Getting regulatory reporting right is another business cost and risk that has to be managed. On the other hand, unlike some business risks, getting it wrong can be catastrophic. Avoiding catastrophe requires not just technology and data, but senior management buy-in to an enterprise-wide approach to the problem, says the leadership of risk management and regulatory reporting services firm ConceptONE.

“We offer fund managers a technology-driven regulatory enterprise risk management platform to better align their front, middle and back office data aggregation and reporting,” says Dan Connell, president of ConceptONE, LLC, a New York-based risk and regulatory reporting platform for hedge funds.

The primary areas of focus for the firm are middle and back office operations, the analysis of investment risk and the delivery of what they call a “holistic” regulatory reporting service. It aims to help fund managers deliver greater transparency to third parties – notably investors - as well as file with regulators Forms PF and CPO-PQR, Annex IV of the Alternative Investment Fund Managers Directive (AIFMD), report derivatives to trade repositories under the Dodd-Frank Act and the European Market Infrastructure Regulation (EMIR) and deliver risk management data to investors the Open Protocol methodology invented by Albourne Partners.

It is a combination of skills and reach that makes ConceptONE hard to pigeonhole. The firm operates in the middle and back office services business, but is not a fund administrator. It is expert at risk reporting, but provides more than just risk management software. Additionally, ConceptONE specialises in regulatory reporting, but is not a compliance consultant.

But however ConceptONE is characterised by its clients and competitors, it is obviously doing something useful for them. Now in its tenth year, the firm has just under 50 people on the payroll, and is deriving almost as much revenue from helping fund managers deal with regulatory reporting as it is from helping them manage their investment risks.

Efficiency remains the watchword. In fact, Connell is so confident in the ability of the products of the firm to increase efficiency within any organisation that he thinks the savings will almost always exceed by a significant margin the cost of buying the product. “There are opportunities for what we do to become cost-neutral,” he says. “Inefficiencies in a series of functional silos can be expensive. A manual regulatory filing, for example, could easily take someone hundreds of hours per quarter to complete. By looking at the operational and compliance issues of the firm as a whole, we can save managers a significant amount of money.”

Connell should know. He co-founded ConceptONE in 2004 as a pure investment risk management business. Originally called Risk Resources, the firm analysed market and performance risk for the general partners of hedge funds and their investors (funds of funds and family offices in particular), and then advised them on what to do about it. For that purpose, Dan Connell and co-founder Ken Grant made an ideal combination of programming, trading and risk management skills. Connell is a former Accenture consultant and dot com-era entrepreneur whose firm, Tradescape, was sold to E*TRADE for $100 million in 2002. Grant, on the other hand, implemented the SPAN margin system at the Chicago Mercantile Exchange (CME) before pioneering the role of risk manager at several sizeable hedge funds.

“Risk Resources was a pioneer in offering bespoke risk reporting services to alternative managers,” recalls Connell. “We looked at return streams, and portfolio content, and the relationship between the two. What made us unique was that we were not just looking at the out-sized, low probability, negative events, but looking at risk in the context of performance and procedure. Talking about risk management in that way required us to have data and tools in front of us that were customised and intuitive, rather than rely on the generic, off-the-shelf tools our clients had, so we quickly developed into a technology company.”

Unsurprisingly, many of the early clients were multi-strategy hedge fund spin- offs that were spending a fortune on risk management reports that were too clumsy or cumbersome to be a useful aid to decision-making across multiple investment strategies. "Making difficult risk management concepts and calculations simple and easily understood is what we specialise in,” says Connell. “There are a lot of people who can sell you risk management software. We are focused on high value content. What my partner Ken Grant often says is that, `We are trying to buy five minutes of your time each day to think about risk, not three hours one Sunday a quarter.’ It is much more valuable to be monitoring all of the risks you face in the context of your opportunity set every day. Our tools are not just useful for covering yourself. They are useful for acting offensively to seize opportunities as well as defensively to reduce exposure to the bad things in the markets.”

Since the crisis, this up-to-the-minute and practical approach to risk management has become popular. Yet no alternative algorithms have yet emerged from either the universities or the investment banks to replace the discredited Value at Risk (VaR) algorithm used by most financial firms. In a more sceptical environment for risk management techniques, tools that refresh daily, rely on in-house data, and emphasise the practical over the methodological, have an edge. The risk management systems provided by ConceptONE tap into the most accurate and timely streams of data about the changing shape and structure of a portfolio, analyse it, and then present the findings back to the portfolio managers in their preferred idiom. They aim to do this quickly enough for management to act on the findings if necessary, and not just the portfolio managers either.

