Vendor Management and the Supply Chain

Is it time for institutional investors to reclassify their relationship with third party asset managers? Are asset managers "simply" vendors, selling investment management products? As such, should asset  managers be evaluated, systematically and objectively, within the discipline of supply chain risk management ("SCRM")?

Investing, particularly alternative asset investing, often remains a specialized, discreet process managed by subject matter specialists. Those professionals, in front and back offices, build relationships with the handful of "good" asset managers. Those "good" managers are scare, or so we are told, and relationships are often paramount to guarantee access and capacity. Indeed, a client told Castle Hall earlier this year that they were entirely comfortable with a private equity GP - and didn't need to conduct any due diligence on that manager - as they had "golfed with him" for more than 20 years. Other investors have expressed concern that if they "ask too many questions" they will be scaled back and lose capacity in "hot" PE raises.

Hmm.

Overall, however, the process to conduct initial due diligence, and then maintain ongoing oversight over third party asset managers, has become more systematic and more consistent. Many investors are subject to regulatory oversight, external and internal audit, Sarbanes Oxley and similar functional obligations. In other words, many asset owners are professional investing entities subject to normal, institutional control structures.

This has resulted in a number of key changes in the diligence process:

• To meet obligations as a fiduciary, asset owners should monitor all investment managers over time - not only conduct initial diligence when a manager is underwritten as a new introduction to the portfolio.
• Diligence is multi asset class: risk adjusted diligence is required across alternatives (hedge funds, PE, venture,  infrastructure and real estate) as well as across managers of traditional long only portfolios.
• Diligence should consider each asset owned - a specific fund or SMA - and not be limited to a generic review of the "manager" or a flagship strategy.

All of which raises a broader question - is it time to "demystify" the due diligence process, across both front and back office, and treat asset owning organizations like other corporations? Should we think about the process to engage and then oversee external asset managers similar to the way a manufacturing company - Apple, Tesla, Nike, GE - oversees their supply chain?

One leading supply chain textbook is "Supply Chain Risk Management: Vulnerability and Resilience in Logistics" by Donald Walters. This book defines the context and purpose of Supply Chain Risk Management (SCRM): 

SCRM is responsible for all aspects of risk to the supply chain. Specifically, it ensures that principles established by senior managers are applied to logistics risk. So a reasonable starting point for SCRM has senior logistics managers analysing the organization’s overall risk strategy and identifying its requirements from logistics. Then they design their own long-term plans for risk in the supply chain – included in a supply chain risk strategy, which contains all the long-term goals, plans, policies, culture, resources, decisions and actions that relate to risks within a supply chain.

[These include:]

• the aims and targets to be achieved by SCRM, and its place in the business culture;
• statements of who is responsible for SCRM, the work of risk management teams, their membership, and other details of the management structure, roles and responsibilities;
• a review of the organization’s attitude towards risk, extracted from its broad strategies and consequent objectives for SCRM;
• a summary of corporate policies relevant to supply chain risk and the scope of SCRM;
• a review of the resources, systems, tools and facilities available for SCRM;
• procedures, methods and tools for assembling a list of risks and their causes, likelihoods and consequences;
• procedures, methods and tools for analysing the impact of risks and their significance;
• procedures, methods and tools for designing alternative responses to the risks and selecting the most appropriate;
• policies for allocating and sharing risk among stakeholders;
• a summary of training, education and communication needs;
• methods for monitoring risk, maintaining the risk management process, updating procedures, communicating results, measuring performance and achieving continuous improvement.