Oversight and Compliance: Getting the Complete Picture

ManCos, Asset Managers, and Depositaries should use automation and digitization to streamline processes and improve operational outcomes.

Table of Contents

1.) Introduction: The Fund Servicing Landscape

2.) Compliance and Operational Challenges

3.) Building a Modern Risk and Compliance Function

4.) Why Linedata

5.) Appendices

1.) Introduction: The Fund Servicing Landscape

Whether you represent a management company (ManCo), asset manager, depositary, fund administrator, or custodian, your firm is likely to be experiencing increasing regulatory pressure.

Three-quarters of Luxembourg-based ManCos were subject to an on-site visit from the CSSF, the national regulator, in the three years to the end of 2022, according to KPMG.i

This is just one example. Financial services companies of all kinds are being required to provide enhanced reporting and more comprehensive data as regulators become increasingly prescriptive and stricter in enforcement.

As a result, ManCos and other institutions are compelled to hire more staff – seasoned compliance officers, data managers, and others – often with considerable salary packages. The competition for talent has led to an escalation in recruitment and personnel expenses across the board.

To remain in equilibrium, companies must cut costs in various facets of their operations or pass these on to clients — with potentially negative effects on client retention and competitiveness.

Outsourcing is becoming a more important part of cost management, with functions often moved to countries where they can be performed more cheaply. This creates additional risks as well as challenges around communication and monitoring.

It doesn’t have to be this way. Cutting-edge technology can give ManCos and other financial services institutions the ability to improve monitoring and reduce errors while also managing costs. They can free up capacity in risk and compliance departments while also improving regulatory reporting.

In this paper, we explore the challenges facing ManCos, asset managers, depositories, fund administrators, and other key stakeholders, and investigate how a unifying technology platform can enhance and improve risk and compliance functions.

The Fund Servicing Ecosystem

Management Companies (ManCos): The entity responsible for administrative, compliance, and other functions outside of a fund’s investment strategy and execution. These entities can be part of an asset management company or a separate organization. They may outsource some functions, such as administration (see below).

Asset Managers: The entity responsible for setting and implementing a fund’s investment strategy.

Fund Administrators: Responsible for middle-office functions such as fund accounting and financial reporting, as well as a range of front and back-office functions. May be part of a larger ManCo or independent provider.

Depositaries/Depositary-Lite Providers: Service providers responsible for the safekeeping of assets and fiduciary oversight/compliance duties.

2.) Compliance and Operational Challenges


The regulatory regimes under which ManCos, depositaries, and similar firms operate are growing increasingly complex. Whether in Ireland, Luxembourg, the UK, or elsewhere, new rules and requirements emerge every year that result in additional checks, restrictions, monitoring needs, and other compliance hurdles.

In addition, while the major fund jurisdictions are moving in a similar direction, they are doing so in different ways and at different speeds, meaning ManCos and other organizations must navigate several major regulatory frameworks simultaneously.

The UCITS fund regulations and Alternative Investment Fund Managers Directive (AIFMD) are two fundamental pillars of EU legislation. These affect the day-to-day operations of ManCos, depositaries, asset managers, and others and require regular reporting, compliance, and risk monitoring. Each national regulator transposes the EU-level directive into national law in different ways, meaning even within the EU there can be significant differences in how these are applied. (See Appendix 1 for a glossary of regulatory terms.)

Adapting their operations to comply with new regulations is one of the biggest challenges fund managers face, along with maintaining operational efficiency and controlling costs.

And regulations do not remain static. Regulators and other bodies regularly review and update rules to adapt them to new developments impacting national jurisdictions. Keeping up with these developments presents a significant challenge for risk and compliance teams.

A key example of how regulatory frameworks can evolve quickly is the Sustainable Finance Disclosure Regulation (SFDR). Introduced in 2021, it has incorporated an EU-wide taxonomy for sustainable activities in 2022 and level 2 regulations in early 2023. In addition, the European Securities and Markets Authority (ESMA) has launched a consultation on rules for ESG-related investment fund names.

