Wednesday, February 17, 2010

Are we taking a sledgehammer to crack a nut?

The Global Investment Performance Standards' (GIPS(R)) latest edition, GIPS 2010, mandates that firms have a written policy to ensure the existence and ownership of client assets (see paragraph 0.A.5). I suggested a few days ago that this was most likely in response to the Bernie Madoff, et al fraud cases which have come to light over the past 18 months or so. It's interesting that of all the possible aspects of compliance firms should document, this was singled out; and one might argue it has little and perhaps nothing to actually do with GIPS. So far, no guidance has been provided, but we can expect to see something offered.

I've been reflecting on this new requirement for the past few days and it occurred to me that this can be likened to using a sledgehammer to crack a nut (using disproportionate force or expense to overcome a minor problem).Not that fraud can be viewed as being a minor problem, but it clearly isn't pervasive and common place throughout our industry. Yes, a bad apple can spoil the bunch, at least in one's perception, but in reality very few managers engage in such illicit behavior. But all GIPS compliant firms must now add this procedure to their GIPS policies & procedures.

Most managers don't control the assets themselves, as Bernie did: Bernie had a one stop shopping operation (brokerage, management, trading, custody, reporting, all wrapped into a single bundled service: how nice). Most managers rely on custodians which, in many cases, are selected by their clients. Managers typically receive reports (either written or electronic) from custodians. Custodians, of course, could be offering false information, though to my knowledge no one has suggested that this practice exists. Are managers to take some extra steps to ensure that the custody reports are, in fact, correct? That the assets actually exist? Since stock certificates are pretty much a thing of the past, with most ownership done in electronic fashion by agencies such as DTC, can we expect managers to want to validate that the DTC's records match the custodians?

The Securities and Exchange Commission (SEC) is requiring registered firms to provide additional reporting and subjecting Madoff-like firms (not "like" as in committing fraud, but "like" as in they control the client assets) to periodic, unannounced audits. No doubt, some of their requirements will be viewed as using a sledgehammer: penalizing the countless honest firms because of the actions of a few bad apples.

Performance measurement departments typically don't engage in validation of asset ownership: they are at the mercy of the back office accounting folks, who typically reconcile positions. Does this reconciliation count? But is this reconciliation truly ensuring existence and ownership? (see above) How far are these departments (or the firm) to go to validate and ensure ownership? And, can't we expect that the bad apples will continue to be bad, since it's them that are doing the improper things? Self-checking won't stop their actions.

In addition, verifiers will be required to validate that firms have such procedures in place. So far, there is no requirement that the verifiers themselves engage in such tests; hopefully this won't be coming.

I hope this doesn't sound like criticism, because it's not meant to be. During a recent conversation with a few colleagues someone commented how they disliked the inclusion of the three year, since inception, annualized standard deviation requirement, and I responded that there was nothing that can be done about it, so don't bother to complain. And, I understand and respect that the GIPS Executive Committee was not about to go through a second round of public comments. Plus, I understand the sensitivity to the Madoff scandal and desire to include something that sensitized the standards to such practices. I'm just not sure how this is going to work. Thus, my interest in guidance, which will hopefully be here in the coming months.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.