Risk Management – Dear CEO Letter, December 2021
December 21, 2021 by Clare Curtis
In March of this year Archegos Capital Management (“Archegos”) defaulted resulting in losses of over $10bn across multiple firm. Following this the Prudential Regulatory Authority (“PRA”) and the Financial Conduct Authority (“FCA”) in the UK have reviewed and assessed Archegos’s equity finance business. This review was concluded and on 10th December the PRA and FCA issued a joint “Dear CEO” letter setting out some of the significant deficiencies that were identified. Whilst this letter was based on the findings from this specific case the regulators were at pains to note that none of these deficiencies were new and that therefore they could only assume that lessons from the Global Financial Crisis had not been learned.
The regulators identified four key areas of deficiencies. These are:
- business strategy and organisation;
- onboarding and reputational risk;
- financial risk management controls and governance; and
- liquidation and close-out.
The Dear CEO letter sets out a real sense of frustration on behalf of the regulators that Firms continue to undervalue their risk management frameworks and controls infrastructure and the importance of the role of senior management in establishing and reinforcing an effective and appropriate internal risk culture. As such the regulators have set out their expectations for sales and trading businesses to carry out a systemic review addressing the areas of deficiencies identified, and summarised below. Even if you do not operate in these areas this letter should not be ignored and gives us all a very clear message of the importance of a good risk culture.
Those directly impacted by this letter must report their findings with a detailed remediation plan, where relevant, by end of Q1, 2022 and one or more Senior Managers must be specifically responsible for providing this response.
1. Business strategy and organisation
- Strategies lacked coherence and had not been rigorously assessed or challenged by senior management.
- Revenue growth objectives and new business acquisition targets were not adequately supported by necessary investments in risk management resources and appropriate infrastructure.
- Separate business units, acting in silos and sometimes in competition, adopted different standards in areas such as margining, documentation, and contractual terms.
- Comprehensive ownership of risk both within the first and second lines of defence was often hampered by these fragmented organisational arrangements.
2. Onboarding and reputational risk
- There was a variance in decision-making standards and methods across firms when assessing the reputational risk of client relationships with some firms having no central sign off or committee approval and when this did exist the process was not well documented.
- Onboarding arrangements were narrowly focused on KYC and financial crime objectives, and once a client had been onboarded, there was little or no follow-through.
3. Financial risk management controls and governance
- Many contractual provisions in client agreements were based upon commercial decisions which sometimes impacted the ability to manage the risk of certain types of client exposure.
- In some cases, different business units within the same firm had negotiated divergent agreements and contractual protections for similar products with comparable risk profiles.
- Static margin terms were sometimes used which provided inadequate protection to the firm.
- Where dynamic margining methodologies were used these were not always appropriate and were insufficiently sensitive to concentration risk.
- Other instances showed a lack of consistency in margining approaches and no formal risk appetite was documented for deviations from standard terms.
- Firms did not require clients to disclose their wider financing relationships and investment exposures which hampered firms’ abilities to understand properly the concentration and liquidity risk profile of their own risk exposures.
- Information around the economic and ownership interests of equities was not systematically used in the ongoing monitoring of wider client risk exposure profiles instead reliance placed on NAV calculations but the independence of those calculations was not considered.
- Firms did not review their risk management resources in line with the size and complexity of the business activity and where in-business risk resources were deployed they did not always support risk ownership holistically across all such units.
- Firms did not always acknowledge the importance of the independent risk management function and give it the stature and prominence expected.
- Escalation policies and procedures within both the first and second lines of defence were not well documented.
- Firms generally used a Potential Exposure model to set formal counterparty risk limits and to monitor exposures. A number of instances were observed where these models had serious data quality issues or other limitations that undermined their effectiveness.
- Sufficient resources and focus was not assigned to data quality issues and other modelling limitations in these risk measurement and monitoring tools, so that the outputs from these risk models are reliable.
4. Liquidation and close-out
Firms that had established default and liquidation playbooks, with clearly defined and understood roles and responsibilities, were better positioned to manage a liquidation event. Firms should ensure that exposures are scaled and calibrated to their own capabilities to exit risk positions upon default of a counterparty.
How can Effecta Compliance help?
If your firm is required to respond to this Dear CEO letter or you believe you could benefit from a firm wide health check, please get in touch.