COVID-19 has prompted an existential paradigm shift in the world of network management, the impact of which will be felt for many years to come. An integral part of a network manager’s role is the conduct of due diligence on their agent banks, and it is one aspect of their work most significantly disrupted by the pandemic. Speaking at The Network Forum’s inaugural Virtual Summer Meeting, Rainer Kasch, global head of network management at Standard Chartered, shared his insights on some of these changes.
From the initial selection to the ongoing risk-monitoring of their agent bank, due diligence is typically conducted on-site across their agent bank’s sub-custody network. With travel strictly restricted and certain markets struggling to contain the spread of COVID-19, due diligence have had to adopt remote processes. Out of this crisis, however, Kasch see new innovative practices emerging and completely different ways of operating.
The ongoing monitoring of agent banks and market infrastructures is a labour-intensive and resource-heavy undertaking, often dependent on manual processes. The time between receiving and analysing information is a significant risk for network managers to deal with, especially when markets are as volatile as they have been. That so many banks and brokers seldom have agile technology systems to facilitate ongoing risk assessments means they are frequently saddled with high operating costs at a time when revenues are shrinking. COVID-19 has highlighted the limitations of such practices and is forcing network teams to identify new, digital ways of fulfilling their ‘oversight’ responsibilities.
“Moving forward, network managers need to adopt near real-time risk data and analytics covering criteria such as credit risk, financial crime and cyber-risk in a structured format, preferably via a dashboard. Furthermore, clients will also increasingly demand real-time reporting of service level agreement (SLA) performance metrics,” Kasch highlighted.
This will require wholesale investment by both the vendors and the clients into new technologies which can process this information accurately and quickly. However, cost considerations could be an impediment, preventing investment into new technology.
It is in light of this, Kasch explained, that some market participants are arguing for the establishment of a mutualised utility, operated by an experienced industry leader such as SWIFT or the DTCC (Depository Trust & Clearing Corporation). The utility could receive risk information supplied by agent banks and vendors and make it readily available to network managers through APIs. In theory, this could help all participants in the custody chain manage the costs of continuous monitoring.
While the principles behind such a utility are noble, Kasch is realistic about the practical challenges that need to be addressed for this to be considered a success, including issues such as who is liable for data accuracy and consistent data definitions.
For a start, the establishment of a common utility would take a number of years to complete, effectively leaving network managers reliant on their current manual processes during the interim.
Additionally, the establishment of a common utility would take a number of years to complete, effectively leaving network managers reliant on their current manual processes during the interim.
There were other flaws in the proposed initiative, as Kasch pointed out.
“Some agent banks will object to the idea of sharing sensitive information to a mutualised utility because of internal confidentiality concerns.”
Kasch further highlighted that a single entity holding so much of the industry’s proprietary data would greatly increase the risk of targeted cyber-attacks.
Although such a utility could help agent banks standardise the data they share with each of their network manager clients, Kasch cautioned that banks and brokers would need to conduct rigorous health checks on the data to ensure that it is factually correct, especially if they are liable for the accuracy of data.
While the pandemic has put a pause on on-site due diligence, network managers believe that the higher level of accountability imposed on custodians under the Undertakings for the Collective Investment in Transferable Securities (UCITS) and AIFMD (Alternative Investment Fund Managers Directive) will prompt their return as soon as conditions permit.
Having said that, custodians who had been doing their job correctly pre-pandemic should have no concerns. However, the UCITS and AIFMD imposes ‘strict liability’ on custodians and requires them to make good their clients’ losses should the client assets be lost. Thus, it is understandable why custodians may not have the same comfort level with remote due diligence, and have on-going concerns about asset segregation and safety.
Kasch explained that as fiduciaries, custodians need to verify the truth of the information provided by their agent banks in RFP questionnaires, and this verification is most effective and reliable when conducted on-site.
For network managers, the regulatory, financial and reputational implications of making a bad provider selection decision are simply too great. It is, however, a risk that can be minimised through on-site visits.
According to Kasch, on-site visits remain a fundamental prerequisite for sound relationship management, allowing network teams to resolve local problems and learn more about the markets to which they are exposed, information which can ultimately be relayed to their clients and internal stakeholders. In these cases, network managers act as product managers for markets providing insights to market practice to colleagues and to clients.
Many network managers believe remote due diligence are a poor substitute for the real thing because, as Kasch pointed out, agent banks could ‘sanitise’ what network managers see on a virtual due diligence. He also noted that connectivity may not always be up to scratch, especially in markets where the telecommunications or power infrastructure is less stable.
The development of an immutable record of asset inventory could reduce the need for network managers to visit local markets when validating providers’ asset safekeeping arrangements. Kasch believes that such a technological innovation would be the strongest driver for the removal of on-site due diligence visits.
Being a network manager is not for the rigid, or the faint of heart. Network management is a fluid profession, requiring practitioners to constantly adapt and flex according to the underlying risks they encounter. At the same time, there are limits to what network managers can accomplish, especially when the challenges are quite bespoke and require specialist knowledge.
Cyber security is a key area requiring network managers to collaborate with specialists in the field. The proliferation of digital solutions and their widespread adoption sparked by COVID-19 offers cyber criminals a larger surface area for attack than before. Kasch stressed that new threats like these need to be monitored by technical experts, along with other specialised risks that may be introduced by the use of digital assets and disruptive technologies such as APIs.
Network managers would do well to focus on their core strengths of managing their service providers, from sourcing, selection and oversight to the eventual exit as the situation requires. They need to be mindful of their limitations and call upon technical and other experts when needed. As the industry becomes increasingly digitalised and complex, the collaboration between network managers and technical experts will be increasingly important part of the continuing service provider reviews and due diligence processes.
