Returns that are high-quality are important, however it’s not sufficient. Unfortunate mistakes in valuation, fees or compliance could undermine confidence in investors and cause sales to suffer, as well as stall fundraising. While these problems can remain in the shadows for a while, if they do surface they could severely affect the assets under management (AUM) and damage reputation and hamper long-term growth.
Companies that consistently outperform counterparts do more than just invest wisely. They establish trust, stability, and resiliency through solid control and governance. This isn’t just for big asset managers. Companies of all sizes are able to adopt the approach of the best performers.
The Hidden Divide in the Industry
The industry of asset management is massive, with more than 15,000 Securities Exchange Commission (SEC)-registered firms in the U.S. Of these around 125, a majority are public and are subject to the Sarbanes-Oxley Act (SOX) Section 404(b) in which the company must undergo an external audit of internal controls for financial reporting. That’s over 99% of the market is operating without an internal control framework in place.
Although many public asset managers are required to comply with SOX 302, which requires confirmation of the completeness and accuracy in internal control and information disclosures, it’s SOX 404(b) that requires rigorous, independent testing the majority of firms do not have. For companies that are smaller or growing this gap is understandable. Complete SOX compliance can be costly and a full-time internal audit function might seem out of reach. In reality, many companies have been operating successfully for years, using small teams, and have only performed external financial audits that were used to evaluate internal controls.
Relying on informal processes might appear to be “good enough” , until it’s not. If control issues, regulatory findings or due diligence mistakes are made, the consequences are not only costly but also high profile and public.
The Real Risk Isn’t About Performance: It’s About Losing Trust
The regulators, institutional clients and private investors are looking beyond the returns. They also evaluate a company’s operating model, risk-management method and transparency level.
Many times, they ask:
- How do you ensure that your fees are accurately billed?
- What happens if there’s a data breach or an incident of compliance?
- How can you ensure the accuracy of your accounts and reconcile them on time?
- Who’s testing your internal control systems?
- Are control failures addressed promptly?
Reactive or vague answers to these questions usually indicate concern, even if investments are sound. It’s because trust is among the most valuable assets an asset manager could hold. It’s not just about fraud prevention, but also showing that a company has been designed to stand the test of time.
What the Data Actually Shows
- 79% of the CFOs agree that their financial reports improved following SOX implementation.
- Businesses with material control weaknesses have a 50 to 150 basis points more expensive cost of equity until the problems are fixed.
- Publicly traded asset managers that absorb SOX compliance costs still report median operating margins of 29-35%.
- Companies with more robust internal control structures generally have greater resilience during downturns, and less likely suffer setbacks in their reputation or under regulatory scrutiny.
Effective controls do not hinder the performance of the business, but rather protect it. A well-functioning control system helps to ensure more stable earnings, minimizes the risk of legal liability and increases confidence among employees, investors and strategic partners as well as potential buyers.
Why Growing Firms Get This Wrong
Many managers at the beginning of their growth don’t see the risk due to their inattention. More often, they’re resource-constrained, focused on growth or haven’t encountered a serious issue, making oversight feel like overhead.
However, the earlier a control foundation is laid the simpler and efficient it is to expand. When a company is acquiring institutional capital or is preparing for an exit from the public market, the gaps can be more difficult and more costly to close.
What are the things that are most often overlooked?
- Separation of tasks
- Internal processes that are documented
- Regular testing of controls
- Scalable compliance infrastructure
- Proactive Monitoring of high-risk areas (e.g. cybersecurity, valuation fee billing and regulatory compliance, trade-related mistakes, and third-party risk)
Even if they’re not bound by SOX, institutional clients typically anticipate SOX-like discipline.
Getting It Right Without Overspending
An Internal audit department of 12 people or an investment of $2 million SOX program isn’t required to establish a solid foundation for risk management. However, having a plan is crucial. Firms that have a good risk management strategy tend to:
- Set a tone at the top of the chain where compliance and controls are viewed as important, not sidelined.
- Establish a risk-based control system that focuses on areas of high-impact.
- Have leaders participate in a dialogue with each other about current and emerging risks both internally and externally.
- Use automated monitoring tools to identify issues before they become serious.
- Outsource internal auditing to provide an objective report until the scale is in favor of the decision to bring it into-house.
- Treat auditors and compliance as enablers, not bottlenecks.
When it is approached in a thoughtful manner, the control program can become more than just a tool for compliance. It could be an advantage for competitive purposes. The importance of oversight is:
- help identify and manage the risk more efficiently
- It is easier to streamline due diligence for prospective investors
- Reduce distraction and time during examinations for regulatory compliance.
- Create trust with board members and partners.
- Focus on growth and have fewer surprises.
Closing Thoughts: Resilience Is a Choice
Risks in asset management firms are a wide range of forms. Markets, regulatory, information technology, valuation and operational,to name the most common. Although not all risks are completely eliminated, the most important thing is knowing what risks to take on and which ones to control, and those to stay clear of altogether.
A well-functioning control system doesn’t ensure success. However, a weak control environment will increase the risk and potential impact of setbacks. The most successful businesses acknowledge the significance of risk management as well as control and make early investments in building trust from the inside out.
Are you ready to grow with confidence?
If your business is expanding, whether for an institutional capital raise, merger, acquisition or new product launches, now is the perfect time to build your base. Contact us, we at Parr & Ibarra CPA in Keller, TX assist asset managers in expanding the scope of compliance, internal audit, and SOX using practical, risk-based strategies that match the growth of the business. Let’s work together to build resilience.