“We deliver multiple versions of a report to different people in an organisation on a daily basis,” explains William Livingston, who joined ConceptONE as chief operating officer (COO) in 2009 from the prime brokerage arm of Goldman Sachs. “A portfolio manager will look at one report for the content they need, while an individual trader may be looking for a different cut of the same data.” He and Connell share the concern that risk management has failed to reform itself since 2008. “Most risk models look at one unit of risk, and not at what happens if you own 300 units of risk and the market in that type of risk ceases to function,” muses Connell. “The Holy Grail remains a liquidity-based, predictive risk measure. But you have to recognise that what you are looking at may not be accurate in a time of stress.”

The aftermath of the crisis proved unequivocally helpful to ConceptONE by creating a new stream of business for the firm. In late 2010, when the Dodd-Frank Act made registration with the Securities and Exchange Commission (SEC) compulsory for hedge fund and private equity managers, the leadership of the firm grasped that a new form of manageable risk had entered the marketplace: regulatory reporting. “One of the largest challenges for hedge funds is to act and smell like a regulated entity,” says Connell. “Dodd-Frank was a watershed event for the industry. For once, the challenge they had to meet was not just about generating returns or how good their marketing programme was. The challenge was about how to make it through a regulatory examination. It was about how to be institutionally viable in the eyes of regulators and investors. Dodd Frank and now AIFMD are global mandates for managers to develop, implement and maintain Regulatory Enterprise Risk Management systems.” It helps that the operational infrastructure of a fund management firm has become a primary focus not only for regulators but for institutional investors conducting operational due diligence (ODD) analyses – but the regulatory pressure, with its risk of penalties that can put a firm out of business, is the primary driver of efforts to aggregate, validate, normalise and deliver data.

Extrinsic risk, involving the widespread distribution of internal data to regulators was new territory for the fund management industry. To manage it, Connell and Grant persuaded Gary S. Kaminsky to join the firm as managing director, global regulatory and compliance. His background includes stints as chief compliance officer (CCO) for one fund, co-founder of two others, a spell as an attorney at both the SEC (in enforcement) and legal firm Dechert, and as a principal in the Business Advisory Services group at Rothstein Kass. As Kaminsky points out, Form PF and Annex IV of AIFMD are merely local manifestations of a regulatory drive to monitor systemic risk, which means regulators are going to look at the data they receive, test it, and act upon it.

“Regulators are going to use the transparency they receive from managers to fulfil their mandates to have their fingers on the pulse of systemic risk,” he says. “The practical reality is that they are also going to use the data they receive from managers to buttress their mandate to regulate entities in the fund management industry. For fund managers, that means ensuring their reports are accurate and consistent, and most importantly, aligned. Now, ConceptONE is not the only firm in the regulatory reporting business. But what we do differently is ally superior software to a deep knowledge of the regulatory mandates. We are doing a good deal more than just selling a piece of software. We are selling a regulatory enterprise risk management platform that is going to help firms better align their front, middle and back offices to the obligations they face under these complex and comprehensive regulations.”

By the time the SEC and the Commodity Futures Trading Commission (CFTC) adopted rules in October 2011 that required managers to complete Forms PF and CPO-PQR, ConceptONE had an initial product in place. But any regulatory reporting product has to evolve in line with the developing nature of regulation, and its widening geographical net. This is why ConceptONE took its regulatory reporting products to Europe, where Annex IV of the AIFMD is a European version of Form PF (albeit a more prescriptive one than its American counterpart). In fact, where ConceptONE believes it can help global fund managers most is in aligning what is reported in Form PF and what is reported in Annex IV, not least because the level of co-operation between American and European regulators has now increased to the point at which they readily and routinely exchange information. ConceptONE has built a presence in London to service the European market.

Kaminsky warns there is no room for error or inconsistency in reporting on a global scale. “The easiest way to invite the regulators to investigate your business is to inadvertently allow inconsistencies between your reporting of Form PF and your reporting of Annex IV,” he says. “Global regulatory reporting has become a mandate for regulatory enterprise risk management. Firms need operational and compliance infrastructures that are in accordance with the applicable laws.” Kaminsky adds that the AIFMD demands enterprise-wide regulatory risk management to a greater degree even than Dodd-Frank. “AIFMD is more prescriptive than Dodd Frank in that it lays down areas where firms need to have specific systems in place,” he warns. “It even specifies the types of systems they have to have.”

COO William Livingston draws a distinction between the “passive” demands of Dodd-Frank (“please get me this report”) with the “active” pressure imposed by AIFMD (“put these regulatory risk management systems in place”). It is a more important observation than it reads. There is a widespread belief in the European fund management industry that European regulators will never be as zealous in matters of enforcement as their American counterparts. The fact that the AIFMD puts the onus on the manager to put systems in place suggests this belief is mistaken.

