Last week, I chaired the first full day of InvestOps Europe in London and listened to the chief operating officers (COOs) of numerous asset management firms expound on their assorted concerns. Worries about geopolitics and their impact on cybersecurity, apprehensions about the shortening of the settlement cycle and how it will affect the costs of operation, ongoing trials and tribulations with environmental, social and governance (ESG) data – there’s a lot to contend with at the moment.
One of the most common concerns raised by speakers was a theme that has been common across the various segments of capital markets post-pandemic: talent retention. Numerous COOs have implemented new programmes to train up their staff with a view to fostering citizen developers. But how do you keep these staff members happy and engaged (and prevent them walking out the door), once they’ve picked up the requisite skills? Moreover, how do you keep a good handle on product and technology development if it is increasingly distributed?
The democratisation of development is a significant challenge for governance, especially when there is such an intense industry focus on cybersecurity and operational resilience. After all, oversight of technology assets and their support in core business areas is part and parcel of the governance required by incoming regulations such as the Digital Operational Resilience Act (which I commonly refer to as DORA the regulatory explorer). So, if COOs want to ensure that their firms remain resilient and any cybersecurity loopholes are kept closed, they need to ensure these citizen developers are monitored and given specific guidelines when it comes to coding. Autonomy versus oversight is something the IT team has long been struggling with, so this is nothing new but it’s a new context for an old problem.
Getting the work from home versus work from the office balance right is also tricky two years into the advent of industry-wide hybrid working. COOs noted that the 3/2 model has become popular but isn’t always accepted by new entrants that wish for complete flexibility in where they live and work. Remote working in Mauritius 24/7 might be great in concept, but with the need to bond with colleagues and collaboratively work on product development or innovation initiatives, it isn’t very practical.
DORA has also increased asset managers’ anxieties about their service providers, especially given the increase in big game hunting. As noted by one attendee, it’s a bit like choosing between going it alone in a small boat that is vulnerable to enemy fire but hard to find, versus an aircraft carrier that has a lot of firepower but presents a large target (a great analogy that I will be making use of).
If you outsource, you remain liable for any operational problems, so oversight needs to be rigorous and sometimes large providers are less than forthcoming with required due diligence data. Cloud providers in particular were cited as difficult to deal with on the documentation and governance front by the asset management COOs. A mid-tier asset manager is a very small fish in a very big pond to the likes of the big tech firms, after all.
As expected, costs continue to be a concern for the COO crowd. Many of these firms are drowning in data, especially on the ESG front, and they need to spend money on technology and support, but most of it isn’t cheap. Making the right decisions at the right time isn’t simple and everyone noted that silver bullets just don’t exist to solve every problem. Low code platforms seem to be having their day in the sun, however, as many speakers and attendees noted that they are at the peak of their hype cycle in the buy-side.
To end on a more positive note, there were certainly some great examples shown around how to approach each problem. Many asset managers noted that they have to eat the data pachyderm and they’re carving it up into bite-sized pieces and finding the right cutlery for the task.