Each time something new appears — as often as every three to six months — regulated firms may need to update their operating models, processes, and technology.

Data Management and Reporting

Regulatory approaches usually require organizations to demonstrate their compliance. This means simply applying a rule change is not enough — clear proof is needed. With each new regulatory requirement, management companies must source new data, and then audit and repackage it into a suitable reporting structure.

Regulators are also asking for more and different data from a wider range of providers. This presents difficulties in processing and standardizing information for use in reports and internal functions.

For the larger ManCos and other institutions operating in multiple jurisdictions, the same data may need to be reported in several different formats, requiring significant manual work to complete.

Digital ‘warehouses’ or ‘data lakes’ are a vital part of the solution. Storing data digitally means it can be sorted, processed, and used whenever needed within a secure environment. For many ManCos we speak to, creating such a central source of information is the ‘Holy Grail’ for compliance and risk management.

However, the huge volumes of data generated present their own challenges when organizing reports and searching for relevant information.

In addition, many asset servicing firms are concerned that they are lagging behind rivals with regard to technological capabilities. More than a third believe they are laggards in digital innovation, according to Deloitte.ii

Manual Processes

Many ManCos, fund managers, depositaries, administrators, and custodians have built their businesses over time, adding in new functionalities and skillsets when required. However, legacy systems and the need to respond quickly to new reporting requirements often mean the fastest solution has been to hire more staff to collect and process data. Only 30% of large ManCos in Luxembourg use technology to aid functions beyond product distribution.iii

The manual nature of this work presents difficulties and creates operational risk. The more manual processes involved, the greater the risk of human error and all the consequential regulatory and reputational impacts it may have.

In Luxembourg alone, ManCos increased headcount by 14% in 2022 compared to the previous year as new regulations came in, governance requirements increased, and capacity needs grew.iv In risk management, compliance, and oversight functions specifically, headcount grew by 19% year-on-year.

Cost and Competitiveness

The cost of adding capacity, particularly when hiring new staff, can have a significant impact on the competitiveness of ManCos and other organizations. A higher headcount can result in tighter margins and higher charges levied on their asset manager clients. It can also bring organizational challenges as new staff must be trained and made familiar with new processes and tools.

Asset managers are facing their own set of challenges to their margins, so they may choose to seek our a larger ManCo with greater capacity to lower administrative and compliance costs. Alternatively, they may seek to establish or expand in-house risk and compliance teams.

The overall cost of doing business continues to rise as firms compete for talent and strive to keep up with evolving regulations. More than half of ManCos surveyed by KPMG in Luxembourg reported regulatory compliance and overall operational costs as a key concern.v


Linedata’s latest Global Asset Management (GAM) Survey has shown outsourcing to be a key strategy for many firms.vi

While cost reduction is a big driver for firms to outsource functions — cost-effectiveness was cited by 70% of European asset managers — other factors are also at play. North American and Asia Pacific asset managers both cited that their top reason for outsourcing is the ability to free up internal capacity for higher value or core functions.

Some organizations have explored geographical outsourcing as a potential solution. This may involve the delegation of risk or compliance functions to offices in countries with lower hiring costs, for example.

However, this presents its own challenges in ensuring effective and timely communications and making sure systems are reliable, robust, and secure. Operating in different jurisdictions can bring additional issues in areas such as human resources and tax liability.

Regulators are aware of this trend and are seeking to ensure providers can adequately monitor all outsourced services.

In Ireland, the regulator has set out its expectations for financial services companies in relation to data management and security, outsourcing chains, visibility, and concentration risk.vii Similarly, the CSSF in Luxembourg set out its requirements for the monitoring and regulation of outsourced service providers in April 2022.viii

Both regulations build upon previous work by the European regulators to improve the oversight of outsourced service providers in specific sectors. In short, companies choosing to outsource any element of their operations must ensure these providers are subject to appropriate oversight, comply with regulatory requirements, and manage risks sufficiently.