Wishful thinking is of course the default mode of an industry that has developed a reputation for responding to regulatory threats at the last minute. “Typically, in this industry, people wait until as late as possible to do things,” explains Kaminsky. “When the Financial Conduct Authority (FCA) gave UK managers another year to comply in full with the AIFMD, a lot of managers interpreted that to mean they did not have to do anything for another year. That was certainly not the intent of the regulator, or a sensible thing to do for your business.”

In making that claim Kaminsky draws on the experience of managers preparing their initial Form PF filings in the United States. He says it took all of the clients of ConceptONE much longer than expected, mostly because of unanticipated difficulties encountered during the process of preparation. “And in the case of Form PF you had one government, one regulatory agency and a single certain date, but even then managers waited and waited,” recalls Kaminsky.

He argues that waiting until there is palpable evidence that the regulators are serious is a risky strategy. The SEC has made its intention to use the data it receives from regulatory reports to inform its examination and enforcement programmes. In their 2014 report to Congress regarding use of PF data, SECX staff explained that they had already reviewed Form PF data for inconsistencies with other information obtained during an examination, such as due diligence reports, pitch books, offering documents, operating agreements, and books and records. Senior personnel from the FCA in the United Kingdom and the European Securities and Markets Authority I(ESMA) in Paris have indicated that they have similar intentions when it comes to analyzing Annex IV data. As a result, argues Kaminsky, it is imperative that AIFMs devote the necessary resources to aligning the data they collect and submit for different purposes.

“Plenty of firms are still not devoting the necessary resources to regulatory reporting,” he adds. “I refer to that as regulatory arbitrage, which is always a very unprofitable trade. You might say that of course we are going to say that. It is true that we are in the business of offering services. But we like to think that we can help people, so they look, smell and feel like a regulated entity when the regulators call.” He points out that many US managers were surprised to find regulators actually visiting their offices to check their degree of compliance with the demands of Form PF, in terms of systems and procedures as well as data submitted to the SEC. “When they are disappointed by what they find, they ramp the examination up to an investigation,” explains Kaminsky. “If you leave it later and later, you will not have the infrastructure in place to avoid finding yourself on the wrong side of a very costly and very scary investigation by the SEC or FCA, even if you did nothing wrong other than fail to have in place appropriate regulatory enterprise risk management. Many times, firms wait until somebody else is hoisted up the regulatory enforcement flagpole before acting.”

With investors also pressing managers for evidence of regulatory compliance, the duty of getting regulatory reporting right is now inescapable. In the six years that have elapsed since the acute phase of the financial crisis, ConceptONE has developed a routine business preparing monthly investment risk management reports for distribution to investors. These are being requested directly by allocators as well as by fund managers on behalf of investors. Occasionally, the firm reviews the operational and compliance infrastructure of a particular manager on behalf of an investor proposing to make an allocation to a fund. Working for investors in such a fashion demands a degree of trust on the part of managers as well as non-disclosure agreements. ConceptONE secures that trust by studiously avoiding the temptation to be drawn into lucrative post hoc forensic examinations on behalf of regulators or litigants. By this means, investors have become an important distribution channel for ConceptONE.

But the principal distribution channels for ConceptONE are prime brokerage consultancy groups, fund administrators, lawyers and accountants, plus a conspicuous presence at the major industry and regulatory conferences. ConceptONE has made a large commitment to regulatory reporting in the European Union (EU). It recently opened a London-based office to service EU-based clients and Connell and Kaminsky have spent two to three weeks a month in Europe over the past year visiting clients and potential clients and meeting with regulators, to better understand their expectations.

Certainly the products are well-adapted to the needs of the time, especially in terms of compliance. By the end of this year, predicts Connell, the regulatory reporting revenues of ConceptONE will have caught up with those from the historic business of investment risk management. But the splitting of the business into two parts is somewhat artificial. Connell points to deep informational and technological synergies between the risk management and the regulatory risk reporting products provided by ConceptONE. Those synergies are an important part of the appeal of ConceptONE to hedge fund managers.

“No one can afford to do anything for a single purpose these days,” explains Connell. “Fund managers have to leverage every effort they make in the broader context of their business.” But he has another message for fund managers, which is less reassuring. “Regulatory reporting is as much a chief executive officer (CEO) and a COO responsibility as it is one for the CCO,” he warns. “The solution cannot be siloed into one part of the organisation.” Kaminsky adds that regulators have historically talked about creating a “culture of compliance,” and creating a “tone from the top.” He stresses that fund managers need to accept that regulatory enterprise risk management is no longer a nice-to-have but a must-have. “All of us involved need to treat the industry as an institutional, professional, registered and regulated industry, or there is not going to be an industry in the future,” concludes Kaminsky.