In the wake of recent bank failures, many private fund managers will need to evaluate the effectiveness of their current risk management framework.

By Louis Bruno, EisnerAmper

Following Silicon Valley Bank’s (SVB) collapse on March 9, many private equity fund managers and venture capital firms rushed to assess their exposure to the bank. After evaluating portfolio investment risks, some firms quickly focused efforts on mitigating potential operational risks that could arise in the aftermath. Alternative investment managers proactively moved working cash deposits to other banks while waiting for a commitment from the FDIC, called vendors to understand their exposure and potential impacts to service commitments and evaluated other options to safeguard their clients’ assets.

The situation surrounding SVB was a strong reminder of why private fund managers need to update their risk management frameworks to adequately assess and monitor the operational risks associated with any outsourced activity. While vendor management is a well-defined practice in many industries and certainly not new to investment management, firms often overlook risks associated with their service providers.

It is imperative that private fund managers institute a risk management framework to define the risks and implement controls to proactively mitigate any potential issues. Counterparty risk is a key risk area that should include third-party vendor risk to accurately define the firm’s exposure. Here are six rules to consider when identifying and monitoring third-party vendor risk:

Know and diversify your vendors

Define the risks for each vendor based upon services received and the impact to the firm and investors if the vendor fails to meet its obligations. Mitigate business continuity risks and service disruptions by maintaining relationships with multiple vendors. Diversification of service providers also provides private fund managers with an alternate data point to support their fiduciary responsibilities to clients (for example, alternative valuation providers). Evaluate the vendor’s activities on a periodic basis, based upon the defined risk and contractual responsibilities.

Reconsider your response to operational due diligence (ODD) requests

ODD is a standard practice for investors who seek to evaluate the activities of their private fund managers. ODD questionnaires tend to be high-level, checklist-based questions that may not accurately evaluate vendor risks. Evidence provided in response to ODD requests has also become standardized and can become a ‘check-the-box’ exercise. In many cases, private fund managers do not accurately respond to these requests due to limited oversight of their vendors.

Conduct adequate due diligence & reevaluate risks

The level of risk may be mitigated using a well-known vendor, however it is important to define the risks associated with the outsourced service. As an example, third-party placement agents that have access to personally identifiable information (PII), or subadvisors that have access to portfolio strategies, could be considered a higher risk. These providers will require a higher level of enhanced due diligence to accurately identify and monitor the risks. Provide vendors with an annual questionnaire to validate the services provided and confirm the risks.

Verify compliance

As part of the initial due diligence process and any on-going monitoring activities, private fund managers should consider requesting evidence of the vendor’s compliance with new regulatory requirements or plan to comply with proposed regulations. For example, the SEC recently issued proposed rules regarding the safeguarding of advisory client assets, that if finalized, will impact the custody of alternative assets. Private fund managers should understand how custodians expect to comply with the possible changes in regulation.

Communicate business changes

Inform vendors of any changes to the business model or investment advisory services. For example, private fund managers that start incorporating an ESG or sustainability strategy into the investment portfolio should communicate the expectation of “greenwashing” controls to their vendors.

Implement an independent review process

Engaging an independent third-party to conduct a periodic review of existing service providers allows a private fund manager to maintain another level of oversight and a relationship with an alternate vendor.

Regulators will continue to focus on the financial services industry’s ability to manage risk and investors will continue to request evidence of risk management activities from their private fund managers. Recent events have shined a spotlight on the need for private fund managers to enhance their counterparty risk management.

Louis Bruno is a partner with EisnerAmper’s Global Compliance and Regulatory Solutions.