Blog: Operational risk management – a continuous journey

By Remmert Keijzer, AIMA

Published: 03 November 2020


This year has arguably been the biggest stress test which organisations have faced in recent history with almost all firms having to transition to the working from home environment overnight. While the overall majority of organisations have been successful in accommodating this shift, risk managers found themselves in a challenging situation as long-held risk management practices had to be adapted to reflect the new working environment under, sometimes, difficult circumstances. While a lot has changed, the requirement for internal audit, risk and compliance teams to provide ongoing assurance has not.

The Alternative Investment Management Association (AIMA) published the first edition of its Guide to Sound Practices for Operational Risk Management in 2016.  Covid-19, civil unrest, mass protests and wildfires have been among the numerous unusual challenges investment managers have had to contend with just in this year alone.  While the 2020 edition of the Guide does not put a strong emphasis on the industry’s handling of the pandemic, it has incorporated lessons learnt during these troubling times.  As a result, this Guide to Sound Practices has become even more opportune and relevant for our members. 

With the continued scrutiny of alternative investment managers by investors, the media and regulators, organisations have made the embedment of a robust and agile operational risk management (‘ORM’) framework a top priority.  Coupled with the increasing reliance on third parties, the rise of sophisticated cyber-attacks and the myriad of risks involved in the trade lifecycle, an ORM framework should meet the complexities of an organisation. The expectations around ORM continues to evolve rapidly with investment managers now being required to monitor its governance, tools and processes more granularly than ever before.

The objective of this Guide is to describe suggested principles and standards of the key ORM elements, which together form an effective framework and its implementation within an investment manager’s business. The updated Guide seeks to enable those responsible for the implementation of successful ORM policies and processes to understand the multitude of risks as well as to consider implementing mitigating controls. 

As an accompaniment to the Guide to Sound Practices, a series of Risk Tables offering a non-exhaustive list of potential risks that investment managers will need to address is introduced, including an overview of preventative and detective controls investment managers can put in place to mitigate these risks.

The main text of the Guide is written to be as jurisdiction neutral as possible in order for it to be of the most use to our members around the world. However, investment managers should take care to operate within the regulatory requirements that apply in the jurisdictions where they operate.

Risks don’t operate in silos and they are almost always interconnected.  It is important that investment managers are pro-active, pre-empting (emerging) risks so they are prepared for any obstacles that may come their way.  While being prepared is key, it is important to recognise that many operational risks can often appear to be unavoidable. In the past few years, the operational risk landscape has changed dramatically but in this changing environment, investment managers need to adapt to and we hope the Guide aids in that process. 

Members can access the full guide and the executive summary of the guide here.

We would like to extend our thanks to our working group members and other member volunteers for all of their insights and support.