Best practice in compliance - Paul Martin, Fortis’s Global Head of Compliance

With €116 bn of assets under management and over 800 employees in 16 countries throughout Europe, the US and Asia, Fortis operates as a global entity.

Its sole business is asset management for institutional, retail and private clients, and it has organised its investment activity into autonomous, boutique-like ‘investment centres’, each fully responsible for the management of a single asset class.

With 20 such investment centres Fortis prides itself on having the resources and experience to manage assets for a broad range of clients, while still being small enough to consider itself a ‘family’. In this interview FST spoke to Paul Martin, Fortis’s Global Head of Compliance, about the challenges of managing compliance across a global business, controlling operational risk in an investment environment, and the impact that MFID is likely to have across Fortis’s business.

FST. As a global player, you operate across Europe, the US and Asia, with autonomous investment centres. Can you start by describing some of the challenges you face as Head of Compliance?

PM. Well, Fortis operates twenty dedicated investment centers across the world, employing eight hundred staff. We have at least one compliance officer in each location where there is an investment centre. What we also have is a situation where we have more than one investment center in some locations, for example London and Paris have several investment centers. Nevertheless, there’s always one compliance officer in each location and so in many ways we don’t operate a compliance framework in any different way than other global asset management companies.

A important element to our structure is that the head of each investment center knows the compliance officer in the location and has a good working relationship with him. Compliance officers in each jurisdiction all report to me but of course there is the challenge that they also report to their local CEO. I think there’s a major compliance challenge in operating a matrix structure across a company that has common procedures across all jurisdictions – we have blend that to ensure that we have a common procedure but also common approaches across all the local offices.

FST. And do the different legislative environments that the different centers operate in have a big impact on your managing of those different compliance officers?

PM. No that’s not much of a problem in an institutional asset management company like ours, where we’re managing institutional assets or funds. It would cause a problem if we were managing private client assets or undertaking heavy retail marketing activity. But because our business is international by nature and we’re dealing with institutional clients we are operating on the best practice spectrum of the market, rather than operating at minimal compliance standards.

The way I see it is that we’ve got different levels of compliance, there are three levels. The first is bare minimum regulatory compliance. Then you’ve got the expectation of the regulators in each jurisdiction that you’ll operate good practice. And finally there’s the expectation of our clients and consultants, whose resources we’re managing. They have a framework that fits alongside the other firms operating in that environment.

I would hope that we go one step further from good practice, to the top level where we’re able to satisfy the questions of all the consultants in compliance. So we’re not just providing a good regulatory compliance framework but also service compliance that meets the expectations of clients.

FST. Your methodology is to devolve down decision-making responsibility to sole decision makers in each investment centre. Does this present any particular challenges or risks?

PM. No, not really. What we do have is each decision maker acts within the framework of the client’s investment structure constraints, and the investment constraints of the fund they’re managing. We operate within those frameworks but also we have control over the management of the portfolio so that it’s operated in accordance with the marketing we put out. So if the marketing says we won’t hold more than a certain number of securities for each product, we control that within compliance. So it doesn’t make a great deal of difference devolving responsibility for the investments because ultimately there is a control for compliance, and at risk management level, to ensure they’re managed according to both the regulatory compliance and marketing policy.

Having said that, there are obviously some strengths in that the control is devolved from the local centers. It does result in some interesting, perhaps diverse, views but those don’t cause compliance issues as such. They are more of a business decision.

FST. Each center has a risk management team, how involved are you those risk managers – are you setting the parameters from a compliance point of view or is it down to them to be responsible for decisions?

PM. This is where there is responsibility devolved in the investment centers. Each investment center manages its risk according to its risk budget. The team will have a particular risk budget according to the type of strategy they run and the type of asset class they’re managing. As long as we are able to monitor what the tracking error for the portfolios are, then how the centres achieve their risk budget is up to them. As long as they’re operating within their investment restrictions then that’s fine.

Essentially our approach is a bit like saying ‘well you’re driving from London to Cornwall, I don’t mind how you get there as long as you don’t break the speed limit’. It might well be that they decide on the day the quickest way is the M4 over the M5 rather than the A303. We don’t necessarily mind the route they take as long as they don’t exceed the speed limit and other restrictions on the road. They have the choice of getting there however they like.

FST. Aside from investment risk, do you have anything to do with other types of more operational risks?

PM. The other part of risk management is to ensure that we are operating the management of the business so that the key operational risks are managed. We know where our key risks lie in terms of the order flow, the decision making process, the settlement process, the reconciliation processes etc. We are on top of where our key opportunities for loss are within our business.

I mean most major investment management firms make sure that they know what securities they hold in their portfolios, that when they’re selling those securities they do have title available for sale etc. etc. These are the key areas where there is a very close liaison between risk management and compliance. At some point it’s difficult to define the dividing line between operational risk management and compliance because to a certain degree they are one and the same. However, within Fortis investments, I see compliance as being the client’s champion, and risk management is the element to the business that tries to make sure that the business doesn’t lose money. That’s where the key distinctions lie.

