In asset management, performance often dominates the conversation. Investors ask about returns, benchmarks and alpha. Yet, those who have looked under the hood of investment houses know that performance alone does not make a manager sustainable. Operational discipline is also needed.
| In asset management, performance often dominates the conversation. Investors ask about returns, benchmarks and alpha. Yet, those who have looked under the hood of investment houses know that performance alone does not make a manager sustainable. Operational discipline is also needed. | DOWNLOAD PDF |
Operational due diligence (ODD) is the lens through which operational discipline is tested. It is not designed to favour size or scale but whether managers are resilient, transparent, and sustainable. At its best, ODD creates a level playing field where both large and boutique managers can be judged fairly - not by their marketing, but by their substance.
In this article we briefly look at the ODD process and our new risk-tiering framework, together with the operational ‘scorecard’ you expect from Gold-rated managers.
In South Africa, asset managers are subject to obligations under the FAIS Act, the Companies Act, King IV governance principles, and Board Notice 194 of 2017. The Financial Sector Conduct Authority (FSCA) is responsible for ensuring that thousands of licensed financial services providers meet these requirements. With finite resources, however, it is impossible for the regulator to inspect each manager annually. Supervision is selective, and often reactive.
At the same time, the regulatory environment is becoming more complex. Over the next twelve months, managers will need to prepare for Conduct Standard 3 for Collective Investment Schemes (CIS) managers, new expectations on cloud computing and outsourcing arrangements, adjustments to FAIS fit-and-proper requirements, and the transition towards the Conduct of Financial Institutions (COFI) Bill under the FSCA’s three-year strategy.
The combination of limited regulatory capacity and expanding requirements underscores why ODD is indispensable. It provides investors with independent assurance that managers are not only compliant on paper but resilient in practice.
An ODD is a deep engagement with a manager’s operational DNA - examining governance structures, testing IT resilience, reviewing compliance frameworks, and assessing oversight arrangements.
Crucially, ODD looks not only at the existence of policies but also at their application. A disaster recovery plan, for example, is meaningless unless it has been tested under stress and shown to restore systems within acceptable timeframes. Similarly, an investment risk policy only holds weight if it is embedded in portfolio management processes and evidenced through reporting.
Complementing full reviews are annual desktop assessments, which track developments in governance, compliance, and risk in between site visits. These updates are essential for capturing shifts in a manager’s operating environment - from leadership changes to regulatory developments. Together, the cycle of full and desktop reviews creates a rhythm of accountability. Managers know that identified weaknesses will be revisited, while investors know that oversight is ongoing and not frozen in time.
Our reviews are structured around five areas of assessment:
Strength across all five dimensions is what distinguishes resilient managers from vulnerable ones. Weakness in one often indicates fragility in others.
Operational due diligence has always been central to how we oversee managers. Historically, we applied a uniform cycle of full reviews every three years, supported by annual desktop assessments to capture developments in governance, compliance, or risk. While this gave both depth and continuity, it treated all managers equally, regardless of the level of risk they presented.
We have since evolved this approach into a risk-tiering framework. Rather than applying the same cadence to every manager, our review cycle has been aligned with the manager’s ODD rating - Bronze, Silver, or Gold - which maps directly to high, medium and low operational risk. This proportional model ensures that attention and resources are allocated where they are most needed, while still maintaining a consistent standard across the board.
The classification of a manager can change as their business model evolves, regulatory expectations shift, or incidents occur that affect their control environment. This dynamic process ensures that our oversight reflects the realities of a manager’s current operating environment, rather than a snapshot taken years earlier.
This evolution from a uniform to a risk-based approach marks an important step in our philosophy. It recognises that fairness does not mean sameness. It means focus - ensuring that Gold managers remain accountable while higher-risk managers receive the scrutiny they require.
The below provides an overview of our ODD ratings, a structured way of distinguishing between levels of operational maturity. The framework is consistent: size does not determine outcome - discipline does.
In practice, many managers sit comfortably at a Silver rating. They are adequate but not resilient. Weaknesses in business continuity planning, IT disaster recovery, or internal audit are common. These are not minor issues. They represent potential points of failure when stress happens.
Improving an ODD-rating requires a targeted effort. For Bronze managers, the focus should be on establishing the fundamentals - formalising governance structures, documenting policies, and committing to greater transparency. Silver managers, on the other hand, must move beyond adequacy. To reach Gold, resilience must be demonstrated, not simply declared. Business continuity plans must be tested in practice. IT systems must show redundancy and recovery under stress. Internal audit must provide credible and independent challenge, rather than operating as a compliance formality.
The progression from Bronze to Silver and from Silver to Gold, is therefore less about scale or resources and more about embedding discipline.
It is the ability to evidence controls, test systems, and demonstrate independent oversight that ultimately differentiates a Gold manager. A Gold rating reflects a culture of transparency and accountability - one where risks are identified early, mitigated effectively, and governance is not just documented but lived.
Ultimately, our business is about protecting investors. Capital entrusted to a manager carries with it an obligation that extends beyond performance reports or quarterly numbers. It requires the assurance that governance is sound, risks are being managed, and operations are strong enough to withstand periods of stress. Investor trust is built on this foundation.
Yet trust cannot rely solely on regulatory inspection. In South Africa, as elsewhere, it is simply not possible for the regulator to examine every manager in detail on a regular basis. Limited supervisory capacity means that many weaknesses, if left unchecked, could remain hidden until they crystallise into real losses. This is why ODD is so critical: it provides an independent safeguard that brings transparency where opacity might otherwise prevail.
A Gold rating signals that a manager has internalised this responsibility. It shows that operational excellence is embedded in the culture - not just in policies filed away, but in everyday practices that guide decision-making when no one is watching. It is rare in any industry for people to consistently do the right thing without oversight, but that is precisely what investors expect from a Gold-rated manager.
Gold managers test their business continuity plans, rather than letting them gather dust. They evidence IT disaster recovery capabilities, rather than assuming they will never be needed. They empower internal audit and compliance functions to challenge management, rather than treating them as box-ticking exercises. In short, they build organisations where accountability is lived, not performed.
For investors, this distinction is invaluable. Performance can be volatile, but the ability to protect capital through strong governance, robust systems, and a culture of accountability is what creates sustainability. A Gold rating assures investors that their capital is being managed by a firm whose house is in order - one that can deliver returns while protecting them over the long term.
The future of asset management will be shaped by growing complexity. Regulation is intensifying, investor expectations are rising, and risks are becoming more interconnected, from technology and cyber threats to ESG and global market shocks.
In this environment, operational excellence will be the differentiator. Managers who embrace ODD as a strategic discipline will continue to build trust and attract capital. Those who treat it as a compliance burden will fall behind.
The qualities of a Gold-rated manager are clear: consistent governance, resilient systems, credible oversight, and a culture anchored in accountability. These are the benchmarks that ensure, even when no one is watching, that investors are protected. That is the true meaning of a Gold rating in asset management.