Managing Operational Risk – 3 Best Practices

Avatar for Keith Delahunty
By Keith Delahunty Senior Product Manager
March 2nd 2023 | 4 minute read

Operational risk management is once again taking centre stage.

As CME Group Chair and CEO Terry Duffy observed in the Financial Times recently, the return of myriad emerging headwinds after two decades of easy money mean managing risk effectively will be key to generating above-average returns.

“To navigate this new age of uncertainty, expecting — and planning for — the unexpected could be the differentiator that separates disciplined investment strategies from distractions,” he argued.

The warning comes as the Alternative Investment Management Association (AIMA) released new due diligence questionnaires (DDQs) for digital asset investment managers and funds. The DDQs – which address strategy, trading, risk management, leverage, liquidity risk, fund service providers, costs and expenses, performance and valuation – have been “primarily designed for investors to evaluate the unique investment and operational risks that come with allocating to digital asset investment funds.”

The importance of operational risk

AIMA’s emphasis on both investment and operational risks is telling.

How investment firms of all stripes manage investment risk is clearly critical. Perhaps less well appreciated is the importance of combatting operational risk, and its growing role as a competitive differentiator in investors’ asset allocation calculations.

Operational risk is a broad term. The Basel Committee on Banking Supervision defines it as the “risk of loss resulting from inadequate or failed internal processes, people and systems or from external events. This definition includes legal risk, but excludes strategic and reputational risk.”

As it goes on to note: “An effective operational risk management system and a robust level of operational resilience work together to reduce the frequency and the impact of operational risk events.”

While the Basel Committee report is directed at banks, similar considerations apply to investment managers and their service providers.

Best practice framework

So how can industry participants best manage their operational risks? We can boil it down to three core elements.

  • Trained staff

“The board of directors and senior management should establish a corporate culture guided by strong risk management, set standards and incentives for professional and responsible behaviour, and ensure that staff receives appropriate risk management and ethics training,” observed the Basel Committee report.

Staff across the organisation need a clear understanding of their roles and responsibilities, procedures they should follow, where operational risks can arise and how to tackle them. Training is vital. As is an appropriate segregation of duties to ensure checks and balances are in place.

  • Automation

Automated processes are faster, more efficient and less error-prone than manual ones. But they are not infallible. Mistakes, inconsistencies or inaccuracies that become embedded in an automated/semi-automated environment can be hard to identify and remediate.

To minimise the risks, systems need to be purpose-designed for the task, properly configured, monitored and controlled. Legacy platforms and Excel – a still-common recourse in the investment management community – can no longer cope with the complexity and data integrity demands firms face.

Solutions must be robust. Include best practice security protections. Have the breadth and depth of functionality to deliver true automation. And be seamlessly integrated to ensure the smooth flow of data.

Outsourcing IT systems and/or operational tasks to a specialist third party with a proven solution set can help. Outsourcing allows firms to take advantage of the industry expertise, R&D budgets and scalability that a dedicated provider offers – so long as the vendor has the long-term industry commitment, financial strength and high-quality offering to match.

  • Oversight

Effective operational risk management depends on monitoring and control – the ability to identify emerging risks and flag them for rapid resolution.

Management reporting must be accurate, detailed, timely and usable. The same applies to firms’ compliance reports. Populating the reports with high-quality data (something many firms continue to struggle with) is essential. How data feeds the reports, and how those reports are delivered to stakeholders, needs to be as seamless as possible too. And they should be backed by automated audit trails that track and record every processing stage to ensure tasks are completed correctly, while enabling easy review and rectification of problems.

Deep Pool is the #1 investor servicing and compliance solutions supplier, providing cutting-edge software and consulting services to the world’s leading fund administrators and asset managers. Our flexible solution suite, developed by an experienced team of accountants, business analysts and software engineers, supports offshore and onshore hedge funds, partnerships, private equity vehicles, retail funds and regulated financial firms. Deep Pool is a global organisation with offices in Dublin, Ireland, the United States, the Cayman Islands and Slovakia. For more information, visit:

Keith Delahunty
Keith is responsible for all aspects related to Transfer Agency, driving product development, vision, strategy, & execution across Deep Pool applications. Keith holds a master’s degree in finance & has extensive experience working in Private Equity, Alternative & Retail asset classes.