liquidity risk management in 2020. This action, that targets UCITS fund managers, resulted in issuance of two questionnaires, the first in February 2020 and the second in July 2020. In Luxembourg, 155 management companies completed the first questionnaire and 51 completed the second one. In 2021, the findings were published. In this regard, the CSSF asks management companies managing UCITS funds to carry out a self-assessment of their liquidity risk management process in the light of the conclusions issued and, of course, the regulatory framework in force before December 31, 2021.
“Theoretically, the machine can do everything, but humans must remain at the heart of the process."
How are management companies adapting to these new requirements?
The key to the problem lies, as often when it comes to risk management, in the data, whether it is available or of good quality, and the models used. If this remark is valid in many areas relating to risk management, I believe it is particularly true in the area of liquidity risk management. Indeed, for certain asset classes - like stocks - we have data and a relative consensus on how to determine the actual liquidity of the security. For others - bonds for example - it is much more difficult to obtain certain data, such as trade volumes or reliable spreads. However, with MiFID II and other initiatives, we have started to gain access to qualitative data regarding trading volumes, but it is still patchy. For these types of assets, management companies often use liquidity scoring models, based on criteria such as credit rating, maturity or duration. The question therefore arises about the objectivity or the subjectivity of the evaluation of the various criteria; of the objectivity and of the subjectivity of the conversion key between the liquidity score and the liquidation time of the instrument. Finally, there is the question of the construction of crisis scenarios and their interpretation. However, in the regulations, the responsibility for controlling the quality of the data underlying the models and for validating the model itself rests with the management company, which creates new risks for management companies executives.
What trends do you see in the coming months?
I think that two subjects will remain at the top of the agenda: digitalization as a support and help, and, therefore, the role of machines in piloting models. Theoretically, the machine can do everything, but humans must remain at the heart of the process. It is not "the person versus the machine," but rather "the person together with the machine." You can compare this with a certain electric car manufacturer: theoretically, its car can go from A to B on its own, but in reality, the driver has to keep their hands on the wheel. Even machine learning does not yet have the maturity to be autonomously integrated into day-to-day processes, at least at an affordable cost. It should be noted that the CSSF places great emphasis on a governance model defining limits, alerts and dealing with these alerts in an efficient and documented manner in which humans have their place. The second trend that I have identified focuses on monitoring sustainability risks in the broader sense. For example, how would one assess the risk of a company with one or more factories located in an area that may be flooded within the next three years due to global warming? Or that of a company producing products in defiance of current ESG rules? With COVID, managers were also able to fully measure the impact of supply chain risks and their economic consequences, whether positive or negative. On these questions, we are moving towards the reliance on rating-based systems like those used for credit risk. While the ratings of the best-known agencies converge at 99% in the assessment of credit risk, a recent study by MIT shows that they actually converge at less than 60% on average over questions about sustainability depending on the data and the models used. These questions, therefore, represent very interesting challenges for the profession.