Getting to grips with legal risk in investment compliance

First, especially in times of falling markets, fund managers’ clients have every incentive to closely scrutinise the investment strategy adopted, and the investments made. If the manager has acted outside the scope of the mandate, the client will be looking to shift the losses from the client’s portfolio to the manager. In other words, allegations of breaches of investment compliance usually arise where there has been a substantial loss to the portfolio. Clients rarely complain about breaches of investment guidelines that have resulted in a profit, but will always do so if their portfolio, or the particular investment concerned, has under-performed. For example, in 2001, the Unilever pension fund trustees brought an action against Merrill Lynch Investment Management, formerly Mercury Asset Management, for allegedly mismanaging the pension fund in the mid to late 1990s.

The basis of the Unilever Trustees’ claim was quite complex. It included allegations of failing to manage the fund in accordance with the agreed investment objectives, and therefore acting in breach of contract. The investment mandate provided that "in normal circumstances" the return was not expected to be more than 3% below the benchmark index for any four consecutive quarters. In fact, the performance of the fund fell well below this percentage tolerance. The case was settled out of court, for an estimated payment of £75 million.

Secondly, a breach of investment guidelines can have very damaging, and very public, consequences for the client itself, and it is therefore simply not possible for the problem to be addressed quietly behind the scenes. A good example of this is where the client is an investment trust company, and loses its investment trust company status as a result of the purchase of shares outside Inland Revenue required limits.

In 1998, a number of investment trusts bought shares in the newly listed Brazilian regional telecom companies, in addition to their holdings in Telebras, the state controlled telecom operator. The Inland Revenue ruled that the regional companies were part of the same group as Telebras, and as a result the 15% limit was breached. A similar example was when one of the Fidelity investment trusts forfeited its investment trust status because, in addition to its existing investment in HSBC, it acquired shares in Hang Seng Bank, also part of the HSBC group. In the words of a commentator at the time "….thankfully there has been nothing bad in terms of the financial effects for the investment trusts, though obviously it does not reflect well on the sector if fund managers do not understand the rules of investment trusts".

Similarly, a breach of investment guidelines by the investment manager of a unit trust or other authorised mutual funds can lead to breaches of the laws and regulations applying to the mutual funds. A spectacular example was the Morgan Grenfell unit trusts managed by Peter Young, who invested substantial amounts of the funds’ assets in unlisted securities, in clear breach of what was then the Unit Trust Regulations. This led to regulatory action against the investment manager, the unit trust manager, the trustees and various members of Morgan Grenfell’s management.

Thirdly, in view of some of the high profile cases of investment compliance breaches in recent years, there has been enhanced regulatory focus on this area. The regulators of investment management firms are interested in the systems and controls the firm has in place to ensure investment compliance. Institutional clients of investment managers, particularly pension fund trustees, are also being expected to exercise greater oversight of portfolio management. A statutory duty of trustees to monitor the management of the fund by its investment managers was introduced in the Pension Act 1995, in the aftermath of the Maxwell pension funds debacle. Following the Myners Review of Institutional Investment in the UK in 2000, a series of Principles have been established for trustees to follow, which include setting clearer investment objectives in respect of the pension fund, and setting appropriate benchmarks and risk parameters for investment managers, with due regard to asset allocation strategies. It has become increasingly important for investment managers to be able to justify their investment decisions in the light of more detailed investment mandates from their clients.

Finally, a breach of investment restrictions is, at least with the benefit of hindsight, a relatively straightforward situation, on which it is very easy for a regulator to base disciplinary action, against the firm and its management. It is easy for a regulator to say in hindsight that the investment breach would never have happened, or would have been detected and dealt with much more quickly than it was, if the investment management firm had had proper systems and controls in place, and proper management oversight had been exercised.

Regulators place great emphasis on senior management responsibility for the proper conduct of investment business. All directors, and other individuals who exercise significant management functions, the compliance oversight function and the risk assessment function, need to be individually registered with the FSA as approved persons. In the case of investment compliance breaches, the regulator is very likely to focus not just on disciplinary action against the firm, but also investigate whether there have been shortcomings by individual members of management.

A breach of investment restrictions that has disadvantaged retail investors, is particularly likely to result in serious disciplinary sanctions from regulators. In the Morgan Grenfell case, Deutsche Bank, the owner of the Morgan Grenfell businesses, voluntarily agreed to pay the unit trusts £180 million for the unlisted securities, which were probably worthless. In addition to this, the Investment Management Regulatory Organisation (IMRO) required Morgan Grenfell to compensate investors in the funds, and the total compensation package amounted to a sum in excess of £210 million for some 180,000 investors.

Excepting the compensation package, IMRO disciplined the unit trust manager and the investment manager, with a fine of £2 million and costs of more than £1 million. It also disciplined the trustees of the fund and a number of senior managers of the Morgan Grenfell Asset Management Group, including the chief executive and the compliance officer.

But how do these investment compliance breaches arise in the first place? The first problem area is that the scope of the investment mandate is rather unclear. A few years ago, an investment management firm asked me to review its existing mandates. Here are some of the problems that emerged.

In some cases there were internal inconsistencies, such as a fairly aggressive objective of out-performing the benchmark, coupled with requirements to adopt a low-risk approach. In some cases the objective was to track a benchmark, but the client had excluded investment in various sectors represented in the benchmark index, making it extremely difficult to track the performance of that index. In many cases, whether and to what extent it was permissible to use derivatives in the management of the portfolio was extremely unclear. Where there were guidelines on the use of derivatives, for example for hedging purposes only, it was very unclear whether instruments such as listed warrants, convertible bonds and other securities with embedded-option features were meant to be classified as derivatives or not.

