August 19, 2013
Interviewed by: David Snow
Video Clip
Login to view full video

The SEC Says You Need ERM

What is “Enterprise Risk Management?” Many private equity GPs don’t know the answer – but the SEC wants them to, as ongoing compliance examinations are making clear. A former SEC attorney and experts from New Mountain Capital discuss why and how the principles behind ERM must become an integral part of every firm’s compliance culture. Part 4 of Privcap’s “Excellence in Compliance” series.

What is “Enterprise Risk Management?” Many private equity GPs don’t know the answer – but the SEC wants them to, as ongoing compliance examinations are making clear. A former SEC attorney and experts from New Mountain Capital discuss why and how the principles behind ERM must become an integral part of every firm’s compliance culture. Part 4 of Privcap’s “Excellence in Compliance” series.

The SEC Says You Need ERM

Excellence in Compliance

David Snow, Privcap:

We are joined today by Gary Kaminsky of Rothstein Kass, Adam Weinstein of New Mountain Capital, and Paula Bosco of New Mountain Capital, welcome all of you to Privcap today. We are talking about the new world of regulations that the private equity market finds itself in. There’s a lot we could talk about, but I’d like to start with a term that I am less familiar with and maybe a lot of private equity people are less family with. ERM. Suddenly that’s an important thing to have. First of all, I don’t know what it is, so maybe, Gary, you could start by defining what it is, and we can talk about why private equity firms need it.

Gary Kaminsky, Rothstein Kass:

Okay, well, I think that it’s a-, Enterprise Risk Management is a very broad term. I think that I like to talk in terms of regulatory enterprise risk management to kind of bring that term down to the alternative management, and it really is the process of planning, organizing, leading, and controlling the activities of the organization in such a way that operationally and from a compliance perspective, you are minimizing the effects of lapses in those areas, particularly in the front, middle, back office.

Now, that’s a mouthful. But what it is is it’s a system of checks and balances in essence where you put in place infrastructure to ensure that the tasks that need to be done are efficiently done but that there are checks and balance, for instance, you don’t have a situation where a trader can book false trades because somebody each day is reconciling trades, and if there’s a break, they’re going to ask a question in that regard, I mean, that’s the simplest. And I think that, in a lot of the speeches that Carlo, who runs OCIE, is saying. He is expecting Enterprise Risk Management, they’re going in and examining firms and looking to see how their systems work.

Snow:

So, I mean, if you went to most CFOs who typically manage the private equity firm, if you went to most CFOs across the private equity market and said, “How’s your ERM?” would most of ‘em say, “Great,” or would they say, “What is that?” or what would their response be?

Adam Weinstein, New Mountain Capital:

I think a lot would say, “What is that?” And, you know, I think when you, you know, read a definition or, you know, go to Wikipedia, you know, and you find out kind of what it is, you think about, “Well, wow, that’s kind of what we’re trying to do every day,” right, so, pull back. Talk about processes, see how everything interplays, make sure that checks and balances are in the right place.

To Gary’s point, you know, there are things that I have heard, there’ve been cases that have been brought over the years, there have been unbelievable fact patterns that I just personally can’t believe, you know, nobody thought about that? It’s kind of some of those things where, you know, how are you going to prevent issues, you know, for us, it’s thinking about, you know, different businesses, how does everything interplay with each other, and how am I going to make sure that, you know, the overall organization is in a good place?

Snow:

How does it work at New Mountain, how have you designed, you know, ERM and sort of how is it structured?

Paula Bosco, New Mountain Capital:

So, to Adam’s point, I don’t think the concept of ERM is a new one. What is new for us and probably for many private equity firms is documenting and creating a structure around activities that you’re already doing because that’s really the SEC’s expectation is that you will have a well documented process for what you’re doing. And so that has involved conversations with folks like Adam and his team and operations and even the business folks on the private equity side just to really understand the steps that they’re taking to mitigate the risk at the portfolio company level, at the firm level, at the fund level, and making sure that, when we stand back and take a look on paper what that looks like, that all of those things make sense.

Kaminsky:

I mean, in the private equity space, a lot of times, when you throw out Regulatory Enterprise Risk Management, the default is, “Well, we don’t trade stocks, so what are you talking about, we don’t need to worry about clearing securities,” but they don’t realize, and the SEC has made it clear, that we’re talking about policies and procedures for ensuring that there are no conflicts of interest or that they’re dealt with in appropriate ways. That the allocation of expenses among portfolio companies are appropriately documented.

They made the point that they see, when they go into exams of private equity firms, they’re seeing situations where there’s a free flow of allocation of expenses among portfolio companies because they control these, they’re inherent conflicts in these regards. And most times, you would not see a CFO of the manager issue an invoice to himself because he’s also the CFO of the portfolio company in order to get a bill paid. But in essence, you do need to have that infrastructure to document that it’s being done right. And while most firms would say, “Well, that’s a waste of my time,” it’s not a waste of time if there’s wrongdoers. Because it’d be a great way to steal money.

