The SEC has just announced charges in one of the largest frauds and fund failures since Madoff. Per Reuters, Germany's Allianz SE will pay more than $6 billion in fines and restitution following the collapse of the firm's Structured Alpha funds. Allianz's U.S. asset management unit also pleaded guilty to criminal securities fraud.
The SEC's complaint makes fascinating reading. What appears to have happened is that three key portfolio managers manipulated risk reports related to the Structured Alpha group of funds. These products promised additional alpha above their core benchmarks combined with tail risk hedging, relying on complex option and derivatives strategies.
The ringleaders were Greg Tournant, the CIO and head of the entire Structured Alpha Group at Allianz, alongside Trevor Taylor, Co Lead Portfolio Manager. Also charged by the SEC is Stephen Bond-Nelson, another portfolio manager. These men, aged 50-52, were not junior analysts - they were the leaders and most senior executives of the entire $10 billion+ Structured Alpha platform.
Their approach to amending risk reports was widespread, but not necessarily very sophisticated. The SEC states, for example:
Also interesting is the fact that this Allianz unit represented to investors that the 500bp+ versions of the Structured Alpha strategy were hard closed with a $9 billion limit. However, the firm was actually closer to $12 billion.
Allianz's guilty plea carries a 10-year ban on Allianz Global Investors' providing advisory services to U.S.-registered investment funds, with the result that the existing book is expected to be sold to Voya. There is no reported impact on PIMCO, a separate subsidiary of Allianz.
Reviews of risk reporting are part of the IDD / Risk due diligence workflow, but there are nonetheless plenty of ODD lessons here.
- Large managers are not free of the risk of fraud. Indeed, large managers may actually be at higher risk as a departmentalized, bureaucratic organization may have more control gaps as compared to a smaller, cohesive, "single purpose" asset manager. We often say that the biggest decider of what makes an "institutional" asset manager is their ability to make investors (largely) whole if something goes wrong - not necessarily that they have "institutional" quality controls.
- The most senior executives and leaders of a product and strategy may be precisely those who commit fraud (think Iftikar Ahmed of Oak Partners or, in the corporate world, Adam Rogas of NS8).
- Top tier service providers may not protect against fraud. In this case, Castle Hall's DiligenceExpress Form ADV reports (available free to Castle Hall registered users) shows that a sample Structured Alpha fund had PwC as auditor and State Street as administrator. However, it would not be typical practice for the auditor or admin to issue or directly validate risk reports - so, in essence, the portfolio managers were able to piggy back on the credibility of top tier service providers (and Allianz as parent).
- Just because other well known investors have invested - it doesn't mean that the fund will still not blow up. Structured Alpha had more than 100 institutional investors, many of whom conducted detailed IDD around the investment management process and related risk management procedures.
- In the world of risk management, an independent risk management team is critical. This is probably our biggest observation. When Castle Hall completes a RiskDiligence review alongside our ODD, a key area of focus is whether there is an independent risk manager and an independent risk group, able to both calculate their own risk metrics and then generate their own reporting. Enabling the PM of the strategy to generate his or her own risk numbers - while dishearteningly common - is at the heart of this fraud.
- Where was compliance? We don't necessarily expect the compliance team to review all monthly reports and reperform complex risk calculations. However, compliance should have had some involvement - and certainly there is an obvious discrepancy if marketing materials are being sent out which show a $9 billion hard close capacity cap when the portfolio is several billion above that level.
- Where was internal audit? One of the benefits of investing with large institutional asset managers is the likely deployment of internal audit teams. A strong internal audit function could have focused on how risk numbers were generated, as the tail risk numbers were clearly core to the description and sales of the Structured Alpha strategy. Internal audit would hopefully have found something as basic as making -42% become -4% just by dropping a digit.
- What about SOC 1? Again, many large managers have SOC 1 reports, which provide a level of confidence due to an external review of controls. Certainly, these reports do bring some value: but we have never seen a SOC 1 that included detailed testing of risk management reporting (we stand corrected if this is included in some SOC reports). This is clearly an area which should be added to enhance the SOC scope going forward - investors have just lost $6 billion and should now demand this from the auditors.
- AIFMD independent risk reporting is a great idea. Generally, we're not great fans of the Eurocrats' AIFMD legislation, which promises a simple answer to a complex question (exactly how does a depositary hold private equity assets or private debt, for example??) But the appointment of an independent risk officer is a great idea - our diligence on some of the Manco providers in Ireland, for example, shows how clear segregation of risk measurement and management from the portfolio managers would likely have detected this fraud.
- Managed Accounts may be ideal. Yes, some strategies are complex - but here we have a manager who simply lied about their portfolio and related risk sensitivity. A managed account structure, especially when combined with independent risk management expertise, presents a very interesting alternative for investors looking at derivative heavy strategies. The recent acquisition of Hedgemark by Innocap, for example, is one model with exactly this combination of capabilities.
In Castle Hall's view, this is a gamechanger of a fraud. Yes, smaller managers will continue to blow up, potentially with large financial impacts (think Bridging Capital with $1 billion plus in investor losses ). But such a pervasive, costly fraud; resulting from the lack of independent risk management; in an extremely well resourced global financial institution - is a reminder that fraud can happen anywhere.
The answer, of course, is independence. To prevent fraud, asset managers must create effective segregation of duties. They must then empower risk management teams, compliance, internal audit, external audit, administrators and valuation service providers, to name but a few, to bring rigorous professional skepticism and independent power and authority to the investment and fund management process. When that doesn't happen - either through poor work or the service provider viewing their "client" as the manager, not the investors who pay them - we will all continue to learn the hard way.