134: JANA's Jo Leaper – Risk as a Source of Alpha

In this episode of the [i3] Podcast, I'm speaking with Jo Leaper, who is the Head of Operational Consulting at asset consultant JANA. We talk about the next evolution of risk management, where risk doesn't reside just with a dedicated team, but is addressed by all functions, including the investment team. When implemented well this form of holistic risk management is not simply a cost, but can lead to operational efficiencies and even alpha. Afterall, investors need risk to produce returns, but how you manage that risk is the key. __________ Follow the Investment Innovation Institute [i3] on Linkedin Subscribe to our Newsletter Explore our library of insights from leading institutional investors at [i3] Insights  __________ Overview of Podcast with Jo Leaper, JANA 01:30 Why is operational due diligence important? 06:00 What I'm seeing is investment governance getting more involved and almost acting like a bridge between the investment team and the risk team. 13:30 Hopefully, we will get to a world where risk is not a cost of business, but it is an enabler of outcomes 17:00 New regulation will always cause a little bit of friction and in all honesty it should 19:30 There is already a strong focus on valuations and risk in unlisted assets, but it will get more intense 23:00 We talk about 'risk sensible' a lot; funds still need alpha 23:30 Is there such a thing as operational alpha in risk? Absolutely. 25:30 Managing risk in a $2tn organisation. Employing multiple custodians and services providers Full Transcript of Episode 134 Wouter Klijn Jo, welcome to the podcast. Jo Leaper Thank you for having me. Wouter Klijn So today we're going to talk about operational risk and operational due diligence. Why is that so important?  Jo Leaper  01:36 Operational due diligence, it's always important for investors to know what they're investing in, and if you're not doing operational due diligence, you're not necessarily understanding what that actually understanding what that actually is, because the risk is important to the portfolio. You need the risk to generate alpha. But if you don't know what those risks are, if they're hidden, then that's where you fall into a trap.  Wouter Klijn  01:52 Yeah. So what are some of the main challenges in managing this? Jo Leaper  01:57 Really the complexity and a lot of the investments that clients have, and the market has, are investments that have come up over time, and in those spaces, historically, you had a pretty good idea about what you were investing in. But assets are getting more complex. Structures of operating funds are getting more and more complex, and so none of them can know everything. So really for us, getting them to look at the operational risk is getting them to say, I can work with that, or I can mitigate that, or I can accept it. It's when you don't know what those risks are that the complexities really come into play. And I think particularly if you look at the current world, with geopolitical issues at the moment, even managing some of the structural issues and challenges in the industry, there are unintended consequences to those actions. So understanding what your managers are doing a it's a really good learning place, because they're doing this, and a lot of our clients are starting to invest internally as well. But it's just, it's a good way to say, You know what, that's commensurate with what our members and our beneficiaries are looking for. And we do want risk in the portfolio. We need risk in the portfolio. But if you don't know what it is, that's a problem.  Wouter Klijn  03:02 So yeah, it's right. The world is increasingly becoming more complex. I mean, you mentioned geopolitics, but you know, we also see AI and machine learning and so many different things.   Jo Leaper  03:10 It's a really challenging time from a risk perspective at the moment, because you've got a lot of participants in the market, not just investors, but a lot of market participants with legacy instruments, legacy technology, and the market is moving at a faster pace. The regulator is expecting more. Members are expecting more. And we've got a lot of data, but sometimes, unless you've got the right guardrails around how you're looking at it, how you're using it, are you going to get the right outcomes. It's the right intention. But you know, the end of the day, it's members best financial interests, not ours, not anyone else's, it's the member.  Wouter Klijn  03:44 Yeah. So you took recently a look at CPS 230 operational risk management approach guideline, and you, you sort of indicated that it signified a little bit of a shift in thinking about risk management. Can you? Can you walk us through that  Jo Leaper  04:00 Of course. So APRA has always been Prudential, like that's literally in their name, and they try not to be prescriptive in the way that they do this. When CPS 230 came across the desk, it really was to bring back a larger view of resilience and resiliency. And I think a lot in the industry are still wanting APRA to be a lot more prescriptive. And that's not going to happen. That's not what they do. It's not their nature. And so when you look at it, and you will look at what APRA is trying to achieve, their ultimate goal is really the same as the industry's members, best outcomes. That's what we want. And if you can do that by shoring up the system and the structure, APRA can't enforce particular investment styles, but they can try to make sure that the system has the right controls and the right mechanisms to manage turbulence when it happens.  