By Carl-Fredrik Svensson, CEO – Daymi: Good oversight is becoming increasingly harder as the industry continues to grow with more outsourcing partners, new software and renewed interest in automation. At the same time, the need to be able to prove oversight and control is increasing, not only driven by the continuous introduction of new regulations, with DORA being the latest addition, but also with the rise of Operational Due Diligences (ODD) that are now becoming more popular even for smaller allocators. 

At the same time many managers are under pressure to keep costs down, and with the latest innovations in AI even smaller managers are looking into automation. But at the same time, the in-house teams shrink, they must now oversee a growing number of processes, automations and service providers, introducing new challenges when it comes to oversight and governance. 

Through the Daymi platform we have worked with over 70 supervised companies and gained insights into how to effectively make sure, even as a smaller manager, you can stay in control and demonstrate and prove this effectively during audits, ODDs and regulatory reviews. Daymi is a central repository of tasks, controls, procedures, sign-offs and issue logs enabling easy oversight. 

Evolving Responsibilities in a Complex Ecosystem

With every new fund launch, reliance on systems and outsourcing vendors becomes more entrenched in the Nordic hedge fund industry, reflecting trends seen earlier in other parts of the world. In the UK, for instance, outsourcing has been so prevalent for so long that finding junior operations talent has become nearly impossible, forcing companies to off-shore even when they don’t want to. 

For COOs, balancing compliance and cost efficiency results in the need to understand a wide range of operational and compliance tasks. Because even as tasks and processes are outsourced, they are still the manager’s responsibility and must answer to the regulators. The introduction of DORA has reinforced this principle, clearly defining the need for oversight and control of outsourced processes, although from an ICT-focused perspective.

What is Oversight?

Oversight is needed in order to make sure all parts of the business are being performed in a compliant way. This goes from board level down to the execution of day-to-day operational or compliance tasks. One challenge is the amount of controls every business has, scattered and documented across different platforms and functions, such as the controls coming out of your policy documents as one, and your daily checklist as another. The major challenge many firms face is the lack of a central repository where it’s accessible, just finding what controls a business has can be very time consuming. 

The other part is the need to be able to prove your controls and demonstrate their effectiveness. Auditors, investors, and regulators focus heavily on evidence of execution and control, which can sometimes feel counterintuitive to people involved in carrying out the work. Many times, it can feel like the focus is on a sign-off or written instructions instead of actually performing the work in the correct way. However, it’s in the nature of audits. Many firms struggle and spend a lot of time trying to prove they are in control every audit. The timing issue here is a concern if you end up in a regulatory review, where failing to deliver within the stated timeline, can automatically trigger a much broader investigation. The indication a delayed response gives is that the company is lacking a control environment. 

Looking at the past years fines, weak internal controls are often cited as a core issued within the companies receiving fines. 

Key Man Risk – a rising concern

Because of the need to keep the costs down, staff are kept to a minimum. There’s not only an issue with finding people who can take on the role as a COO for example, but there’s a key man risk. Having poor oversight in place, leaving it up to one of a few key staff members to run this, without insight puts the firm at great risk. As a smaller manager, this is one of the greatest concerns for an investor and will be a focal point during an ODD – failing to demonstrate control can result in lost funding.

How to improve Oversight

The single biggest problem we face with oversight is the lack of centralization. Controls, procedures, sign-offs and evidence is often spread throughout the business and their outsourcing partners. However, in most cases, we spend most of the time designing complicated controls and follow-ups. The problem is seldom that a control is not elaborate enough, it’s rather the lack of controls or no evidence of it. 

Instead, the best way is to try to make everything as easy and actionable as possible. In essence, the most vital parts of your oversight is that everyone can easily know when the control must be done, how it should be performed, deliberate sign-offs for logging and accountability, and that you show this to external stakeholders. 

Do not allow every team or function of your company to solve their oversight as they want. Oversight consists of many layers, as a business it’s essential to be able to keep oversight on every part of the business – preferably in real-time. 

Embedding Control in your Business

Strong governance and effective oversight are more critical than ever. With increasing regulatory demands like DORA and more frequent ODDs, fund managers must ensure not only robust controls but also the ability to demonstrate compliance at any time.

To succeed, focus on consolidating the key information – when a control is due, how it should be performed, deliberate sign-offs are in one place. The consolidation must also apply to the different parts of the company, having 3-4 different ways to solve oversight in different teams breaks company-wide oversight. 

This will not only make the execution and follow-up easier as it gets integrated in your day-to-day, it will also make it easy to demonstrate your control environment and build trust with investors, regulators and other stakeholders.

This article is featured in HedgeNordic’s “(Em)Powering Hedge Funds” publication.