Bosco:

And, to that point, having OCIE promulgate this concept of ERM I don’t think is necessarily a bad thing because, so Carlo, the head of OCIE, made a speech in October of 2011, and he talked about how some firms struggle with what policies and procedures to put in place and who should be the owner of those policies and procedures. And a lot of times, when you’re in house, you know, you’ll raise an issue, and a business will say, “No, that’s a compliance issue,” and compliance will turn around and say, “No, that’s a business issue.”

And, from a compliance perspective, we always get concerned because we have to be very careful of not crossing the line of actually supervising. Right? We don’t wanna become a supervisor because then all kinds of CCO liability attached to that. And so, you know, putting a program around Enterprise Risk Management allows the business and compliance people to sit down, to say, “Okay. Business is the first line of defense, and this is what has come from the SEC. The business is the first line of defense. Then compliance. Then internal audit.” And so, to be able to put it in that type of framework is a very nice basis for the start of a conversation.

Snow:

So, and something that Gary alluded to, a lot of these rules were created with hedge funds in mind essentially, so traders of liquid securities, although hedge funds all differ from each other, while private equity’s a long-term liquid asset class, so is sort of the focus of ERM in long-term and liquid asset classes the fact that these firms control the assets and sort of have stewardship over them, and that’s where the abuse takes place?

Kaminsky:

I think that would be a fair statement, I think that the SEC’s very concerned about that. They’re concerned about situations where there is that type of control, and there’s typically not a board. There’s not a real board, there’s no check on it. Other than the advisor himself or the SEC. And when you’re in those types of situations, you need to have systems that will prove that you’re not doing something wrong, and one thing that’s really clear post-Madoff, post-Stanford, is that you have to prove the negative. You have to prove that you’re not violating the law. And I know we’re all innocent until proven guilty, but in the securities laws, there’s a suspicion until you prove that you’re doing it right.

Snow:

Adam, as someone who spends a lot of time with the limited partners in New Mountain, is this a term that they’re familiar with, even if they probably care about the concept, is ERM coming up in the fundraising meetings?

Weinstein:

Yes, they definitely care about the concept, I’ve never heard somebody personally yet use the acronym or what it stands for, so, but I will say just, you know, I think the knee-jerk reaction is exactly what Gary said. People think, “I’m a private equity firm. I don’t have to think about this.” And I think what you realize in reality is, you know, the way I think about it is, you know, if you’re in a trading hedge fund environment? You know, that’s analogous to, you know, you run a mile in six minutes?

You know, a private equity firm, you know, might be the same guy or gal running the mile in 12 minutes, it doesn’t mean they both don’t have to work on their form and stretch. You know, one might just be doing it in a more fast-paced environment, I think people miss that. People with us clearly focus on the concept, they wanna understand some of the stuff I was discussing before, just wanna understand how we think about our three businesses, that somebody is pulling back, you know, is very important to people, that my function, that Paula’s function, that Steve Klinsky our CEO’s function is above the three businesses so that we have an understanding of everything that’s going on from our own perspectives to be able to add to the conversation on it. And I think, you know, if you have people who are, you know, way too in the details or only focus on one segment or one business, you don’t have somebody who’s thinking about it from an overall perspective.

Bosco:

And that’s an excellent point because ERM happens on a spectrum. Right? The SEC has put forth a lot of information on what programs could look like or what ERM models look like. But it really goes down to what type of business and activities is your firm involved with? It’s a function of you being able to highlight what those risks are, identify those risks, and then figure out what you’re gonna do to mitigate them. And if you can do all that and then articulate that to a third party, the SEC, an investor, then you’re doing a good job.

Kaminsky:

And, to that point, you know, they’ve made it very clear that one size does not fit all. And too many firms that have registered, they went out, and they said, “Okay, we have to register. Our lawyers are gonna write us a compliance manual. We’re gonna file our ADB. We’re done.” Well, no, you just started.

Bosco:

Right.

Kaminsky:

And in a lot of cases, those compliance manuals now need to actually be rewritten to be tailored to your business. Because the last thing you want is a compliance manual that says you’re doing something that you’re not. So you’re better off not doing it than saying that you’re gonna do it and not, and you need to have somebody understand what is the resource capability of this business, what is this business, and now let’s figure out how we’re gonna put procedures in place to deal with it.

And just on the private equity note, too many times they say, “We don’t trade securities. So why do we need a personal trading policy,” for instance. Well, then I have a conversation saying, “Well, when you’re doing due diligence on a particular company, do you learn about other companies in that industry?” “Yes.” “Sometimes are some of those companies public?” “Yes.” “Do you get material nonpublic information sometimes?” “Well, I guess so.”

So now you have the issue of M&P comes into your firm. If you don’t have a policy to protect it, you are exposed if one of your analysts starts trading in that stock even though it’s not the company that you wanted to invest in. And there are a host of examples like that. In the context of PE.

Register now to watch this video and access all content.

It's FREE!

  • CHOOSE YOUR NEWSLETTERS:
  • I agree to the Privcap terms of use and privacy policy
  • Already a subscriber? Sign In

  • This field is for validation purposes and should be left unchanged.