Skip to main content

The investment management industry has changed radically since the 2008 financial crisis, and continues to adapt to the needs of investors to generate returns and spread risk through investment in a wider range of asset classes.

Although there has been consolidation among traditional asset managers, there has also been an expansion of the numbers of specialist investment managers in the private markets space. Private market assets under management (AUM) have more than doubled since 2012, and are now estimated to be in excess of US$25 trillion.

Christine Young
Christine Young

Managing Consultant | Advisory

The industry has also been challenged with an unprecedented imposition of regulation, which has driven up costs. The focus has therefore been on other areas for cost reduction, including using more efficient technologies and outsourcing operational activities.

Due diligence is one area in which organisations can immediately reap the benefits of outsourcing. There are very large and sophisticated organisations that still rely on Excel spreadsheets of dubious accuracy and currency, and without harnessing the benefits of automation they are also exposed to unknown levels of ‘fourth-party risk’ (or ‘hidden outsourcing’).

That said, the outsourcing of any activity by a financial institution creates a dependency that needs to be managed. The risks associated with outsourcing need to be understood in advance, and then managed on a continuous basis over the life of the outsourcing agreement. Regulation has developed in parallel with the growth of the outsourcing industry, providing requirements around risk management practices and, in some markets, defining minimum standards that must be adhered to.

For asset owners, a combination of the need to expand the pool of investment management expertise to capture each asset class and maintain compliant risk management practices has resulted in an operational burden of oversight of third parties, which has put pressure on internal resources. As a minimum, the asset owner must consider implementing:

  • a third-party risk management framework;
  • a centralised record of all third parties for everyone in the organisation to access and maintain;
  • identification of critical outsourcing arrangements, where the failure of the service provider could impact core activities;
  • maintenance of a library of up-to-date information required from the service provider, including financial statements, insurance certificates etc; and
  • monitoring of any event, either at market or entity level, that could negatively impact the service provision.


Orbit Diligence

Orbit Diligence

Automate your DDQ and RFI processes for a wide range of use cases, accessing a library of off-the-shelf questionnaires and risk frameworks.

Learn more