Wouter Klijn  04:46 So I mean, clarity is always, you know, a key issue around regulations. I was recently at a conference where I think the word clarity and taxonomy were the two most used words, yeah, during the conference. But. But, yeah, in this complex environment, it can, cannot always be, you know, that straightforward. You can't describe it. So, so how sort of do you deal with that? And I think part of the shift in the risk management is also around integrating risk management so that you don't have separate silos with just investment risk or just operational risk. So you're working towards more of a holistic risk. To what degree do you think that investment team should take this on board in terms of the non investment risk? So Not, not, you know, the investments, the business side of things,  Jo Leaper  05:38 I think they have to be part of the conversation. It doesn't matter. And I've always said in public, it doesn't matter what investment strategy you come up with. If you can't implement it, if your operational teams, your custodians, your administrators, can't manage it, there's no alpha there. It's dead money. And so they do have to be part of the conversation. What I'm seeing, and what I'm liking seeing in the market, is this rise of investment governance being more involved and almost being as the bridge between the investment team and, say, the risk team, so that it's a much more holistic conversation members best financial outcomes is always the bottom line. If that's your guiding principle, you're doing well in the industry. But if you had two managers side by side that looked very equal, would you take the one with the lesser risk on I would Yeah. And so I think they really do have to be in there, but it's also about improving the communication and the decision making processes, and that they're part of the broader discussion. So if we go back to your previous question in terms of APRA and what they're looking for, they still want the same goal, same as what the investment teams want, which is members best financial interest. And so I think with CPS 230 and then, as you say, going into the businesses, by looking across the risk spectrum, they're going to end up with an overall better outcome, because the cost to member isn't just the risk in the portfolio or the fees. It's legal, it's admin, it's it, it's audit, all of those costs come in too. And so if you can find a way to structure or manage your investments to ensure that you're looking at those things as well, that's your true cost of investment. So the more you can find, I'm going to say strategic alliances, a synergy, whatever you want to call it, but the more you can get some cohesion there in the decision making and some understanding of each other's process, I think the better it will come together.  Wouter Klijn  07:20 So is it more a degree to a degree about communication, or do you think should it be a new function within the investment team?  Jo Leaper  07:32 A risk function that is one person responsible for line one risk has always been part of it. So I don't think that's any change really. In particular, I think the main change is actually coming through the FAR legislation, the financial accountability regime, because that's designating individuals as being specifically responsible for particular parts. And when you think about it, the board is absolutely responsible at the top, but they have to delegate. The board can't do everything. They can't know everything. The IC can't. The audit and risk committee can't, and each of those C suite executives or others who are designated accountable can't know everything about everyone else's role if they're not communicating, if they're not exchanging knowledge between teams, if they're not talking in advance of an investment, they're letting themselves down. The better ones will have their operational and risk teams separate to investments, but we'll talk to them regularly in terms of we've got this coming up. This is what we're thinking. Is that doable? Is that not doable? What? How long will that take the custodian? What will it cost me? And it becomes part of the process, not an add on at the end.  Wouter Klijn  08:29 Yeah. So do you think that this will change, then structures within organisations? Because I sort of had the idea around, okay, well, if we make this everybody's responsibility, then it ends up that nobody's responsible. Nothing gets done, right? So with FAR coming into place, and basically, I think it requires organisations to pinpoint people and say, okay, they're responsible. In practice, that might not necessarily work out that way. But do you think that structures might have to change to make this more smooth process, or  Jo Leaper  09:00 They already are. I think in a lot of cases, APRA has definitely given indications to funds with regards to where their operational function sits, where their risk function sits, where their finance function sits, and what should be within investments and outside. The main thing with SPS 530 was segregation of duties, and so a lot of funds have taken that to heart and done some really good steps to get going. And now we're seeing this move. And if you look on SQL LinkedIn, there are so many investment governance and investment risk roles coming up for advertisement now, because there's a recognition that there has to be a bridge between the two and a dotted line is okay, but it can't necessarily be sero to CIO, necessarily, because day to day, they're not going to be across the challenges. Whereas an investment governance person or investment risk person as line one working into line two, risk, that's a much better conversation. And there is also that the way the information bubbles up, the language that you would use with an investment committee about risk may be slightly different to what you would use with a risk committee about risk, and this allows us. To look at the operational outcomes and say, Well, hang on, what should be going to the IC and what is actually an ongoing risk that may need to be managed by audit and risk and funds are just getting there in terms of giving that some thought now too. Because really, if we're going to make the audit and risk committee delegated from the board responsible for the risk, they need to understand the investment side. But equally, the investment committee needs to understand the audit and risk side as well.  