Should an issue arise that, if left unchanged, exposes the fund to undue risk, the CRO must have the authority either to close the relevant positions or to execute trades that adequately mitigate the risk, he says. The CRO's compensation plays a part here, since it should be designed in such a way that it encourages him to make appropriate decisions.
Risk In All Its Parts
Understanding what the chief risk officer does is critical, but it is equally important to understand how he does his job. The following questions are designed to help advisors and investors understand what risk is and how the CRO can manage it. Newton offers a list of questions that investors should ask while performing due diligence, along with some potential answers and red flags.
How does the CRO monitor ongoing risk?
In order to address this comprehensively, let's partition risk as follows: investment risk, operational risk and regulatory risk. For all types, the approach is tailored to the setting. Smaller firms are likely to have a more focused investment process and thus a generic approach to risk management will misuse limited resources.
Investment Risk - Daily quantitative reports may be generated showing volatility at various horizons, such as Value at Risk (VaR) based on historical and Monte Carlo approaches at the fund, sector, strategy and security levels. Also, risks should be monitored relative to sector benchmarks, measured over various horizons. Portfolio managers should see this information weekly or when the composition of their portfolio changes, as should a fund's investment committee if it is a separate entity. Keeping relevant parties in the loop is an important element of risk management.
Operational Risk - In a small-team setting, operational issues should be easily recognizable and manageable. As firms grow, the reporting of exceptions/issues should be formalized and the frequency of compliance monitoring exercises should increase. Compliance and exception reports should be reviewed by the CRO. Any substantive issues should be reported to the CRO upon discovery and resolved by the CRO, with the assistance of the investment or management committees if necessary.
Regulatory Risk - The chief compliance officer is responsible for regulatory risk and issues in this area should be brought to his attention. The CRO, however, must ensure that the compliance program is sufficient. Compliance and risk officers should work together and be in agreement.
Does the CRO participate in the investment meetings and decision-making process?
The CRO should participate and offer guidance on realized risk (P&L, fund volatility and component sectors) as well as expected risk. The investment process may include a monthly meeting of all portfolio managers, the investment committee and analysts. The CRO should be included in this meeting.
What type of experience should a CRO have?
The CRO should have a broad range of experience in investments. While it is unlikely that any one person would have experience in all dimensions accessed by a fund, experience in a range of areas (equities, fixed income, currency, etc.) and instruments (cash instruments and exchange-traded and OTC derivatives, etc.) is important. A CRO should also be able to adapt to opportunities involving new sectors or instruments.
Building A Risk Management Culture
Risk management should permeate the culture of every hedge fund, but there is no one solution. The role of the CRO at each hedge fund may be as varied as the strategies of these same funds, but there is no boilerplate solution, according to experts.
"Even as firms recognize the need for risk management in some form, there's considerable diversity in their approaches," Mangiero says. "Organizations that integrate risk management with other aspects of the overall business model acknowledge its potential as a cornerstone of competitive advantage, seeking to capture market share from those firms that do just enough to comply with regulations and little else."