Ultimately, as the CSSF makes clear in its circular, responsibilities “can never be outsourced”.ix

Organizational Considerations

We find that many ManCos operate a siloed approach to their various departments. For example, we often see compliance and risk oversight teams operating separately within the same organization.

Sometimes this is necessary when offering services through different entities. For example, organizations with depositary and administration arms may need to have separate compliance or oversight functions for each to comply with segregation requirements.

In other cases, separating these functions can result in significant and avoidable overlap. Risk oversight and compliance teams often draw from the same pools of data and abide by similar regulations, suggesting that there is potential to realize efficiencies.

Other factors are also at play here. The post-pandemic workplace dynamic has placed more emphasis on remote, flexible, and hybrid working, presenting additional technological and cybersecurity challenges.

These factors are combining to create a ‘perfect storm’ for ManCos and other organizations, increasing pressure on margins while also making it harder to pass on those costs. It can also make it harder for companies to truly stand out from the competition. Keeping up with regulatory development and capacity needs can absorb a substantial amount of time and resources that could otherwise be dedicated to longer-term strategic objectives.

Case Study: NAV Oversight

Calculating the NAV of a fund is a vital function in ensuring units or shares are priced accurately. It is also where several of these challenges overlap.

Graduate research by Simon Petitjean at the University of Luxembourg studied public data from the CSSF on NAV error reporting. The research found that, since 2010, approximately 3% of all funds domiciled in Luxembourg reported NAV-related errors to the regulator. There is also evidence that suggests more errors occur during periods of extreme market stress, as happened during the Covid-19 pandemic and the 2007-09 financial crisis.x

Many financial services providers still utilise manual processes for at least some elements of data management relating to NAV calculations. This increases the likelihood of errors such as incorrectly booked trades, missed accruals, or incorrect payment amounts. Performance fee errors are also possible, especially if the terms of such fees are ambiguous. Pricing inaccuracies can lead to a negative impact on investors in a fund, who must subsequently be compensated by the fund manager.

Errors also have regulatory consequences. Regulators at the EU and national levels have issued rules and guidance communications illustrating how they expect NAVs to be calculated and what action should be taken if errors are found. For instance, in 2020 the CSSF issued a ‘frequently asked questions’ document updating its 2002 circular on NAV calculation errors.xi

Ireland’s central bank published a consultation paper in 2019 setting out its own approach.xii These documents set out when and how breaches should be reported to the regulator and how investors should be compensated. The bottom line is that pricing inaccuracies and other errors from manual processes could lead to regulatory penalties.

If caught quickly, errors can be corrected and compensated swiftly. However, in many cases, errors are small and can go unnoticed for long periods, exacerbating the impact on the fund and investors.

This requires organizations to raise their monitoring standards beyond basic quantitative and materiality approaches, as small breaches that fall below regulatory thresholds can become material over time if not quickly addressed.

By leveraging automation and digitization technologies, firms can save time, deploy resources more effectively, and mitigate operational and reputational risk, regardless of whether NAV calculations are conducted internally or externally. By removing manual processes or outdated spreadsheet-based systems, firms can cut the risk of operational errors and supplier failures.

3.) Building a Modern Risk and Compliance Function

Addressing the challenges outlined in the previous section requires a robust internal framework and a reliable, flexible technology platform that allows financial institutions to develop agile reporting qualities.

Asset managers and wealth managers expect to increase their spending on risk and compliance technology over the next 12 months, according to Linedata research.xiii Portfolio risk management, investment compliance, and operational risk management are the top three priorities for the year ahead.

For ManCos, too, investing in technology is essential. More than a third (37%) of ManCos have a digital transformation budget equivalent to 5-10% of revenue, according to PwC, as they seek to streamline operations and improve efficiency.xiv

Automation and Digitisation

Technology is the key to improving the efficiency and effectiveness of risk and compliance functions. Automating simple and repeatable tasks is a good first step that many ManCos and other organizations have already begun to take.

