Outsourcing functions to service providers is a common practice for asset managers. But what happens when the worst occurs? In a doomsday scenario in which the service provider loses all capacity, it is important to have contingencies in place to limit exposure and risk.
Let’s look at risk in a commonly-outsourced function: back-office accounting. The inherent complexity of calculating net asset values (NAV), along with frequency of a service provider’s contributions could exacerbate the issue. Asset managers must therefore take steps to mitigate exposure and build robust response plans for when the unthinkable happens.
Having a well-designed and tested contingency plan could greatly reduce the impact of a doomsday scenario. Asset managers should develop a plan that considers a range of factors including cost, time requirements and the overall impact of an event. One cannot entirely avoid the risk of a problem occurring with a service provider, but there are ways to mitigate potential disasters.
Planning for contingencies with outsourcing partners
An effective doomsday plan can take on many different forms, each with attributes and factors that contribute to the decision of which approach to take. The following are several different approaches that could be recommended for asset managers:
- First line of defense: In this scenario, asset managers rely on the outsourced service provider’s disaster recovery plan, integrating it into their own response contingency plan. This is an easy-to-implement solution, but it demands robust testing and a deep understanding of the technology, requiring both IT and business resources to be part of the review process.
- Leveraging multiple partners: By spreading the responsibility across multiple partners, asset managers can mitigate a single-failure fallout. If one service provider suffers an outage, not all funds will be impacted. This option has not commonly been used due to its inherently higher cost and complexity, although it is increasing in popularity as the need to diversify grows.
- Full shadow: A full shadow consists of an asset manager duplicating the activities of a service provider to back up the deliverables and ensure everything is safeguarded. While this scenario provides an opportunity for the asset manager to step in immediately, the cost of performing the same functions twice is considered a major barrier. It is therefore something we don’t often recommend.
- Using the oversight model: Oversight models are cost-effective methods to review a service provider on a day-to-day basis, without requiring a full shadow approach. The solution creates some contingencies but does not protect the asset manager as well as a full shadow does. An oversight model could help patch things together and get an organization moving again, although some risk for lost data remains.
- Using your Investment Book of Record (IBOR): As a short-term backup, asset managers could temporarily use the IBOR, which contains all the valued portfolio positions and prices—and it is already maintained for investment purposes. An experienced accounting group could leverage the information in the IBOR to calculate the NAV, however this approach to contingency planning requires large amounts of offline processing and patchwork operations.
- Contingency-dedicated platform: Many asset managers are now turning to internal platforms, separate from the IBOR, that have the sole function of acting as an accounting contingency. These platforms, which can be enabled either through a secure SaaS or a custom internal design, can use data from different internal sources to maintain the foundational records required to calculate the NAV. It is not as robust an option as a full shadow but does have the potential to be a high-quality contingency plan at a reasonable cost.
Be proactive with oversight
One of the best ways to mitigate impact from doomsday scenarios is to be prepared with a robust, well-tested contingency plan. To ensure success, the plans should have gone through test scenarios that accommodate and screen for events such as technology downtime, major blackouts, cyber-attacks and significant facility events. There are several different approaches to developing a contingency plan, each with its own benefits and challenges—but all have the effect of building security and safety, helping asset managers recover important data and easing the concerns of customers.