Wouter Klijn  10:25 So these sort of new roles that are created or that are out there, do they function as sort of a translator between the different teams? I sort of make the analogy where, you know, insurance companies often what we found that the investment team didn't really talk to the actuarial team, even though they worked off same assumptions. And, you know, there was obviously a liability question around there, but, but there wasn't really a lot of communication, and the language was quite different. That could potentially be a problem here, too.   Jo Leaper  10:55 Yeah, it definitely can be. And I think they've always talked, but they're not always talking the same language, or they're using a word, and it's not necessarily the same on both sides. And someone who's got a good understanding of operations and investment or risk investment and governance can be that conduit. But it's also when they're looking at new investors or new investments rather, that they can then say, Hang on a second. What's going into the mandate? CPS, 230 if we go back to that, or 530 has quite a bit of onus on the asset owners of what they need to understand. There's been a big move and a much bigger shift towards including some of those requirements in the mandates or inside letters, and having the investment team do that. They're looking for a practical outcome. That's their job. That's what they're very, very good at. But an investment governance or investment risk person will look at it from the broader enterprise perspective, and so having someone in the middle that marries the two concepts and says, what's easy for the manager to facilitate to us in terms of information and what can we easily digest and use? Because it would be nothing worse than getting something back from the manager and nothing happens with the information. Yeah, that's really quite challenging.  Wouter Klijn  11:58 Yeah. So what is your sense of how much organisations are on top of this? The FAR regime is relatively new. It comes well this month into force in 2026 what is your sense there?  Jo Leaper  12:13 They started work on it quite a while ago. Yeah. And it sort of started around the same time as CPS 230 was just getting moving. And so I think they're reasonably well along in terms of the journey and designating what, who's accountable, who's accountable for what, etc. But if we go back to the premise of APRA and members best financial outcomes, and what we want to see with clients, it's that we want to see them utilise that legislation and structure to improve things, not to make it harder. Historically, I would have said that regulation was really additive. It's like, what's the next thing we can do that? What? How do we plug that hole? How do we make more sense of it? And you end up with boards with ginormous information packs that not sure they're totally understanding. And it's not because they don't have the intent to, and it's not because they don't have the capability. It's just that the volume of information is so much, and I think same with FAR, by stepping back and having those executives understand what their responsibilities are and utilise that in a, in their decision making and B, in how the information comes up to the ICS and the boards, we should see it evolve. And I think we've seen a little bit of evolution. But imagine the next two or three years, as far gets locked in, and as CPS 230 gets more settled, we start to see up as reviews of asset owners around that as well. Fingers crossed. We'll start to see that cohesion come, and then hopefully we can get to the world, which is what I'd really love, where risk is not a cost of business, it's actually an enabler of outcomes, whether that's investment or otherwise.  Wouter Klijn  13:39 Yeah, yeah. So when this all comes together, what are some of the main areas that you really want to take an extra look at? I think in the past, you have mentioned, like systems and security, costs, things like that, what are sort of the main areas?   Jo Leaper  13:53 Well, at the moment, the hot ones, ai, ai, has got the potential to do amazing things for our industry, but it's also got a lot of challenges, and where the industry is going at a very fast pace, so that that is a question, the integration of the broader operational costs back into that risk discussion is another large part of it, really strong alignment of roles and responsibilities. And I think what we're seeing across not just not just asset owners, I think it's actually across, whether it's investments or broader companies that the roles and responsibilities aren't always aligning with where the current role is and with historically, I think the world globally had a view that if you're the CRO, your job is this. If you're the COO, your job is that. But companies merge and morph and their roles change slightly. Now we've got new legislative requirements coming in. It's going to force some Dillon force some delineation, which is probably necessary. But at the same time, I think if you look at it from the positive perspective, it gives organisations a chance to go back and say, Hang on a second. If we did this now, starting from scratch, how would we set that up? Now? What would our structure look like? Who would be doing what? And so I think I. That's probably the biggest potential driver of immediate change, is making sure that your roles and responsibilities are aligned. Tech is still a huge one. It's never going to go away. Legacy technology in the industry, like I said earlier, is, it's quite challenging, yeah, and so yeah, there's a lot. But at the same time, if you've got the right premise in front of you of how do we get the best outcome? We should be okay.  