Automation technology can help firms ‘automate out the noise’ by identifying relevant data and
information efficiently and allowing staff to focus on more impactful areas, such as those that can have implications for operating costs, compliance, or reputation.

Moving to a model of exception-based management of compliance and/or oversight powered by automation can give additional ‘fuel’ to make your operations more productive. Rather than using staff to process data and produce reports, you can use exception-based systems to streamline risk mitigation and make your team nimbler.

Automation can also play a role in managing key person risk. The digitization of manual processes means fewer bottlenecks if staff are unavailable, and new processes and requirements can be coded into the system.

From a regulatory standpoint, digitizing processes allows for accurate and efficient reporting. Whether meeting regular reporting requirements or responding to ad hoc requests, a modern and flexible technology platform will allow staff to easily demonstrate compliance by providing robust data.

This will also help in annual auditing and due diligence processes by producing a digital audit trail. Being able to illustrate that your systems and processes are functioning well can make audits and due diligence visits much smoother to navigate.

Technology can also help organizations get the most out of their data. As firms become more efficient, they can begin to access opportunities through improved data analysis, potentially identifying further operational improvements.

Governance Considerations and Benefits

Adopting a modern technology platform can bring significant enhancements and improvements to risk and compliance teams. However, there are other things for firms to consider when modernizing these functions.

A robust risk management framework:

Is your current risk management framework fit for purpose? It needs to be dynamic and adaptable as the needs of the business and the demands of regulators evolve. Ensuring you have the appropriate internal controls and policies in place is vital.

Digitization can help here, too. Rules, restrictions, and guidelines can all be programmed into automated systems to improve the efficiency of risk and compliance monitoring and greatly reduce the risk of errors or problems being missed.

Data management, analytics, and regulatory reporting:

Robust data management helps financial institutions find and proactively resolve risk factors, maintain competitive advantage, and meet regulatory reporting requirements. A full, up-to-date overview of oversight and compliance functions can highlight operational issues for remediation. Analytics can identify potential opportunities, enabling firms to stay competitive and offer new services.

Modern oversight and compliance platforms also ease the regulatory reporting burden by streamlining and digitizing data collection, aggregation, and accessibility. Relevant data for regulatory purposes includes NAV identifier numbers and asset information for assets in the portfolio, including derivatives, options, stocks, bonds, and warrants, with identifier information (such as ISIN numbers and valuation dates). Other critical data points and sources include the prior year’s financial statements and tax returns, accounts payable and receivable, organizational structure information, shareholding analysis (such as UBOs and PEPs), management feedback, and meeting minutes.

Regulatory reporting must be clear so regulators can easily identify problems and corrective or risk reducing actions. An overreliance on manual processes by ManCos and other financial institutions can lead to frustration, redundant effort, and cost inefficiency – not to mention increasing the risk of errors.

Internal audits and independent reviews:

Audits and reviews can be very disruptive to your operations. They normally start with a pre-audit communication regarding the engagement and an information request. The request list can be lengthy, spanning activities throughout the year. Here, automation can drastically reduce the time it takes to collect data and construct reports. Having a digital audit trail enables you to produce detailed, accurate activity and monitoring reports quickly and with very little effort.

In addition, audits often take a risk-based approach. Any gaps or weaknesses in the information you provide can trigger additional information requests. The ability to demonstrate your capabilities to produce activity reports quickly and for any given date helps keep the process on track and running smoothly.

Leveraging AI/ML and Generative AI:

Around a third of asset managers have already adopted Artificial Intelligence (AI) technologies within their front-office operations, according to Linedata’s GAM Survey. However, adoption has been far slower across middle- and back-office functions.

We believe this should change. There are many ways in which traditional AI/ML and Generative AI can help make risk and compliance operations more efficient, including data aggregation and preparation, and pre-trade and post-trade compliance.

Although automated compliance systems are immense time savers, the very nature of compliance means teams are often challenged to investigate event-driven scenarios. These include answering questions from risk management teams and relationship managers, and evaluating how external factors might impact compliance status. For example, what are the compliance implications of geopolitical changes, market activity in specific geographies, or operational or structural changes at companies in which you are invested?