It was quite common for the mandate to include a requirement to follow the investment guidelines or restrictions applying under certain legislation, or rules to which the client was subject. The investment management firm did not have a copy of the relevant rules, and had not issued any guidance to the individual fund manager on what restrictions they might contain.

Another problem was that some clients had insisted on a particular restriction, such as investment in alcohol and tobacco companies, which the firm’s systems were not set up to monitor. This kind of restriction can be very easy for the individual fund manager to overlook, and can also lead to uncertainty where investment has been made in a conglomerate, the interests of which include some alcohol and tobacco companies.

Some of these may seem fairly extreme examples. But even in the Unilever case, where the mandate was in fairly customary form, long hours in court were devoted to the arguments presented by counsel for the parties on what the Investment Objectives and the Investment Guidelines in the Investment Management Agreement actually meant.

The investment objectives referred to the return being expected to be no more than 3% below the benchmark index for four consecutive quarters "in normal circumstances". The Trustees accepted that there was no guarantee that the downside tolerance would not be breached, but argued that the investment manager had to exercise all skill and care to avoid it doing so. Counsel for the investment manager argued that, because of the words "expected in normal circumstances to be", only a lower standard of care in this regard was required. As the case seems to have settled for a substantial payment, this argument must have been thought to be somewhat weak.

In summary, it is essential to ensure that the scope of the investment mandate is clear, and that the client and the investment management firm do not have a different understanding on it. It is also important that the investment objectives and guidelines are not inherently contradictory, or impractical to follow, and that the investment parameters agreed with the client are compatible with whatever compliance monitoring systems the firm has adopted, otherwise a breach of those parameters is likely to go undetected unless and until the client or a regulator identifies it.

The second area important from a lawyer’s perspective is: both to meet regulatory requirements and to improve your chances of defending any actions brought by clients, your investment processes, including monitoring of risk levels, responsiveness of your processes to market changes, and management oversight of individual fund manager performance, should be clearly documented, and followed in practice.

The FSA rules require, among other things, that functions such as oversight of establishment and maintenance of systems and controls are appropriately allocated to one or more individual members of senior management, and this allocation must be recorded in writing. A firm needs to have clear reporting lines where performance of risk management functions is delegated, and there must be systems in place to ensure that senior management receive the information they need to exercise their oversight functions properly. In the case of investment compliance, if there are breaches, and these are not promptly detected by monitoring systems, the FSA is likely to treat this as evidence of inadequacies in systems and controls, and of failure on the part of senior management to do their job.

Appropriate allocations of responsibility, that clearly document chains of delegation, and clear-cut reporting lines, can substantially reduce the risk of regulatory action being brought against individual members of senior management who are not personally at fault.

Similarly, if there is a case brought against the firm for poor investment performance, being able to demonstrate that proper processes were in place, and followed, will make it much more difficult for the client to succeed in an action for breach of contract or negligence.

There is a very strong case for asset managers to put in place the right systems and controls to enable them to manage client mandate and regulatory compliance on a pre- and post-trade basis. Some of the new real-time technology, for example LatentZero’s Sentinel system, which can be programmed to support very complex mandates on a global basis, will certainly mitigate the risk of compliance breaches. Or, to put it another way, asset managers who rely simply on old post-trade systems, or still run compliance checking on a manual basis, are significantly adding to their risk of being in breach.

The third and final problem is: how to handle the situation where the firm has become aware of an actual or potential investment breach? Of course, each case will be different, but there are a number of things to watch out for:

• First, act promptly. If it’s not clear whether there has been a breach of investment strategy or guidelines or how a breach arose, this needs to be investigated quickly. Clearly, one of the things that caused IMRO to impose substantial penalties on Morgan Grenfell, the trustees of the funds and Morgan Grenfell’s management, was that a problem that emerged in April was allowed to drift on for several months without effective action being taken.

• Communicate properly and fully with regulators. Remember that an FSA-regulated firm is required "to deal with its regulator in an open and co-operative way and must disclose to the FSA appropriately anything relating to the firm of which the FSA would reasonably expect notice". This would not require the UK watchdog to be informed of each and every one-off error, or client complaint in respect of investment compliance. However, if there has been a significant failure in systems and controls, or a significant failure to act in clients’ best interests, prompt notification is expected. Again, it is important to get the facts straight quickly, so that if necessary you can notify FSA without undue delay, and without the risk of giving FSA an incorrect impression of what has actually happened.

• Don’t have smoking guns. While looking into the situation and deciding what to do, there is a risk of generating unhelpful communications that are not legally privileged and that may be very damaging if it comes to disciplinary action by a regulator or legal action by a client. For this reason, if no other, it may be useful to get advice from lawyers at an early stage.

If there has been an investment breach, the client will be looking for compensation. And it’s normally in the interests of the asset management firm to settle before the matter is referred to the regulators. But how should the compensation be calculated? The general principle is easy to state -- that the client is entitled to be placed, so far as money can do it, in the same position as he would have been in had the breach not occurred. However, applying this general principle to the facts of any particular case can be challenging, and there is no clear guidance, whether from regulators or industry associations, on the approach to take. Nor is there any developed case law on this topic in the UK and other common law jurisdictions.

In the absence of clear guidance, it’s usually a good idea to establish a firm policy as to the methodology to be adopted in calculating compensation for errors, and to follow that policy consistently (even in cases where using a different basis for compensation would be more advantageous to the firm). If your methodology is fair and reasonable, and consistently applied, this should help to convince regulators that you have behaved appropriately, and help to convince the client to accept your settlement offer. OpRisk

Pauline Ashall is a partner in the financial markets group of Linklaters, in London.

email: pauline.ashall@linklaters.com