Wouter Klijn  15:23 So do you think that the regulator, to a degree, want to go back to basics, and basically, as you said, not add something on, but to rethink the entire approach to risk management?  Jo Leaper  15:33 I think so. I was involved in the Appra and ask for discussions on CPS 230 and as you know, I'm leading the ask for working group for operational due diligence as well. And all the way through the comments from APRA was we didn't want this to be additive. They really do want us to look at removing something. But if I'm a board trustee, how do I get comfort that taking away that piece of information isn't going to cause me drama later? And that's where there really is a lot of work going on in the industry. There's a heck of a lot of work going on in the industry looking at what's going up to boards and what's actually being presented internally, because you've got this push pull between board and management, management that are doing the work want to present it. They need the feedback, they need the support and to know that they're doing a good job, which means lengthy papers, however, for the trustees to do their best job, a more efficient approach would be, let's just raise the anomalies. And it's finding that balance between the two, and some funds are making a lot more progress than others. Others are looking at what goes to the IC versus audit and risk or other committees as well. And so again, that evolution will continue. It'll be  interesting to see where it goes.   Wouter Klijn  16:39 Yeah. Now this is an Australian regulation. It's not sort of a coordinated global effort, I think. And sometimes that can be quite tricky, because we require more information from a whole lot of external services providers, often. And I sort of remember when they were talking about valuation methods in unlisted assets that it's sometimes very hard to get it out of the managers that you employ. To what degree do you think that might, you know, cause some trouble in implementing this?    Jo Leaper  17:08 It will always cause a little bit of friction. But in all honesty, it should. It really should, no no. Because if you look at, say, you've got the ipef standards, you've got other industry groups that are designating what they believe is best practice. The ask for guidance note is looking to do that as well. But I think different markets are at different stages. Some of the alts in the US are incredibly developed in terms of the way they do the valuation committees, the way they do their independent valuations, how they validate and verify the information they provide. And others are in a much more, I'm going to say more infancy sort of state. They've absolutely got the right idea. If we want alpha in portfolios, sometimes we've got to accept a little bit of that risk, and that's where the individual risk appetites and risk frameworks make a difference. But it's certainly not a blank check to accept everything. And I think what we've learned, particularly since the original guidance note came out is that talking to those managers, having that conversation, starts to change the dialogue. You know, we've had managers where we've done DD reviews for years, and then five years later, they come back and go, Oh, we're actually about to uplift that is all that stuff you said still valid? And sure enough, that's what they take, which is great, but we're one voice. Some of these big managers could have 50 consultants asking for things, and unless we're collectively asking for the same we don't talk to each other. It's not necessarily going to align, but I do think there is a lot of focus on the unlisted market at the moment, particularly private credit, private debt and otherwise. And there should be, but it's an evolution as well.  Wouter Klijn  18:37 So is this going to affect the private asset space more or do we actually suppose more?  Jo Leaper  18:41 I think the valuation governance frameworks that are in 530 already are having that impact, but I think it will get more intense, because APA really wants to understand and so does ASIC. And unfortunately, as we all know, there have been some challenges in the industry around shield and first guardian and others in terms of look through and understanding what you're actually investing in, and at the end of the day, good governance will get you so far. The valuation processes can be as robust as possible, but there is always risk. And that's, like I said, it's that balance of is that risk in line with what we're trying to achieve for our members? Yeah, sometimes it will, and sometimes it really won't be.  Wouter Klijn  19:17 Yeah. So these new rules are basically they intended to uplift governance, make people responsible, personally responsible, for some of these areas. What is your sense on how much impact this new legislation will have? If I compare it, for instance, to your future super that had quite a massive impact on the industry? Is this similar?  