The databases of automated compliance systems house a wealth of information but may require technical expertise to build targeted queries for responding to ad hoc questions. However, by leveraging AI/ML and Generative AI techniques, business users can pose plain English questions to retrieve all sorts of information in split seconds. This avoids a ‘cycle’ with IT and enables compliance teams to action such requests immediately.

Putting It All Together

While there are several important considerations involved in ensuring your risk and compliance functions are fit for purpose, implementing new technologies does not have to be disruptive.

A reporting and data management platform can connect seamlessly with existing systems to improve operations without lengthy install periods or the need for significant system redesigns.

In short, it can help make your data work harder without making you work harder.

4.) Why Linedata

Our fund oversight and investment compliance technology helps you streamline and enhance your risk mitigation and compliance functions, boosting your capacity to support clients, meet regulatory requirements, and improve profitability. We offer a leading-edge oversight and compliance platform for ManCos, asset managers, depositaries, (including Depositary Lite providers), and other industry players in Luxembourg, Ireland, and globally.

From a common platform architecture, database, and data feeds to advanced automation, case management, visual dashboards, and data analytics, our oversight and compliance offering is designed to facilitate your operations, not disrupt them. We can improve your efficiency, make it easier to demonstrate robust oversight and compliance, and win you valuable time to put your best ideas to work.

Linedata Navquest

Navquest aggregates internal and external data flows, conducts thousands of automatic checks each day, and notifies you of incidents that require investigation, escalation, follow-up, or closure.

Developed in partnership with leading industry players, Navquest draws on over 20 years of front-, middle-, and back-office expertise to help you mitigate operational, reputational, and compliance risk.

In addition to enhancing accuracy and efficiency, Navquest lets you scale without adding unnecessary overhead. Exception-based processing puts priority issues first. Your team can save time and replace manual tasks and potential errors with meaningful, value-added work while providing quality assurance to internal and external stakeholders.

Navquest NAV Oversight

One of two modules making up the Navquest product, Navquest NAV Oversight helps asset managers, ManCos, depositaries, and fund administrators perform independent controls on net asset value calculations.

Users can conduct independent controls of outsourced or internally generated NAVs. Over 70 customizable, verifiable controls help you demonstrate good governance, improve processes, and identify and fix issues before they damage your reputation or cost you money.

Navquest Cash Monitoring

The second of two modules making up the Navquest product, our cash monitoring tool helps depositaries and depositary lite providers comply with AIFMD and UCITS V cash flow monitoring requirements. Linedata Navquest Cash Monitoring enables operations teams to monitor, control, and document cash movements involving a range of counterparties, including asset managers, ManCos, fund administrators, transfer agents, and custodians. It provides automated controls, reconciliation, intuitive tools, and a full digital audit trail.

Linedata Compliance

Linedata Compliance is a fully automated, highly scalable investment compliance solution trusted by over 70 firms worldwide to address their most challenging asset management regulatory compliance and investor reporting needs. Our award-winning investment compliance offering helps you manage complexity and reduce operational risk with real-time monitoring and alerting; flexible AIFMD, UCITS, disclosure, and mandate reporting; and customizable breach management.

Linedata Compliance incorporates your existing business requirements, rule-building tools, and workflows into a single, robust investment compliance program. Our data-agnostic ESG solution supports rules-based ESG compliance checks and reporting.

5.) Appendices

Appendix 1: Glossary of regulators, frameworks, guidelines, and key terms

AIFMD: The Alternative Investment Fund Managers Directive was implemented in the EU in 2013. It regulates funds that were previously outside of EU regulations for MiFID or UCITS, such as hedge funds and private markets funds.

AIF: Alternative Investment Fund – a fund that falls under the scope of AIFMD.

AIFM: Alternative Investment Fund Manager – an asset management company or entity that falls under the scope of AIFMD.