FST. And is that that ‘risk strategy’ you spoke about is set at board level or is that devolved down again?

PM. The relationship between compliance and risk management and the business is discussed at audit committee meetings, discussed between the board and executive management at Fortis Investments, and the heads of risk management and compliance. There is an overview at board level, but on the other hand the business is running ever day, and every day issues come up that need to be addressed. You have to look at each incidence on its merits and take appropriate action.

FST. Thinking more about the regulatory environment now, what are the biggest challenges you’re facing, for example has Sarbanes-Oxley (SOX) or Basel II had much impact on your business?

PM. SOX is more of an issue for firms quoted on stock exchanges that have to report to the SEC. I would say, in a way, the main elements of Sarbanes-Oxley are covered within the regulations of the local regulatory authorities and MIFD. So the requirement to have systems of senior management in control are inherent in regulatory practice, although I wouldn’t say SOX is an issue that is key for us. Basel II again is largely a n operational risk management assessment.

The key issues that we face in compliance are firstly making sure that we have an appropriate platform to manage assets on a global level across different investment sectors. We could have a situation where we are managing a Turkish equity portfolio in London, for a Japanese mutual fund client, the equities are traded via our trading desk in Paris, through a broker operating in Turkey, and the net asset value of the fund is calculated in Tokyo. So there’s quite a challenge there to make sure that numbers actually add up, that the process flow works, the regulations are programmed into our monitoring systems, etc – it is a challenge.

But also, on top of that, we have a situation in 2007 with MFID aiming to harmonise investment regulations in Europe. Now in principle, this will be a help rather than a hindrance. but we’re still awaiting final papers from the regulators as to what their rules will look like in 2007. One of the challenges is implementing that quickly enough for the date 1 November 2007.

FST. And what is MFID compliance going to involve? Are you going to have to audit all your systems when the draft rules are published in the summer, will you need new systems?

PM. We have some expectation of what MFID will look like so we’ve been able to undertake a gap analysis of where we expect required extra work in our European Union regulated firms to fall. The challenge is to make sure that our systems are operating in accordance with expectations of MFID, while balancing the commercial realities of running a financial investment company. To a large extent, institutional asset management firms are not going to be heavily affected by MFID because most of them already have the systems in place to ensure best execution and proper trade processing. Nevertheless we need to be absolutely certain that the regulations don’t throw a spanner in the works by introducing something that doesn’t quite work in line with practice, especially given we have a timeline that is very short. Our operating systems aren’t going to be requiring an overhaul because of MFID, we’re looking more at analsysis, and possibly tweaking them slightly.

FST. MIFD is obviously top of your current agenda, but what kind of developments are you expecting to see in the next few years – will it be time for consolidation or are there going to be new regulatory challenges?

PM. One of the big challenges will be getting over the seismic shock of MIFD because that is going to be in some ways like a big bang for compliance. We’ll start on the first of November but actually what the landscape will look like will really become clear over the following three years. In other words, in the areas where there are statements of intent within MFID, the practice of each local regulator will have to be established. And we are going from a situation where each regulator in the European Union has its own practises and procedures. For example, in some jurisdictions it’s common practice for the regulator to perform assessment visits and issue deficiency letters and so on, and in other jurisdictions it is not. So the differences in that approach have to be harmonized, and quite how that landscape is going to look in 2008, 2009, 2010, is going to be very interesting because I suspect that the thrust of MIFD will change with the years.

FST. Would that be in the context of how the industry reacts to MFID?

PM. It’s not so much how the industry reacts to MIFD, I think rather it’s how the European Union regulators react and the implementation of it. Ultimately over time it will improve the lot of the asset management industry. But there will be some inconsistencies in approach between 2007 and say 2011. In 2010 we can look forward to a situation where the policy of all the European regulators will be exactly the same. I think the expectation will be that it won’t matter significantly in which center you’re operating in Europe, you’ll expect to receive a consistent regulatory response, whether you’re in Amsterdam or Brussels.

FST. And in that interim period what’s your strategy as a company – will you be getting systems in place for November 2007 and then start playing it by ear?

PM. Well the aim that you should be doing is that if you’re operating according to best industry standards then you will be at the head of the queue anyway and you will have addressed the main issues within MIFD. The situation is, that in some jurisdictions, the regulations are very clear on some matters for example soft commissions in the US and UK there is great clarity as to what is or isn’t allowed, in other jurisdictions in Europe there is no clarity and you have to feel your way. With MIFD working through there will be greater certainty once MIFD has established itself. Until then, you feel your way through and you make sure you’re operating to best standards in each market

Paul Martin has 24 years experience in the asset management industry. He joined Fortis in 2005, having previously held the post of Head of Compliance at Pictet Asset Management in London. He has also worked for the Investment Management Regulatory Organisation (IMRO), Mercury Asset Management, NatWest and Lloyds TSB.