Jo Leaper  19:40 I'm actually not sure on that one. I think with your future, your super the regulator was looking for very specific outcomes and trying to correct specific behaviours. But APRA, in the recent prudential standards, the cross industries and the super standards, they're saying Prudential. They're saying that it's they're not going to be prescriptive. And so. Don't know that it will be quite as much of an impact. But what I do think is that 230 in particular is allowing for the right sizing of risk, and that's not being prevalent in the past. So in the past it was you need to look at your manager. You need to look at it every year. You need to have covered this, this and this, and this is how they categorised and and there you go. Whereas now it's a much more sensible approach, from an mdfi perspective, to say, Hang on a second. My riskier managers deserve more attention. I need to work on them if I'm going to stay invested my less risky managers, okay, I still need to look at them. But where's the best place for me to spend members money and our resources that members are paying for to get the best kind of outcome? And so that right sizing is really critical. At the same time as we've been talking about, the alpha has to come from somewhere. And if you can find the right way to use 230 to look at those risks, you can really start to drive the uplift that you were talking about. And I think in our previous discussions, I've talked about giving Alpha its wings. Risk has to be part of the discussion to enable an investment it's not just a detractor. And I think historically, the world's been a risk cost, cost of compliance, cost of doing business, as opposed to hang on a sec. Are there things I can do here in my business to make it safer, potentially attract more money into the investment manager we're looking at and start to generate some real outcomes. The flip side, though, is the potential for contagion risk, because if we have manager concentration, which is where 230 comes into play, but we've also got those geopolitical risks, I think, as we were talking about before, there is so much more general risk across the market that April's right, there is the potential for a systemic event at some point, but there always has been, and there always will be. So the more prepared we are for it, the more we understand what our managers are doing, the better look we've got on the data, and the better way for us to try and look at correlation and causation as two different factors in there, there's a much better chance that we'll be prepared, and that's what they were wanting with 230 it's operational resilience. It's the readiness, yeah, and you can see at the moment.  Wouter Klijn  22:11 I think you mentioned before the sort of what is playing out in the private credit space as well, and in the US. Do you think that this will help prevent sort of, especially the super funds, investing in funds that might have over promised on liquidity or have too high of a retail base? Jo Leaper  22:30 Yeah, and I think so yes, and I do think it is, if it's not already, it already is starting to prompt those discussions. And when we say that risk is necessary. It's understanding the risk that is necessary. And if this prompts those discussions, then I'm really happy, because that way they can look at it and go, does this work for us, or does it not? It might have fit in the portfolio. It doesn't now, or that opportunity we said no to that actually fits now because we don't have a better understanding. So I think it is that evolutionary discussion that private credit, private debt, feel like the hot topic at the moment, but really it's just about trying to get any funds, need to get extra alpha in there, and finding the best way to do that, logically and sensibly. We talk about risk sensible a lot. Wouter Klijn  23:16 So you mentioned the alpha and talked about the concept of giving Alpha its wings. I think in the US, they talk a lot about operational Alpha. Do you think there is alpha in this sort of holistic risk management framework? I genuinely  Jo Leaper  23:29  I genuinely do we, particularly from our side, we get a lot of the operational alpha out of the operations side. Risk is definitely part of it. But unless you're understanding that whole of risk construct, you can't necessarily seek out the operational alpha, but the operational alpha can also extend into how my FX is being done. How am I actually implementing my trading What am I doing with my idle cash that sits at custodian if it's not getting a lot of cash return on it? And so if I was to say, take that operation sorry to the custodians in the world, take that operational cash and invest it that comes with operational risk, which means I need to be talking to my IT team, my risk team, my audit team. How am I going to be investing that? Am I in sourcing? Am I outsourcing? There is genuinely a possibility to generate more alpha from what you have already within the portfolio. It comes with risk with every change that you make. That holistic approach absolutely is a way to try to generate that alpha in a sensible way. Yeah, just understand it.  