CBI: The Central Bank of Ireland oversees monetary and financial stability and is Ireland’s primary financial services industry regulator.

CSSF: The Commission de Surveillance du Secteur Financier is Luxembourg’s chief financial regulator, responsible for overseeing the country’s asset management and asset servicing industries.

‘Depositary Lite’: ‘Lighter’ regulatory regime that streamlines the depositary role as defined under AIFMD while maintaining investor protection elements.

ESG: Shorthand for Environmental, Social and Governance, this term is used as a catch-all acronym for sustainability and corporate governance considerations.

ESMA: The European Securities and Markets Authority is the financial markets regulator for the EU. It is one of three regulatory authorities for the bloc, along with the European Banking Authority and the European Insurance and Occupational Pensions Authority.

ManCo: Management company – the entity responsible for administrative, compliance and other functions outside of a fund’s investment strategy and execution. These entities can be part of an asset management company or a separate organization.

SFDR: The European Union introduced the Sustainable Finance Disclosure Regulation (SFDR) In 2021 to standardize green finance initiatives and reinforce its approach to tackling climate change.

UCITS: There have been five iterations of the EU’s Undertakings for Collective Investment in Transferable Securities (UCITS) rulebook since it was first introduced in 1985. UCITS V was published by the European Commission in July 2012 and came into force in 2014.

Appendix 2: References

i. KPMG Large-scale Management Company Survey 2022.

ii. Deloitte Asset Services Survey 2023.

iii. KPMG Large-scale Management Company Survey 2022.

iv. KPMG Large-scale Management Company Survey 2022.

v. KPMG Large-scale ManCo & AIFM Survey 2023.

vi. ‘Linedata Global Asset Management Survey 2023: Key findings report’, published May 2023.

vii. Central Bank of Ireland consultation, ‘Draft Cross-Industry Guidance on Outsourcing’, February 2021.

viii. CSSF communiqué, ‘Circular CSSF 22/806 on outsourcing arrangements’, 22 April 2022.

ix. CSSF, ‘Circular CSSF 22/806 – Outsourcing arrangements’, 22 April 2022.

x. Simon Petitjean for AGEFI Luxembourg, ‘The use of copula functions in the index control of net asset values’, published April 2022 (subscription required).

xi. CSSF, ‘FAQ regarding Circular CSSF 02/77’, published 7 July 2020.

xii. Central Bank of Ireland, ‘CP130: Treatment, Correction and Redress of Errors in Investment Funds’, published 9 September 2019.

xiii. ‘Linedata Global Asset Management Survey 2023: Key findings report’ (May 2023).

xiv. PwC Luxembourg, ‘Observatory for Management Companies – 2023 Barometer’.

About the Authors

Matt Grinnell is Global Product Manager, Oversight and Compliance, at Linedata. A seasoned industry veteran, Matt’s focus is driving vision and strategy, working closely with clients and industry participants to discover and develop initiatives that grow customer value. Before joining Linedata, Matt worked at Fidessa for over a decade, where he was responsible for global product management and marketing of investment compliance and regulatory controls solutions. Prior to that he held compliance leadership roles at Putnam Investments and Fidelity and specialized in assessing the impact of new regulations and evaluating industry trends in risk and compliance.

We would also like to thank Ian McCarthy and Simon Petitjean for their expert contributions to this paper.

Ian McCarthy has approximately 20 years of experience in a variety of compliance and depositary positions in Europe and the US. He has in-depth knowledge of both UCITS and AIFMD and exposure to other regulatory regimes such as MiFID/MiFID 2 in Europe and the 1940 Act in the US. Ian is a Managing Director at TillieStar Compliance Solutions Inc., an investment compliance consulting firm, where he is responsible for business development in the European market.

Simon Petitjean contributed his expertise on the topic of NAV oversight. He is a recent PhD graduate from the University of Luxembourg who wrote his dissertation on the detection of NAV computation errors in the context of the control of UCITS funds’ values.

Leave a comment

Your email address will not be published. Required fields are marked *