Skip to main content
Talk to the team

Operational resilience in investment management

Operational resilience continues to be a top-of-mind issue for investment management firms globally. At its core, operational resilience is about asking: can your investment operations continue to function effectively, even when faced with disruption? For investment operations and data teams, the stakes are incredibly high – managing billions in assets, where even small errors can have significant consequences.

This isn't just an internal concern, there's a fundamental shift in how regulators are viewing operational risk. Regulators are formalising resilience frameworks worldwide. In the UK the operational resilience framework came into effect a few years ago, which focuses heavily on important business services, what they've defined and sending impact tolerances. 

Australia’s CPS 230 is APRA's new Operational Risk Management, Prudential Standard, and it's quite comprehensive. It's built on three key pillars, operational risk management, business continuity management, and third party risk management. For investment teams, this means they need robust systems to identify, assess and manage operational risks across all of their processes. In New Zealand, the Reserve Banks, BS 11 for banks and similar guidance for insurers address operational risks. There’s a clear direction of travel and this signals a fundamental shift in how firms must think about operational risk.

Watch our recent AlphaChat, where Stephen Huppert, Independent Consultant, and Scott Taylor, GM Growth & Strategy at AlphaCert, explore operational resilience and risk management in investment operations

The global shift to operational risk

Historically, the regulatory focus has primarily been on financial risks – like market risk and credit risk. More recently, however, several high-profile incidents have shown that operational failures can have large impacts on customers and market confidence.

In the investment space, there have been fund administrators with system failures that delayed NAV and unit pricing calculations, which prevented timely trading or redemptions. In another case, a major European asset manager had a week-long outage in its valuation systems, affecting thousands of investors and leading to significant regulatory scrutiny. "The reputation risk and the anger of consumers towards these financial institutions is significant," says Stephen Huppert. “If we look at all these instances across the globe, it's really driving a shift in regulatory approach.”

The Hidden Risks in Your Daily Operations

For many organisations, the greatest risks are not in complex financial models but are built up over time in day-to-day processes. Many funds have grown organically or through mergers, accumulating a mix of systems and data sources. To bridge the gaps, teams often rely on manual workarounds like spreadsheets and email-based approvals.

While these tools might work day-to-day, they don't provide the governance or resilience needed. 

“When data management is fragmented or relies on manual processes, you're introducing significant operational risks,” says Scott. “Think about it, if your data is inaccurate or you're making investment decisions based on flawed information, you can't meet reporting obligations to regulators or members.”

These manual processes also create a heavy reliance on a few key individuals. Scott Taylor describes this critical vulnerability, explaining that, "one of the most common scenarios we see is organisations relying on a few key individuals who understand how everything fits together. If those people are unavailable... the process simply breaks down".

Building the foundations

Instead of simply planning for major disruptions, the goal of operational resilience is to strengthen the core operation itself, making it inherently more adaptable to whatever challenges the future brings. Funds need to be able to demonstrate that they have robust controls around data quality, consistency and very strong data governance throughout the organisation. 

Data foundation

The most effective approach is to centralise and automate your processes. This establishes a single source of truth for investment data and surrounds it with clear governance, directly addressing the risks of fragmented, manual systems. According to Scott, technology is central to addressing these challenges. Resilient organisations use modern platforms to centralise data management, automate workflows, and provide comprehensive, systemised audit trails.

Business continuity planning

Resilience requires clear plans for specific, plausible scenarios like system outages, data provider failures, or staff unavailability. The pandemic provided a real-world test for many organisations and revealed gaps in their planning. Many had plans for office unavailability, but they didn't fully consider scenarios where entire regions were affected simultaneously. So investment data specifically, the continuity planning needs to answer critical questions like, what happens if a key data feed fails? How quickly can we switch to alternative sources, and how do we validate alternative data for accuracy? These are practical scenarios that teams need to be prepared for.

Robust Third-Party Risk Management

Investment operations typically rely on a complex network of third parties, including market data providers, index providers, custodians, fund administrators and technology vendors. Each of these represents a potential point of failure in your operational process. A resilient framework requires assessing, monitoring, and managing these third-party risks through initial due diligence and ongoing governance. The key is understanding not just the direct relationship but the dependencies between them. 

“We're seeing more organisations mapping out their entire third party ecosystem, identifying critical dependencies and developing specific continuity plans for each one,” says Scott. “This might include alternative data sources, backup service providers, or internal capabilities that can be activated if needed.”

Becoming resilient 

Take a strategic approach. Don't view operational resilience purely as a compliance exercise, but use it as an opportunity to strengthen your operation and create a competitive advantage through resiliency and efficiency.

Focus on your data foundation. If you have disparate systems, if you rely still on spreadsheets and manual data manipulation to deliver critical decision making data to other people in the business who will be making important decisions based on this data. By centralising and automating your process, you can create a very, very strong foundation.

Finally, set a plan. Prioritise based on risk to your operation and the impact. Start with areas that pose the greatest risk to your operations and work methodically from there. “And make sure it has the leadership oversight and buy-in right from day one,” says Scott. “Organisations that approach this thoughtfully will emerge with not just regulatory compliance, but a stronger, more resilient operation that can adapt to whatever challenges the future brings.”

At AlphaCert, we empower investment management teams with a robust data management platform designed to automate, centralise and simplify investment data operations. With our secure, scalable and cloud-based solution, you gain a single source of truth for your investment data, enabling better governance, operational efficiency, and confident decision-making. Learn how AlphaCert can transform your investment operations.

Tags:

Investment data management
Spreadsheet risk

Spreadsheet risk: closing the bell?

Spreadsheets are the tools of trade in any investment entity, but the risks of using them combined with data from disparate systems are becoming increasingly apparent.
Categories