Wouter Klijn  24:30 So it's not just about avoiding disasters. Jo Leaper  24:34 No, no, definitely, not definitely avoid disasters. Please, avoid disasters. It's about trying to find a way to do what the job is. Yeah, our job is to manage someone else's money. We have to do that in a really sensible way. And I'd hate to see alpha being left on the table, because someone could make the operations work. That's not a sensible approach to me. Wouter Klijn  24:57 Yeah, so we started off saying that this is. Is becoming more important because the world is complex. Investments are more complex. Do you think there's also a element here where it's going to be harder for the more funds get larger and larger? I mean, we see some of them hitting, you know, close to $500 billion. How do you how do you manage risk in an organisation that's like one or $2 trillion? Jo Leaper  25:25 I think that is a very interesting question that we don't necessarily have the answer to yet. Fair enough, I think we need to learn from what overseas peers are doing. There are definitely pros and cons to internal management at Every Size and every fund needs to make their own decision. In that sense, if we look at the US funds that are already that size, they've got 234, custodians, right? I'm not sure in this market that we're prepared for that, but we probably should be looking at multiple custodians at some point. They also have multiple securities lending providers. They also have much larger teams, but then their regulatory environment is different to ours, and so we can't say, Let's do what the Canadians do, let's do what the US do, or what the Koreans do, or Netherlands. It's what do they do. And what can we learn from Yeah, because other people have done this before us. So we'd be very naive to come in and go, right, we can build a model from scratch, but I do think a lot of a lot of investors would benefit from going back to the drawing board and saying, if I started this fund today at this size, how would I set it up? And that's quite challenging.  Wouter Klijn  26:30 Yeah, so you mentioned you're part of as far Working Group on it as well, and I believe you're coming up with a guidance note on investment management, operational due diligence at sort of a high level. What will this focus on a roadmap for funds to implement? Jo Leaper  26:46 It's not a roadmap. It is more it is a guidance note. So it's more like a practice summary. What what we want to do is continue on the previous work. The genuine benefit that we want is to bring a benchmark to the market for what they should be expecting. Because when the guidance note was written, which was seven, eight years ago, to where general market practices are, has changed. There's no point leaving guidance as it was 10 years ago. There are really good innovations in there. And so with the guidance note, we've kept the same categorizations like trading and back office risk valuations, HR, etc, but what we have looked to do is bring together, and in the Working Group, we've brought together, got Jana as an ops DD consultant to asset owners, Mercer as an ops DD consultant to asset managers. And then we've brought in superannuation funds, obviously, as far and asset managers that are part of Asfa, as well as a legal component as well, to try and ensure that the guidance note reflects all of the different parts of the industry and how they work together. And so it's very different format. You know, we'll see a very different format there is the sort of documentation you should be asking for to try and validate, because we really are leaning into apras document and understand what you're doing. And so we're leaning into that a lot. It has an extra section on CPS 230 it is less prescriptive in terms of how often you should do the review, and it's trying to be more reflective of 230 in terms of risk adjusted approach. Let's use the resources sensibly and try and make sense of it. What is different about this model in Australia, though, we're the only market in the world where the manager pays for that review, right? Okay, and a lot, a lot of the feedback we got from overseas counterparts was that that's they're just not okay with that. And when it first started way back in the day, I wasn't okay with it either. But working with that model for so long and seeing that the reviewers are putting into the reports that go to the clients and prospects, exactly what the manager has said, typos and all. It gives me a lot more comfort that it's in there as it should be, because it's not an audit. This is where I really get into someone say, get on my high horse a little bit. I really want risk to not be seen as a cost. And yes, this is a cost. Yes, it costs the manager. Ultimately it's going to cost all clients. This is a pretty economical way, because it's a smaller fee paid for there. But what the feedback from the managers that I'm really enjoying, including overseas managers, which is great, is they are able to distribute it to any of their clients globally, to any of their prospects globally. That's really good, and because it gives us a standardised benchmark of good practice, as opposed to you had x many tests in this GSW seven that didn't pass, it's actually really good, genuine feedback for the managers, because a risk or a compliance review that they get done is often based against legislation as opposed to market practice. And so I think our clients and the as well as the asset managers that are using the reports are getting a lot more back and a lot more relevant information they can use to lift the quality of the market. And if the rest of the world wants to follow suit, great if they don't. This is where we're going at the moment, it's not for everybody. And as you said, as super funds grow more and more. Maybe this is useless, maybe it's not. But could it be useful, perhaps, in the retail space, in the platform space, when you're dealing with very high volumes of investments coming in and investors that may not be as savvy as some of our wholesale investors. Wouter Klijn  30:14 Well, Jo, thank you very much for your time and for coming to the office. Jo Leaper Thank you very much for having me. It's been great.